Wireless security
Download
Report
Transcript Wireless security
Network security threats and
mitigation
Unit objectives
Explain common threats and
vulnerabilities
Explain common mitigation techniques
Categorize different types of network
security appliances and methods
Install and configure a firewall
Topic A
Topic A: Network security threats
Topic B: Threat mitigation
Topic C: Network security appliances
and methods
Topic D: Installing and configuring a
firewall
Wireless security threats
Theft, rogue devices
Default configuration of access points
RF traffic
Lack of encryption
One-way authentication
Client connection requests
War chalking, war driving
Vulnerabilities of access points
Physical access
Firmware vulnerabilities
Default accounts
Wi-Fi scanners
Physical devices
Laptop software
– Airsnort
– NetStumbler
War driving
War chalking
Interference attacks
Evil-twin attacks
War chalking symbols
Activity A-1
Scanning for insecure access points
Denial-of-service attacks
Consume or disable resources by
flooding systems with TCP/IP packets
Hit client computers and servers
Distributed DoS attacks
Attacker uses multiple hosts
Handlers
Zombies
DDoS countermeasures
Packet filtering
Turn off directed broadcasts
Block ports
Man-in-the-middle attacks
Web spoofing
Information theft
TCP hijacking
ARP poisoning
ICMP redirect
DNS poisoning
Buffer overflow
Attackers insert malicious code
Remote execution capability
FTP bounce attacks
Use FTP port command
Bypass security measures
Smurf attacks
Flood a host with ICMP packets
Use third-party network
Configure routers to drop specific
ICMP packets
Malware
Viruses
Worms
Activity A-2
Discussing attacks on wired networks
Social engineering
Hacking people, not computers
Goals include fraud, network intrusion,
espionage, identify theft, disruption
Shoulder surfing
Attack types
Dumpster diving
Hoax
Impersonation
Phishing
Pharming
Shoulder surfing
Skimming
Spam
Spear phishing
Spim
Tailgating
Vishing
Whaling
Social engineering countermeasures
Awareness
Communicate security needs
Policies
Activity A-3
Discussing social engineering
Topic B
Topic A: Network security threats
Topic B: Threat mitigation
Topic C: Network security appliances
and methods
Topic D: Installing and configuring a
firewall
Antivirus software
Combat viruses
Real-time scanners
Checksum
Definition files
Antivirus products
Securing the operating system
Hardening
Hotfixes
Patches
Updates
Service packs
Windows Update
Updates
Important
Recommended
Optional
Activity B-1
Updating the operating system
Patch management
View list of installed updates
View update information
Uninstall updates when necessary
Activity B-2
Managing software patches
Security policies
Acceptable use
Due care
Privacy
Separation of duties
Need-to-know information
Password management
Account expiration
Service-level agreements
Ways to destroy or dispose of equipment,
electronic media, and printed documents
Acceptable use
Defines how computer and network
resources can be used
Protects information and limits
liabilities and legal actions
Addresses productivity issues
Employees should read and sign
document
Due care
Judgment or care exercised in a given
circumstance
Identifies risks to organization
Assesses risks and measures to be
taken to ensure information security
Privacy
Privacy of customer and supplier
information
–
–
–
–
Contracts
Sales documents
Financial data
Personally identifiable information
Compromised information causes
entities to lose trust
Separation of duties
Avoids one person having all
knowledge of a process
– Potential for abuse
– Knowledge leaves with person
Distribute tasks
Document all procedures
Security divided into multiple elements
– Each element assigned to different
people
Need to know
Sensitive information accessed only
by those who must
Give IT team just enough permissions
to perform duties
Give explicit access to those who
need it
Password management
Minimum password length
Required characters
Reset interval
Reuse
How users handle
Check for weak passwords
Account expiration
Unneeded counts disabled or deleted
Disable accounts for extended leaves
Service-level agreement
Contract between service provider and
end-user
Defines levels of support
Documents penalties
Covers disaster recovery plans
Contingency plans
Disposal and destruction
Degauss magnetic media
Zeroize drives
Physically destroy media
Lock recycle bins
Shred or burn documents
Activity B-3
Creating a security policy
Human resources policies
Document manual procedures for
automated duties
Access policies
– ID badges
– Keys
– Restricted-access areas
Personnel management
– Hiring process
– Employee review and maintenance
– Employee termination
Incident response policy
1.
2.
3.
4.
5.
6.
Preparation
Detection
Containment
Eradication
Recovery
Follow-up
Preparation
Have steps in place
Balance easy access with effective
controls
Identify steps to be taken
Acceptable risks
Due diligence
Detection
Ask questions and document
responses
Containment
Shut down or take equipment offline
Increase monitoring
Eradication
Clean or delete files
Restore data
Recovery
Equipment
Storage devices
Passwords
Follow-up
Document entire process
Use documents for training or for legal
proceedings
Activity B-4
Creating an incident response
and reporting policy
Education
Educate staff about security
– Network administrators
– End-users
Enables all employees to be part of security
team
Enables regular user to see potential
security problems or security violations
Customize as needed
– Big picture for end-users
– Detailed knowledge for administrative users
– Exhaustive knowledge for security
administrators
Communication
Identify what information can be
shared and with whom
Identify what information can never be
shared
Prove identity
Social engineering threats
User awareness
Reason for training
Security contacts
Whom to contact about security incidents
Actions to take
Policies about system account use
Policies about system media use
Techniques for sanitizing media and hard
copies
Maintaining security of accounts
Application and data policies
Internet, Web, and e-mail policies
Activity B-5
Identifying the need for user education
and training
Topic C
Topic A: Network security threats
Topic B: Threat mitigation
Topic C: Network security appliances
and methods
Topic D: Installing and configuring a
firewall
Assessment types
Threat
Vulnerability
Risk
Vulnerability assessments
1.
2.
3.
4.
5.
Establish a baseline
Review the code
Determine the attack surface
Review the architecture
Review the design
Vulnerability testing tools
Port scanners
Network mappers
Password crackers
Nessus and other dedicated scanning
applications
Intrusion detection
Types
– Anomaly-based, heuristic
– Behavior-based
– Signature-based
IDS monitors for attacks
IPS takes action
NIDS: network IDS
HIDS: host-based IDS
Events
True negative
True positive
False positive
False negative
Activity C-1
Discussing IDS characteristics
NIDS
Monitors network for signs of attack
Network location
Indicators of malicious activity
Active reaction options
Passive reaction options
IDScenter for Snort
Example Snort rule
Type (alert, log, etc.)
Protocol to watch
Source IP address
Source port
alert icmp any any -> any any (msg: “ICMP alert”;sid:2;)
Target IP
Target port
Message for log or alert
ID number (required)
HIDS
Monitors a single host
HIDS operation
Logs
File modifications
Application and resource monitoring
Network traffic monitoring
Advantages of HIDS over NIDS
Verify success or failure of attack
Monitor individual users
Monitor local attacks
Not dependent on network (topology,
location, and so forth)
Activity C-2
Comparing host-based and network
intrusion detection systems
Honeypots and honeynets
Honeypot: single host
Honeynet: network
Traps for attackers
Purposes
Ethical and legal considerations
Honeypot examples
HoneyPoint
Symantec Decoy Server
Specter
PacketDecoy
HoneyBot
Honeyd
Project Honey Pot
Honeypot deployment
Activity C-3
Examining the role and use of
honeypots and honeynets
Topic D
Topic A: Network security threats
Topic B: Threat mitigation
Topic C: Network security appliances
and methods
Topic D: Installing and configuring a
firewall
Firewalls and proxies
Traffic control devices
Techniques
–
–
–
–
NAT and PAT
Packet filtering
Stateful packet inspection
Access control lists
Firewall categories
Network-layer firewalls
Application-layer firewalls
Activity D-1
Examining firewalls and proxy servers
Security zones
Network regions with various levels of
security
– Trusted zone
– Semi-trusted zone
– Untrusted zone
Intranet zone
Organization’s own network
Highly trusted
Private address space
Separated from public network
Perimeter network
DMZ
Network between intranet and Internet
Not used in every network
DMZ options
Screened host
Bastion host
Three-homed firewall
Back-to-back firewalls
Dead zone
Screened host
Bastion host
Three-homed firewall
Back-to-back firewalls
Dead zone
Traffic filtering
Outgoing traffic
Incoming traffic
NAT and PAT
Correlate internal and external
addresses
Address availability
Security
Port address translation
Ports differentiate internal servers
Common ports
PAT enables
– Sharing of single external IP address
– Added security for internal but publicly
accessible servers
Activity D-2
Examining NAT and PAT devices
Firewall administration
Host-based; network-based
Software-based firewall vs. dedicated
appliance
Rules-based
Network layer vs. Application layer
Rule planning
What traffic must always be allowed?
What traffic must always be blocked?
Which systems must accept
unsolicited inbound connections?
Can you use IPSec, Kerberos, etc.?
Do you need to permit remote access?
Do default rules meet your needs?
Activity D-3
Configuring firewall rules
Port security
Blocks rogue applications
Configure at host level
Use GPO or provisioning tool
Activity D-4
Blocking ports with a firewall
Unit summary
Explained common threats to and
vulnerabilities in network security
Explained common mitigation
techniques
Categorized different types of network
security appliances and methods
Installed and configured a firewall