Post on 30-Dec-2015
OV 12 - 1Copyright © 2013 Logical Operations, Inc. All rights reserved.
Network Security
Network Perimeter Security Intrusion Detection and Prevention Protect Network Traffic Using IPSec
OV 12 - 2Copyright © 2013 Logical Operations, Inc. All rights reserved.
NAT
192.168.12.20 192.168.12.30 192.168.12.100
24.96.83.120
NAT Server
OV 12 - 3Copyright © 2013 Logical Operations, Inc. All rights reserved.
The NAT Process
192.168.12.40:80192.168.12.40:80
Port#
NAT Server
Web ServerClient
23040
Internal Address
192.168.12.40:80
24.96.83.120:2304024.96.83.120:23040
OV 12 - 4Copyright © 2013 Logical Operations, Inc. All rights reserved.
IP Filtering
Packets meeting the filter criteria are allowed to pass
Packets not meeting the filter criteria are dropped
Filter by: Protocol type Source IP address Destination IP address
Screening router
OV 12 - 5Copyright © 2013 Logical Operations, Inc. All rights reserved.
MAC Filtering
MAC address: 00 00-86-47-F6-65
MAC address: 00-09-6D-07-FF-C3
MAC address: 00-06-25-BC-3F-27
Permitted MAC addresses: 00-00-86-47-F6-65 00-50-04-B4-61-96 00-06-25-BC-3F-27 00-0B-CD-3D-DE-83
OV 12 - 6Copyright © 2013 Logical Operations, Inc. All rights reserved.
Firewalls
Firewall
Approved TrafficApproved Traffic
Unapproved TrafficUnapproved Traffic
Administrator
OV 12 - 7Copyright © 2013 Logical Operations, Inc. All rights reserved.
Firewall Types
There are four common types of firewalls: Packet filter:
Works at the Network layer. Each packet being passed along the network is compared to a set of default criteria.
Stateful inspection firewall: Works at the Session layer. Monitors the condition or state of the connection.
Proxy firewall: Works at the Application layer. Logs user activity and logons.
Stateful multilayer inspection firewall: Works at the Network, Session, and Application layers Combines the functions of a packet filter, a stateful inspection firewall, and a proxy firewall.
OV 12 - 8Copyright © 2013 Logical Operations, Inc. All rights reserved.
Common Firewall Features
Common firewall features include: Scanning services - Provides the ability to scan incoming and outgoing
packets. Content filtering - Blocks restricted websites or content. Signature identification - Signifies that data in question is not legitimate. Zones - Creates a virtual or physical network topology architecture that creates
separate areas (zones) with differing security levels.
OV 12 - 10Copyright © 2013 Logical Operations, Inc. All rights reserved.
Proxy Servers
Web requestWeb request New requestNew request
Web cache
Proxy server
OV 12 - 11Copyright © 2013 Logical Operations, Inc. All rights reserved.
Web Proxy Features
User security – Enables an administrator to grant or deny Internet access. Gateway services – Enables proxies to translate traffic between protocols. Auditing – Enables administrators to generate reports on users’ Internet
activity. Remote access services – Provides access to the internal network for remote
clients. Content filtering – Evaluates the content of websites based on words or word
combinations.
OV 12 - 12Copyright © 2013 Logical Operations, Inc. All rights reserved.
Website Caching
Client request
Packet intercepted
Download content
If theclient requests
the same data
Verifies that the data is current
Sends data to client
Content update
Purges cache
Yes No
OV 12 - 13Copyright © 2013 Logical Operations, Inc. All rights reserved.
NAC
NAC
Scans systems for policy conformanceScans systems for policy conformance
OV 12 - 14Copyright © 2013 Logical Operations, Inc. All rights reserved.
Physical Network Security Measures
Building and grounds: Location Fire risks Electrical shielding Physical access control
Devices: Servers Laptops/PDAs Cell phones
Communications: Telecommunications Service providers Wireless cells
OV 12 - 15Copyright © 2013 Logical Operations, Inc. All rights reserved.
Intrusion Detection
Intrusion detection: Monitors the events occurring on a computer. Analyzes events to detect possible security policy violations.
Creates a log of events, and alerting you to the incident.
OV 12 - 16Copyright © 2013 Logical Operations, Inc. All rights reserved.
IDSs
Sensors scan for signs of attack
Sensors scan for signs of attack
OV 12 - 17Copyright © 2013 Logical Operations, Inc. All rights reserved.
Types of IDSs
Network-based Host-based Pattern- or signature-based Anomaly- or behavior-based Protocol-based Application protocol-based
OV 12 - 18Copyright © 2013 Logical Operations, Inc. All rights reserved.
Passive and Active IDSs
Passive IDS: Detects Logs Alerts
Active IDS: Detects Logs Alerts Blocks
OV 12 - 20Copyright © 2013 Logical Operations, Inc. All rights reserved.
Port Scanners
Network host tobe scanned
Network host tobe scanned
Lists of open TCP and UDP ports
Lists of open TCP and UDP ports
OV 12 - 21Copyright © 2013 Logical Operations, Inc. All rights reserved.
Vulnerability Assessment Tools
Honeypot
Scan attack logged
Scan attack logged
Attacker
Launches scanning attack
Launches scanning attack
OV 12 - 22Copyright © 2013 Logical Operations, Inc. All rights reserved.
Network Scanners
Network scanner
Scans networks for usernames
Scans networks for usernames
OV 12 - 23Copyright © 2013 Logical Operations, Inc. All rights reserved.
IPSec
Data security in transit Data authenticity and integrity Anti-replay protection Non-repudiation Eavesdropping and sniffing protection
IPSec Standards
Provides data authenticity and
integrity
Provides data authenticity and
integrity
OV 12 - 24Copyright © 2013 Logical Operations, Inc. All rights reserved.
IPSec Protection Mechanisms
IPSec can protect your network communication in several ways: Provides data authenticity and integrity Protects against replay attacks Prevents repudiation Protects against eavesdropping and sniffing
OV 12 - 25Copyright © 2013 Logical Operations, Inc. All rights reserved.
IPSec Modes
Mode Description
Transport Packet contents are encrypted. IP header used for routing. Used for host-to-host communication.
Tunnel Entire packet is encrypted and wrapped in an unencrypted packet. Used for creating VPNs.
OV 12 - 26Copyright © 2013 Logical Operations, Inc. All rights reserved.
IPSec Transport Protocols
IPSec uses two transport protocols: Authentication Header (AH):
Provides data integrity Uses MD5 and SHA
Encapsulating Security Payload (ESP): Provides data integrity and confidentiality Uses DES or 3DES
OV 12 - 27Copyright © 2013 Logical Operations, Inc. All rights reserved.
IKE
IPSec IPSecMaster Key
Data encryption keysData encryption keys
OV 12 - 28Copyright © 2013 Logical Operations, Inc. All rights reserved.
Security Associations
Phase 1
Phase 2
Phase 1
Phase 2
Negotiation on authenticationand encryption
Negotiation on authenticationand encryption
Data transmissionData transmission
OV 12 - 29Copyright © 2013 Logical Operations, Inc. All rights reserved.
IPSec Policies
Security settings in policy
Security settings in policy Assigned to
both computersAssigned to
both computers
OV 12 - 30Copyright © 2013 Logical Operations, Inc. All rights reserved.
IPSec Policy Rules
IP filters – Describe the protocol, port, and source or destination computer the rule applies to.
Filter action – Specifies how the system should respond to a packet that matches a particular filter.
Authentication method – Enables computers to establish a trust relationship. Tunnel setting – Enables computers to encapsulate data in a tunnel inside the
transport network. Connection type – Determines if the rule applies to local network connections,
remote access connections, or both.
OV 12 - 31Copyright © 2013 Logical Operations, Inc. All rights reserved.
Windows IPSec Components
IPSec policy agent IPSec driver Microsoft Management Console (MMC) IP security monitor
OV 12 - 32Copyright © 2013 Logical Operations, Inc. All rights reserved.
Reflective Questions
1. Which of the security measures discussed in this lesson are you most familiar with? Which ones are you most likely to implement or support in your network environment?
2. What intrusion detection systems do you think will suit your organization’s network?