Security+ Guide to Network Security Fundamentals, Third
Download
Report
Transcript Security+ Guide to Network Security Fundamentals, Third
Security+ Guide to Network
Security Fundamentals,
Third Edition
Chapter 5
Network Defenses
Objectives
Explain how to enhance security through
network design
Define network address translation and
network access control
List the different types of network security
devices and explain how they can be used
Security+ Guide to Network Security Fundamentals, Third Edition
2
Crafting a Secure Network
A common mistake in network security
Attempt to _____________________________
that was poorly conceived and implemented
__________________________
Securing a network begins with the
___________ of the network and includes
_____________________ technologies
Security+ Guide to Network Security Fundamentals, Third Edition
3
Security through Network Design
Network Design elements include:
__________________
___________________
Planning for __________________
Creating ______________________
More to come on each of these…
Subnetting- Review of CSN120
What does the IP address identify and what
comprises an IP address?
Subnetting or subnet addressing
Allows an IP address to be subdivided
Networks can essentially be divided into three
parts: ______________________________
Security+ Guide to Network Security Fundamentals, Third Edition
5
Subnetting-(continued)
Security is ______________________ a
single network into multiple ______________
Makes it ________________ who has access
in and out of a particular subnetwork
isolates groups of hosts
Properly subnetted networks include addresses
which are ________________________________
Subnets also allow network administrators to
__________________________________
Security+ Guide to Network Security Fundamentals, Third Edition
6
Virtual LAN (VLAN)
Networks are generally segmented by using
______________________
A __________ allows scattered users to be
________________ together even though
they may be attached to different switches
Can _______________________ and provide
a degree of __________ similar to subnetting:
VLANs can be isolated so that sensitive data is
transmitted only to _______________________
Security+ Guide to Network Security Fundamentals, Third Edition
7
On 3 different
floors connected to
3 different switches
but only to 1 VLAN
More powerful
switch which
carries traffic
between switches
Connected directly to the
devices on the network
Security+ Guide to Network Security Fundamentals, Third Edition
8
Virtual LAN (continued)
VLAN communication can take place in _____ ways:
All devices are connected to the _______________
Devices are connected to different switches
Traffic is handled by the switch itself
A special “tagging” ___________ must be used, such as the
IEEE __________________________
A VLAN is heavily dependent upon the switch for
_________________________________
________________________ (and also possibly VLANs)
that attempt to exploit vulnerabilities such as weak
passwords or default accounts are __________________
Security+ Guide to Network Security Fundamentals, Third Edition
9
Convergence
___________________________ of communication
and technology over a ______________________
Example: voice, video and data traffic combined over a
single IP network such as Voice over IP (VoIP)
Advantages of convergence:
__________________________
Management of a __________________ for all applications
Applications ____________________ and at a lower cost
Infrastructure requirements _________________
Reduced __________________________ the Internet is
basically unregulated
Increased ______________________
___________________________ since only one network
must be managed and defended
Security+ Guide to Network Security Fundamentals, Third Edition
10
Convergence (continued)
Vulnerabilities still exist
Defenses include ________________________ , installing
__________ and _______________________ VoIP applications
Security+ Guide to Network Security Fundamentals, Third Edition
11
Demilitarized Zone (___________)
A __________________ that sits _________
the secure network perimeter
__________________ can access the DMZ
but cannot enter the secure network
Devices within the DMZ are often most
___________________________
These devices- ex: Web and e-mail servers- must
be isolated in there own network and separate
from the internal network
Security+ Guide to Network Security Fundamentals, Third Edition
12
DMZ (continued)
First design approach
consists of one firewall…
Single point of failure and
responsible for all traffic flow
Security+ Guide to Network Security Fundamentals, Third Edition
13
Security through Network Design
(continued)
Second design approach
consists of two firewalls…
More secure- two separate firewalls would have
to be breached to reach the internal network
Security+ Guide to Network Security Fundamentals, Third Edition
14
Security through Network Technologies
Two technologies that help secure a network
are:
1. Network Address Translation (_____)
2. Network Access Control (________)
More to come on each of these…
Network Address Translation (_____)
____________________________ of network
devices from attackers
Uses _______________________
What are Private Addresses?
NAT ___________________________ from the
sender’s packet
And replaces it with an _____________________
NAT software maintains a table with address mappings
When a packet is returned, the process is ________
An attacker who captures the packet on the Internet
cannot determine the actual IP address of the sender
Security+ Guide to Network Security Fundamentals, Third Edition
16
NAT (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
17
Security through Network
Technologies (continued)
Port address translation (__________)
A variation of NAT
Each packet is ___________________________ but a
__________________________________
Network Access Control (__________)
Examines the ____________________________________
_________________ it is _________________ to the network
Any device that does not meet a specified set of criteria is only
allowed to connect to a ____________________ where the
security deficiencies are corrected
Once issues are resolved, the device is connected to the
network
Security+ Guide to Network Security Fundamentals, Third Edition
18
NAC (continued)
___________ of NAC
____________________________ with sub-optimal
security from potentially ______________________
through the network
Methods for directing the client to a quarantined
VLAN
1. Using a _____________________________
Client first leased an IP address from the quarantined VLAN
pool, then later reassigned an IP from the “secure” pool
2. Using ______________________________
Client’s ARP pool is modified so that that client connects to
the quarantined VLAN
Security+ Guide to Network Security Fundamentals, Third Edition
19
Different Approaches to NAC
Security+ Guide to Network Security Fundamentals, Third Edition
20
Applying Network Security Devices
Devices which help protect the network from
attack include:
Firewalls
Proxy servers
Honeypots
Network intrusion detection systems
Host and network intrusion prevention systems
Protocol analyzers
Internet content filters
Integrated network security hardware
Security+ Guide to Network Security Fundamentals, Third Edition
21
Firewall
Used to _______________ ______________
at the perimeter of the network
Packets that ________________ are allowed to pass through
Sometimes called a
_____________________
Designed to __________________________
from entering the network
A firewall can be _______________-based or
____________________-based
__________ firewalls usually are located
_________ the network security
Security+ Guide to Network Security Fundamentals
22
_____________
Firewall (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
23
Firewall (continued)
The basis of a firewall is a _____________
____________ packet filtering- see next slide
Establishes ___________ the firewall should take when it
receives a packet (_____, _________, and _________)
Looks at the incoming packet and permits or denies it
__________________________________
Provides some degree of protection but not as secure as…
____________ packet filtering- see two slides down
Keeps a ________________________ between an internal
computer and an external server
Then ________________________________ as well as
the ______________________
Security+ Guide to Network Security Fundamentals, Third Edition
24
Firewall (continued)
Allows traffic in
from any web server
• this table is from the perspective of traffic coming into the network
• if an attacker can discover a valid internal IP address, they can
send any traffic through port 80 mimicking an HTML packet
Security+ Guide to Network Security Fundamentals, Third Edition
25
Firewall (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
26
Firewall (continued)
_______________________ have gradually
improved their functionality
Runs as a _______ on a personal computer
Most personal software firewalls today also
___________________ as well as _______ traffic
Protects users by preventing malware from connecting
to other computers and spreading
Disadvantage
Only as strong as the OS of the computer
OS weakness can be exploited
Security+ Guide to Network Security Fundamentals, Third Edition
27
Proxy Server
A computer system (or an application program) that
_________________________ and then
_______________________ on behalf of the user
Goal is to ____________________________
systems inside the secure network
Can also make __________________________ as
the proxy server will __________ recently requested
Reverse proxy
Does not serve clients but instead __________________
____________________________________
Reverse proxy forwards requests to server
Security+ Guide to Network Security Fundamentals, Third Edition
28
Proxy Server (continued)
IP address of proxy server
Security+ Guide to Network Security Fundamentals, Third Edition
29
Honeypot
Intended to ________________________
A computer typically located in a _______ that is
loaded with software and data files that __________
________________________________
Actually imitations of real data files
___________ configured with ________________
_________ primary purposes of a honeypot:
____________________ away from legitimate servers
____________________ of new attacks
Examine _________________________
Security+ Guide to Network Security Fundamentals, Third Edition
30
Honeypot (continued)
Types of honeypots
____________________ used mainly by
_________________ to capture limited info
___________________ used by _____________,
________________ etc
More complex to deploy and capture extensive info
Information gained from studies using
honeypots can be helpful in __________
_______________ and crafting defenses
Security+ Guide to Network Security Fundamentals, Third Edition
31
Network Intrusion Detection Systems
(_____________)
Watches for __________________ and
____________________________
NIDS work on the principle of _________
_____________ or acceptable behavior
A NIDS looks for ________________ and will
issue an alert
Watches network traffic from a monitoring
port
Security+ Guide to Network Security Fundamentals, Third Edition
32
NIDS (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
33
Functions a NIDS can Perform:
_____________________ to filter out the IP address
of the intruder
Launch a separate ___________________________
________ the packets in a file for _____________
Send an __________________________ file
__________, page, or a cell phone message to the
network administrator stating an attack is taking place
________________ session by forging a TCP FIN
packet to force a connection to terminate
Security+ Guide to Network Security Fundamentals, Third Edition
34
Host and Network Intrusion
Prevention Systems (HIPS/NIPS)
Intrusion prevention system (_________)
Finds malicious traffic and ___________________
Takes a proactive approach to security (instead of reactive)
A typical IPS response may be to block all incoming traffic
on a specific port
Host intrusion prevention systems (______)
Installed on _____________ (server or desktop) that needs
to be protected
Rely on _____________ installed directly on the system
being protected
Work closely with the ____________, monitoring and
intercepting requests in order to prevent attacks
Security+ Guide to Network Security Fundamentals, Third Edition
35
HIPS/NIPS (continued)
Most HIPS monitor the following desktop
functions:
_________ instruction that interrupts the program
being executed and ________________________
________________ is monitored to ensure file
openings are based on _____________ needs
_________________ settings
_____________________ is monitored to watch for
_______________ activity
HIPS are designed to _____________ with
existing antivirus, anti-spyware, and firewalls
Security+ Guide to Network Security Fundamentals, Third Edition
36
HIPS/NIPS (continued)
Network intrusion prevention systems
(___________)
Works to protect the ____________________
___________________ that are connected to it
By monitoring network traffic NIPS can
________________________________
NIPS are special-purpose _______________
that analyze, detect, and react to securityrelated events
Security+ Guide to Network Security Fundamentals, Third Edition
37
Protocol Analyzers
______ ways for detecting a potential intrusion
1. Detecting ______________________
Significant deviation from established baseline raises an
alarm
2. Examine network traffic and look for __________
______________________
Reactive approach which uses a signature file for
comparison
3. Use ___________________ to fully decode
application-layer network protocols
Different parts of the protocol can be analyzed for any
suspicious behavior
Security+ Guide to Network Security Fundamentals, Third Edition
38
Internet Content Filters
Monitor ______________ and __________
to ______________ Web sites and files
A requested Web page is only displayed if it
complies with the specified filters
Unapproved Web sites can be _________
based on the Uniform Resource Locator
(___________) or by matching ___________
Administrator can prevent entire files from being
downloaded
Security+ Guide to Network Security Fundamentals, Third Edition
39
Integrated Network Security Hardware
Most organizations use _______ (as opposed to software)
security appliances to protect the network
_____ types of hardware security appliances:
_________ security appliances provide a ____________
____________________
________________ security appliances that provide
____________________________ ranging from antivirus to
encryption and IM control etc
_______________ network security hardware
Combines or __________________________________
_______________________ such as a switch or router
Security+ Guide to Network Security Fundamentals, Third Edition
40
Summary
Subnetting involves dividing a network into subnets
that are connected through a series of routers
Similar to subnetting, a virtual LAN (VLAN) allows
users who may be scattered across different floors of
a building or campuses to be logically grouped
Convergence is the integration of voice and data
traffic over a single IP network
Network technologies can also help secure a network
Network address translation (NAT)
Network access control (NAC)
Security+ Guide to Network Security Fundamentals, Third Edition
41
Summary (continued)
Different network security devices can be
installed to make a network more secure
Network intrusion detection systems (NIDS)
monitor the network for attacks and if one is
detected will alert personnel or perform limited
protection activities
Internet content filters monitor Internet traffic
and block attempts to visit restricted sites
Security+ Guide to Network Security Fundamentals, Third Edition
42