Network hardening
Download
Report
Transcript Network hardening
Chapter 14
Upon
completion of this chapter, you should
be able to:
Identify different types of Intrusion Detection
Systems and Prevention Systems
Describe how an IDS responds, detects
threats and where it runs
Describe how to perform a vulnerability
assessment
Harden a network and its devices
Identify switch port security methods
14.1
After implementing security, you don’t wait for
an attack
Use an IDS (Intrusion Detection System) or IPS
(Intrusion Prevention System)
Two types of IDS’
Passive (IDS)
Active (IPS)
Classified by how they detect & respond to
attacks
Passive
Monitors network for threats
Alert if threat is found
ONLY DETECTS - DOES NOT TRY TO STOP THREAT
Active
IDS
IDS
AKA Intrusion Prevention System (IPS)
Detects attack – Takes action!
Example: A port is attacked; it closes the port until the
attack stops
Signature
Has a list of known attacks
MATCH= take action
Can only detect identified/listed attacks
Anomaly
Recognition
Recognition
Identifies typical network traffic
Then looks for abnormal traffic
Uses a measurement above normal values to
determine if action should be taken
Host-based
Runs on a single PC
Monitors application activity & system files
Anti-virus software
Uses list of virus definitions to detect;
SIGNATURE-BASED IDS
Network-based
Acts like a firewall
Put AV on the device so it can scan all PCs
Centralized admin point
Create
fake resources
Honeypot
Device or virtual machine that entices intruders
by having an obvious vulnerability
Distracts hackers from valuable resources
You can observe them, gather info about them,
prosecute them
Identifies vulnerabilities in a network
Vulnerability scanner
Scans open ports, software holes, missing patches,
misconfigurations, default passwords
Ping scanner
Detects incoming ICMP requests
Allows you to block them on each device’s firewall
Port scanner
Scans for open ports
Password Cracker
Identifies weak passwords by trying to crack them
TestOut
14.1.2- DEMO Configuring an IDS/IPS
TestOut
14.1.5- LAB Configure Intrusion
Prevention
TestOut
14.1.6- LAB Enable Wireless Intrusion
Prevention
TestOut
14.1.9- Practice Questions (15)
14.3
Switches,
Installed in secure location; locked doors
Change default username/password
Limit admin user access
Switches
routers, firewalls
& routers
Use VLANs to isolate traffic
ACLs
Port security/MAC address
SSH (not Telnet)
Servers
Install only needed software (no extras)
Install anti-malware software
Apply patches & service packs
User
Accounts
Multi-factor; username/password & smartcard
Account lockout
Time of day restrictions
Passwords
Aging- change password every so often
Can’t reuse old passwords
Switches
have CAM table with MAC addresses
learned & port they are on
Two security methods:
Restrict each port to a specific MAC address
Set max # of MAC addresses a port can learn
Actions
Protect
Disallow unknown MAC
Restrict
for port security
Disallow unknown MAC,
creates a log message
Shut down
Port shuts down & admin must
reset it
On
a switch
Filters
out untrusted DHCP messages
Prevents
rogue DHCP servers (possibly from
outside the network) from offering clients an
IP address
TestOut
14.3.4- DEMO Configuring Switch
Port Security
TestOut
14.3.5- LAB Configure Port Security
Complete
the study guide handout
Complete
TestOut
Practice
in Packet Tracer
Jeopardy
review
Chapter 14