OV 12 - 1 Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security Network...

OV 12 - 1Copyright © 2013 Logical Operations, Inc. All rights reserved.

Network Security

Network Perimeter Security Intrusion Detection and Prevention Protect Network Traffic Using IPSec


NAT

192.168.12.20 192.168.12.30 192.168.12.100

24.96.83.120

NAT Server


The NAT Process

192.168.12.40:80192.168.12.40:80

Port#

NAT Server

Web ServerClient

23040

Internal Address

192.168.12.40:80

24.96.83.120:2304024.96.83.120:23040


IP Filtering

Packets meeting the filter criteria are allowed to pass

Packets not meeting the filter criteria are dropped

Filter by: Protocol type Source IP address Destination IP address

Screening router


MAC Filtering

MAC address: 00 00-86-47-F6-65

MAC address: 00-09-6D-07-FF-C3

MAC address: 00-06-25-BC-3F-27

Permitted MAC addresses: 00-00-86-47-F6-65 00-50-04-B4-61-96 00-06-25-BC-3F-27 00-0B-CD-3D-DE-83


Firewalls

Firewall

Approved TrafficApproved Traffic

Unapproved TrafficUnapproved Traffic

Administrator


Firewall Types

There are four common types of firewalls: Packet filter:

Works at the Network layer. Each packet being passed along the network is compared to a set of default criteria.

Stateful inspection firewall: Works at the Session layer. Monitors the condition or state of the connection.

Proxy firewall: Works at the Application layer. Logs user activity and logons.

Stateful multilayer inspection firewall: Works at the Network, Session, and Application layers Combines the functions of a packet filter, a stateful inspection firewall, and a proxy firewall.


Common Firewall Features

Common firewall features include: Scanning services - Provides the ability to scan incoming and outgoing

packets. Content filtering - Blocks restricted websites or content. Signature identification - Signifies that data in question is not legitimate. Zones - Creates a virtual or physical network topology architecture that creates

separate areas (zones) with differing security levels.


DMZs

Web server

DMZ


Proxy Servers

Web requestWeb request New requestNew request

Web cache

Proxy server


Web Proxy Features

User security – Enables an administrator to grant or deny Internet access. Gateway services – Enables proxies to translate traffic between protocols. Auditing – Enables administrators to generate reports on users’ Internet

activity. Remote access services – Provides access to the internal network for remote

clients. Content filtering – Evaluates the content of websites based on words or word

combinations.


Website Caching

Client request

Packet intercepted

Download content

If theclient requests

the same data

Verifies that the data is current

Sends data to client

Content update

Purges cache

Yes No


NAC

NAC

Scans systems for policy conformanceScans systems for policy conformance


Physical Network Security Measures

Building and grounds: Location Fire risks Electrical shielding Physical access control

Devices: Servers Laptops/PDAs Cell phones

Communications: Telecommunications Service providers Wireless cells


Intrusion Detection

Intrusion detection: Monitors the events occurring on a computer. Analyzes events to detect possible security policy violations.

Creates a log of events, and alerting you to the incident.


IDSs

Sensors scan for signs of attack

Sensors scan for signs of attack


Types of IDSs

Network-based Host-based Pattern- or signature-based Anomaly- or behavior-based Protocol-based Application protocol-based


Passive and Active IDSs

Passive IDS: Detects Logs Alerts

Active IDS: Detects Logs Alerts Blocks


IPSs

IPS


Port Scanners

Network host tobe scanned

Network host tobe scanned

Lists of open TCP and UDP ports

Lists of open TCP and UDP ports


Vulnerability Assessment Tools

Honeypot

Scan attack logged

Scan attack logged

Attacker

Launches scanning attack

Launches scanning attack


Network Scanners

Network scanner

Scans networks for usernames

Scans networks for usernames


IPSec

Data security in transit Data authenticity and integrity Anti-replay protection Non-repudiation Eavesdropping and sniffing protection

IPSec Standards

Provides data authenticity and

integrity

Provides data authenticity and

integrity


IPSec Protection Mechanisms

IPSec can protect your network communication in several ways: Provides data authenticity and integrity Protects against replay attacks Prevents repudiation Protects against eavesdropping and sniffing


IPSec Modes

Mode Description

Transport Packet contents are encrypted. IP header used for routing. Used for host-to-host communication.

Tunnel Entire packet is encrypted and wrapped in an unencrypted packet. Used for creating VPNs.


IPSec Transport Protocols

IPSec uses two transport protocols: Authentication Header (AH):

Provides data integrity Uses MD5 and SHA

Encapsulating Security Payload (ESP): Provides data integrity and confidentiality Uses DES or 3DES


IKE

IPSec IPSecMaster Key

Data encryption keysData encryption keys


Security Associations

Phase 1

Phase 2

Phase 1

Phase 2

Negotiation on authenticationand encryption

Negotiation on authenticationand encryption

Data transmissionData transmission


IPSec Policies

Security settings in policy

Security settings in policy Assigned to

both computersAssigned to

both computers


IPSec Policy Rules

IP filters – Describe the protocol, port, and source or destination computer the rule applies to.

Filter action – Specifies how the system should respond to a packet that matches a particular filter.

Authentication method – Enables computers to establish a trust relationship. Tunnel setting – Enables computers to encapsulate data in a tunnel inside the

transport network. Connection type – Determines if the rule applies to local network connections,

remote access connections, or both.


Windows IPSec Components

IPSec policy agent IPSec driver Microsoft Management Console (MMC) IP security monitor


Reflective Questions

1. Which of the security measures discussed in this lesson are you most familiar with? Which ones are you most likely to implement or support in your network environment?

2. What intrusion detection systems do you think will suit your organization’s network?

OV 12 - 1 Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security Network...

Documents

Transcript of OV 12 - 1 Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security Network...