Network Security and Firewalls Lesson 1
Download
Report
Transcript Network Security and Firewalls Lesson 1
Network Security
and Firewalls
Lesson 1:
What Is Security
Objectives
Define security
Explain the need for network security
Identify resources that need security
Identify the two general security threat
types
List security standards and organizations
What Is Security?
LANs
WANs
VPNs
Network perimeters
Hacker
Statistics
One of every five Internet sites has
experienced a security breach
Losses due to security breaches are
estimated at $10 billion each year
Intrusions have increased an estimated 50
percent in the past year
What Is
the Risk?
Categorizing attacks
Countering attacks systematically
The Myth of
100-Percent Security
Security as balance
Security policies
Attributes of an
Effective Security Matrix
Allows access control
Easy to use
Appropriate cost of ownership
Flexible and scalable
Superior alarming and reporting
What You Are
Trying to Protect
End user resources
Network resources
Server resources
Information storage resources
Who Is
the Threat?
Casual attackers
Determined attackers
Spies
Security
Standards
Security services
- Authentication
- Access control
- Data confidentiality
- Data integrity
- Nonrepudiation
Security mechanisms
- The Orange Book
Summary
Define security
Explain the need for network security
Identify resources that need security
Identify the two general security threat
types
List security standards and organizations
Lesson 2:
Elements
of Security
Objectives
Formulate the basics of an effective
security policy
Identify the key user authentication
methods
Explain the need for access control
methods
Describe the function of an access
control list
Objectives
(cont’d)
List the three main encryption methods
used in internetworking
Explain the need for auditing
Elements
of Security
Audit Administration
Encryption Access Control
User Authentication
Corporate Security Policy
The
Security Policy
Classify systems
Prioritize resources
Assign risk factors
Define acceptable and unacceptable
activities
Define measures to apply to resources
Define education standards
Assign policy administration
Encryption
Encryption categories
- Symmetric
- Asymmetric
- Hash
Encryption strength
Authentication
Authentication methods
- Proving what you know
- Showing what you have
- Demonstrating who you are
- Identifying where you are
Specific
Authentication Techniques
Kerberos
One-time passwords
Access
Control
Access Control List
- Objects
Execution Control List
- Sandboxing
Auditing
Passive auditing
Active auditing
Security Tradeoffs
and Drawbacks
Increased complexity
Slower system response time
Summary
Formulate the basics of an effective
security policy
Identify the key user authentication
methods
Explain the need for access control
methods
Describe the function of an access
control list
Summary
(cont’d)
List the three main encryption methods
used in internetworking
Explain the need for auditing
Lesson 3:
Applied
Encryption
Objectives
Create a trust relationship using publickey cryptography
List specific forms of symmetric,
asymmetric, and hash encryption
Deploy PGP in Windows 2000 and Linux
Creating Trust
Relationships
Manually
Automatically
Rounds, Parallelization
and Strong Encryption
Round
- Discrete part of the encryption process
Parallelization
- Use of multiple processes, processors
or machines to work on cracking one
encryption algorithm
Strong encryption
- Use of any key longer than 128 bits
Symmetric-Key
Encryption
One key is used to encrypt and decrypt
messages
Symmetric
Algorithms
Data encryption
standard
Triple DES
Symmetric algorithms
created by the RSA
Security Corporation
International Data
Encryption Algorithm
Blowfish and Twofish
Skipjack
MARS
Rijndael and Serpent
Advanced Encryption
Standard
Asymmetric
Encryption
Asymmetric-key encryption elements
- RSA
- DSA
- Diffie-Hellman
Hash
Encryption
Signing
Hash algorithms
- MD2, MD4, and MD5
- Secure hash algorithm
Applied
Encryption Processes
E-mail
PGP and GPG
S-MIME
Encrypting drives
Web server encryption
Summary
Create a trust relationship using publickey cryptography
List specific forms of symmetric,
asymmetric, and hash encryption
Deploy PGP in Windows 2000 and Linux
Lesson 4:
Types
of Attacks
Objectives
Describe specific types of security
attacks
Recognize specific attack incidents
Brute-Force and
Dictionary Attacks
Brute-force attack
- Repeated access attempts
Dictionary attack
- Customized version of brute-force
attack
System Bugs
and Back Doors
Buffer overflow
Trojans and root kits
Social Engineering
and Nondirect Attacks
Call and ask for the password
Fraudulent e-mail
DOS and DDOS attacks
Spoofing
Trojans
Information leakage
Hijacking and man-in-the-middle attacks
Summary
Describe specific types of security
attacks
Recognize specific attack incidents
Lesson 5:
General
Security Principles
Objectives
Describe the universal guidelines and
principles for effective network security
Use universal guidelines to create
effective specific solutions
Common
Security Principles
Be paranoid
Have a security
policy
No system stands
alone
Minimize the
damage
Deploy
companywide
enforcement
Provide training
Integrate security
strategies
Place equipment
according to needs
Identify security
business issues
Consider physical
security
Summary
Describe the universal guidelines and
principles for effective network security
Use universal guidelines to create
effective specific solutions
Lesson 6:
Protocol Layers
and Security
Objectives
List the protocols that pass through a
firewall
Identify potential threats at different
layers of the TCP/IP stack
TCP/IP and
Network Security
The Internet and TCP/IP were not designed
around strong security principles
The TCP/IP Suite and
the OSI Reference Model
Physical layer
Network layer
Transport layer
Application layer
Presentation layer
Session layer
Data link layer
TCP/IP
Packet Construction
Application Message: e-mail, FTP, Telnet
TCP Segment
Header
Body
IP Datagram
Header
Body
Ethernet Frames
Header
Body
Trailer
Summary
List the protocols that pass through a
firewall
Identify potential threats at different
layers of the TCP/IP stack
Lesson 7:
Securing
Resources
Objectives
Consistently apply security principles
Secure TCP/IP services
Describe the importance of testing and
evaluating systems and services
Discuss network security management
applications
Implementing Security
Categorize resources and needs
Define a security policy
Secure each resource and service
Log, test, and evaluate
Repeat the process and keep current
Resources
and Services
Protecting services
- Protect against profiling
- Coordinate methods and techniques
- Protect services by changing default
settings
- Remove unnecessary services
Protecting
TCP/IP Services
The Web Server
- CGI scripts
- CGI and programming
Securing IIS
Additional HTTP servers
FTP servers
- Access control
Simple Mail
Transfer Protocol
The Internet Worm
The Melissa virus
E-mail and virus scanning
Access control measures
Testing and
Evaluating
Testing existing systems
Security
Testing Software
Specific tools
- Network scanners
- Operating system add-ons
- Logging and log analysis tools
Security
and Repetition
Understanding the latest exploits
Summary
Consistently apply security principles
Secure TCP/IP services
Describe the importance of testing and
evaluating systems and services
Discuss network security management
applications
Lesson 8:
Firewalls and
Virtual Private Networks
Objectives
Describe the role a firewall plays in a
company’s security policy
Define common firewall terms
Describe packet-filtering rules
Describe circuit-level gateways
Configure an application-level gateway
Explain PKI
Discuss public keys and VPNs
The Role
of a Firewall
Implement a company’s security policy
Create a choke point
Log Internet activity
Limit network host exposure
Firewall
Terminology
Packet filter
Proxy server
NAT
Bastion host
Operating system hardening
Screening and choke routers
DMZ
Creating
Packet Filter Rules
Process
- Packet filters work at the network layer
of the OSI/RM
Rules and fields
Packet Filter Advantages
and Disadvantages
Drawbacks
Stateful multi-layer inspection
Popular packet-filtering products
Using the ipchains and iptables
commands in Linux
Configuring
Proxy Servers
Recommending a proxy-oriented firewall
Advantages and disadvantages
- Authentication
- Logging and alarming
- Caching
- Reverse proxies and proxy arrays
- Client configuration
- Speed
Remote Access and
Virtual Private Networks
Virtual network perimeter
Tunneling protocols
IPsec
ESP
PPTP
L2TP
Public Key
Infrastructure (PKI)
Standards
- Based on X.509 standard
Terminology
Certificates
Summary
Describe the role a firewall plays in a
company’s security policy
Define common firewall terms
Describe packet-filtering rules
Describe circuit-level gateways
Configure an application-level gateway
Explain PKI
Discuss public keys and VPNs
Lesson 9:
Levels of
Firewall Protection
Objectives
Plan a firewall system that incorporates
several levels of protection
Describe the four types of firewall systems
design and their degrees of security
Implement a packet-filtering firewall
Firewall
Strategies and Goals
Resource placement
Physical access points
Site administration
Monitoring tools
Hardware
Building
a Firewall
Design principles
- Keep design simple
- Make contingency plans
Types of
Bastion Hosts
Single-homed bastion host
Dual-homed bastion host
Single-purpose bastion hosts
- Internal bastion hosts
Hardware Issues
Operating system
Services
Daemons
Common
Firewall Designs
Screening routers
Screened host firewall (single-homed
bastion)
Screened host firewall (dual-homed
bastion)
Screened subnet firewall (demilitarized
zone)
Summary
Plan a firewall system that incorporates
several levels of protection
Describe the four types of firewall systems
design and their degrees of security
Implement a packet-filtering firewall
Lesson 10:
Detecting and
Distracting Hackers
Objectives
Customize your network to manage hacker
activity
Implement proactive detection
Distract hackers and contain their activity
Set traps
Deploy Tripwire for Linux
Proactive
Detection
Automated security scans
Login scripts
Automated audit analysis
Checksum analysis
Distracting
the Hacker
Dummy accounts
Dummy files
Dummy password files
Tripwires and automated checksums
Jails
Punishing
the Hacker
Methods
Tools
Summary
Customize your network to manage hacker
activity
Implement proactive detection
Distract hackers and contain their activity
Set traps
Deploy Tripwire for Linux
Lesson 11:
Incident
Response
Objectives
Respond appropriately to a security breach
Identify some of the security organizations
that can help you in case your system is
attacked
Subscribe to respected security alerting
organizations
Decide
Ahead of Time
Itemize a detailed list of procedures
Include the list in a written policy
Be sure all employees have a copy
Incident
Response
Do not panic
Document everything
Assess the situation
Stop or contain the activity
Execute the response plan
Analyze and learn
Summary
Respond appropriately to a security breach
Identify some of the security organizations
that can help you in case your system is
attacked
Subscribe to respected security alerting
organizations
Network
Security and Firewalls
What Is Security?
Elements of Security
Applied Encryption
Types of Attacks
General Security Principles
Protocol Layers and Security
Network
Security and Firewalls
Securing Resources
Firewalls and Virtual Private Networks
Levels of Firewall Protection
Detecting and Distracting Hackers
Incident Response