Transcript Network hardening

Chapter 14
 Upon
completion of this chapter, you should
be able to:
 Identify different types of Intrusion Detection
Systems and Prevention Systems
 Describe how an IDS responds, detects
threats and where it runs
 Describe how to perform a vulnerability
assessment
 Harden a network and its devices
 Identify switch port security methods
14.1

After implementing security, you don’t wait for
an attack

Use an IDS (Intrusion Detection System) or IPS
(Intrusion Prevention System)

Two types of IDS’
Passive (IDS)
 Active (IPS)


Classified by how they detect & respond to
attacks
 Passive



Monitors network for threats
Alert if threat is found
ONLY DETECTS - DOES NOT TRY TO STOP THREAT
 Active


IDS
IDS
AKA Intrusion Prevention System (IPS)
Detects attack – Takes action!

Example: A port is attacked; it closes the port until the
attack stops
 Signature



Has a list of known attacks
MATCH= take action
Can only detect identified/listed attacks
 Anomaly



Recognition
Recognition
Identifies typical network traffic
Then looks for abnormal traffic
Uses a measurement above normal values to
determine if action should be taken
 Host-based



Runs on a single PC
Monitors application activity & system files
Anti-virus software

Uses list of virus definitions to detect;
SIGNATURE-BASED IDS
 Network-based



Acts like a firewall
Put AV on the device so it can scan all PCs
Centralized admin point
 Create
fake resources
 Honeypot



Device or virtual machine that entices intruders
by having an obvious vulnerability
Distracts hackers from valuable resources
You can observe them, gather info about them,
prosecute them
Identifies vulnerabilities in a network
 Vulnerability scanner



Scans open ports, software holes, missing patches,
misconfigurations, default passwords
Ping scanner
Detects incoming ICMP requests
 Allows you to block them on each device’s firewall


Port scanner


Scans for open ports
Password Cracker

Identifies weak passwords by trying to crack them
 TestOut
14.1.2- DEMO Configuring an IDS/IPS
 TestOut
14.1.5- LAB Configure Intrusion
Prevention
 TestOut
14.1.6- LAB Enable Wireless Intrusion
Prevention
 TestOut
14.1.9- Practice Questions (15)
14.3
 Switches,



Installed in secure location; locked doors
Change default username/password
Limit admin user access
 Switches




routers, firewalls
& routers
Use VLANs to isolate traffic
ACLs
Port security/MAC address
SSH (not Telnet)
 Servers



Install only needed software (no extras)
Install anti-malware software
Apply patches & service packs
 User



Accounts
Multi-factor; username/password & smartcard
Account lockout
Time of day restrictions
 Passwords


Aging- change password every so often
Can’t reuse old passwords
 Switches
have CAM table with MAC addresses
learned & port they are on
 Two security methods:


Restrict each port to a specific MAC address
Set max # of MAC addresses a port can learn
 Actions

Protect


Disallow unknown MAC
Restrict


for port security
Disallow unknown MAC,
creates a log message
Shut down

Port shuts down & admin must
reset it
 On
a switch
 Filters
out untrusted DHCP messages
 Prevents
rogue DHCP servers (possibly from
outside the network) from offering clients an
IP address
 TestOut
14.3.4- DEMO Configuring Switch
Port Security
 TestOut
14.3.5- LAB Configure Port Security
 Complete
the study guide handout
 Complete
TestOut
 Practice
in Packet Tracer
 Jeopardy
review
Chapter 14