Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the...
-
Upload
maximillian-norton -
Category
Documents
-
view
220 -
download
0
Transcript of Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the...
![Page 1: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/1.jpg)
Chapter 13Network Protection Systems
![Page 2: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/2.jpg)
Objectives
After reading this chapter and completing the exercises, you will be able to: Explain how routers are used as network
protection systems Describe firewall technology and tools for
configuring firewalls and routers Describe intrusion detection and prevention
systems and Web-filtering technology Explain the purpose of honeypots
Hands-On Ethical Hacking and Network Defense, Second Edition 2
![Page 3: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/3.jpg)
Understanding Routers
Network protection systems Routers Firewalls Intrusion detection and prevention
systems Web filtering Honeypots
Security appliance Single device combining two or more
protection functionsHands-On Ethical Hacking and Network Defense, Second Edition 3
![Page 4: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/4.jpg)
Understanding Routing Protocols Routers are hardware devices
Used to send packets to different network segments Operate at network layer of OSI model
Routing protocols Link-state routing protocol
Router advertises link-state Distance-vector routing protocol
Router passes routing table to all participating routers
Path-vector routing protocol Uses dynamically updated paths or routing tables
to transmit packetsHands-On Ethical Hacking and Network Defense, Second Edition 4
![Page 5: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/5.jpg)
Understanding Basic Hardware Routers Cisco routers
Widely used in networking community Millions used by companies around the
world
Vulnerabilities exist As they do in any OS Security professionals must consider the
router type when conducting a security test
Hands-On Ethical Hacking and Network Defense, Second Edition 5
![Page 6: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/6.jpg)
Cisco Router Components
Random access memory (RAM) Holds router’s running configuration, routing
tables, and buffers If turned off, contents stored in RAM are erased
Nonvolatile RAM (NVRAM) Holds router’s configuration file
Information is not lost if the router is turned off Flash memory
Holds IOS the router is using Rewritable memory, so IOS can be upgraded
Hands-On Ethical Hacking and Network Defense, Second Edition 6
![Page 7: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/7.jpg)
Cisco Router Components (cont’d.) Read-only memory (ROM)
Contains a minimal version of IOS Used to boot router if flash memory gets
corrupted
Interfaces Hardware connectivity points for
components of most concern Ethernet port is an interface that connects
to a LAN
Hands-On Ethical Hacking and Network Defense, Second Edition 7
![Page 8: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/8.jpg)
Cisco Router Configuration Configuration modes:
User mode Administrator can perform basic
troubleshooting tests and list information stored on router
Indicated by router name followed by > Default mode
Privileged mode Administrator can perform full router
configuration tasks Indicated by router name followed by #
Hands-On Ethical Hacking and Network Defense, Second Edition 8
![Page 9: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/9.jpg)
Cisco Router Configuration (cont’d.) Modes to configure the router (in
privileged mode) Global configuration mode
Configure router settings affecting router operation
Interface configuration mode Administrator can configure an interface
on the router
Hands-On Ethical Hacking and Network Defense, Second Edition 9
![Page 10: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/10.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 10
Table 13-1 Cisco commands
![Page 11: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/11.jpg)
Understanding Access Control Lists Several types of access control lists
This section focuses on IP access lists Lists IP addresses, subnets, or networks
allowed or denied access through a router’s interface
Cisco router access lists Standard IP access lists Extended IP access lists
Hands-On Ethical Hacking and Network Defense, Second Edition 11
![Page 12: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/12.jpg)
Standard IP Access Lists
Can restrict IP traffic entering or leaving a router’s interface based on source IP address To restrict traffic from Network 3 from
entering Network 1, access list looks like:access-list 1 deny 173.110.0.0 0.0.255.255
access-list permit any
Hands-On Ethical Hacking and Network Defense, Second Edition 12
Figure 13-1 Applying access lists to router interfaces
![Page 13: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/13.jpg)
Extended IP Access Lists
Restricts IP traffic entering or leaving based on: Source IP address Destination IP address Protocol type Application port number
Configuration Similar to configuring a standard IP
access list
Hands-On Ethical Hacking and Network Defense, Second Edition 13
![Page 14: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/14.jpg)
Understanding Firewalls
Hardware devices with embedded OSs Controls access to all traffic entering
internal network Controls traffic leaving internal network
Hardware firewall advantages: Usually faster than software firewalls Can handle larger throughput than
software firewalls Hardware firewall disadvantage:
Locked into firewall’s hardware
Hands-On Ethical Hacking and Network Defense, Second Edition 14
![Page 15: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/15.jpg)
Understanding Firewalls (cont’d.) Software firewalls advantage:
NICs are easily added to server running firewall software
Software firewalls disadvantage: Configuration problems Rely on running OS
Astaro
Hands-On Ethical Hacking and Network Defense, Second Edition 15
![Page 16: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/16.jpg)
Understanding Firewall Technology Technologies include:
Network address translation Access lists Packet filtering Stateful packet inspection Application layer inspection
Hands-On Ethical Hacking and Network Defense, Second Edition 16
![Page 17: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/17.jpg)
Network Address Translation Most basic security feature
Internal private IP addresses are mapped to public external IP addresses Hiding internal infrastructure
Port Address Translation Derived from NAT Allows thousands of internal IP
addresses to be mapped to one external IP address
Hands-On Ethical Hacking and Network Defense, Second Edition 17
![Page 18: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/18.jpg)
Access Lists
Used to filter traffic based on: Source IP address Destination IP address Ports or services
Firewalls also use this technology Creating access lists in a firewall
Similar to creating them in a router
Hands-On Ethical Hacking and Network Defense, Second Edition 18
![Page 19: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/19.jpg)
Packet Filtering
Packet filters Screen packets based on information
contained in packet header Protocol type IP address TCP/UDP port
Hands-On Ethical Hacking and Network Defense, Second Edition 19
![Page 20: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/20.jpg)
Stateful Packet Inspection Record session-specific information
about a network connection Including state table
Port scans relying on spoofing or sending packets after a three-way handshake are made ineffective
Stateful packet filters Recognize anomalies most routers ignore Handle each packet on an individual basis
Not resistant to spoofing or DoS attacks
Hands-On Ethical Hacking and Network Defense, Second Edition 20
![Page 21: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/21.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 21
Table 13-2 State table example
![Page 22: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/22.jpg)
Application Layer Inspection Inspects network traffic at a higher
level in OSI model Makes sure network traffic’s application
protocol is the type allowed by a rule Some application-aware firewalls act
as a proxy for all connections Safety net for servers or clients (or both)
Depends on firewall
Hands-On Ethical Hacking and Network Defense, Second Edition 22
![Page 23: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/23.jpg)
Implementing a Firewall
Placing a firewall between a company’s internal network and the Internet is dangerous Leaves company open to attack if a
hacker compromises the firewall Use a demilitarized zone instead
Adds a layer of defense
Hands-On Ethical Hacking and Network Defense, Second Edition 23
![Page 24: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/24.jpg)
Demilitarized Zone
Small network Contains resources a company wants
available to Internet users Helps maintain security on internal
network
Sits between Internet and internal network Sometimes referred to as a “perimeter
network”
Hands-On Ethical Hacking and Network Defense, Second Edition 24
![Page 25: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/25.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 25
Figure 13-2 A DMZ protecting an internal network
![Page 26: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/26.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 26
Figure 13-3 An additional firewall used to protect the DMZ
![Page 27: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/27.jpg)
Understanding the Cisco Adaptive Security Appliance Firewall Cisco Adaptive Security Appliance
(ASA) firewall One of the most widely used firewalls Replaced PIX firewall Added advanced modular features
Intrusion detection and prevention More sophisticated application layer
inspection
Hands-On Ethical Hacking and Network Defense, Second Edition 27
![Page 28: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/28.jpg)
Configuring the ASA Firewall Similar logon prompt as Cisco router
Prompt:If you are not authorized to be in this XYZ Hawaii network device, log out immediately!
Username: admin
Password: ********
Serves a legal purpose Prompt after successful log on:
Type help or '?' for a list of available commands.
ciscoasa>
Hands-On Ethical Hacking and Network Defense, Second Edition 28
![Page 29: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/29.jpg)
Configuring the ASA Firewall (cont’d.) After entering correct password
You are in privileged mode To enter configuration mode
Use same command as on a Cisco routerconfigure terminal or configure t
Access lists Used to filter traffic
Hands-On Ethical Hacking and Network Defense, Second Edition 29
![Page 30: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/30.jpg)
Using Configuration and Risk Analysis Tools for Firewalls and Routers Center for Internet Security
One of the best Web sites for finding configuration benchmarks and configuration assessment tools
Benchmark Industry consensus of best configuration
practices Cisco routers use CIS Cisco IOS Benchmark Cisco ASA firewalls use CIS Benchmark for
Cisco Firewall Devices Router Audit Tool (RAT)
Faster and easier to useHands-On Ethical Hacking and Network Defense, Second Edition 30
![Page 31: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/31.jpg)
Using Configuration and Risk Analysis Tools for Firewalls and Routers (cont’d.) RedSeal
Unique network risk analysis and mapping tool
Identifies configuration vulnerabilities in routers or firewalls
Generates professional-looking reports Analyzes IPSs and OS vulnerability scans Shows a graphical representation of
vulnerabilities discovered
Hands-On Ethical Hacking and Network Defense, Second Edition 31
![Page 32: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/32.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 32
Figure 13-4 The RedSeal network risk map
![Page 33: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/33.jpg)
Understanding Intrusion Detection and Prevention Systems Monitor network devices
Security administrators can identify attacks in progress and stop them
Intrusion detection system (IDS) Examines traffic and compares it with known
exploits Similar to virus software using a signature file to
identify viruses
Intrusion prevention systems (IPSs) Similar to IDSs Also performs an action to prevent the intrusion
Hands-On Ethical Hacking and Network Defense, Second Edition 33
![Page 34: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/34.jpg)
Network-Based and Host-Based IDSs and IPSs
Network-based IDSs/IPSs Monitor activity on network segments Sniff traffic and alerts if something
suspicious occurs Host-based IDSs/IPSs
Used to protect a critical network server or database server
Software is installed on server you’re attempting to protect
Hands-On Ethical Hacking and Network Defense, Second Edition 34
![Page 35: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/35.jpg)
Network-Based and Host-Based IDSs and IPSs (cont’d.) IDSs are also categorized by how
they react when they detect suspicious behavior Passive systems
Don’t take preventative action Send out an alert and log the activity
Active systems Log events and send out alerts Can also interoperate with routers and
firewalls
Hands-On Ethical Hacking and Network Defense, Second Edition 35
![Page 36: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/36.jpg)
Network-Based and Host-Based IDSs and IPSs (cont’d.) Vendors have started focusing on IPSs
True network-based IPS are installed inline to network infrastructure Traffic has to pass through IPS before going
into or out of the network More capable of stopping malicious traffic Host-based IPSs operate at the OS (or
kernel) level Intercept traffic not allowed by host policy
Hands-On Ethical Hacking and Network Defense, Second Edition 36
![Page 37: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/37.jpg)
Network-Based and Host-Based IDSs and IPSs (cont’d.) Network-based IDSs and IPSs are
further categorized by the way they detect attacks Signature detectors
Detect malicious activity by using a database of known attack signatures
Anomaly detectors Use a baseline of normal activity and send
an alert if activity deviates significantly
Hands-On Ethical Hacking and Network Defense, Second Edition 37
![Page 38: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/38.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 38
Table 13-3 Intrusion detection and prevention systems
![Page 39: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/39.jpg)
Web Filtering
Statistically, firewalls and IPSs do a good job of protecting a network from Internet attacks Hackers know statistics
Now using least restricted pathway through a firewall
Target devices allowed access out of the network automatically: user workstations Get internal user to visit a bogus Web site or install
malicious code from an e-mail attachment Don’t need to break through the firewall Firewall application layer inspection might not
detect this kind of attackHands-On Ethical Hacking and Network Defense, Second Edition 39
![Page 40: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/40.jpg)
Web Filtering (cont’d.)
Web filtering is used to detect users’ attempts to access malicious Web sites and block tem Some block malicious code
Before it gets to a user’s workstation Before it connects to an attacker’s control
system outside the network Mass compromises are used to
initiate drive-by downloads Web site visitors download malicious
code without their knowledgeHands-On Ethical Hacking and Network Defense, Second Edition 40
![Page 41: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/41.jpg)
Security Incident Response Teams Large organizations with sensitive or critical
data Normal administrative expertise isn’t enough to do:
Follow up and damage assessment Risk remediation and legal consultation
Security incident response team (SIRT) Permanent team Responsible solely for security-response functions
Ad hoc team Members normally have other roles Called in response to a specific incident
Hands-On Ethical Hacking and Network Defense, Second Edition 41
![Page 42: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/42.jpg)
Understanding Honeypots
Honeypot Computer placed on network perimeter
Contains information to lure and trap hackers
Configured to have vulnerabilities Keeps hackers connected long enough
so they can be traced back Serves as an excellent data collector and
early warning system Honeyd.org
Hands-On Ethical Hacking and Network Defense, Second Edition 42
![Page 43: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/43.jpg)
How Honeypots Work
Honeypot appears to have important data or sensitive information stored on it Could store fake financial data Hackers will spend time attacking the
honeypot Stop looking for real vulnerabilities Enables security to collect data on attackers
Available honeypots Commercial and open-source
Virtual honeypots Created using programming language
Hands-On Ethical Hacking and Network Defense, Second Edition 43
![Page 44: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/44.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 44
Table 13-4 Commercial honeypots
![Page 45: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/45.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 45
Table 13-5 Open-source honeypots
![Page 46: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/46.jpg)
Summary
Network protection systems Routers, firewalls, IDSs, IPSs, Web filters,
etc. Routers
Use access lists to accept or deny traffic Firewalls
Can be hardware devices or software installed on computer systems
Use NAT, packet filtering, access control lists, stateful packet inspection, and application layer inspection
Hands-On Ethical Hacking and Network Defense, Second Edition 46
![Page 47: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/47.jpg)
Summary (cont’d.)
DMZ Small network containing resources that
sits between the Internet and internal network
Intrusion detection systems Monitor network traffic
Network-based IDSs Monitor activity on network segments
Host-based IDSs Protect a critical network server or
database serverHands-On Ethical Hacking and Network Defense, Second Edition 47
![Page 48: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/48.jpg)
Summary (cont’d.)
Passive IDSs Don’t take any action or prevent an
activity from continuing to occur Active IDSs
Log, send alerts, and interoperate with routers and firewalls
Intrusion prevention systems (IPSs) Detect malicious activity Can block or prevent malicious activity
Hands-On Ethical Hacking and Network Defense, Second Edition 48
![Page 49: Chapter 13 Network Protection Systems. Objectives After reading this chapter and completing the exercises, you will be able to: Explain how routers.](https://reader036.fdocuments.in/reader036/viewer/2022062314/56649de35503460f94ada7b8/html5/thumbnails/49.jpg)
Summary (cont’d.)
Anomaly detectors Detect activity varying from a set baseline
Configuring routers and firewalls securely Easier with benchmark tools
Web filtering Can block Web sites containing malicious
code Large organizations
Might need a security incident response team Honeypots
Lure hackers away from legitimate resources
Hands-On Ethical Hacking and Network Defense, Second Edition 49