Transcript configuring tcp/ip addressing and security

1
Chapter 11
CONFIGURING
TCP/IP ADDRESSING
AND SECURITY
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
OVERVIEW
 Understand IP addressing
 Manage IP subnetting and subnet masks
 Understand IP security terminology
 Manage Internet security features of
Windows XP
 Configure and troubleshoot Windows
Firewall
2
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
UNDERSTANDING BINARY NUMBERS
3
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
4
CONVERTING DECIMAL ADDRESSES TO BINARY
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
5
CONVERTING BINARY ADDRESSES TO DECIMAL
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
USING CALCULATOR TO CONVERT NUMBERS
6
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
SUBNET MASKS
7
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
PROBLEMS WITH CLASSFUL ADDRESSES
 Wasted addresses
 Shortage of address blocks
 Excessive routing table entries
8
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
SUBNETTING A LARGE NETWORK
9
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
CLASSLESS INTERDOMAIN ROUTING (CIDR)
10
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
SUPERNETS
11
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
12
SECURING IP COMMUNICATIONS
 Internet threats
 Protective technologies
 Configuring and managing Windows Firewall
 Monitoring Internet communications
security
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
INTERNET THREATS
 Viruses (the oldest threat)
 Worms (the most persistent threat)
 Trojan horses
 Spyware
 Zombies
 Direct hacking
13
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
VIRUSES
 Take advantage of gullible users
 Infect document, graphics, and
executable files
 Often include mass-mailing components
 Can carry destructive payloads
14
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
15
WORMS
 Self-replicating
 Network-aware
 Use bugs in programs or systems to spread
 Can carry viruses or other payloads
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
TROJAN HORSES
 Usually e-mailed or downloaded
 Appear to be a useful program or game
 Carry payload or back door application
16
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
SPYWARE
 Has attributes of Trojan horses or worms
 Spies on its victim
 Might transmit marketing data or transmit
personal data to the spyware author
17
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
18
ZOMBIES
 Payload of worm or Trojan horse
 Remotely controlled to attack network
targets
 Participate in large-scale assaults on public
Web sites
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
DIRECT HACKING
 Relatively low incidence
 Hardest form of attack to defeat
19
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
PROTECTIVE TECHNOLOGIES
 Security Center
 Windows Firewall
 Internet Connection Sharing (ICS)
 Third-party utilities
20
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
SECURITY CENTER
21
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
FIREWALL TERMINOLOGY
 Packet filtering
 Stateful packet filtering
 Exceptions (packet filter rules)
 Allowed traffic
 Rejected traffic
 Logging
22
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
ENABLING WINDOWS FIREWALL
23
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
FIREWALL EXCEPTIONS
24
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
ADVANCED WINDOWS FIREWALL SETTINGS
25
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
MONITORING INTERNET SECURITY
 Windows Firewall monitoring
 Service logs
 Event logs
26
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
WINDOWS FIREWALL ALERTS
27
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
WINDOWS FIREWALL LOGS
28
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
SERVER LOGS
29
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
30
SUMMARY
 IP addresses are 32-bit binary addresses.
 The network portion of IP addresses determines
location.
 CIDR allows creation of custom netblocks.
 CIDR permits use of variable-length subnet masks.
 Windows Firewall blocks unauthorized packets.
 Windows Firewall exceptions allow specified traffic
to pass through the firewall.
 Alerts and logs warn of attempted attacks.