Transcript Document

Network Security
and Firewalls
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 1:
What Is Security
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
•
•
•
•
•
Define security
Explain the need for network security
Identify resources that need security
Identify the two general security threat types
List security standards and organizations
What Is Security?
•
•
•
•
LANs
WANs
VPNs
Network perimeters
Hacker
Statistics
• One of every five Internet sites has
experienced a security breach
• Losses due to security breaches are estimated
at $10 billion each year
• Intrusions have increased an estimated 50
percent in the past year
What Is
the Risk?
• Categorizing attacks
• Countering attacks systematically
The Myth of
100-Percent Security
• Security as balance
• Security policies
Attributes of an
Effective Security Matrix
•
•
•
•
•
Allows access control
Easy to use
Appropriate cost of ownership
Flexible and scalable
Superior alarming and reporting
What You Are
Trying to Protect
•
•
•
•
End user resources
Network resources
Server resources
Information storage resources
Who Is
the Threat?
• Casual attackers
• Determined attackers
• Spies
Security
Standards
• Security services
– Authentication
– Access control
– Data confidentiality
– Data integrity
– Nonrepudiation
• Security mechanisms
– The Orange Book
Summary





Define security
Explain the need for network security
Identify resources that need security
Identify the two general security threat types
List security standards and organizations
Lesson 2:
Elements of Security
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Formulate the basics of an effective security
policy
• Identify the key user authentication methods
• Explain the need for access control methods
• Describe the function of an access control
list
Objectives
(cont’d)
• List the three main encryption methods used
in internetworking
• Explain the need for auditing
Elements
of Security
Audit Administration
Encryption Access Control
User Authentication
Corporate Security Policy
The
Security Policy
•
•
•
•
•
•
•
Classify systems
Prioritize resources
Assign risk factors
Define acceptable and unacceptable activities
Define measures to apply to resources
Define education standards
Assign policy administration
Encryption
• Encryption categories
– Symmetric
– Asymmetric
– Hash
• Encryption strength
Authentication
• Authentication methods
– Proving what you know
– Showing what you have
– Demonstrating who you are
– Identifying where you are
Specific
Authentication Techniques
• Kerberos
• One-time passwords
Access
Control
• Access Control List
– Objects
• Execution Control List
– Sandboxing
Auditing
• Passive auditing
• Active auditing
Security Tradeoffs
and Drawbacks
• Increased complexity
• Slower system response time
Summary
 Formulate the basics of an effective security
policy
 Identify the key user authentication methods
 Explain the need for access control methods
 Describe the function of an access control
list
Summary
(cont’d)
 List the three main encryption methods used
in internetworking
 Explain the need for auditing
Lesson 3:
Applied Encryption
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Create a trust relationship using public-key
cryptography
• List specific forms of symmetric,
asymmetric, and hash encryption
• Deploy PGP in Windows 2000 and Linux
Creating Trust
Relationships
• Manually
• Automatically
Rounds, Parallelization
and Strong Encryption
• Round
– Discrete part of the encryption process
• Parallelization
– Use of multiple processes, processors or
machines to work on cracking one
encryption algorithm
• Strong encryption
– Use of any key longer than 128 bits
Symmetric-Key
Encryption
• One key is used to encrypt and decrypt
messages
Symmetric
Algorithms
• Data encryption
standard
• Triple DES
• Symmetric
algorithms created
by RSA Security
Corporation
• International Data
Encryption
Algorithm
•
•
•
•
•
•
•
Blowfish
Twofish
Skipjack
MARS
Rijndael
Serpent
Advanced
Encryption
Standard
Asymmetric
Encryption
• Asymmetric-key encryption elements
– RSA
– DSA
– Diffie-Hellman
Hash
Encryption
• Signing
• Hash algorithms
– MD2, MD4, and MD5
– Secure hash algorithm
Applied
Encryption Processes
•
•
•
•
•
E-mail
PGP and GPG
S-MIME
Encrypting drives
Web server encryption
Summary
 Create a trust relationship using public-key
cryptography
 List specific forms of symmetric,
asymmetric, and hash encryption
 Deploy PGP in Windows 2000 and Linux
Lesson 4:
Types of Attacks
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Describe specific types of security attacks
• Recognize specific attack incidents
Brute-Force and
Dictionary Attacks
• Brute-force attack
– Repeated access attempts
• Dictionary attack
– Customized version of brute-force attack
System Bugs
and Back Doors
• Buffer overflow
• Trojans and root kits
Social Engineering
and Nondirect Attacks
•
•
•
•
•
•
•
Call and ask for the password
Fraudulent e-mail
DOS and DDOS attacks
Spoofing
Trojans
Information leakage
Hijacking and man-in-the-middle attacks
Summary
 Describe specific types of security attacks
 Recognize specific attack incidents
Lesson 5:
General
Security Principles
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Describe the universal guidelines and
principles for effective network security
• Use universal guidelines to create effective
specific solutions
Common
Security Principles
• Be paranoid
• Have a security
policy
• No system stands
alone
• Minimize damage
• Deploy companywide enforcement
• Provide training
• Integrate security
strategies
• Place equipment
according to needs
• Identify security
business issues
• Consider physical
security
Summary
 Describe the universal guidelines and
principles for effective network security
 Use universal guidelines to create effective
specific solutions
Lesson 6:
Protocol Layers
and Security
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• List the protocols that pass through a
firewall
• Identify potential threats at different layers
of the TCP/IP stack
TCP/IP and
Network Security
• The Internet and TCP/IP were not designed
around strong security principles
The TCP/IP Suite and
the OSI Reference Model
•
•
•
•
•
•
•
Physical layer
Network layer
Transport layer
Application layer
Presentation layer
Session layer
Data link layer
TCP/IP
Packet Construction
Application Message: e-mail, FTP, Telnet
TCP Segment
Header
Body
IP Datagram
Header
Body
Ethernet Frames
Header
Body
Trailer
Summary
 List the protocols that pass through a
firewall
 Identify potential threats at different layers
of the TCP/IP stack
Lesson 7:
Securing Resources
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Consistently apply security principles
• Secure TCP/IP services
• Describe the importance of testing and
evaluating systems and services
• Discuss network security management
applications
Implementing Security
•
•
•
•
•
Categorize resources and needs
Define a security policy
Secure each resource and service
Log, test, and evaluate
Repeat the process and keep current
Resources
and Services
• Protecting services
– Protect against profiling
– Coordinate methods and techniques
– Protect services by changing default
settings
– Remove unnecessary services
Protecting
TCP/IP Services
• The Web Server
– CGI scripts
– CGI and programming
• Securing IIS
• Additional HTTP servers
• FTP servers
– Access control
Simple Mail
Transfer Protocol
•
•
•
•
The Internet Worm
The Melissa virus
E-mail and virus scanning
Access control measures
Testing and
Evaluating
• Testing existing systems
Security
Testing Software
• Specific tools
– Network scanners
– Operating system add-ons
– Logging and log analysis tools
Security
and Repetition
• Understanding the latest exploits
Summary
 Consistently apply security principles
 Secure TCP/IP services
 Describe the importance of testing and
evaluating systems and services
 Discuss network security management
applications
Lesson 8:
Firewalls and
Virtual Private Networks
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Describe the role a firewall plays in a
company’s security policy
• Define common firewall terms
• Describe packet-filtering rules
• Describe circuit-level gateways
• Configure an application-level gateway
• Explain PKI
• Discuss public keys and VPNs
The Role
of a Firewall
•
•
•
•
Implement a company’s security policy
Create a choke point
Log Internet activity
Limit network host exposure
Firewall
Terminology
•
•
•
•
•
•
•
Packet filter
Proxy server
NAT
Bastion host
Operating system hardening
Screening and choke routers
DMZ
Creating
Packet Filter Rules
• Process
– Packet filters work at the network layer of
the OSI/RM
• Rules and fields
Packet Filter Advantages
and Disadvantages
•
•
•
•
Drawbacks
Stateful multi-layer inspection
Popular packet-filtering products
Using the ipchains and iptables
commands in Linux
Configuring
Proxy Servers
• Recommending a proxy-oriented firewall
• Advantages and disadvantages
– Authentication
– Logging and alarming
– Caching
– Reverse proxies and proxy arrays
– Client configuration
– Speed
Remote Access and
Virtual Private Networks
•
•
•
•
•
•
Virtual network perimeter
Tunneling protocols
IPsec
ESP
PPTP
L2TP
Public Key
Infrastructure (PKI)
• Standards
– Based on X.509 standard
• Terminology
• Certificates
Summary
 Describe the role a firewall plays in a
company’s security policy
 Define common firewall terms
 Describe packet-filtering rules
 Describe circuit-level gateways
 Configure an application-level gateway
 Explain PKI
 Discuss public keys and VPNs
Lesson 9:
Levels of
Firewall Protection
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Plan a firewall system that incorporates
several levels of protection
• Describe the four types of firewall systems
design and their degrees of security
• Implement a packet-filtering firewall
Firewall
Strategies and Goals
•
•
•
•
•
Resource placement
Physical access points
Site administration
Monitoring tools
Hardware
Building
a Firewall
• Design principles
– Keep design simple
– Make contingency plans
Types of
Bastion Hosts
• Single-homed bastion host
• Dual-homed bastion host
• Single-purpose bastion hosts
– Internal bastion hosts
Hardware Issues
• Operating system
• Services
• Daemons
Common
Firewall Designs
•
•
•
•
Screening routers
Screened host firewall (single-homed bastion)
Screened host firewall (dual-homed bastion)
Screened subnet firewall (demilitarized zone)
Summary
 Plan a firewall system that incorporates
several levels of protection
 Describe the four types of firewall systems
design and their degrees of security
 Implement a packet-filtering firewall
Lesson 10:
Detecting and
Distracting Hackers
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Customize your network to manage hacker
activity
• Implement proactive detection
• Distract hackers and contain their activity
• Set traps
• Deploy Tripwire for Linux
Proactive
Detection
•
•
•
•
Automated security scans
Login scripts
Automated audit analysis
Checksum analysis
Distracting
the Hacker
•
•
•
•
•
Dummy accounts
Dummy files
Dummy password files
Tripwires and automated checksums
Jails
Punishing
the Hacker
• Methods
• Tools
Summary
 Customize your network to manage hacker
activity
 Implement proactive detection
 Distract hackers and contain their activity
 Set traps
 Deploy Tripwire for Linux
Lesson 11:
Incident
Response
Copyright © 2002 ProsoftTraining. All rights reserved.
Objectives
• Respond appropriately to a security breach
• Identify some of the security organizations
that can help you in case your system is
attacked
• Subscribe to respected security alerting
organizations
Decide
Ahead of Time
• Itemize a detailed list of procedures
• Include the list in a written policy
• Be sure all employees have a copy
Incident
Response
•
•
•
•
•
•
Do not panic
Document everything
Assess the situation
Stop or contain the activity
Execute the response plan
Analyze and learn
Summary
 Respond appropriately to a security breach
 Identify some of the security organizations
that can help you in case your system is
attacked
 Subscribe to respected security alerting
organizations
Network
Security and Firewalls






What Is Security?
Elements of Security
Applied Encryption
Types of Attacks
General Security Principles
Protocol Layers and Security
Network
Security and Firewalls





Securing Resources
Firewalls and Virtual Private Networks
Levels of Firewall Protection
Detecting and Distracting Hackers
Incident Response