Network Security: Protecting SOHO Networks
-
Upload
jim-gilsinn -
Category
Technology
-
view
648 -
download
0
Transcript of Network Security: Protecting SOHO Networks
![Page 1: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/1.jpg)
NETWORK SECURITY:PROTECTING SOHO NETWORKSJIM GILSINN
![Page 2: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/2.jpg)
WHO AM I?
• Electrical engineer• 25 years engineering• 15 years ICS/SCADA networking & security
• ICS/SCADA networking & security• Policies & procedures• Designs• Assessments• Standards
![Page 3: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/3.jpg)
WHERE DO I WORK?
![Page 4: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/4.jpg)
WHERE DO I REALLY WORK?
![Page 5: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/5.jpg)
ENOUGH ABOUT ME…WHAT AM I HEAR TO TALK ABOUT?• Most Consumer-Grade Routers Are
Vulnerable• Small Office/Home Office (SOHO)
Networks Are Especially Vulnerable• Millions of Computers in Botnets• Rise of Ransomware• What can you do to protect
yourself?
![Page 6: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/6.jpg)
THERE IS A BETTER WAY
• You Can Build A Secure SOHO Network• And…It Won’t Cost $6M
![Page 7: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/7.jpg)
SMALL OFFICE/HOME OFFICE (SOHO) NETWORKS• Small Office• 1-10 employees• Single main site• 1-2 main servers
• Home Office• Telework• Remote/virtual office• VPN to main office
![Page 8: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/8.jpg)
4 MAIN AREAS OF FOCUS
• Firewall & Primary Network Connections
• Wireless Networking
• Remote Access
• Network Monitoring
![Page 9: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/9.jpg)
FIREWALL & PRIMARY NETWORK CONNECTIONS
![Page 10: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/10.jpg)
FIRST: DITCH THE STANDARD CONSUMER-GRADE ROUTER
![Page 11: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/11.jpg)
FIRST: DITCH THE STANDARD CONSUMER-GRADE ROUTER• They may look cool• They may say they have tons of features, usually not security
related• They rarely get updated• They often aren’t securely designed/built
![Page 12: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/12.jpg)
DITCH THE ISP ROUTER TOO
• If you have admin privileges on your ISP router,• Turn off WiFi• Turn off routing
• Only use it as a MODEM only• Get a public IP address
![Page 13: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/13.jpg)
USE A TRUE FIREWALL/UTM
![Page 14: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/14.jpg)
PFSENSE IS MY CHOICE
• Commercial Company• Sell hardware-based firewalls & service• Software is same for open-source & commercial hardware
• FreeBSD-Based• Command-line option available to install additional tools
• Large Number of Add-Ons
![Page 15: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/15.jpg)
PFSENSE HARDWARE EASY TO FIND
• Hardware requirements for pfSense are pretty minimal• Really depends on• Network throughput• Number of add-ons
• An old computer with 2 decent gigabit network cards should work• I run a fanless computer
![Page 16: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/16.jpg)
USE A SMART NETWORK SWITCH
• Have a Layer 2+ or 3 switch right behind your firewall• My recommendation for most people is Netgear GS-108E• Inexpensive ($60)• Mirror port (Very Important)• Web configurable
![Page 17: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/17.jpg)
YOU CAN ALWAYS GO BIGGER
• Larger network switches• Servers• Rack Equipment
![Page 18: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/18.jpg)
CONSIDER REMOTE PARTS OF YOUR NETWORK• Home Power Networking• Be careful in locations that share electrical wiring (like
apartments/condominiums)
• Wireless Repeater• Latency can be an issue
![Page 19: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/19.jpg)
WIRELESS NETWORKING
![Page 20: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/20.jpg)
REPLACE YOUR WIFI SYSTEM: 2 CHOICES
• Replace Firmware• DD-WRT• OpenWrt
• Pros• Uses existing hardware• Cheap
• Cons• Limited by existing hardware
• Install Commercial-Grade Access Points• Ubiquiti• Cisco
• Pros• Designed for SOHO• Multiple SSIDs
• Cons• Low cost, but not free
![Page 21: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/21.jpg)
![Page 22: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/22.jpg)
UBIQUITI UNIFI
• I run 2 Ubiquiti UniFi APs• Coverage area in 3-story
townhouse• Large number of competing
networks
• Controller• Java-based software• Available for
Windows/Mac/Linux• Many people run on Raspberry
Pi
![Page 23: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/23.jpg)
REMOTE ACCESS
![Page 24: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/24.jpg)
VIRTUAL PRIVATE NETWORKS (VPNS)
• Employees Need Access While Working Remotely• Small office employees often work remotely• Virtual employees always need company services
• Types of Services• Email or Inter-Office Messaging• Servers• Phone
![Page 25: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/25.jpg)
MULTIPLE VPN CONNECTIONS
• I Have 2 VPN Settings Currently• Outgoing – VoIP connection for my work phone• Incoming – Access my home network remotely
• I Use Incoming While on Travel• Secure, encrypted access from any hotel/coffee-shop
![Page 26: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/26.jpg)
NETWORK MONITORING
![Page 27: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/27.jpg)
MONITORING CONSISTS OF MULTIPLE PARTS
• Scanning
• Intrusion Detection
• Monitoring
![Page 28: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/28.jpg)
SCANNING
• Passive Scanning• This is where that mirror port comes in handy
• Active Scanning• Looking for Vulnerabilities• WARNING: Only scan your network or networks you have permission
to scan.
![Page 29: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/29.jpg)
WIRESHARK
• Network Scanner & Packet Decoder• 2200+ Protocols, 150k+ fields• Extensible• Also has non-Ethernet-based
protocols
• GNU GPL Open-Source• Very strict about licensing
• De Facto Standard
• Download From Wireshark.org• Apt & Yum repositories well out
of date
• Extremely Powerful!!!
![Page 30: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/30.jpg)
OTHER PACKET CAPTURE & ANALYSIS TOOLS• Other Packet Sniffers Exist• TCPdump• NetworkMiner
• All of the Packet Sniffers Require Administrator Access• Promiscuous mode
• Wireless Packet Capture• Aircrack• Kismet• Netstumbler
• Wireless Usually Requires Different Wireless Adapter• Internal cards don’t usually
allow promiscuous mode
![Page 31: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/31.jpg)
ACTIVE SCANNING & BEYOND
• Device Vulnerabilities• Nmap• Nessus/OpenVAS
• Web Site Vulnerabilities• Burp Suite• Browser Exploitation
Framework (BeEF)
• Exploitation• Metasploit
• Linux Distros (Red Team)• Kali• Pentoo
![Page 32: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/32.jpg)
INTRUSION DETECTION
• Network-Based Intrusion Detection System (NIDS)• Snort• Bro• Suricata
• Host-Based Intrusion Detection System (HIDS)• OSSEC
• NIDS Should Be Installed As Close to Firewall As Possible• Inside the firewall• At primary network switch via
mirror port
• Linux Distros (Blue Team)• Security Onion• REMnux
![Page 33: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/33.jpg)
MONITORING
• Network Security Monitoring (NSM) and Security Incident & Event Management (SIEM)• OSSIM• Splunk• Snorby• SGUIL• Squert
• ELSA• SiLK & flowBAT
• Aggregate & Alert• Dashboards
![Page 34: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/34.jpg)
TO WRAP IT ALL UP…
![Page 35: Network Security: Protecting SOHO Networks](https://reader035.fdocuments.in/reader035/viewer/2022070602/5878e2d51a28abfa038b4d7f/html5/thumbnails/35.jpg)
SUMMARY
• There are a ton of free and open-source tools out there
• Start simple and build
• Know your network first in order to defend it