Đang tải... (xem toàn văn)
An toàn thông tin An toàn bảo mật sách giáo trình Lab manual for security guide to network security fundamentals compress
Hith Edlition mm ce »» Copyright 2016 Cengage Learning, All Rights Reserved May not be copied, scanned, or duplicated, in whole or in part Andrew Hurd, Dean Farwood ^ » CENGAGE «© Learning” ‘Austr«aBrlaizial Mexico» Singapore =United Kingdom +United States CENGAGE Learning: Lab Manual for SecuritGuyi+de © 2016, 2012 Cengage Learning to NetSecuwrityoFunrdamekntals, WEN: 02-200-202 Fifth Edition ‘Andrew Hurd, Dean Farwood ALL RIGHTS RESERVED No part of this work covered by the copyright SVP, GM Skills & Global Product herein may be reproduced, transmitted, stored or used in any form or by ‘Management: Dawn Gerrain any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, Product Director: Kathleen McMahon Information networks, or information storage and retrieval systems, except Product Team Manager: Kristin McNary 23s permitted under Section 107 or 108 ofthe 1976 United States Copyright Senior Director, Development: Marah ‘Act, without the prior written permission of the publisher Bellegarde cron is arepistere tacemark of he Miro Carportion Security isa regstere tradeofmCaomrpkra Properties LC Product Development Manager: Leigh For produc information an technology sestance, contact ea ngage Lerning Customer & Sales Support, 800 334:9706 nome For permission ose mater fom ths text product, Sel Conterk vlog ch aon Product Assistant: Abigail Pufpaff submit all requests online at wwwcengage.com/permissions Further permissions questions can be e-mailed to Vice President, Marketing Services: Jenifer ermissionrequest@cengage.com ‘Ann Baker Senior Marketing Manager: Eric La Scola brary of Congress Control Number: 2014940611 Senior Production Director: Wendy Troeger |SBN-13:978-1305-09525-0 Production Director: Patty Stephan Cengage Learning Senior Content Project Manager: Brooke 20 Channel Center Street Greenhouse Boston, MA 02210 ‘Managing Art Director: jack Pendleton USA sading provoficudstoemirzed learning solutions Cover image: in nea40rdilffeyrent countries and sales in more (© Sergey Nivens/Shutterstococmk than 125 countries around the world Find your local representative at -w0ww cengage.com Cengage Learning products are represented in Canada by Nelson Education, itd To learn more about Cengage Learning, vist www.cengage.com Purchase anyof our products at yourlocal college store or at our preferred Notice tothe Reader online store www.cengagebrain.com Publisher does not warantor guaraanytoef ethe products described herein or perform any independent analysis in connection withany ofthe product information contained herein Publisher does not assume, and expressly disclaims, any obligation to obtain ad include information other than that providedtot by the manufactureT.he reader is expressly warned toconsider and adoptll safety precautions that mightbe indicated balyl rtihsekasctiinvictoinesnecdteisocnribweidth hseurcehin inasdtructtoioanvso.id Thael ppoutbelnitsihael r hmaazkaersds noBy following the instructions contained herein, thereader wilingly assumes representationosr waranties of any kind, including but not limited to, the warrantiesof fitness fr particular purposeor merchantably, nor are ary such representations implied with respect to the material set forth hereaindnt,he publisher takes noresponsibilty with respectto such materia The publisher shall notbe liable or any special, consequential, or ‘exemplary damages resulting In whole or prt, from the readers use of of reliance upon this materia ‘Some ofthe product names and company names usd i this book have been used for identification purposes only and may be trademarkosr reglsteed trademarks oftheir respective manufacturearnsd sellers ‘Any fictional data related to persons or companieosr URLS usedthroughout this books intended for instructional purposes only At the time this book was printed, any such datawas fictional and not belonging to ary real personsor companies The programs in this book are fr instructional purposes only They have been tested with care, but are not guarantfoer adny particular Intent beyond education purposes The author andthe pubisher ono oer any warrants or represerttions, or othe accept any ables with respect tothe programs Printed in the United States of America Print Number: 01 PrintYear:2015 Copyright 2016 Cengage Learning, All Rights Reserved May not be copied, scanned, or duplicated, in whole or in part Table of Contents INTRODUCTION xix DEDICATION AND ACKNOWLEDGMENTS CHAPTER ONE Introduction to Security Lab 1.1 Online Rescarch—Certifcation Lab 1.2 Online Research—Information Security Careers Lab 1.3 Online Research—SANS Reading Room Lab 1.4 Online Research—Which Is the “Safest™ Operating System? Lab 1.5 Online Research—Information Security Policies CHAPTER TWO Malware and Social Engineering Attacks 3 Lab 2.1 Eicar Antivirus Test File 4 Lab 2.2 Remote Program Execution 18 Lab 2.3 Checking for Unsigned Programs 2 Lab 2.4 Validating a Downloaded Program 25 Lab 2.5 Acceptable Use Policy 28 CHAPTER THREE Application and Networking-Based Attacks 31 Lab 3.1 Getting Started with Kali Linux 3 Lab 3.2 IP Spoofing with Hping3 37 Lab 3.3 ARP Poisoning 4 Lab 3.4 Man-in-the-Middle Attack 45 CHAPTER FOUR Host, Application, and Data Security 49 Lab 4.1 Exploring the Windows Server 2012 R2 Security Configuration Wizard s0 Lab 4.2 Creating a Security Template “ 38 Lab 4.3 Analyzing Security Configurations ‘Lab 4.4 Applying Security Settings from a Security Template and Verifying System Compliance 6s Lab 4.5 Auditing Object Access CHAPTER FIVE Basic Cryptography n Lab 5.1 Encrypting Files from the Command Prompt n Lab 5.2 Demonstrating Encryption Security 7s Lab 5.3 Examining the Relationship Between EFS and NTFS Permissions 78 Copyright 2016 Cengage Learning, All Rights Reserved May not be copied, scanned, or duplicated, in whole or in pest vi Table of Contents Lab 5.4 Using EFS Recovery Agent Certificates 81 Lab 5.5 Breaking the Code 84 CHAPTER SIX Advanced Cryptography 89 Lab 6.1 Installing Certificate Services 90 Lab 6.2 Configuring Secure Sockets Layer 8 Lab 6.3 Using Certificate Services Web Enrollment 100 Lab 6.4 Configuring Certificate Auto- Enrollment 103 Lab 6.5 Acceptable Encryption Policy 108 CHAPTER SEVEN Network Security 1 Lab 7.1 Verifying the Integrity of the Hosts File tạ Lab 7.2 Installing the FTP Server Servicaned Wireshark 116 Lab 7.3 Capturing and Analyzing FTP Traffic 120 Lab 7.4 Capturing and Analyzing Telnet Traffic 126 Lab 7.5 Data Loss Prevention 130 CHAPTER EIGHT ‘Administering a Secure Network 183 Lab 8.1 Configuring Windows Firewall on Windows Server 2012 134 Lab 8.2 Configuring Windows Firewall on Windows 7 137 Lab 8.3 Installing and ConfiganuSrSHiSnergver m1 Lab 8.4 Installing and Configaun SrSHiCnligent 145 Lab 8.5 Researching IPV6 149 CHAPTER NINE Wireless Network Security 151 Lab 9.1 Installing a SOHO Wireless Router/Access Point 152 Lab 9.2 Installing and ConfiagWiurelressiAndapgter 187 Lab 9.3 Configuring an Enterprise Wireless Access Point 162 Lab 9.4 Configuring Wireless Security 168 Lab 9.5 Exploring Access Point Settings 1" CHAPTER TEN Mobile Device Security 7 Lab 10.1 File Transfer Using Bluetooth 178 Lab 10.2 Getting Bluetooth Info with Bluesnarfer 181 Lab 10.3 Kali Linux Mobile Device Security Tools 183 Lab 10.4 Physical Security 185 Lab 10.5 BYOD Policies 187 Copyright 2016 Cengage Learning, All Rights Reserved May not be copied, scanned, or duplicated, in whole or in part CHAPTER ELEVEN Table of Contents vil ‘Access Control Fundamentals 189 190 Lab 11.1 Setting NTFS Permissions 195 Lab 11.2 Using NTFS Permissions 198 Lab 11.3 Setting and Testing Share Permissions 202 Lab 11.4 Auditing Permissions zm 212 CHAPTER TWELVE 215 Authentication and Account Management 218 220 Lab 12.1 Setting a Minimum Password Length Policy 226 Lab 12.2 Setting Password History and Minimum Password Age Poli 231 Lab 12.3 Enforcing Password Complexity Requirements 232 Lab 12.4 Setting Policies for Account Lockouts and Log on Hours 234 Lab 12.5 Restricting Access to Programs 236 CHAPTER THIRTEEN 241 Business Continuity 244 Lab 13.1 Installing VMware Player 251 Lab 13.2 Adding Hard Drives to a Virtual Machine 252 Lab 13.3 Creating RAID 254 Lab 13.4 Creating Fault Tolerant RAID 257 Lab 13.5 Comparinga System's Current State to Its Baseline State 260 CHAPTER FOURTEEN 262 Risk Mitigation 265 Lab 14.1 Online Research—Ethics in Information Technology 266 Lab 14.2 Online Rescarch—The Cloud 269 Lab 14.3 Creatinga Laptop Policy 273 Lab 14.4 The Human Resources Department’ Role in Information Security 275 Lab 14.5 Exploring the ISO/IEC 27002 Standard 279 CHAPTER FIFTEEN Vulnerability Assessment and Mitigating Attacks Lab 15.1 Footprindng, Lab 15.2 Enumeration Lab 15.3 Web Server Vulnerability Testing with Vega Lab 15.4 Exploitation and Payload Delivery Lab 15.5 Working with Meterpreter Copyright 2016 Cengage Learning, All Rights Reserved May not be copied, scanned, or duplicated, in whole or in part Copyright 2016 Cengage Learning, All Rights Reserved May not be copied, scanned, or duplicated, in whole or in part Introduction Hands-on learning is necessary to master the security skills needed for both CompTIA’s Security+ Exam and for a career in network security This book contains hands-on exercises that use fundamental networking security concepts as they are applied in the real world In addition, each chapter offers review questions to reinforce your mastery of network secu- rity topics and to sharpen your critical thinking and problem-solving skills The organiza- tion of this book follows that of Course Technology's Security+ Guide to Network Security Fundamentals, Fifth Edition, and using the two together will provide a substantial, effective learning experience This book is suitable for use in a beginning or intermediate networking security course As a prerequisite, students should have a fundamental understanding of gen- eral networking concepts and at least one course in network operating systems This manual is best used when accompanied by Mark Ciampa’s Security+ Guide to Network Security Fundamentals, Fifth Edition Features ‘To ensure a successful experience for instructors and students alike, this manual includes the following feature ‘* Maps to CompTIA Objectives: The material in this text covers all of the CompTIA Security + SY0-401 exam objectives + Lab Objectives: Every lab has an introductory description and list of learning objectives * Materials Required: Every lab includes information on hardware, software, and other materials you will need to complete the lab ‘* Completion Times: Every lab has an estimated completion time, so that you can plan your activities more accurately * Activity Sections: Labs are presented in manageable sections Where appropriate, additional activity background information is provided to illustrate the importance of a particular project ‘* Step-by-Step Instructions: Logical and precise step-by-step instructions guide you through the hands-on activities in each lab + Review Questions: Questions help reinforce concepts presented in the lab New to This Edition + Server operating system updated to Windows 2012 R2 server + Fully maps to the latest CompTIA Security+ exam SY0-401 * All new chapter on mobile device security * Chapters grouped by major domains: Threats and Vulnerabilities; Application, Data and Host Security; Cryptography; Network Security; Access Control and Identity Management; and Compliance and Operational Security Copyright 2016 Cengage Learning, All Rights Reserved May not be copied, scanned, or duplicated, in whole or in part