Difference between revisions of "CCNA Explorer 4 Network Security"
From Teknologisk videncenter
m (→Hacket Checklist) |
m (→Hacket Checklist) |
||
| Line 22: | Line 22: | ||
#Levage the compomised system | #Levage the compomised system | ||
##Attack other systems | ##Attack other systems | ||
| + | ==Network Security Policies== | ||
| + | ISO 27002 define some guidelines for developing organizational security standards through the following 12 sections: | ||
| + | *Risk assessment | ||
| + | *Security policy | ||
| + | *Organization of information security | ||
| + | *Asset management | ||
| + | *Human resources security | ||
| + | *Physical and environmental security | ||
| + | *Communications and operations management | ||
| + | *Access control | ||
| + | *Information systems acquisition, development, and maintenance | ||
| + | *Information security incident management | ||
| + | *Business continuity management | ||
| + | *Compliance | ||
| + | ==Security Weaknesses== | ||
== Logging == | == Logging == | ||
Revision as of 10:23, 25 January 2012
Contents
- 1 Sikkerhed
- 1.1 Security Terms
- 1.2 Hacket Checklist
- 1.3 Network Security Policies
- 1.4 Security Weaknesses
- 1.5 Logging
- 1.6 Sårbare Router Services
- 1.7 Sårbare Router interfaces
- 1.8 SNMP, NTP og DNS sårbarheder
- 1.9 Routenings protokoller sårbarheder
- 1.10 Cisco Auto secure
- 1.11 Cisco SDM (Secure Device Manager)
- 1.12 Installer nyeste version af IOS
- 1.13 IOS Filsystemer
- 1.14 Cisco IOS Trouble shooting commands
- 1.15 Recovering lost Router password
- 1.16 Opsummering
Sikkerhed
Security Terms
- White hat
- An individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed.
- Black hat
- Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use.
- Hacker
- A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.
- Cracker
- A more accurate term to describe someone who tries to gain unauthorized access to network resources.
- Phreaker
- An individual who manipulates the phone network to cause it to perform a function that is not allowed.
- Spammer
- An individual who sends large quantities of unsolicited e-mail messages.
- Phisher
- Uses e-mail or other means to trick others into providing sensitive information.
Hacket Checklist
- Performe footprint analysis also called reconnaissance
- Find responsive IP addresses
- Enumerate information
- Collect more information about servers/network and version numbers
- Manipulate users to gain access
- Test common known usernames and passwords
- Find out how the company chooses usernames and default passwords
- Escalete privileges
- Gather additional usernames, password and secrets
- Install backdoors
- Levage the compomised system
- Attack other systems
Network Security Policies
ISO 27002 define some guidelines for developing organizational security standards through the following 12 sections:
- Risk assessment
- Security policy
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Access control
- Information systems acquisition, development, and maintenance
- Information security incident management
- Business continuity management
- Compliance
