qmaw的部落格

1. 大約有60~80的網路濫用(misuse)是出自於內部網路
2. 三個安全的目標為
   1. confidentiality (Keep Data Private)
   2. integrity (Data has not been modified in transmit)
   3. availability (A measure of the data’s accessibility)
3. 政府和軍隊使用的機密等級範例
   1. Unclassified
   2. Sensitive but unclassified(SBU)
   3. Confidential
   4. Secret
   5. Top-Secret
4. 美國政府的三種機密等級
   1. Confidential
   2. Secret
   3. Top-Secret
5. 組織使用的機密等級範例
   1. Public
   2. Sensitive
   3. Private
   4. Confidential
6. 可用於資料分級的特徵
   1. 價值 (Value)
   2. 年份 (Age)
   3. 可用期 (Useful life)
   4. 相關者 (Personal association)
7. 分類原則
   1. Owner
   2. Custodian (保管人)
   3. User
8. 安全方案控制
   1. Administrative Control
   2. Physical Control
   3. Technical Control
9. 承8. 以上方法又可以分為下列的控制方案
   1. Preventive
   2. Deterrent (遏止的)
   3. Detective
10. 描述安全事件需要紀錄的項目
    1. Motive
    2. Means
    3. Opportunity.
11. 不同等級的法律規範
    1. Criminal law
    2. Civil law
    3. Administrative law
12. 五種概分的攻擊種類
    1. Passive
    2. Active
    3. Close-in
    4. Insider
    5. Distribution
13. Defense in Depth design philosophy
    1. Defend multiple attack targets in the network
    2. Create overlapping defenses
    3. Let the value of protected resource dictate the strength of the security mechanism
    4. Use strong encryption technologies
       1. AES
       2. PKI
14. NIDS, NIPS, HIPS
    1. NIDS (Network-based Intrusion Detection System)
    2. NIPS (Network-based Intrusion Prevention System)
    3. HIPS (Host-based Intrusion Prevention System)
15. Types of IP Spoofing Attacks
    1. NonBlind Spoofing (攻擊者和目標在同一個subnet)
    2. Blind Spoofing (攻擊者和目標在不同subnet)
16. Source Routing 的二種類型
    1. Loose
    2. Strict
17. 防止IP spoofing Attacking的方法
    1. ACL
    2. IPsec tunnel
    3. cryptographic authentication
18. 機密性攻擊方法
    1. Packet Capture
    2. Ping sweep and port scan
    3. Dumpster diving
    4. EMI interception
    5. Wiretapping
    6. Social engineering
    7. Sending information over overt channels
    8. Sending information over covert channels
19. 完整性攻擊方法
    1. Salami Attack
    2. Data diddling
    3. Trust relationship exploitation
    4. Password attack
       1. Trojan horse
       2. Packet capture
       3. Keylogger
       4. Brute force
       5. Dictionary attack
       6. Botnet
       7. Hijacking a session
20. 可用性攻擊方法
    1. Denial of Service (DoS)
    2. Distributed denial of service (DDoS)
    3. TCP SYN flood
    4. ICMP attacks
    5. Electrical disturbances
       1. Power Spike
       2. Electrical surge
       3. Power fault
       4. Blackout
       5. Power sag
       6. Brownout
    6. Attacks on a system’s physical environment
       1. Temperature
       2. Humidity
       3. Gas

1. 歸類於Network Maintenance的工作
   1. Hardware and software installation and configuration
   2. Troubleshooting problem reports
   3. Monitoring and tuning network performance
   4. Planning for network expansion
   5. Documenting the network and day changes made to the network
   6. Ensuring compliance with legal regulations and corporate policies
   7. Securing the network against internal and external threats
2. 網路維護工作可被分為二類
   1. Structured tasks
   2. Interrupt-driven tasks
3. 眾所皆知的網路維護方法
   1. FCAPS
      1. Fault Management
      2. Configuration Management
      3. Accounting Management
      4. Performance Management
      5. Security Management
   2. ITIL: IT infrastructure Library
   3. TMN
   4. Cisco Lifecycle Services
4. 日常維護工作
   1. Configuration changes
   2. Replacement of older or failed hardware
   3. Scheduled backups
   4. Updating Software
   5. Monitoring network performance
5. 進行網路設定變更應注意事項
   1. Who is responsible for authorizing various types of network changes
   2. Which task should only be performed during scheduled maintenance windows
   3. What procedures should be followed prior to making a change
   4. What measureable criteria determine the success or failure of a network change
   5. How will a network change be documented, and who is responsible for the doucmentation
   6. How will a rollback plan be created, such that a configuration can be restored to its previous state if the changes resulted in unexpected problems
   7. Under what circumstances can formalized change management policies be overriden, and what (if any) authorization is required for an override
6. 通常會紀錄在網路文件中的資訊
   1. Logical topology diagram
   2. Physical topology diagram
   3. Listing of interconnections
   4. Inventory of network equipment
   5. IP address assignments
   6. Configuration Information
   7. Original Design Document
7. 為了快速從設備故障中回復網路，平時應準備好下列材料
   1. 另一台相同的硬體
   2. 相同的軟體，以及設定還有授權檔
   3. 設備的組態檔備份
8. 以下指令可以設定每天備份組態檔
   archive
   path ftp://192.168.1.1/R1-config
   write-memory
   

1. IPsec offers the following protections for VPN Traffic
   1. Confidentiality
   2. Integrity
   3. Authentication
2. IPsec use a collection of protocols to provide its features. One of the primary protocol it use is Internet Key Exchange(IKE).
   1. Main Mode
   2. Aggressive Mode
   3. Quick Mode
3. IPsec relies on
   1. Authentication Header (AH), Protocol 51
   2. Encapsulating Securit Payload (ESP), Protocol 50

1. 使用security password min-length 10可以限制密碼的長度至少要10個字元
2. 除了第一個字元之外，空白也可以被當作密碼的一部分。
3. username username security 5 hash_value，5代表密碼是hash過的
4. no service password-recovery 可以讓機器無法再進行ROMMON密碼恢復的程序。
5. security authentication failure rate numbers，如果輸入密碼的錯誤次數大於numbers，就暫停15秒。

1. 初始(Initiation)
2. 需求與開發(Acquisition and development)
3. 建置(Implementation)
4. 運作和維護(Operations and maintenance)
5. 部署(Disposition)

情境：三台車在自助加油排隊，順序分別是A車，小Q的機車，B車。

A車不太會加，搞了老半天，最後開走了。

V1
Get next request
unsolicited alert msg

V2

1. 使用show vlan確定拓撲內的SWITCH都有正確設定VLAN
2. 使用確定trunk links被設定為可以傳送新VLAN。(這裡這Trunk link 應該是指vlan trunk)

1. P: Prepare, Implementation requirements are determined.
2. P: Plan, Current infrastructure is examined.
3. D: Design, A detailed implementation plan is created.
4. I: Implement, A predefined test plan is executed.
5. O: Operate, Routine maintenance is performance.
6. O: Optimize, Audits and upgrades are performed.

1. 每個步驟的描述
2. 每個步驟的時間估算
3. 萬一失敗的回復方法
4. 將過程紀錄下來