Infrastructure Security

Download Report

Transcript Infrastructure Security

Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Infrastructure Security
Chapter 10
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Objectives
• Construct networks using different types of network
devices.
• Enhance security using NAC/NAP methodologies.
• Identify the different types of media used to carry
network signals.
• Describe the different types of storage media used to
store information.
• Use basic terminology associated with network
functions related to information security.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Key Terms
•
•
•
•
•
•
•
•
•
•
© 2010
Basic packet filtering
Bridge
Coaxial cable
Collision domain
Firewall
Hub
Modem
Network access control
Network Access Protection (NAP)
Network Admission Control (NAC)
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Key Terms (continued)
•
•
•
•
•
•
•
•
•
•
© 2010
Network Attached Storage
Network interface card (NIC)
Private branch exchange (PBX)
Router
Servers
Shielded twisted-pair (STP)
Switch
Unshielded twisted-pair (UTP)
Wireless access point
Workstation
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Devices
• Devices are needed to connect the clients and servers
and to regulate the traffic between them.
• Devices come in many forms and with many functions,
from hubs and switches, to routers, wireless access
points, and special-purpose devices such as virtual
private network (VPN) devices.
• Each device has a specific network function and plays a
role in maintaining network infrastructure security.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Securing a Workstation
• Keep the operating system (OS) patched and up to
date.
• Remove all shares that are not necessary.
• Rename the administrator account, securing it with a
strong password.
• Install an antivirus program and keep abreast of
updates.
• If no corporate firewall exists between the machine
and the Internet, install a firewall.
•
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Additional Precautions for
Workstations
• Personal firewalls if the machine has an unprotected
interface to the Internet.
• Turning off all services that are not needed.
• Removing methods of connecting additional devices to
a workstation to move data.
• Restricting physical access to the workstation to only
approved personnel.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Servers
• Servers are the computers in a network that host
applications and data for everyone to share.
• The key management issue behind running a secure
server setup is to identify the specific needs of a server
for its proper operation and enable only items
necessary for those functions.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Antivirus Software
• For workstations, this type of software is still a
necessary component, particularly to prevent a PC
from becoming part of a botnet.
• For servers, this type of software is most useful when
users are allowed to place files on the machine.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Virtualization
• Allows multiple operating systems to operate
concurrently on the same hardware.
• Allow for added security, as virtual machines can be
deleted at the end of a session, thus preventing the
spread of any malware to the other operating systems.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Network Interface Card (NIC)
• It is the physical connection between a computer and
the network.
• Each NIC has unique code built in, called a Media
Access Control (MAC) address, that is assigned by the
manufacturer.
– 48 bits long, with 24 bits representing the manufacturer and
24 bits being a serial number, guaranteeing uniqueness.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Hubs
•
•
•
•
Connects devices in a star configuration.
Operates at the physical layer of the OSI model.
Creates a single collision domain.
Insecure—all PCs connected to a hub see all of the
traffic that passes through it.
• Replaced by low-cost switches.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Bridges
• Operate at the data link layer.
• Filter traffic based on MAC addresses.
• Reduces collisions by creating two separate collision
domains.
• Have been replaced by switches.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Switches
• Can operate at either the data link or network layers of
the OSI model.
• Creates separate collision domains for each port.
• A sniffer can only see traffic for the connected port.
• Can be attacked due to vulnerabilities in both SNMP
and Telnet.
• Subject to ARP poisoning and MAC flooding.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Routers
• Operates at the network layer of the OSI model
• Connects different network segments together
• Uses routing protocols to determine optimal paths
across a network
• Forms the backbone of the Internet
• Can also be attacked due to vulnerabilities in both
SNMP and Telnet
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Firewalls
• Can be hardware, software, or a combination.
• Enforce network security policies across network
connections.
• Different security policies will apply across the network,
based on need.
• Security policies are rules that define what traffic is
permissible and what traffic is to be blocked or denied.
– Security policies should follow the principle of least access.
– It is necessary to have a complete understanding of your
network to develop a comprehensive security policy.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Other Firewall Techniques
• Basic packet filtering
– Checks each packet against rules pre-defined on the firewall
– Fairly simple, fast, and efficient
– Doesn’t detect and catch all undesired packets
• Stateful packet filtering
– The firewall maintains the context of a conversation
– More likely to detect and catch undesired packets
– Due to overhead, network efficiency is reduced
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Wireless
• Specific precautions must be taken or you will have no
control over who can see your data.
• It requires a wireless access point (WAP) to provide the
network signal.
• WAPs and NICs must use the same protocol for proper
operation.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Modems
• Now used to describe high-speed Internet hardware.
• Cable modems provide shared arrangements.
– Other people can sniff traffic between the user and the ISP.
• DSL modems provide a direct connection.
– Traffic cannot be sniffed between the user and the ISP.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Cable/DSL Security
• Both cable and DSL provide always-on connections.
• Should be secured with a firewall:
– Can be a hardware firewall as part of a router
– Can be a software router on the PC
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Telecom/PBX
• Computer-based switching equipment that connects a
company’s phones to the local phone system
• Should be protected by a telecommunications firewall
– Enforce long-distance access code
– Restrict service hours
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
VPN
• Provides a secure channel between users even though
their signal is traveling on public networks
• Employs one of two types of encryption
– Data encryption can be sniffed en route, but the contents
cannot be read
– Packet encryption uses tunneling and protects the data and
the identities of the communicating parties
• Often done using IPsec
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Intrusion Detection Systems
• Detects, logs, and responds to unauthorized network or
host use
• Can operate in real-time or after the fact
• Two categories
– Network-based systems
– Host-based systems
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Network Access Control
• Manages the endpoints on a case-by-case basis
• Two methodologies
– Network Access Protection (NAP)
• Developed by Microsoft
• Measures the health of a host when it connects to the network
– Network Admission Control (NAC)
• Developed by Cisco
• Enforces policies chosen by the network administrator
– Both are still in early stages of implementation
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Network Monitoring/Diagnostic
• Simple Network Management Protocol (SNMP)
provides management, monitoring, and fault resolution
on a network.
• SNMP has holes in its implementation that should be
taken into account when using it as part of a network
monitoring solution.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Mobile Devices
• These devices add several challenges for
network administrators.
– Can act as transmission vectors for viruses
– Can be used to remove sensitive material offsite
– Can be used as part of a Bluetooth attack
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Common Concerns in Device
Security
• Default passwords are known to hackers, and
frequently left unchanged
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Media
• Devices connect to the network at the physical layer of
the OSI model via:
–
–
–
–
© 2010
Coaxial cable
Twisted-pair cable
Fiber-optics
Wireless
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Coaxial Cable
• Has high-bandwidth and shielding capabilities
• Less prone to outside interference than other cabling
methods
• Replaced by less-expensive and faster twisted-pair
cabling alternatives
• Vulnerable to “vampire taps”
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
UTP/STP
• The least expensive type of cable to run.
• Unshielded twisted pair is less expensive than shielded
twisted pair.
• Three different categories are currently in use.
• Is easy to splice into and difficult to detect rogue
connections when they have been made.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Fiber
• The most expensive cable option
• Used as the backbone medium of the Internet and
large networks
• Has the longest possible cable runs
• Is the hardest cable to splice
• Not susceptible to EMI
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Unguided Media
• All transmission media not guided by a wire, fiber, or
other constraints
– Infrared
– Radio Frequency/Microwave
• Must assume that unauthorized users have access to
the signal
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Infrared (IR)
• A band of electromagnetic energy just beyond the red
end of the visible color spectrum
• Used to connect to printers, wireless mice, wireless
keyboards, and PDAs
• Slow compared to other wireless technologies
• Cannot penetrate solid objects
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
RF/Microwave
•
•
•
•
•
© 2010
Can carry signals over long distances and rough terrain.
Used in home wireless networks.
Signal is not line-of-sight.
Can be used in point-to-multipoint links.
Helps resolve the “last-mile” problem.
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Security Concerns for
Transmission Media
• Things to avoid:
– Access to a server by an unauthorized individual
– Access to switches and routers by an unauthorized individual
– Access to network connections by an unauthorized individual
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Physical Security Concerns
• Limiting access to physical media to avoid the use of
sniffers
• Properly securing wireless networks
• Use of either authenticated firewalls or VPNs
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Removable Media
• Present a potential loss of control of the data on the
movable media
• Risk introducing unwanted items (i.e., a worm) onto
the network
• Has three categories:
– Magnetic
– Optical
– Electronic
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Magnetic Media
• Includes hard drives, floppy disks, zip disks, and
magnetic tape
• All are sensitive to external magnetic fields
• Affected by high temperatures and exposure to water
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Hard Drives
• Portable hard drives are physically small but have large
capacities.
• They can be used with encryption technology to
protect the data if the drive is lost or stolen
(particularly important for laptops).
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Diskettes
• Were the first attempt at portable media
• Have been rendered obsolete by recordable optical
drives
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Tape
• Primarily used for backups and offline storage
• Should be encrypted, in case of theft or loss
• Inexpensive but slow to work with
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Optical Media
•
•
•
•
© 2010
Use a laser to write/read information from the disk
Have larger storage capacities than diskettes
Have faster read times than tape
Can be read-write or read-only
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
CD-R/DVD
• CD-Rs are relatively inexpensive and easy to use for
high-capacity storage.
• DVDs come in two types: Blu-ray and HD-DVD.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Electronic Media
• High capacity, but small in size.
• Becoming ubiquitous: laptops and PCs have built-in
card readers.
• Can be used to move information between machines.
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Network Attached Storage
• High-capacity devices are accessed via the network
• Susceptible to various attacks:
– Sniffing of credentials
– Brute-force attacks to access the data
© 2010
Principles of Computer Security:
CompTIA Security+® and Beyond, Second Edition
Chapter Summary
• Construct networks using different types of network
devices.
• Enhance security using NAC/NAP methodologies.
• Identify the different types of media used to carry
network signals.
• Describe the different types of storage media used
to store information.
• Use basic terminology associated with network
functions related to information security.
© 2010