CISNTWK-440. Chapter 5 Network Defenses

Similar documents
Chapter 9. Firewalls

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Computer Network Vulnerabilities

COMPUTER NETWORK SECURITY

CyberP3i Course Module Series

Simple and Powerful Security for PCI DSS

CompTIA Security+ CompTIA SY0-401 Dumps Available Here at:

Spring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Hands-On Ethical Hacking and Network Defense 3 rd Edition

CSE 565 Computer Security Fall 2018

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

Computer Security and Privacy

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Network Security Terms. Based on slides from gursimrandhillon.files.wordpress.com

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0

CIH

ASA/PIX Security Appliance

Palo Alto Networks PCNSE7 Exam

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Activating Intrusion Prevention Service

Chapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.

Secure Network Design Document

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

Security Assessment Checklist

ASA Access Control. Section 3

Fundamentals of Network Security v1.1 Scope and Sequence

Reviewer s guide. PureMessage for Windows/Exchange Product tour

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

HikCentral V.1.1.x for Windows Hardening Guide

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Firewalls, IDS and IPS. MIS5214 Midterm Study Support Materials

Unit 4: Firewalls (I)

NETWORK THREATS DEMAN

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

CTS2134 Introduction to Networking. Module 08: Network Security

Indicate whether the statement is true or false.

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

HikCentral V1.3 for Windows Hardening Guide

Intrusion Detection Systems and Network Security

Improving Your Network Defense. Joel M Snyder Senior Partner Opus One

4.1.3 Filtering. NAT: basic principle. Dynamic NAT Network Address Translation (NAT) Public IP addresses are rare

CIS Controls Measures and Metrics for Version 7

Information About NAT

CompTIA. SY0-401 EXAM CompTIA Security+ Certification Exam. m/ Product: Demo. For More Information:

CIS Controls Measures and Metrics for Version 7

Newer Developments in Firewall Technology. The International Organization for Standardization s Open Systems Interconnect

Part 1. Lecturer: Prof. Mohamed Bettaz Coordinator: Prof. Mohamed Bettaz Internal Examiner: Dr. Mourad Maouche. Examination Paper

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

N exam.420q. Number: N Passing Score: 800 Time Limit: 120 min N CompTIA Network+ Certification

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

FIREWALL BEST PRACTICES TO BLOCK

The Privileged Remote Access Appliance in the Network

Configuring a Zone-Based Firewall on the Cisco ISA500 Security Appliance

Honeynets. Chris Brenton Dartmouth College Institute for Security Technology Studies (ISTS) ABSTRACT

Agenda of today s lecture. Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall

CompTIA Network+ Study Guide Table of Contents

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

IP Addressing and Subnetting

Who We Are.. ideras Features. Benefits

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Configuring Access Rules

Lab1. Definition of Sniffing: Passive Sniffing: Active Sniffing: How Does ARP Spoofing (Poisoning) Work?

Emerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan

IDS: Signature Detection

Trend Micro Deep Security

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Configuring NAT for IP Address Conservation

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Unit 5. System Security

The Privileged Access Appliance in the Network

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Exam: : VPN/Security. Ver :

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Why Firewalls? Firewall Characteristics

Barracuda Link Balancer

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Understanding Cisco Cybersecurity Fundamentals

Overview Intrusion Detection Systems and Practices

Cisco Self Defending Network

intelop Stealth IPS false Positive

CCNA Discovery 3 Chapter 8 Reading Organizer

Implementing Firewall Technologies

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Dynamic Datacenter Security Solidex, November 2009

Networking interview questions

Sample excerpt. HP ProCurve Threat Management Services zl Module NPI Technical Training. NPI Technical Training Version: 1.

Google Cloud Platform: Customer Responsibility Matrix. April 2017

CompTIA E2C Security+ (2008 Edition) Exam Exam.

CSC 5930/9010 Offensive Security: Lateral Movement

Firewalls 1. Firewalls. Alexander Khodenko

Information Security Controls Policy

Wireless-G Router User s Guide

Transcription:

CISNTWK-440 Intro to Network Security Chapter 5 Network Defenses 1

Objectives Explain how to enhance security through network design Define network address translation and network access control List the different types of network security devices and explain how they can be used 2

Crafting a Secure Network A common mistake in network security Attempt to patch vulnerabilities in a weak network that was poorly conceived and implemented from the start Securing a network begins with the design of the network and includes secure network technologies 3

Security through Network Design Subnetting IP addresses are actually two addresses: one part is a network address and one part is a host address Classful addressing The split between the network and host portions of the IP address originally was set on the boundaries between the bytes Subnetting or subnet addressing Allows an IP address to be split anywhere Networks can essentially be divided into three parts: network, subnet, and host 4

5

Security through Network Design (continued) 6

Security through Network Design (continued) Security is enhanced by subnetting a single network Multiple smaller subnets isolates groups of hosts Network administrators can utilize network security tools Makes it easier to regulate who has access in and out of a particular subnetwork Subnets also allow network administrators to hide the internal network layout 7

Security through Network Design Virtual LAN (VLAN) (continued) In most network environments, networks are divided or segmented by using switches A VLAN allows scattered users to be logically grouped together even though they may be attached to different switches Can reduce network traffic and provide a degree of security similar to subnetting: VLANs can be isolated so that sensitive data is transmitted only to members of the VLAN 8

9

10

Security through Network Design (continued) VLAN communication can take place in two ways All devices are connected to the same switch Traffic is handled by the switch itself Devices are connected to different switches A special tagging protocol must be used, such as the IEEE 802.1Q-2005 2005 A VLAN is heavily dependent upon the switch for correctly directing packets Attacks on the switch that attempt to exploit vulnerabilities such as weak passwords or default accounts are common 11

Security through Network Design Convergence (continued) One of the most visible unification efforts is a process known as convergence of voice and data traffic over a single IP network Advantages Cost savings Management Application development Infrastructure requirements Reduced regulatory requirements Increased user productivity 12

Security through Network Design (continued) 13

Security through Network Design (continued) Demilitarized Zone (DMZ) A separate network that sits outside the secure network perimeter Outside users can access the DMZ but cannot enter the secure network 14

Security through Network Design (continued) 15

Security through Network Design (continued) 16

Security through Network Technologies Network Address Translation (NAT) Hides the IP addresses of network devices from attackers Private addresses IP addresses not assigned to any specific user or organization Function as regular IP addresses on an internal network Non-routable addresses 17

Security through Network Technologies (continued) NAT removes the private IP address from the sender s packet And replaces it with an alias IP address When a packet is returned to NAT, the process is reversed An attacker who captures the packet on the Internet cannot determine the actual IP address of the sender 18

Security through Network Technologies (continued) 19

Security through Network Technologies (continued) Port address translation (PAT) A variation of NAT Each packet is given the same IP address but a different TCP port number Network Access Control (NAC) Examines the current state of a system or network device before it is allowed to connect to the network Any device that does not meet a specified set of criteria is only allowed to connect to a quarantine network where the security deficiencies are corrected 20

Goal of NAC Security through Network Technologies (continued) Prevent computers with sub-optimal security from potentially infecting other computers through the network Methods for directing the client to a quarantine VLAN Using a Dynamic Host Configuration Protocol (DHCP) server Using Address Resolution Protocol (ARP) poisoning 21

Security through Network Technologies (continued) 22

23

Security through Network Technologies (continued) 24

Applying Network Security Devices Devices include: Firewalls Proxy servers Honeypots Network intrusion detection systems Host and network intrusion prevention systems Protocol analyzers Internet content filters Integrated network security hardware 25

Firewall Firewall Typically used to filter packets Sometimes called a packet filter Designed to prevent malicious packets from entering the network A firewall can be software-based or hardware-based Hardware firewalls usually are located outside the network security perimeter As the first line of defense 26

Firewall (continued) 27

Firewall (continued) The basis of a firewall is a rule base Establishes what action the firewall should take when it receives a packet (allow, block, and prompt) Stateless packet filtering Looks at the incoming gpacket and permits or denies it based strictly on the rule base Stateful packet filtering Keeps a record of the state of a connection between an internal computer and an external server Then makes decisions based on the connection as well as the rule base 28

Firewall (continued) 29

Firewall (continued) 30

Firewall (continued) Personal software firewalls have gradually improved their functionality Most personal software firewalls today also filter outbound traffic as well as inbound traffic Protects users by ypreventing malware from connecting to other computers and spreading 31

32

Proxy Server Proxy server A computer system (or an application program) that intercepts internal user requests and then processes that request on behalf of the user Goal is to hide the IP address of client systems inside the secure network Reverse proxy Does not serve clients but instead routes incoming requests to the correct server 33

34

Proxy Server (continued) 35

Honeypot Honeypot Intended to trap or trick attackers A computer typically located in a DMZ that t is loaded d with software and data files that appear to be authentic Yet they are actually imitations of real data files Three primary purposes of a honeypot: Deflect attention Early warnings of new attacks Examine attacker techniqueses 36

Honeypot (continued) Types of honeypots Production honeypots Research honeypots Information gained from honeypots can be both useful as well as alarming Information gained from studies using honeypots can be helpful in identifying attacker behavior and crafting defenses 37

Network Intrusion Detection Systems (NIDS) Network intrusion detection system (NIDS) Watches for attempts to penetrate a network NIDS work on the principle i of comparing new behavior against normal or acceptable behavior ANIDSl looks for suspicious i patterns 38

Network Intrusion Detection Systems (NIDS) (continued) 39

Network Intrusion Detection Systems (NIDS) (continued) Functions a NIDS can perform: Configure the firewall to filter out the IP address of the intruder Launch a separate program to handle the event Play an audio file that says Attack is taking place Save the packets in a file for further analysis Send an entry to a system log file Send e-mail, page, or a cell phone message to the network administrator Terminate the TCP session by forging a TCP FIN packet to force a connection to terminate 40

Host and Network Intrusion Prevention Systems (HIPS/NIPS) Intrusion prevention system (IPS) Finds malicious traffic and deals with it immediately A typical IPS response may be to block all incoming traffic on a specific port Host intrusion prevention systems (HIPS) Installed on each system that needs to be protected Rely on agents installed directly on the system being protected Work closely with the operating system, monitoring and intercepting requests in order to prevent attacks 41

Host and Network Intrusion Prevention Systems (HIPS/NIPS) (continued) Most HIPS monitor the following desktop functions: System calls File system access System Registry settings Host input/output HIPS are designed to integrate with existing antivirus, anti-spyware, and firewalls HIPS provide an additional level of security that is proactive instead of reactive 42

Host and Network Intrusion Prevention Systems (HIPS/NIPS) (continued) Network intrusion prevention systems (NIPS) Work to protect the entire network and all devices that are connected to it By monitoring network traffic NIPS can immediately react to block a malicious attack NIPS are special-purpose hardware platforms that analyze, detect, and react to security-related events Can drop malicious traffic based on their configuration or security policy 43

Protocol Analyzers Three ways for detecting a potential intrusion Detecting statistical anomalies Examine network traffic and look for well-known patterns of attack Use protocol analyzer technology Protocol analyzers Can fully decode application-layerlayer network protocols Different parts of the protocol can be analyzed for any suspicious behavior 44

Internet Content Filters Internet content filters Monitor Internet traffic and block access to preselected Web sites and files A requested Web page is only displayed if it complies with the specified filters Unapproved Web sites can be restricted based on the Uniform Resource Locator (URL) or by matching keywords 45

Internet Content Filters (continued) 46

Integrated Network Security Hardware Types of hardware security appliances: Dedicated security appliances provide a single security service Multipurpose security appliances that provide multiple security functions Integrated network security hardware Combines or integrates multipurpose security appliances with a traditional network device such as a switch or router Particularly attractive for networks that use IDS 47

Summary Subnetting involves dividing a network into subnets that are connected through a series of routers Similar to subnetting, a virtual LAN (VLAN) allows users who may be scattered across different floors of a building or campuses to be logically ll grouped Convergence is the integration of voice and data traffic over a single IP network 48

Summary Network technologies can also help secure a network Network address translation (NAT) Network access control (NAC) 49

Summary (continued) Different network security devices can be installed to make a network more secure Network intrusion detection systems (NIDS) monitor the network for attacks and if one is detected will alert personnel or perform limited protection ti activities iti Internet content filters monitor Internet traffic and block attempts to visit restricted sites 50

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback