PROTECTING INFORMATION ASSETS NETWORK SECURITY

Similar documents
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Understanding Cisco Cybersecurity Fundamentals

Network Security. Thierry Sans

Education Network Security

Implementing Cisco Cybersecurity Operations

CompTIA Network+ Study Guide Table of Contents

CIH

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

CHCSS. Certified Hands-on Cyber Security Specialist (510)

CSE 565 Computer Security Fall 2018

Security+ SY0-501 Study Guide Table of Contents

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Security Assessment Checklist

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Fundamentals of Network Security v1.1 Scope and Sequence

Automating the Top 20 CIS Critical Security Controls

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Software Development & Education Center Security+ Certification

Vulnerability Management

Implementing Cisco Network Security (IINS) 3.0

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

CSE 565 Computer Security Fall 2018

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.

Awareness Technologies Systems Security. PHONE: (888)

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

Firewalls, IDS and IPS. MIS5214 Midterm Study Support Materials

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Broadcast Infrastructure Cybersecurity - Part 2

IxLoad-Attack TM : Network Security Testing

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Total Security Management PCI DSS Compliance Guide

Syllabus: The syllabus is broadly structured as follows:

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

The following chart provides the breakdown of exam as to the weight of each section of the exam.

ITdumpsFree. Get free valid exam dumps and pass your exam test with confidence

Check Point DDoS Protector Introduction

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

Wired internetworking devices. Unit objectives Differentiate between basic internetworking devices Identify specialized internetworking devices

PrecisionAccess Trusted Access Control

Network Protocols - Revision

Introduction p. 1 The Need for Security p. 2 Public Network Threats p. 2 Private Network Threats p. 4 The Role of Routers p. 5 Other Security Devices

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Chapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.

Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code

The GenCyber Program. By Chris Ralph

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Network Security: Firewall, VPN, IDS/IPS, SIEM

ASA/PIX Security Appliance

Computer and Network Security

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

CIS Controls Measures and Metrics for Version 7

Hands-On TCP/IP Networking

Threat Pragmatics. Target 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Corrigendum 3. Tender Number: 10/ dated

K12 Cybersecurity Roadmap

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

CIS Controls Measures and Metrics for Version 7

Computer Networks (Introduction to TCP/IP Protocols)

Unlocking the Power of the Cloud

Contents at a Glance

Chapter 8 roadmap. Network Security

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Gladiator Incident Alert

Hands-On Ethical Hacking and Network Defense

SECURITY PRACTICES OVERVIEW

CCNA Exploration Network Fundamentals

Computer Network Vulnerabilities

Fundamentals of IP Networking 2017 Webinar Series Part 5 Cybersecurity Fundamentals & Securing the Network

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

Simple and Powerful Security for PCI DSS

Cybersecurity Auditing in an Unsecure World

align security instill confidence

Certified Ethical Hacker (CEH)

External Supplier Control Obligations. Cyber Security

Cisco CCNA (ICND1, ICND2) Bootcamp

A. The portal will function as an identity provider and issue an authentication assertion

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

INFS 766 Internet Security Protocols. Lecture 1 Firewalls. Prof. Ravi Sandhu INTERNET INSECURITY

CompTIA Security+ (Exam SY0-401)

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

UCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:

CIT 380: Securing Computer Systems. Network Security Concepts

Networks Fall This exam consists of 10 problems on the following 13 pages.

Watson Developer Cloud Security Overview

Transcription:

PROTECTING INFORMATION ASSETS NETWORK SECURITY

PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security 10+ years as a CISSP Graduate of Fox School of Business, MBA Assistant Director of Network Security for Temple University Adjunct Professor for ITACS: Network Security IT Governance

SIMPLE DEFINITIONS OF NETWORK SECURITY The purpose of network security is to protect the network and its component parts from unauthorized access and misuse The policies, practices and technology employed to prevent unauthorized access, misuse, modification, or denial of a computer network and network resources.

What is Security Posture? It is your overall security plan the approach your business takes to security, from planning to implementation. It is comprised of technical and non-technical policies, procedures and controls, that protect you from both internal and external threats

How Networks Work Network Security Security Posture Governance (Placing Limits) Compliance and Alignment with Laws Management Frameworks Risks Created by Paul M. Smith, MBA, CISSP

How Networks Work Network Security Security Posture Governance (Placing Limits) Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws Management Frameworks Risks Created by Paul M. Smith, MBA, CISSP

How Networks Work Network Security Security Posture Governance (Placing Limits) Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Management Frameworks Risks Created by Paul M. Smith, MBA, CISSP

How Networks Work Network Security Security Posture Governance (Placing Limits) Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Management Frameworks Best Practices Guidelines Gap Analysis NIST 800-53 FIPS 199 ISO 27001 / 27002 COBIT/DSS05.x/APO13 CSET Assessment Risks Created by Paul M. Smith, MBA, CISSP

How Networks Work Network Security Security Posture Governance (Placing Limits) Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Management Frameworks Best Practices Guidelines Gap Analysis NIST 800-53 FIPS 199 ISO 27001 / 27002 COBIT/DSS05.x/APO13 CSET Assessment Risks Created by Paul M. Smith, MBA, CISSP Risk acceptance Risk avoidance Risk transfer Risk mitigation Risk assessments Likelihood Impact SP800-30 ISO 27005

How Networks Work Network Security Security Posture Governance (Placing Limits) Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Management Frameworks Best Practices Guidelines Gap Analysis NIST 800-53 FIPS 199 ISO 27001 / 27002 COBIT/DSS05.x/APO13 CSET Assessment Risks Created by Paul M. Smith, MBA, CISSP Risk acceptance Risk avoidance Risk transfer Risk mitigation Risk assessments Likelihood Impact SP800-30 ISO 27005

How Networks Work Network Security Security Posture Governance (Placing Limits) OSI Model Well-known ports Encapsulation Connection vs connectionless Three-way handshake Packet Analysis What is an anomaly Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Management Frameworks Best Practices Guidelines Gap Analysis NIST 800-53 FIPS 199 ISO 27001 / 27002 COBIT/DSS05.x/APO13 CSET Assessment Risks Created by Paul M. Smith, MBA, CISSP Risk acceptance Risk avoidance Risk transfer Risk mitigation Risk assessments Likelihood Impact SP800-30 ISO 27005

How Networks Work Network Security Security Posture Governance (Placing Limits) OSI Model Internet Protocols Well-known ports Encapsulation Connection vs connectionless Three-way handshake Packet Analysis What is an anomaly DHCP SSH ARP DNS MAC TLS/SSL FTP TCP SNMP HTTP UDP IPSec NTP ICMP IPv4 v6 Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Management Frameworks Best Practices Guidelines Gap Analysis NIST 800-53 FIPS 199 ISO 27001 / 27002 COBIT/DSS05.x/APO13 CSET Assessment Risks Created by Paul M. Smith, MBA, CISSP Risk acceptance Risk avoidance Risk transfer Risk mitigation Risk assessments Likelihood Impact SP800-30 ISO 27005

How Networks Work Network Security Security Posture Governance (Placing Limits) OSI Model Internet Protocols Well-known ports Encapsulation Connection vs connectionless Three-way handshake Packet Analysis What is an anomaly DHCP SSH ARP DNS MAC TLS/SSL FTP TCP SNMP HTTP UDP IPSec NTP ICMP IPv4 v6 Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Network Types Public IP Addressing Private IP Addressing Network Address Translation Cloud Computing Management Frameworks Best Practices Guidelines Gap Analysis NIST 800-53 FIPS 199 ISO 27001 / 27002 COBIT/DSS05.x/APO13 CSET Assessment Risks Created by Paul M. Smith, MBA, CISSP Risk acceptance Risk avoidance Risk transfer Risk mitigation Risk assessments Likelihood Impact SP800-30 ISO 27005

How Networks Work Network Security Security Posture Governance (Placing Limits) OSI Model Internet Protocols Well-known ports Encapsulation Connection vs connectionless Three-way handshake Packet Analysis What is an anomaly DHCP SSH ARP DNS MAC TLS/SSL FTP TCP SNMP HTTP UDP IPSec NTP ICMP IPv4 v6 Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Network Types Components Public IP Addressing Private IP Addressing Network Address Translation Cloud Computing Hubs vs Switches Routers Wireless Intrusion Prevention and Detection Virtual Local-Area-Networks (VLANs) Management Frameworks Best Practices Guidelines Gap Analysis NIST 800-53 FIPS 199 ISO 27001 / 27002 COBIT/DSS05.x/APO13 CSET Assessment Risks Created by Paul M. Smith, MBA, CISSP Risk acceptance Risk avoidance Risk transfer Risk mitigation Risk assessments Likelihood Impact SP800-30 ISO 27005

How Networks Work Network Security Security Posture Governance (Placing Limits) OSI Model Internet Protocols Well-known ports Encapsulation Connection vs connectionless Three-way handshake Packet Analysis What is an anomaly DHCP SSH ARP DNS MAC TLS/SSL FTP TCP SNMP HTTP UDP IPSec NTP ICMP IPv4 v6 Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Network Types Components Security Technology Created by Paul M. Smith, MBA, CISSP Public IP Addressing Private IP Addressing Network Address Translation Cloud Computing Hubs vs Switches Routers Wireless Intrusion Prevention and Detection Virtual Local-Area-Networks (VLANs) Firewalls Types, placement, rulesets, NAT Cryptography Algorithms, secret/public keys, CA Intrusion Prevention and Detection Management Frameworks Best Practices Guidelines Gap Analysis NIST 800-53 FIPS 199 ISO 27001 / 27002 COBIT/DSS05.x/APO13 CSET Assessment Risks Risk acceptance Risk avoidance Risk transfer Risk mitigation Risk assessments Likelihood Impact SP800-30 ISO 27005

How Networks Work Network Security Security Posture Governance (Placing Limits) OSI Model Internet Protocols Well-known ports Encapsulation Connection vs connectionless Three-way handshake Packet Analysis What is an anomaly DHCP SSH ARP DNS MAC TLS/SSL FTP TCP SNMP HTTP UDP IPSec NTP ICMP IPv4 v6 Concepts CIA Triad Security Architecture Segmentation/Zones Perimeter Defense Defense-in-Depth Least Privilege Threat Landscape Due Care Due Diligence Redundancy / HA Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Network Types Components Public IP Addressing Private IP Addressing Network Address Translation Cloud Computing Hubs vs Switches Routers Wireless Intrusion Prevention and Detection Virtual Local-Area-Networks (VLANs) Management Frameworks Best Practices Guidelines Gap Analysis NIST 800-53 FIPS 199 ISO 27001 / 27002 COBIT/DSS05.x/APO13 CSET Assessment Risks Security Technology Created by Paul M. Smith, MBA, CISSP Firewalls Types, placement, rulesets, NAT Cryptography Algorithms, secret/public keys, CA Intrusion Prevention and Detection Risk acceptance Risk avoidance Risk transfer Risk mitigation Risk assessments Likelihood Impact SP800-30 ISO 27005

How Networks Work Network Security Security Posture Governance (Placing Limits) OSI Model Internet Protocols Well-known ports Encapsulation Connection vs connectionless Three-way handshake Packet Analysis What is an anomaly DHCP SSH ARP DNS MAC TLS/SSL FTP TCP SNMP HTTP UDP IPSec NTP ICMP IPv4 v6 Concepts CIA Triad Security Architecture Segmentation/Zones Perimeter Defense Defense-in-Depth Least Privilege Threat Landscape Due Care Due Diligence Redundancy / HA Threats and Attacks Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Network Types Components Public IP Addressing Private IP Addressing Network Address Translation Cloud Computing Hubs vs Switches Routers Wireless Intrusion Prevention and Detection Virtual Local-Area-Networks (VLANs) Threat Landscape Reconnaissance Vulnerabilities (CVEs) DDoS / DOS Sniffers Social Engineering Data Harvesting Cyber Kill Chain Management Frameworks Best Practices Guidelines Gap Analysis NIST 800-53 FIPS 199 ISO 27001 / 27002 COBIT/DSS05.x/APO13 CSET Assessment Risks Security Technology Created by Paul M. Smith, MBA, CISSP Firewalls Types, placement, rulesets, NAT Cryptography Algorithms, secret/public keys, CA Intrusion Prevention and Detection Risk acceptance Risk avoidance Risk transfer Risk mitigation Risk assessments Likelihood Impact SP800-30 ISO 27005

How Networks Work Network Security Security Posture Governance (Placing Limits) OSI Model Internet Protocols Well-known ports Encapsulation Connection vs connectionless Three-way handshake Packet Analysis What is an anomaly DHCP SSH ARP DNS MAC TLS/SSL FTP TCP SNMP HTTP UDP IPSec NTP ICMP IPv4 v6 Concepts CIA Triad Security Architecture Segmentation/Zones Perimeter Defense Defense-in-Depth Least Privilege Threat Landscape Due Care Due Diligence Redundancy / HA Threats and Attacks Organizational Culture Policy and Strategy Ethical Issues Balance = Trade-offs What are you governing? Asset Classification (FIPS 199) Compliance and Alignment with Laws HIPAA (Healthcare) PCI-DSS (Retail) GLBA (Financial Sector) FISMA (Government) SOX (Corporate) Network Types Components Public IP Addressing Private IP Addressing Network Address Translation Cloud Computing Threat Landscape Reconnaissance Vulnerabilities (CVEs) DDoS / DOS Sniffers Social Engineering Data Harvesting Cyber Kill Chain Hubs vs Switches Routers Wireless Intrusion Prevention and Detection Virtual Local-Area-Networks (VLANs) Security Operations Management Frameworks Best Practices Guidelines Gap Analysis NIST 800-53 FIPS 199 ISO 27001 / 27002 COBIT/DSS05.x/APO13 CSET Assessment Risks Security Technology Created by Paul M. Smith, MBA, CISSP Firewalls Types, placement, rulesets, NAT Cryptography Algorithms, secret/public keys, CA Intrusion Prevention and Detection Security Operations Centers (SOC) Continuous Monitoring Security Incident Event Mgmt (SIEM) Subject Matter Experts (SMEs) Process / Operational controls Logical Controls Technical Controls Risk acceptance Risk avoidance Risk transfer Risk mitigation Risk assessments Likelihood Impact SP800-30 ISO 27005

MOVING DATA Addressing Data Packets Delivery Method

BASIC NETWORKING - MAC ADDRESSES 00-07-95-b2-56-85 00-07-95-b2-56-68 A Media Access Control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. The Address Resolution Protocol (ARP) is a telecommunication protocol used for discovering the MAC Addresses of known Internet Protocol (IP) addresses LAN 00-07-a2-b2-56-56 00-07-95-a2-65-10 ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network.

BASIC NETWORKING PORTS MACHINES LISTEN TO FOR DATA TRAFFIC 00-07-95-b2-56-85 80 00-07-95-b2-56-68 Port 80: Web Port 443: Secure web Port 1433: SQL Database Port 1521: Oracle Database Scan networks for these ports to identify which servers are offering which services LAN 1433 00-07-a2-b2-56-56 00-07-95-a2-65-10

A data packet is typically forwarded from one router to another through the networks that constitute the internetwork until it reaches its destination node. BASIC NETWORKING ROUTERS 00-07-95-b2-56-68 00-07-95-b2-56-85 10.100.1.50 10.100.1.10 192.168.0.20 192.168.0.100 SQL Server Listening:1433 192.168.0.1 LAN 2 01-01-c2-a2-56-65 10.100.1.1 LAN 1 1433 Router 192.168.0.10 192.168.0.12 00-07-a2-b2-56-56 10.100.1.11 00-07-95-a2-65-10 10.100.1.20 A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet.

MODELS AND PROTOCOLS

OSI MODEL Developed by ISO International Organization of Standardization Layered, each level sends to the layer above or below.

BENEFITS OF OSI MODEL Common Language Acceptable Behavior Protocols: set of rules that dictates how computers communicate over networks TCP/IP is a suite of protocols - de facto standard of the internet

DATA FLOW OSI MODEL Data encapsulation occurs as data travels down the stack. Data DE-capsulation = stripping off layers as the data travels up the stack.

PACKETS

TWO MODELS

SWITCHED ENVIRONMENTS

NONE-SWITCH ENVIRONMENTS Broadcast Domain All packets received by the hub are transmitted out all ports. 00-07-95-b2-56-85 10.100.1.10 00-07-95-b2-56-85 10.100.1.12 00-07-95-b2-56-88 10.100.1.120 00-07-95-b2-56-90 10.100.1.130 00-07-a2-b2-56-56 10.100.1.11 00-07-95-b2-56-85 10.100.1.13 00-07-a2-b2-56-57 10.100.1.111 00-07-95-b2-56-95 10.100.1.101 00-07-95-a2-65-10 10.100.1.20 00-07-95-a2-65-11 10.100.1.200

SWITCH ENVIRONMENTS Packets received by the switch are transmitted out ports based on destination mac addresses Broadcast Domain 00-07-95-b2-56-85 10.100.1.10 00-07-95-b2-56-85 10.100.1.12 00-07-95-b2-56-88 10.100.1.120 00-07-95-b2-56-90 10.100.1.130 00-07-a2-b2-56-56 10.100.1.11 00-07-95-b2-56-85 10.100.1.13 00-07-a2-b2-56-57 10.100.1.111 00-07-95-b2-56-95 10.100.1.101 00-07-95-a2-65-10 10.100.1.20 00-07-95-a2-65-11 10.100.1.200

Router A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. - Wikipedia Broadcast Mac: FF:FF:FF:FF:FF:FF Broadcast Mac: FF:FF:FF:FF:FF:FF Broadcast Domain 1 Broadcast Domain 2 Switch Switch 00-07-95-b2-56-85 10.100.1.10 00-07-95-b2-56-85 10.100.1.12 00-07-95-b2-56-88 10.100.200.120 00-07-95-b2-56-90 10.100.200.130 00-07-a2-b2-56-56 10.100.1.11 00-07-95-b2-56-85 10.100.1.13 00-07-a2-b2-56-57 10.100.200.111 00-07-95-b2-56-95 10.100.200.101 00-07-95-a2-65-10 10.100.1.20 00-07-95-a2-65-11 10.100.200.200

IP ADDRESSING IP ADDRESSING IS THE LAYER ABOVE MAC ADDRESSING

IP ADDRESSING What is it? Postal System for packets Street, City and ZIP code Network ID vs. Host ID

IP ADDRESSING Private vs public addressing Internet Engineering Task Force s RFC 1918 architecture sets three blocks of IP addresses for private/internal (local area network) use Address ranges are not routed on the Internet Addresses require Network Address Translation or NAT to access the Internet

BROADCAST DOMAIN

Router Packet DST = 10.100.1.255 Packet SRC=10.100.200.130 (Spoofed) Broadcast IP: 10.100.1.255 Broadcast IP: 10.100.200.255 Broadcast Domain 1 Broadcast Domain 2 Switch Switch 00-07-95-b2-56-85 10.100.1.10 00-07-95-b2-56-85 10.100.1.12 00-07-95-b2-56-88 10.100.200.120 00-07-95-b2-56-90 10.100.200.130 00-07-a2-b2-56-56 10.100.1.11 00-07-95-b2-56-85 10.100.1.13 00-07-a2-b2-56-57 10.100.200.111 00-07-95-b2-56-95 10.100.200.101 00-07-95-a2-65-10 10.100.1.20 00-07-95-a2-65-11 10.100.200.200

Router The router will change the DST mac address to FF:FF:FF:FF:FF:FF Packet DST = 10.100.1.255 Broadcast IP: 10.100.1.255 Broadcast Domain 1 Broadcast Domain 2 Switch Switch 00-07-95-b2-56-85 10.100.1.10 00-07-95-b2-56-85 10.100.1.12 00-07-95-b2-56-88 10.100.200.120 00-07-95-b2-56-90 10.100.200.130 00-07-a2-b2-56-56 10.100.1.11 00-07-95-b2-56-85 10.100.1.13 00-07-a2-b2-56-57 10.100.200.111 00-07-95-b2-56-95 10.100.200.101 00-07-95-a2-65-10 10.100.1.20 00-07-95-a2-65-11 10.100.200.200

Router Each receiving machine will send a reply to Packet DST=10.100.200.130 Broadcast IP: 10.100.1.255 Broadcast IP: 10.100.200.255 Broadcast Domain 1 Broadcast Domain 2 Switch Switch 00-07-95-b2-56-85 10.100.1.10 00-07-95-b2-56-85 10.100.1.12 00-07-95-b2-56-88 10.100.200.120 00-07-95-b2-56-90 10.100.200.130 00-07-a2-b2-56-56 10.100.1.11 00-07-95-b2-56-85 10.100.1.13 00-07-a2-b2-56-57 10.100.200.111 00-07-95-b2-56-95 10.100.200.101 00-07-95-a2-65-10 10.100.1.20 00-07-95-a2-65-11 10.100.200.200

Router Each receiving machine will send a reply to Packet SRC=10.100.200.130 Broadcast IP: 10.100.1.255 Broadcast IP: 10.100.200.255 Broadcast Domain 1 Broadcast Domain 2 Switch Switch 00-07-95-b2-56-85 10.100.1.10 00-07-95-b2-56-85 10.100.1.12 00-07-95-b2-56-88 10.100.200.120 00-07-95-b2-56-90 10.100.200.130 00-07-a2-b2-56-56 10.100.1.11 00-07-95-b2-56-85 10.100.1.13 00-07-a2-b2-56-57 10.100.200.111 00-07-95-b2-56-95 10.100.200.101 00-07-95-a2-65-10 10.100.1.20 00-07-95-a2-65-11 10.100.200.200

NETWORK ARCHITECTURES Access costs, speed, flexibility and reliability Critical infrastructure Risk of downtime (loss of availability)? Impact of downtime? Business Continuality Planning Role of Highly Available and Redundant networks

00-07-95-b2-56-85 10.100.1.10 00-07-95-b2-56-85 10.100.1.10 00-07-95-a2-65-10 10.100.1.20 00-07-95-a2-65-10 10.100.1.20 Switch 00-07-95-b2-56-85 10.100.1.12 00-07-95-b2-56-85 10.100.1.12 00-07-95-b2-56-85 10.100.1.13 00-07-95-b2-56-85 10.100.1.13 00-07-95-b2-56-88 10.100.200.120 00-07-95-b2-56-88 10.100.200.120 00-07-a2-b2-56-57 10.100.200.111 00-07-a2-b2-56-57 10.100.200.111 00-07-95-b2-56-90 10.100.200.130 00-07-95-b2-56-90 10.100.200.130 00-07-95-b2-56-95 10.100.200.101 00-07-95-b2-56-95 10.100.200.101 00-07-a2-b2-56-56 10.100.1.11 00-07-a2-b2-56-56 10.100.1.11 Switch 00-07-95-a2-65-11 10.100.200.200 00-07-95-a2-65-11 10.100.200.200 Router 1 Router 2 Router Cluster Dual Connected switches

DOMAIN NAME SYSTEM (DNS) Hostname-to-IP addressing translation: www.cnn.com to 151.101.32.73

DOMAIN NAME SERVER (DNS) Hierarchical structure Root Servers Top-level domains Split-DNS Internal vs External facing Vulnerability to attack

FIREWALLS

FIREWALL ROLES AND PLACEMENT Placed at network borders Network Address Translation (NAT) Packet filtering IP-Address Port Application based Stateful inspection Reassembling packets first IPS Inspections All equal overhead processing

ENCRYPTION

ENCRYPTION Protecting data in-transit Becoming the standard for data transmission and storage in large companies Encryption IPSEC and TLS

ENCRYPTION BASICS

AVOID USING CLEAR TEXT SERVICES

ATTACKS

ATTACK METHODOLOGY Reconnaissance Scanning Gaining Access (Exploit) Elevating Access Exfiltration/ Modify Clearing Tracks

ATTACK METHODOLOGY/COUNTER MEASURES Port / Network Level Filter Firewall or ACL Reconnaissance Scanning Vulnerability Patching System Patching Password Policy Least-privilege Gaining Access (Exploit) Elevating Access System Patching Password Policy Least-privilege Monitor IPFlows Encryption File Logging Exfiltration/ Modify Clearing Tracks Move logs off to SIEMS

DENIAL OF SERVICE ATTACKS (DOS) Rather than gaining access, deny access to others! Two Types DoS or Distributed DoS By preventing networks and servers from handling legitimate traffic, attackers deny service. Overwhelm firewalls or servers with invalid traffic patterns that consume bandwidth, memory or CPU resources. Distributed means leveraging others in the attack.

HOW DOS WORKS SYN attack: attacker ignored syn/ack return, each SYN takes up a TCP connection on the server. Goal is to exhaust TCP connection table. Reflective DoS: spoof the sending IP address so return syn/ack traffic attacks another IP. Distributed DoS: Have multiple Zombie machines in a BOT Net attack a single IP. UDP attacks: flooding the pipes or links with traffic Which does not need Three-Way Handshake. Forces routers and firewalls to process useless traffic.

HOW TO COUNTER DOS Anomaly detection Usual traffic patterns Network traffic which breaks rules Install an Anomaly detection appliance Turn on features on firewalls Not the same a signature based Intrusion Detection (IPS)

INTRUSION DETECTION VS PREVENTION Monitor Mode Signature Based

SIGNATURE VS BEHAVIOR Signature-based Knowledge based Database of signatures Needs constant updates Zero-day attacks missed Behavior-based Statistical or anomaly based Many false positives Compares activity to normal (Baselines)

SUMMARY OF BEST PRACTICE STEPS Segment Hosts and Broadcast Domains (vlans, switches, routers) Know where your data is and classify it (Data classification standards, policy) Control which hosts can talk. (Router Access Control Lists or Firewall rules) Reduce exposure to untrusted networks (Firewalls) Good host hygiene. (Patch Management, vulnerability management) Know your own network (Discover scans to look for new hosts usually not patched!) Protecting Data (Encryption at rest and Encryption in-transit)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback