Best Practices With IP Security.

Similar documents
Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Chapter 4. Network Security. Part I

SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Define information security Define security as process, not point product.

ANATOMY OF AN ATTACK!

Ken Agress, Senior Consultant PlanNet Consulting, LLC.

Cisco Network Admission Control (NAC) Solution

Cyber Criminal Methods & Prevention Techniques. By

NETWORK THREATS DEMAN

Security Assessment Checklist

Cisco Self Defending Network

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

The UCSD Network Telescope

Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code

Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview

Chapter 9. Firewalls

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

ClearPath OS 2200 System LAN Security Overview. White paper

Securing CS-MARS C H A P T E R

Enterprise Network Security. Accessing the WAN Chapter 4

Distributed Systems. Lecture 14: Security. Distributed Systems 1

HikCentral V.1.1.x for Windows Hardening Guide

Distributed Systems. Lecture 14: Security. 5 March,

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Advanced Security Tester Course Outline

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Using a VPN with Niagara Systems. v0.3 6, July 2013

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Information System Security. Nguyen Ho Minh Duc, M.Sc

Chapter 5. Security Components and Considerations.

Investigative Response Case Metrics Initiative Preliminary findings from 700+ data compromise investigations

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Security+ SY0-501 Study Guide Table of Contents

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

Sample excerpt. HP ProCurve Threat Management Services zl Module NPI Technical Training. NPI Technical Training Version: 1.

2. INTRUDER DETECTION SYSTEMS

Semester 1. Cisco I. Introduction to Networks JEOPADY. Chapter 11

HikCentral V1.3 for Windows Hardening Guide

Ethical Hacking and Prevention

Unit 2 Assignment 2. Software Utilities?

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 2. Switch Concepts and Configuration. Part II

IC32E - Pre-Instructional Survey

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

The Evolving Threat of Internet Worms

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Centralized Control System Architecture

Symantec Client Security. Integrated protection for network and remote clients.

Security Baseline Data Model for Network Infrastructure Device draft-xia-sacm-nid-dp-security-baseline-00 draft-dong-sacm-nid-cp-security-baseline-00

COMPUTER NETWORK SECURITY

Security Hardening Checklist for Cisco Routers/Switches in 10 Steps

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

CERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES

Internet Security: Firewall

On the Effectiveness of Distributed Worm Monitoring

19.1. Security must consider external environment of the system, and protect it from:

CSC 5930/9010 Offensive Security: Lateral Movement

Security

CYBERSECURITY RISK LOWERING CHECKLIST

GSLC. GIAC Security Leadership.

Design your network to aid forensics investigation

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation

CTS2134 Introduction to Networking. Module 08: Network Security

QuickBooks Online Security White Paper July 2017

SECURING YOUR HOME NETWORK

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Network Device Forensics. Digital Forensics NETS1032 Winter 2018

Network Security Issues and New Challenges

Visibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed

Is Your Information Safe? Presented by: Jake Gibson IT Director, Eurofins

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

CCNP Switch Questions/Answers Securing Campus Infrastructure

CONTROL SYSTEM SECURITY

Modern IP Communication bears risks

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Training for the cyber professionals of tomorrow

Cisco Threat Awareness Service - Quick Start Guide. Last Updated: 16/06/16

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Wireless and Network Security Integration Solution Overview

Cybowall Configuration Guide

Security and Authentication

Keys to a more secure data environment

Security Policy (EN) v1.3

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

CS 356 Operating System Security. Fall 2013

CHAPTER 8 FIREWALLS. Firewall Design Principles

WHITE PAPER: IRONSHIELD BEST PRACTICES MANAGEMENT VLANS

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.

GUIDE. MetaDefender Kiosk Deployment Guide

Identity-Based Cyber Defense. March 2017

SYLLABUS. DIVISION: Business and Engineering Technology REVISED: FALL 2015 CREDIT HOURS: 4 HOURS/WK LEC: 4 HOURS/WK LAB: 0 LEC/LAB COMB: 4

Transcription:

Best Practices With IP Security Presented by Stuart Strong Presented by Stuart Strong s.strong@fecinc.com

What are the threats? Know your enemy Network telescope research Current measurement of network events Represents at least 1/256 th of illegitimate traffic Among the visible events are various forms of flooding DoS attacks, infection of hosts by Internet worms, and network scanning. http://www.caida.org/research/security/telescope/ This work would not be possible without the cooperation of UCSD Network Operations and support from DARPA, NSF, Cisco Systems and Caida members. http://www.caida.org/research/security/telescope/

What are the risks? Risk = threat x vulnerability x cost

Network vulnerability DoS attacks Change the source address To random IP address Or to a secondary target Scanning is used to find resources to attack

Who is attacked? These are locations of attacked computers 4 week average of source of backscatter dark traffic http://www.caida.org/data/realtime/telescope/?monitor=telescope_backscatter&row=timescales&col=sources&source s=src_country&graphs_sing=map&counters_sing=packets&timescales=672

Network configuration vulnerability Tracing route to customer-10-36-45-33.uninet.net.mxuninet net mx [10.36.45.33] over a maximum of 30 hops: 1 >>>11 137 ms 137 ms 137 ms wan-d34-0412-0009.uninet-ide.com.mx [10.134.176.237] 12 141 ms 141 ms 140 ms gw-bb-cun.cancun.com.mx [10.33.191.253] 13 137 ms 145 ms 137 ms noc.cancun.com.mx [10.33.188.5] 14 161 ms 157 ms 160 ms intercun-pya.cancun.com.mx [10.33.191.125] 15 170 ms 182 ms 197 ms ppp-190-129.cancun.com.mx [10.33.190.129] 16 198 ms 201 ms 265 ms intercun-pya.cancun.com.mx [10.33.191.125] 17 195 ms 196 ms 210 ms ppp-190-129.cancun.com.mx [10.33.190.129] 18 193 ms 201 ms 202 ms intercun-pya.cancun.com.mx [10.33.191.125] 19 244 ms 230 ms 209 ms ppp-190-129.cancun.com.mx [10.33.190.129] 20 231 ms 198 ms 230 ms intercun-pya.cancun.com.mx [10.33.191.125] 21 222 ms 223 ms 271 ms ppp-190-129.cancun.com.mx [10.33.190.129] 22 234 ms 252 ms 230 ms intercun-pya.cancun.com.mx [10.33.191.125] 23 262 ms 260 ms 256 ms ppp-190-129.cancun.com.mx [10.33.190.129] 24 259 ms 259 ms 262 ms intercun-pya.cancun.com.mx [10.33.191.125] 25 288 ms 247 ms 281 ms ppp-190-129.cancun.com.mx [10.33.190.129] 26 282 ms 257 ms 295 ms intercun-pya.cancun.com.mx [10.33.191.125] 27 292 ms 318 ms 305 ms ppp-190-129.cancun.com.mx [10.33.190.129] 28 320 ms 344 ms 290 ms intercun-pya.cancun.com.mx [10.33.191.125] 29 295 ms 304 ms 287 ms ppp-190-129.cancun.com.mx [10.33.190.129] 30 290 ms 307 ms 329 ms intercun-pya.cancun.com.mx [10.33.191.125]

Network scanning Sonic wall event logs, 100 days, all odd ports scanned

Network denial of service Node traffic overload = Denial of Service Compromising the routing table will create partitions in the network Five percent of the internet cannot connect to the rest of the internet

Network costs Can you harden your critical applications and equipment? What is the price of convenience vs. cost of being compromised? What is the cost your business integrity (intangible asset)? What are the costs of your equipment (tangible)? What are the appropriate tactics and strategy? One of the first rules in security is access Keys: physical and otherwise Encryption Doors: physical and otherwise Restricted routes

Network strategies Identify your assumptions Audit your network process Who is trusted and why? http://www.nanog.org/ispsecurity.html What has to be protected? Your only as secure as your weakest link Know your weaknesses Remember human factors

Network strategies Secure access Authentication: Who are you? Authorization: Limit the scope of access Accounting: Where have you been, and why? What are your company s policies? Security must be pervasive and enforced http://www.nanog.org/mtg-0310/kaeo.html

Network security tactics Control access Use appropriate p technology Passwords: change them Encryption of secrets Use built in technology Routers Access lists Source and destination limiting Disable the ability to discover your network Rate limiting iti commands Disable easily compromised technologies SNMP vs. SNMP v3: keep your secrets

Network security tactics Switches Be specific with trunk ports Turn off Dynamic Trunking Protocol on all ports Assign remaining ports to access VLANs Use DHCP snooping

Best practices for IP security Application level attack Intrusion detection systems Snort Use application layer gateway Has the ability to open and close pinholes dynamically in firewalls http://www.nanog.org/ispsecurity.html

Best practices for IP security Distributed Denial of Service Maintain current patch levels Install and maintain antivirus system Use application-aware IDP systems Establish policy-based security zones Use VLANS to protect voice/video traffic from data network attacks

Best practices for IP security Eavesdropping Isolate critical traffic on VLANS Apply encryption selectively Viruses Worms

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback