Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00...
-
Upload
chaim-sandidge -
Category
Documents
-
view
218 -
download
0
Transcript of Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00...
Computer Security II
Lecturer– Lynn Ackler– Office – CSC 222– Office Hours
• 9:00 – 10:00 M,WCourse
– CS 457– CS 557
Course Objectives
Critical Security ControlsNetworks
Weaknesses, Defenses and Vigilances Protection, Detection and
Decontamination
Past, Current and Theoretical
CSIA
WARNING
The material that you will learn in the CSIA track is dual use.
The ethical and legal implications of your use of information and techniques presented should always be part of your decisions.
Outline
• Intro to Course• Critical Security Controls• LAN Network Security• LAN Network Assessment• Intrusion Detection Systems• Vulnerability Assessment• Internet Security (IPSec, VPN's and SSL)
• Secure Computing Environment Design
Course Requirements
• 1 Hour Test 20%• 1 Final Exam (3/24/06 @ 7:30) 30%• Lab Reports & Exercises 30%• Security + 20%
Schedule
• Week 1 - Intro &Critical Security Controls• Week 2 - Network review• Week 3 - LAN Security• Week 4 - Firewalls• Week 5 - LAN Assessment• Week 6 - Midterm• Week 7 - Intrusion Detection• Week 8 - Network Design• Week 9-10 - IPSEC & SSL
Lab Reports
• Significant portion of the course• 2 people to a workstation• Collaborative work• Independent reports• Reports are important
• Well written in English
Lab Projects
1.Stateful Trace2.Use of net tools3.Firewall – Installation and test4.Nmap exercisae5. IDS – Installation, configuration and
evaluation6. IPSEC Trace
Lab Report
• Description• Purpose• Step by step description• Justification• Test and evaluation• Conclusions
Lab Grades
• Adherence to requirements• Innovation• Completeness• Correctness• Clarity• Independence
Information Security Model
Confidentiality
Integrity
Availability
Transm
ission
Storage
Processin
g
Tec
hnol
ogy
Pol
icie
s
Tra
inin
g
Information States
Cri
tica
l Inf
orm
atio
n C
hara
cter
isti
cs
Sec
urit
y M
easu
res
Information Systems Security Engineering
ISSEArt and science of discovering users'
information protection needs.Designing systems with economy and
elegance, so that safely resists the forces to which they will be subjected.
Building and testing such systems.
Intrusion Detection Systems
• Who's after me?• What did they get?• What did I do wrong?
• How did they do it?
Server Configuration
• Gateway configuration• Apache installation and configuration• DNS installation and configuration• Design of a small home/office network
Network Security Fundamentals
• Definitions• Defense in Depth
– The perimeter– The DMZ– The internal networks
Definitions
– The perimeter– Border router– Firewall– IDS– Secure session– Software architecture– DMZ– Screened subnets
The Perimeter
• The perimeter is a fortified boundary controlling ingress and egress.
• Routers• Firewalls• IDS• Software• Screened subnets• Secure sessions
Border Router
• The first point of ingress• The last point of egress• Choke point between the organization
and the Internet• First and last line of defense
Firewall
• Application or device with rules that accepts or rejects network traffic
• Types• Hardware, application or script• Static, stateful or proxy
– Static – Nortel Accellar– Stateful – iptables, Cisco pix, Linksys– Proxy -Secure Computing's Sidewinder
IDS
• Intrusion Detection System• Consists of a set of sensors and an analysis program
• Sensors – host based and network based• Sensors collect data on network traffic patterns• Analysis program
– Suspicious activity– Predefined signatures
• Sends alerts on suspected intrusion
Secure Session
• Secure communication from outside the network to inside the network
• VPN – virtual private networks• ssl & ssh• https• Encrypted communication channel
Software Architecture
• The collection of applications that the organization makes available outside the organization's network.
• Includes supporting applications• e-commerce site• Web sites
DMZ
• DeMilitarized Zone• Portion of the network between the
border router and the non-public computing services
Screened Subnets
• Subnetworks that are protected by a firewall
• Each subnet has a particular function within the organization. It's firewall has rules specific for that function.
Defense in Depth
• Architecture of an onion but no odor• Every layer has a single point of egress
and ingress• All layers have a specified configuration• Each configuration must be maintained
Internal Networks
• Ingress & egress filtering on every router• Internal firewalls to segregate resources• Proxy firewalls at certain choke points• IDS sensors on each subnet and router
Configuration Management
• Windows boxes are patched at level x• Linux boxes are running kernel .x.x.x• Anti-virus, spyware updated daily• Accepted acceptable use policy• Remote access protected and source is
hardened
Audit
• Check configuration periodically• Enforce the configuration policy• Issue final audit report• Follow up on recommendations
Hardened Hosts
• Every host both remote and local must be hardened in accordance with policy– Personal firewalls– Anti-virus protection– OS hardening
Hardening against Local Attacks
• Restrict administrative utilities• Levels of administrative privileges
• File permissions• Derive from policies
• Users and groups• Derive from policies• Strict adherence
• Log everything that is important and that will be analyzed
Hardening against Network Attacks
• Eliminate unnecessary accounts• Enforce strong password policy• Disable all unnecessary network services• Disable resource sharing• Disable remote access services• SNMP