TAILIEUCHUNG - Course 2830: Designing security for Microsoft networks - Module 3

Module 3 - Identifying threats to network security. In this module, you will learn how to identify possible threats to a network and understand common motivations of attackers. The module introduces the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) threat model as an effective way to predict where threats may occur in an organization. | Module 3: Identifying Threats to Network Security Overview Introduction to Security Threats Predicting Threats to Security Lesson: Introduction to Security Threats Why Network Attacks Occur Who Attacks Networks? Common Types of Network Vulnerabilities How Network Attacks Occur Difficulties in Defending Networks Reasons that attackers break into networks include: Revenge Espionage Publicity Personal satisfaction Terrorism Why Network Attacks Occur Who Attacks Networks? Ability Characteristics of attackers Novice Possess little programming experience Use tools that are made by others Intermediate Possess significant programming skills Automate tools that are created by others Advanced Are expert programmers Develop tools that others use to attack networks Corporate Headquarters External Attacker Internet Internal Attacker Common Types of Network Vulnerabilities Vulnerability Examples Weak passwords Employees use blank or default passwords Password is predictable Unpatched software Service packs are not maintained Security hotfixes are not applied Incorrectly configured hardware and software Users have too many privileges Applications run as the Local System account Social engineering Help desk administrator resets a password without verifying the identity of the caller Weak security on Internet connections Unused services and ports are not secured Firewalls and routers are used improperly Unencrypted data transfer Authentication packets are sent in clear text Important data is sent over the Internet in clear text How Network Attacks Occur Stages of attack Examples of attacker actions 1. Footprint Runs a port scan on the firewall 2. Penetration Exploits an unpatched Web server 3. Elevation of privilege Creates an account with administrator rights 4. Exploit Defaces the Web site 5. Cover-up Erases the audit trail of the exploit Corporate Headquarters Attacker 1 2 5 4 3 Parties Characteristics Attackers Can attack with very low cost Only need to .

• Quản trị mạng
• Designing security
• Microsoft networks
• Network security
• Security design
• Security threats
• Network attacks
• Analyzing security risks
• Security policies
• Designing network security
• Security design for accounts
• Account security
• Security design for authentication
• Authentication security
• Risk management
• Physical resources
• Security design for computers
• Analyzing risks to computers
• Security design for data
• Securing data
• Security incidents
• Incident response procedure
• Acceptable use policy
• Security policy checklist
• Manage security
• Operations framework
• Designing policies
• Managing networks
• Network management policy
• Network perimeters
• Perimeter security
• Data transmission
• Securing data transmission
• Random Oracle model
• A Paradigm for Designing Efficient Protocols
• Designing Efficient Protocols
• Random oracle paradigm
• Chosen Cipher text Security
• A digital signature scheme
• Advanced network security
• An toàn mạng nâng cao
• Designing for an Open Access Point
• Wireless Network Vulnerabilities
• Wireless Hacking Tools
• Wireless Network
• Internetworking
• manage network
• Network Protocols
• Security communication
• network systems
• network equipment
• network operators
• computer network
• information technology
• international certification
• network cisco
• cisco exam
• management network
• công nghệ thông tin
• tin học
• internet
• microsoft office
• công nghệ thông tin
• tin học
• mạng
• web
• quản trị mạng