Complete B-2: Comparing firewall-based secure topologies, complete questions 1 through 3 on

Transcription

1 COT410 LAN Fundamentals Week 5 Worksheet (WS5) Unit 8 / Unit 9 Assignments Name: Kevin Comer Unit 8 Security Practices Unit time: 180 minutes Read pages 8-1 through 8-48 Complete B-1: Examining firewalls and proxy servers, complete questions 1 through 5 on page (10 points) A Proxy server can intercept all messages entering and leaving the network by hiding the network address. It replaces the original senders address and other information before sending the packet then updates the packet when a response arrives and sends it back to the originator. Whereas an application layer firewall basically does the same by looking at packets entering or leaving the network and accepts or rejects based on the filtering rules. Another difference is by disabling the firewall a LAN would still usually have full Internet access, but if you disable a proxy server, there is no way for someone to connect to the Internet. 2. False I just started working for a company just a couple of weeks ago but while in the military; I noticed that they use a series of firewalls to protect the LAN infrastructure. From my 3. understanding, the military uses a combination of firewalls at both the network layer and at the application layer. This is done to ensure that information related to the security of information required for force protection as well as protection of national interests. I am not sure if the military uses proxy servers but if I had to guess, I would bet that it does in some areas such as STAMIS systems used in sending logistical data and interfacing with the different levels of acquisition and financial data between the different 4. parts of the world or for informational websites. I have noticed that sometimes when I used to work on systems that a major part of the logistical system would go down if a server was not functional and we had to be re-directed to a back-up server. There can be several pros and cons of using Internet content filter software. Some pros that I use keep my teenager honest with his home computer is by preventing him from deliberately or inadvertently accessing pornography or by allowing him to surf online without my constant parental presence. At the same time, there are some cons that make 5. me nervous where I can sometimes only filter out some safe sites, words and games which creates a false sense of security for me and since he takes computer classes in high school, I worry that he can find a way around some of my filters, or may access inappropriate content elsewhere other than home. Complete B-2: Comparing firewall-based secure topologies, complete questions 1 through 3 on 1 P a g e

2 page (6 points) The difference of a NAT and a DMZ is that a NAT is the process of modifying IP address information in IP packet headers while they are in transit across traffic routing devices while the rest of the packet is left untouched so that it can be used to interconnect two IP networks that have incompatible addressing. Whereas a DMZ, perimeter network, adds an additional layer of security to an organization's local area network (LAN) to keep an external attacker from gaining access and blocking them to the services to only have access to the equipment located in the DMZ and remain in the larger untrusted network, usually the Internet. 2. Three-homed firewall 3. A Complete B-4: Identifying the security enabled by VPNs, complete questions 1 through 3 on page (6 points) As part of my last employment, I was an evaluator that traveled across the United States. While doing so, I had the use of VPN to reach back and connect to the server in my unit. This was required to get up to date information for the specific units I was visiting and to update the database. I had VPN client installed on my laptop which was created by my IMO with the specific accesses during my military travels. 2. C 3. Yes Complete B-5: Identifying weaknesses in network devices, complete questions 1 through 3 on page 8-3 (6 points) Switch Hijacking is when an unauthorized person infiltrates a system and is able to obtain administrator privileges of a switch. From that point, they can do a variety of things including modifying the configuration settings in order to cause harm to the network. There are many people who intentionally conduct malicious acts after gaining access to 2. communication mediums. Many of those acts are considered to be computer crimes where the criminal commits financial crimes along with other direct or indirect crimes. I have had both types of routers in the past and according to my recollection, the user 3. name was: admin and the password was left blank. I have heard other people talk about using admin as both the user name and password. 2 P a g e

3 Complete B-6: Examining the ways to overcome device threats, complete questions 1 through 3 on page (6 points) Change default passwords Disable features, protocols, and options you do not need Apply firmware and software updates regularly Monitor physical and virtual access to your network and devices Disabling services can be a factor where performance can be improved significantly, 2. especially on computers with low system resources. However, for some services, the effect is even unpredictable which will result in possible strange future problems. 3. Yes, by doing so will prevent any problems. Complete B-8: Comparing HIDS and NIDS, complete questions 1 through 4 on page 8-4 (8 points) The NIDS is monitoring the incoming and outgoing traffic from the internet therefore protecting the intranet work. 2. The NIDS would be detecting external attacks in this scenario. 3. Yes 4. No, because the NIDS is monitoring both incoming and outgoing traffic. Complete Unit 8 review questions, pages 8-47 through (22 points) OS hardening is the process of modifying an operating system s default configuration in order to minimize a computer's exposure to current and future threats and removing unnecessary applications. 2. B 3. From the Windows Update window, click View update history. Click the Installed Updates link on the Review your update history page. If the update can be removed, Uninstall is displayed in the toolbar. Click Uninstall to remove the update. 4. You can find it if you view computer properties, and in the Windows edition portion of the page you will see if a Service Pack has been installed. 5. By filtering outgoing traffic initiated by your DMZ, you would prevent your systems from being used by hackers to take part in DDoS attacks. 6. A bastion host is a computer that stands outside the protected network located between the Internet and your intranet. It is exposed using two network cards, one for the DMZ and the other for the intranet. Communications between the networks isn t allowed and is typically blocked to prevent inbound access to the intranet system. 3 P a g e

4 7. Intranet, perimeter network, and extranet 8. Changing default passwords and disabling features, protocols, and options you do not need. 9. You would ensure to secure TELNET and SNMP interfaces. And if available, block access to management interfaces from all external network locations. Also, for wireless devices, block access to management interfaces over wireless connections. 10. By getting the most up to date virus definitions through downloads. 1 Windows Defender Unit 9 Network Access Control Unit time: 240 minutes Read pages 9-1 through 9-54 Complete A-1: Comparing one, two, and three factor authorizations, complete questions 1-4 on page 9-7. (8 points) Authentication, authorization, and accounting 2. User name and password In addition to the first factor, the second factor is something a user has Like a token of 3. some sort, or it can be something you are such as a biometric. Therefore making it something you know plus something you have or something you are. Three factor uses something you know, something you have and something you are all 4. together. Example a user name, a token and scan of fingerprint. Complete A-2: Hashing data, complete questions 1-3 on page 9-9. (6 points) The Security Accounts Manager (SAM) is the storing location for Windows Vista. The default setting that is in Windows Vista, was disabled by default in previous versions of Windows. The enabling of this setting does not immediately clear the LM hash values 2. from the SAM, but enables an additional check during password change operations that will instead store a "dummy" value in the location in the SAM database where the LM hash is otherwise stored. 3. Because NTLM hashes can be more difficult to crack when used with strong passwords. 4 P a g e

5 Complete A-3: Identifying the requirements of a secure authentication system, complete questions 1 and 2 on page 9-1 (4 points) No site is completely secure from predators, what we as parents have to do is to educate our children about what predators are and what to look for and that they report any suspicious activities to the parents. Parents will need to ensure to have a way to maintain parental controls in order to access the sites that their children visit and in order to secure the sites, parents must ensure to have the latest up to date anti-spy ware or any other form of protection that can gather information on their children. Limiting access to websites and education is the key, particularly social networking sites are possible ways to protect vulnerable age groups from online predators and cyber-bullying. In order to make it easy and comfortable for your customers, you would need to encrypt their data for transmission. That is why Secure Sockets Layer (SSL) was created, SSL uses a complex system of key exchanges between your browser and the server you are communicating with in order to encrypt the data before transmitting it across the web. A 2. web page with an active SSL session is what we would say is "secure". That way a customer can input their data for verification prior to purchase completion and your company can have a tracking mechanism in place to verify either an address or CCV from their credit card to validate its legitimacy. Complete A-4: Examining the components of Kerberos, complete questions 1 through 5 on page (10 points) Two vulnerabilities are authentication against weak passwords and denial of service attacks and clocks being loosely synchronized which would allow injection and execution of an attacker to impersonate any authorized user. 2. B 4. B 3. None 5. D Complete C-1: Examining RADIUS and Diameter authentication, complete questions 1-7 on page (14 points) Benefits of using RADIUS authentication compared to configuring your network access servers to perform authentication is that you can manage access using RADIUS user or group account information, restrict access to specific filters, monitoring tools and TAPS and SPAN ports and users must be authenticated and granted permission before gaining access to certain network devices, ports, or services. 2. False 5 P a g e

6 3. Secret key 4. IPsec with encapsulating security payload (ESP) 5. B 6. Supports end-to-end security through IPsec, TLS, or both. Message tampering can be detected and handled. 7. True Complete C-5: Comparing VPN protocols, complete questions 1-4 on page (8 points) L2TP is generally a combination of the best features of PPTP and L2F and provides tunneling over IP, X.25, Frame relay, and ATM networks. L2TP relies on IPsec for encryption and RADIUS or TACACS + for authentication. 2. Point to Point tunneling Protocol (PPTP) and Layer 2 Forwarding Tunneling mode because it encrypts the entire packet then it hides the source and 3. destination addresses so eavesdroppers cannot glean information about your internal network configuration. SSH offers security mechanisms that protect the users against anyone with malicious intent while Telnet and FTP has no security measures. SSH uses a public key to authenticate the source of the data. SSH is more secure compared to Telnet and FTP 4. SSH encrypts the data while Telnet sends data in plain text SSH uses a public key for authentication while Telnet does not use any authentication SSH adds a bit more overhead to the bandwidth compared to Telnet Complete Unit 9 review questions, pages 9-52 through 9-54 (48 points) Authentication, authorization, and accounting 2. One-factor authentication typically uses just something you know a username and password. Two-factor authentication adds something you have or something you are the username and password are combined with a token or a biometric reading. Three-factor authentication combines something you know, something you have, and something you are typically a username and password, a token, and a biometric reading. 3. An NTLM hash is more secure. LM hashes start by converting all 13. IPsec or TLS 14. Simple Bind, Simple Authentication and Security Layer, and Anonymous Bind 15. False 6 P a g e

7 characters to uppercase then storing the hash in two 7-byte strings; longer passwords are truncated and shorter passwords are padded with null characters. 4. Administrators use password 16. TCP cracking tools to test the vulnerability of their networks to possible attacks. They might also use the tools to access systems or devices where the password has been lost. 5. True 17. the entire message and not just the message body. 6. D 18. Network Policy Services 7. A device that acts as a transparent bridge between wireless clients and a wired network. 19. authentication, tunneling, and encryption 8. Access control, Encryption, Authentication, and Isolation 9. False 2 PPTP and L2TP 10. RADIUS server 22. Transport and tunnel 1 RADIUS client 23. True 12. A realm defines a namespace. 24. PPP 20. Authentication before connection, trusted delivery network, and Secure VPN Case Problems Critical Thinking (40 points) The Maple County Court is redesigning its network to ensure more security. The court has four Red Hat Enterprise Linux servers and three Windows Server systems. One of the Windows Server systems is connected to a DSL line and shares network connectivity with other computers on the court s network. The same server also has and SMTP services for handling . All of the users on the court s network have computers with Windows XP Professional. The court has an Optical Ethernet WAN connection to the Sheriff s Department and another one to the Maple City Police Department. There is also an Optical Ethernet WAN connection to the Maple City and County Building. The county judges are concerned about security on the Maple County Court network and hire you via Network Design Consultants to assess their security needs. Question 5-1: Preparing a Seminar about attacks (10 points) The judges ask you to give all court employees a short seminar about malicious attacks on computers and networks. Prepare some notes you can use in your presentation. 7 P a g e

8 Answer: A few things to cover during a seminar should include procedures on how to express that networks are attacked daily. One procedure is that we would need to inform them of is to think like a hacker and express the fundamentals of a security policy, the importance of routers and firewalls in implementing your plan, how to improve your firewall and other tools that you can use in the future. Many people conduct malicious attacks or computer crimes encompass unauthorized or illegal activities perpetrated using computers and other technological hardware. Lastly, seminars should cover disaster recovery so in the event of a computer disaster the information provided will show them how to react and how to take appropriate measures. Question 5-2: Security for a Server (10 points) When you examine the DSL connection to the Windows server you realize there is no particular security on the server other than file and folder permissions. What security improvements do your recommend to the judges? Answer: Question 5-3: Locating a New Web server (10 points) The clerk of the court wants to add a Web server to the network for public access to general information about the court system and its judges. Where would you place the Web server? Answer: Web servers cannot always be as secure as we would like them to be however, one solution for placing the Web server and improving the security would be is to put it behind a firewall or put the Web server on a screened subnet or DMZ. The firewall could defend both your Web server and the internal network against attacks. Question 5-4: Spam Problem (10 points) The court has always had an annoying and time-wasting problem with spam. What steps do you recommend they take to address this problem? Answer: First, I would refer them to report the problem to the spam abuse desk at your Internet Service Provider (ISP). Second, inform them to block unwanted junk and turn on their e- mail service's spam filter. Lastly, the only effective solution is to close the or web account and start over. 8 P a g e