Transcript Document

Agenda
• Review route summarization
• Cisco acquire Sourcefire
• Review Final Exam
Route Summarization
When you summarize routes in RIP, IGRP,
EIGRP, or OSPF, you're replacing a series of
routes with a summary route and mask. With
RIP, IGRP, and EIGRP, this actually lessens the
size of the routing update packet itself – multiple
routes are replaced with the summary route. For
instance, the routes 8.0.0.0/8, 9.0.0.0/8,
10.0.0.0/8, and 11.0.0.0/8 can be summarized as
8.0.0.0 252.0.0.0. Only the summary address will
be found in the update packet, making it concise
yet complete.
Route Summarization
Summarizing routes can also make the routing
table smaller, yet still allow for complete IP
connectivity when done correctly. Using the
above example, the four more-specific routes
will be replaced by a single summary route.
Since the entire routing table is parsed before the
routing process is complete, keeping the routing
table as small as possible does help speed the
routing process as a whole.
Route Summarization
Route summarization is all about making the
routing table smaller. The larger the routing table
the inefficient the router becomes i.e when the
packet comes/goes out of the router the router
has to check against all the routing table entries
and find the best routes. route summarization
shrinks the routing table.
Route Summarization
Route Summarization
Route Summarization
Sourcefire
Sourcefire, Inc develops network security
hardware and software. The company's
FirePOWER network security appliances are
based on Snort, an open-source intrusion
detection system (IDS).
Sourcefire delivers effective, highly automated
security through continuous awareness, detection
and protection across its industry-leading
portfolio, including next-generation intrusion
prevention systems, next-generation firewall, and
advanced malware protection.
Snort
Snort is an open source network intrusion
prevention and detection system utilizing a ruledriven language, which combines signature,
protocol and anomaly based inspection methods.
Developed in tandem with the Snort open source
community, its developers claim it is the most
widely deployed intrusion detection and
prevention technology worldwide.
Network Hardening
Consider the range of difficulty for penetrating a
attack surface on a building. Envision, starting
with the easiest entry points to the most difficult
entry points. Certainly unlocked doors and
windows are much easier to enter than digging a
tunnel underneath the building, however, we
shouldn’t exclude the possibility of entering
through the ventilation shaft. We take this
analogy then and apply it to a single Linux
system (the same analysis may be performed for
groups of systems).
Network Hardening
In order to determine the possible attack vectors
for any system installation, we must have a full
understanding for the server’s role. The primary
attack vector for network-based applications is
the network. Similarly, the primary attack vector
for systems where the application is primarily
non-network-based is usually through the file
system or via inter-process communication of
some form.
Network Hardening
The most common tool used for hardening the network
layer is a firewall with a policy of default-deny for both
inbound and outbound access. A common mistake in
firewall configuration on the host is to filter only
inbound traffic. A well configured firewall will have
default-deny of inbound and outbound traffic with strict
exceptions made which exactly fit the application.
Earlier we discussed that an attacker must download
their toolkit so they can proceed effectively at
compromising the system, thus, when properly
configured, outbound filtering will block most attempts
at toolkit retrieval.
Network Hardening
Network security hardening for a specific
application extends into the process space, such
that we can allow or deny access down to a peruser granularity. For example, one user may need
FTP access, while another user requires email
access and we can restrict each user to only the
access that they require for proper functionality
(formally, this is known as separation of duty.)
Network Hardening
Secure network devices are foundational to the
security of mission-critical networks and
business data. Vulnerable devices potentially
open the door to attacks that can compromise a
network’s security defenses
Network Hardening