Contents at a Glance

Similar documents
ASA/PIX Security Appliance

Implementing Cisco Network Security (IINS) 3.0

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

CSE 565 Computer Security Fall 2018

Fundamentals of Network Security v1.1 Scope and Sequence

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

Understanding Cisco Cybersecurity Fundamentals

CIH

Security+ SY0-501 Study Guide Table of Contents

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Chapter 9. Firewalls

Securing CS-MARS C H A P T E R

Network Security in the Patched Environment. Guy Helmer, Ph.D. Palisade Systems, Inc.

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

CIS Controls Measures and Metrics for Version 7

CTS2134 Introduction to Networking. Module 08: Network Security

Introduction p. 1 The Need for Security p. 2 Public Network Threats p. 2 Private Network Threats p. 4 The Role of Routers p. 5 Other Security Devices

SYLLABUS. DIVISION: Business and Engineering Technology REVISED: FALL 2015 CREDIT HOURS: 4 HOURS/WK LEC: 4 HOURS/WK LAB: 0 LEC/LAB COMB: 4

Exam: : VPN/Security. Ver :

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

McAfee Network Security Platform Administration Course

CIS Controls Measures and Metrics for Version 7

CCNA Security PT Practice SBA

CS System Security 2nd-Half Semester Review

Computer Network Vulnerabilities

CND Exam Blueprint v2.0

Network Security Terms. Based on slides from gursimrandhillon.files.wordpress.com

Advanced Security and Mobile Networks

COMPUTER NETWORK SECURITY

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

AutoSecure. Finding Feature Information. Last Updated: January 18, 2012

Cisco Technologies, Routers, and Switches p. 1 Introduction p. 2 The OSI Model p. 2 The TCP/IP Model, the DoD Model, or the Internet Model p.

Broadcast Infrastructure Cybersecurity - Part 2

Network Security. Thierry Sans

Syllabus: The syllabus is broadly structured as follows:

Security Hardening Checklist for Cisco Routers/Switches in 10 Steps

Firewalls, Tunnels, and Network Intrusion Detection

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Chapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Cisco Security Monitoring, Analysis and Response System 4.2

HikCentral V.1.1.x for Windows Hardening Guide

CyberP3i Course Module Series

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

HP Instant Support Enterprise Edition (ISEE) Security overview

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

Firewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0

Network security session 9-2 Router Security. Network II

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Objectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats

Internet Security Firewalls

Gigabit SSL VPN Security Router

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

HikCentral V1.3 for Windows Hardening Guide

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Raj Jain. Washington University in St. Louis

Cisco 5921 Embedded Services Router

Cisco IPS AIM Deployment, Benefits, and Capabilities

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Cisco 5921 Embedded Services Router

CISNTWK-440. Chapter 5 Network Defenses

Introduction... 1 Book I: Overview... 5

Indicate whether the statement is true or false.

Network Security and Cryptography. 2 September Marking Scheme

Monitoring Remote Access VPN Services

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.

Certified Vulnerability Assessor

2. Firewall Management Tools used to monitor and control the Firewall Environment.

Simple and Powerful Security for PCI DSS

2. INTRUDER DETECTION SYSTEMS

CCNA Exploration Network Fundamentals

Chapter 3 Network Foundation Protection (NFP) Overview 39. Configuring and Implementing Switched Data Plane Security Solutions 57

CCNA Security 1.0 Student Packet Tracer Manual

Security+ Practice Questions Exam Cram 2 (Exam SYO-101) Copyright 2004 by Que Publishing. International Standard Book Number:

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

Siebel CRM. Siebel Security Hardening Guide Siebel Innovation Pack 2015 E

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

IPV6 SIMPLE SECURITY CAPABILITIES.

Hands-On Ethical Hacking and Network Defense 3 rd Edition

Choosing The Best Firewall Gerhard Cronje April 10, 2001

CompTIA Security+ Certification

Objective Applications, Devices, Protocols Applications, Devices, Protocols Classifying Network Components Objective 1.

Network Security and Cryptography. December Sample Exam Marking Scheme

10 Defense Mechanisms

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Firepower Threat Defense Site-to-site VPNs

ProCurve Network Immunity

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

Transcription:

Contents at a Glance Introduction 1 I The Essentials of Network Perimeter Security 1 Perimeter Security Fundamentals 7 2 Packet Filtering 23 3 Stateful Firewalls 55 4 Proxy Firewalls 87 5 Security Policy 105 II Fortifying the Security Perimeter 6 The Role of a Router 125 7 Virtual Private Networks 161 8 Network Intrusion Detection 201 9 Host Hardening 223 10 Host Defense Components 245 11 Intrusion Prevention Systems 273 III Designing a Secure Network Perimeter 12 Fundamentals of Secure Perimeter Design 301 13 Separating Resources 325 14 Wireless Network Security 353 15 Software Architecture 375 16 VPN Integration 395 17 Tuning the Design for Performance 419 18 Sample Designs 447

Contents at a Glance Introduction 1 I The Essentials of Network Perimeter Security 1 Perimeter Security Fundamentals 7 2 Packet Filtering 23 3 Stateful Firewalls 55 4 Proxy Firewalls 87 5 Security Policy 105 II Fortifying the Security Perimeter 6 The Roleofa Router 125 7 Virtual Private Networks 161 8 Network Intrusion Detection 201 9 Host Hardening 223 10 Host Defense Components 245 11 Intrusion Prevention Systems 273 III Desigmng a Secure Network Perimeter 12 Fundamentals of Secure Perimeter Design 301 13 Separating Resources 325 14 Wireless Network Security 353 15 Software Architecture 375 16 VPN Integration 395 17 Tuning the Design for Performance 419 18 Sample Designs 447

IV Maintaining and Monitoring Perimeter Security 19 Maintaining a Security Perimeter 471 20 Network Log Analysis 497 21 Troubleshooting Defense Components 517 22 Assessment Techniques 551 23 Design Under Fire 589 24 A Unified Security Perimeter: The Importance of Defense in Depth 619 V Appendixes A Cisco Access List Sample Configurations 641 B Crypto 101 657 Index 663

Table of Contents Introduction 1 Who Should Read This Book 1 Why We Created This Book's Second Edition 1 Overview of the Book's Contents 2 Conventions 3 I The Essentials of Network Perimeter Security 1 Perimeter Security Fundamentals 7 Terms of the Trade 8 The Perimeter 8 Border Routers 8 Firewalls 8 Intrusion Detection Systems 9 Intrusion Prevention Systems 9 Virtual Private Networks 9 Software Architecture 10 De-Militarized Zones and Screened Subnets 10 Defense in Depth 11 Components of Defense in Depth 12 Case Study: Defense in Depth in Action 21 Summary 22 2 Packet Filtering 23 TCP/IP Primer: How Packet Filtering Works 23 TCP and UDP Ports 24 TCPsThree-way Handshake 25 The Cisco Router as a Packet Filter 26 An Alternative Packet Filter: IPChains 26 The Cisco ACL 27 Rule Order 28 Cisco IOS Basics 28

Contents Effective Uses of Packet-Filtering Devices 29 Filtering Based on Source Address: The Cisco Standard ACL 29 Egress Filtering 36 TrackingRejectedTraffic 37 Filtering by Port and Destination Address: The Cisco Extended ACL 37 The Cisco Extended ACL 37 Problems with Packet Filters 40 Spoofing and Source Routing 41 Fragments 41 Opening a "Hole" in a Static Packet Filter 42 Two-way Traffic and the established Keyword 43 Protocol Problems: Extended Access Lists and FTP 45 Dynamic Packet Filtering and the Reflexive Access List 47 FTP Problems Revisited with the Reflexive Access List 49 Reflexive ACLs with UDP and ICMP Traffic: Clearing Up DNS Issues 50 Trouble in Paradise: Problems with Reflexive Access Lists 50 Cisco IPv6 Access Lists 52 Summary 53 References 53 3 Stateful Firewalls 55 How a Stateful Firewall Works 55 The Concept of State 56 Transport and Network Protocols and State 57 Application-Level Traffic and State 62 Stateful Filtering and Stateful Inspection 69 Stateful Firewall Product Examples 70 Summary 86 References 86

Proxy Firewalls 87 Fundamentals of Proxying 88 Pros and Cons of Proxy Firewalls 92 Advantages of Proxy Firewalls 92 Disadvantages of Proxy Firewalls 94 Types of Proxies 95 Web Proxies 95 Reverse Proxies 97 Anonymizing Proxies 98 Tools for Proxying 100 Firewall Toolkit (FWTK) 100 SOCKS 101 Squid 102 Summary 103 Security Policy 105 Firewalls Are Policy 105 Active Policy Enforcement 106 Unenforceable Policy 107 How to Develop Policy 113 Identify Risks 113 CommunicateYour Findings 114 Create or Update the Security Policy as Needed 114 Determine Policy Compliance 115 Sound Out the Organization's Rules and Culture 115 Elements of Policy 117 Hallmarks of Good Policy 118 Perimeter Considerations 119 Real-world Operations and Policy 119 Rules of the Road 122 Summary 122 References 122

x Contents II Fortifying the Security Perimeter 6 The Role of a Router 125 The Router as a Perimeter Device 125 Routing 126 Secure Dynamic Routing 128 The Router as a Security Device 130 The Router as a Part of Defense in Depth 130 The Router as a Lone Perimeter Security Solution 135 Router Hardening 140 Operating System 140 Locking Down Administration Points 140 SSH 142 The Console Port 144 TFTP and FTP 144 Configuration Management Tricks withtftp and Scripts 145 Simple Network Management Protocol 145 Disable Unneeded Services 149 Configure NTP and NTP Authentication 151 Cisco TCP Keepalives Services 152 Unicast Reverse Path Forwarding 153 Internet Control Message Protocol Blocking 153 Spoofing and Source Routing 155 Router Logging 155 Automatic Securing and Auditing of Cisco Routers 157 Summary 158 7 Virtual Private Networks 161 VPN Basics 161 Basic VPN Methodology 162 Advantages and Disadvantages ofvpns 165 BenefitsofaVPN 166 Disadvantages ofvpn 168

IPSec Basics 170 IPSec Protocol Suite 171 IKE 173 IPSec Security Protocols AH and ESP 177 IPSec Configuration Examples 183 OtherVPN Protocols: PPTP and L2TP 193 PPTP 193 L2TP 194 Comparison of PPTP, L2TP, and IPSec 195 PPTP and L2TP Examples 195 Summary 198 References 199 Network Intrusion Detection 201 Network Intrusion Detection Basics 201 The Need for Intrusion Detection 202 Anomaly Detection 203 Signature Detection 204 False Positives and False Negatives 205 Alerting, Logging, and Reporting 207 Intrusion Detection Software 208 Intrusion-Related Services 209 The Roles of Network IDS in a Perimeter Defense 210 Identifying Weaknesses 210 Detecting Attacks from Your Own Hosts 211 Incident Handling and Forensics 211 Complementing Other Defense Components 212 IDS Sensor Placement 213 Deploying Multiple Network Sensors 213 Placing Sensors Near Filtering Devices 213 Placing IDS Sensors on the Internal Network 214 Working with Encryption 215 Processing in High-traffic Situations 215 Configuring Switches 215

Using an IDS Management Network 216 Maintaining Sensor Security 216 Case Studies 217 Case Study 1: Simple Network Infrastructure 217 Case Study 2: Multiple External Access Points 218 Case Study 3: Unrestricted Environment 220 Summary 222 Host Hardening 223 The Need for Host Hardening 223 Removing or Disablmg of Unnecessary Programs 225 Controlling Network Services 225 Removing Extraneous Software Components 230 Limiting Access to Data and Configuration Files 232 Controlling User and Privileges 233 Managing Unattended Accounts 233 Protecting Administrative Accounts 234 Enforcing Strong Passwords 235 Controlling Group Membership 237 Maintaining Host Security Logs 238 Windows Logging and Auditing 238 UNIX Logging and Auditing 238 Applying Patches 240 Additional Hardening Guidelines 241 Automating Host-Hardening Steps 241 Common Security Vulnerabilities 242 Hardening Checklists 242 Summary 243 10 Host Defense Components 245 Hosts and the Perimeter 245 Workstation Considerations 246 Server Considerations 248

Contents xiii Antivirus Software 249 Strengths of Antivirus Software 249 Limitations of Antivirus Software 250 Host-Based Firewalls 252 Firewalls for Workstations 253 Firewalls for Servers 256 Host-Based Intrusion Detection 261 The Role of Host-Based IDS 261 Host-Based IDS Categories 262 Challenges of Host Defense Components 268 Defense Components on Compromised Hosts 269 Controlling Distributed Host Defense Components 269 Summary 271 References 271 11 Intrusion Prevention Systems 273 Rapid Changes in the Marketplace 273 What Is IPS? 274 An IPS Must Be Fast 276 An IPS Must Keep State 276 An IPS Must Be Accurate and Up to Date 276 An IPS Must Have the Ability to Nullify an Attack 277 IPS Limitations 277 NIPS 279 An Excuse to Ignore Sound Practice 278 An IPS Simply Buys You Time 278 How Chokepoint NIPSWork 280 Switch-Type NIPS 285 Switch NIPS Deployment Recommendations 291 Host-Based Intrusion Prevention Systems 293 Real-world Defense Scenarios 293 Dynamic Rule Creation for Custom Applications 294

xiv Contents Monitoring File Integrity 294 Monitoring Application Behavior 295 HIPS Advantages 295 HIPS Challenges 296 More HIPS Challenges 296 HIPS Recommendations 297 Summary 298 III Designing a Secure Network Perimeter 12 Fundamentals of Secure Perimeter Design 301 Gathering Design Requirements 302 DeterminingWhich Resources to Protect 302 DeterminingWho the Potential Attackers Are 306 DefiningYour Business Requirements 309 Design Elements for Perimeter Security 315 Firewall and Router 315 Firewall andvpn 318 Multiple Firewalls 320 Summary 323 References 323 13 Separating Resources 325 Security Zones 325 A Single Subnet 326 Multiple Subnets 329 Common Design Elements 334 Mail Relay 334 Split DNS 338 Client Separation 343 VLAN-Based Separation 346 VLAN Boundaries 346 JumpingAcrossVLANs 347 Firewalls andvlans 348 Private VLANs 349

Contents Summary 350 References 351 14 Wireless Network Security 353 802.11 Fundamentals 353 Securing Wireless Networks 354 Network Design 355 Wireless Encryption 359 Hardening Access Points 363 Defense in Depth for Wireless Networks 366 Auditing Wireless Security 367 Auditing the Wireless Network Design 367 Auditing Encryption 368 Case Study: Effective Wireless Architecture 369 Summary 373 References 373 15 Software Architecture 375 Software Architecture and Network Defense 375 The Importance of Software Architecture 376 The Need to Evaluate Application Security 377 How Software Architecture Affects Network Defense 377 Firewall and Packet-Filtering Changes 378 Web Services and Interapplication Communications 378 Conflicts with Network Configuration 380 Encrypting Connections 381 Performance and Reliability 382 Atypical Operating System 382 Software Component Placement 382 Single-System Applications 383 Multitier Applications 383 Administrator Access to Systems 383 Applications for Internal Users Only 384

xvi Contents Identifying Potential Software Architecture Issues 385 Software Evaluation Checklist 385 Sources of Application Information 386 How to Handle an Unsecurable Application 387 Software Testing 387 Host Security 387 Network Configuration and Security 388 Network Defense Design Recommendations 389 Case Study: Customer Feedback System 389 Deployment Locations 390 Architecture Recommendation 391 Case Study: Web-Based Online Billing Application 391 Deployment Locations 393 Architecture Recommendation 394 Summary 394 References 394 16 VPN Integration 395 Secure Shell 395 Standard SSH Connections 396 SSH Tunnels 398 Secure Sockets Layer 400 SSL Standard Connections 400 SSL Tunnels 403 SSL Proxy Servers 405 Remote Desktop Solutions 405 IPSec 409 Single Session 406 Multiple Session 408 IPSec Client Integration 410 IPSec Server Integration 411 IPSec Perimeter Defense Adjustments 412 IPSec Architectures 413

OtherVPN Considerations 413 ProprietaryVPN Implementations 413 Compromised or MaliciousVPN Clients 414 VPN Design Case Study 414 Gase Study: Home Users and Multiple Applications 414 Summary 418 References 418 Tuning the Design for Performance 419 Performance and Security 419 Defining Performance 419 Understanding the Importance of Performance in Security 421 Network Security Design Elements That Impact Performance 422 The Performance Impacts of Network Filters 422 Network Architecture 425 Case Studies to luustrate the Performance Impact of Network Security Design Elements 430 Impact of Encryption 432 Cryptographic Services 433 Understanding Encryption at the Network and Transport Layers 433 Using Hardware Accelerators to Improve Performance 436 Case Studies to luustrate the Performance Impact of Encryption 437 Using Load Balancing to Improve Performance 439 Problems with Load Balancing 440 Layer 4 Dispatchers 440 Layer 7 Dispatchers 441 Mitigating the Effects of DoS Attacks 441 ICMP Flooding 442 SYN Flooding 444 Summary 445 References 445

18 Sample Designs 447 Review of Security Design Criteria 447 Case Studies 449 Case Study 1: Telecommuter Who Is Using a Broadband Connection 450 Case Study 2: A Small Business That Has a Basic Internet Presence 452 Case Study 3: A Small E-Commerce Site 456 Case Study 4: A Complex E-Commerce Site 462 Summary 468 IV Maintaining and Monitoring Perimeter Security 19 Maintaining a Security Perimeter 471 System and Network Monitoring 471 Big Brother Fundamentals 472 Establishing Monitoring Procedures 475 Security Considerations for Remote Monitoring 483 Incident Response 486 Notification Options 486 General Response Guidelines 487 Responding to Malicious Incidents 488 Automating Event Responses 489 Accommodating Change 490 Fundamentals of Change Management 490 Implementing Change-Management Controls 492 Summary 495 References 496 20 Network Log Analysis 497 The Importance of Network Log Files 497 Characteristics of Log Files 498 Purposes of Log Files 500

Contents xix Log Analysis Basics 502 Getting Started with Log Analysis 502 Automating Log Analysis 504 Timestamps 507 Analyzing Router Logs 508 Cisco Router Logs 508 Other Router Logs 509 Analyzing Network Firewall Logs 509 Cisco PIX Logs 509 Check Point FireWall-1 Logs 510 IPTables Logs 511 Analyzing Host-Based Firewall and IDS Logs 512 ZoneAlarm 512 Norton Personal Firewall 513 Summary 515 21 Troubleshooting Defense Components 517 The Process of Troubleshooting 517 Collecting Symptoms 518 Reviewing Recent Changes 518 Forming a Hypothesis 519 Testing the Hypothesis 519 Analyzing the Results 519 Repeating If Necessary 519 Troubleshooting Rules of Thumb 520 Make Only One Change at a Time 520 Keep an Open Mind 520 Get a Second Opinion 520 Stay Focused on Fixing the Problem 521 Don't Implement a FixThat Further CompromisesYour Security 521 The Obvious Problems Are Often Overlooked 521 Document, Document, Document! 521 The Troubleshooter's Toolbox 522 Application Layer Troubleshooting 523 Other Useful Utilities 525

Contents Transport Layer Troubleshooting 527 Network Layer Troubleshooting 540 Link Layer Troubleshooting 545 Summary 548 References 549 22 Assessment Techniques 551 Roadmap for Assessing the Security ofyour Network 551 Planning 553 Reconnaissance 555 Network Service Discovery 560 System Enumeration 560 Service Discovery 563 Vulnerability Discovery 566 Nessus 567 ISS Internet Scanner 568 Retina 569 LANguard 570 Vulnerability Research 572 Verification of Perimeter Components 573 Preparing for the Firewall Validation 573 Verifying Access Controls 575 Remote Access 577 Wardialing 577 Wardriving 579 VPNs and Reverse Proxies 582 Exploitation 585 Results Analysis and Documentation 586 Summary 587 23 Design Under Fire 589 The Hacker Approach to Attacking Networks 589 Adversarial Review 590 GIAC GCFW Student Practical Designs 592 Practical Design 1 593 Practical Design 2 606 Summary 616 References 617

24 A Unified Security Perimeter: The Importance of Defense in Depth 619 Castles: An Example of Defense-in-Depth Architecture 620 Hard Walls and Härder Cannonballs 621 Secret Passages 621 Hiding in the Mist 626 Defense on the Inside 628 Absorbent Perimeters 632 Honeypots 632 Rate Limiting 633 Failover 635 Defense in Depth with Information 635 The Problem of Diffusion 636 Cryptography and Defense in Depth 637 Summary 638 V A Appendixes Cisco Access List Sample Configurations 641 Complete Access List for a Private-Only Network 641 Complete Access List for a Screened Subnet Network That Allows Public Server Internet Access 645 Example of a Router Configuration as Generated by the Cisco Auto Secure Feature 650 B Crypto 101 657 Encryption Algorithms 657 Shared Key: Symmetrie 658 Public-Private Key: Asymmetrie 659 Digital Signatures and Hash Algorithms 660 References 661 Index 663

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback