Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Security+ Guide to Network Security Fundamentals, Third EditionChapter 5Network Defenses

Security+ Guide to Network Security Fundamentals, Third Edition

Objectives

Explain how to enhance security through network design

Define network address translation and network access control

List the different types of network security devices and explain how they can be used

2


Crafting a Secure Network

A common mistake in network security Attempt to _____________________________

that was poorly conceived and implemented __________________________

Securing a network begins with the ___________ of the network and includes _____________________ technologies

3

Security through Network Design Network Design elements include:

__________________ ___________________ Planning for __________________ Creating ______________________

More to come on each of these…


Subnetting- Review of CSN120 What does the IP address identify and what

comprises an IP address? Subnetting or subnet addressing

Allows an IP address to be subdivided Networks can essentially be divided into three

parts: ______________________________

5


Subnetting-(continued) Security is ______________________ a

single network into multiple ______________ isolates groups of hosts

Makes it ________________ who has access in and out of a particular subnetwork Properly subnetted networks include addresses

which are ________________________________ Subnets also allow network administrators to

__________________________________

6


Virtual LAN (VLAN)

Networks are generally segmented by using ______________________

A __________ allows scattered users to be ________________ together even though they may be attached to different switches

Can _______________________ and provide a degree of __________ similar to subnetting: VLANs can be isolated so that sensitive data is

transmitted only to _______________________

7

Security+ Guide to Network Security Fundamentals, Third Edition 8

On 3 different floors connected to 3 different switches but only to 1 VLAN

More powerful switch which carries traffic between switches

Connected directly to the devices on the network


Virtual LAN (continued)

VLAN communication can take place in _____ ways: All devices are connected to the _______________

Traffic is handled by the switch itself Devices are connected to different switches

A special “tagging” ___________ must be used, such as the IEEE __________________________

A VLAN is heavily dependent upon the switch for _________________________________ ________________________ (and also possibly VLANs)

that attempt to exploit vulnerabilities such as weak passwords or default accounts are __________________

9


Convergence ___________________________ of communication

and technology over a ______________________ Example: voice, video and data traffic combined over a

single IP network such as Voice over IP (VoIP) Advantages of convergence:

__________________________ Management of a __________________ for all applications Applications ____________________ and at a lower cost Infrastructure requirements _________________ Reduced __________________________ the Internet is

basically unregulated Increased ______________________ ___________________________ since only one network

must be managed and defended

10


Convergence (continued)

Vulnerabilities still exist

Defenses include ________________________ , installing __________ and _______________________ VoIP applications


Demilitarized Zone (___________) A __________________ that sits _________

the secure network perimeter __________________ can access the DMZ

but cannot enter the secure network Devices within the DMZ are often most

___________________________ These devices- ex: Web and e-mail servers- must

be isolated in there own network and separate from the internal network

12


DMZ (continued)

First design approach consists of one firewall…

Single point of failure and responsible for all traffic flow


Security through Network Design (continued)

Second design approach consists of two firewalls…

More secure- two separate firewalls would have to be breached to reach the internal network

Security through Network Technologies Two technologies that help secure a network

are:1. Network Address Translation (_____)

2. Network Access Control (________)

More to come on each of these…


Network Address Translation (_____) ____________________________ of network

devices from attackers Uses _______________________

What are Private Addresses? NAT ___________________________ from the

sender’s packet And replaces it with an _____________________ NAT software maintains a table with address mappings

When a packet is returned, the process is ________ An attacker who captures the packet on the Internet

cannot determine the actual IP address of the sender

16


NAT (continued)

17


Security through Network Technologies (continued)

Port address translation (__________) A variation of NAT Each packet is ___________________________ but a

__________________________________ Network Access Control (__________)

Examines the ____________________________________ _________________ it is _________________ to the network

Any device that does not meet a specified set of criteria is only allowed to connect to a ____________________ where the security deficiencies are corrected Once issues are resolved, the device is connected to the

network

18


NAC (continued) ___________ of NAC

____________________________ with sub-optimal security from potentially ______________________ through the network

Methods for directing the client to a quarantined VLAN1. Using a _____________________________

Client first leased an IP address from the quarantined VLAN pool, then later reassigned an IP from the “secure” pool

2. Using ______________________________ Client’s ARP pool is modified so that that client connects to

the quarantined VLAN

19


Different Approaches to NAC


Applying Network Security Devices Devices which help protect the network from

attack include: Firewalls Proxy servers Honeypots Network intrusion detection systems Host and network intrusion prevention systems Protocol analyzers Internet content filters Integrated network security hardware

21

Firewall Used to _______________ ______________ at the

perimeter of the network Packets that ________________ are allowed to pass through

Sometimes called a _____________________ Designed to __________________________ from

entering the network A firewall can be _______________-based or

____________________-based __________ firewalls usually are located

_________ the network security _____________ First line of defense- see next slide…

Security+ Guide to Network Security Fundamentals 22


Firewall (continued)


Firewall (continued) The basis of a firewall is a _____________

Establishes ___________ the firewall should take when it receives a packet (_____, _________, and _________)

____________ packet filtering- see next slide Looks at the incoming packet and permits or denies it

__________________________________ Provides some degree of protection but not as secure as…

____________ packet filtering- see two slides down Keeps a ________________________ between an internal

computer and an external server Then ________________________________ as well as

the ______________________

24



Allows traffic in from any web server

• this table is from the perspective of traffic coming into the network

• if an attacker can discover a valid internal IP address, they can send any traffic through port 80 mimicking an HTML packet



_______________________ have gradually improved their functionality Runs as a _______ on a personal computer Most personal software firewalls today also

___________________ as well as _______ traffic Protects users by preventing malware from connecting

to other computers and spreading Disadvantage

Only as strong as the OS of the computer OS weakness can be exploited

27


Proxy Server A computer system (or an application program) that

_________________________ and then _______________________ on behalf of the user

Goal is to ____________________________ systems inside the secure network

Can also make __________________________ as the proxy server will __________ recently requested

Reverse proxy Does not serve clients but instead __________________

____________________________________ Reverse proxy forwards requests to server

28


Proxy Server (continued)

IP address of proxy server


Honeypot Intended to ________________________ A computer typically located in a _______ that is

loaded with software and data files that __________ ________________________________ Actually imitations of real data files

___________ configured with ________________ _________ primary purposes of a honeypot:

____________________ away from legitimate servers ____________________ of new attacks Examine _________________________

30


Honeypot (continued)

Types of honeypots ____________________ used mainly by

_________________ to capture limited info ___________________ used by _____________,

________________ etc More complex to deploy and capture extensive info

Information gained from studies using honeypots can be helpful in __________ _______________ and crafting defenses

31


Network Intrusion Detection Systems (_____________) Watches for __________________ and

____________________________ NIDS work on the principle of _________

_____________ or acceptable behavior A NIDS looks for ________________ and will

issue an alert Watches network traffic from a monitoring

port

32


NIDS (continued)


Functions a NIDS can Perform: _____________________ to filter out the IP address

of the intruder Launch a separate ___________________________ ________ the packets in a file for _____________ Send an __________________________ file __________, page, or a cell phone message to the

network administrator stating an attack is taking place

________________ session by forging a TCP FIN packet to force a connection to terminate

34


Host and Network Intrusion Prevention Systems (HIPS/NIPS) Intrusion prevention system (_________)

Finds malicious traffic and ___________________ Takes a proactive approach to security (instead of reactive) A typical IPS response may be to block all incoming traffic

on a specific port Host intrusion prevention systems (______)

Installed on _____________ (server or desktop) that needs to be protected

Rely on _____________ installed directly on the system being protected Work closely with the ____________, monitoring and

intercepting requests in order to prevent attacks

35


HIPS/NIPS (continued) Most HIPS monitor the following desktop

functions: _________ instruction that interrupts the program

being executed and ________________________ ________________ is monitored to ensure file

openings are based on _____________ needs _________________ settings _____________________ is monitored to watch for

_______________ activity HIPS are designed to _____________ with

existing antivirus, anti-spyware, and firewalls

36


HIPS/NIPS (continued) Network intrusion prevention systems

(___________) Works to protect the ____________________

___________________ that are connected to it By monitoring network traffic NIPS can

________________________________ NIPS are special-purpose _______________

that analyze, detect, and react to security-related events

37


Protocol Analyzers ______ ways for detecting a potential intrusion

1. Detecting ______________________ Significant deviation from established baseline raises an

alarm

2. Examine network traffic and look for __________ ______________________ Reactive approach which uses a signature file for

comparison

3. Use ___________________ to fully decode application-layer network protocols Different parts of the protocol can be analyzed for any

suspicious behavior

38


Internet Content Filters

Monitor ______________ and __________ to ______________ Web sites and files A requested Web page is only displayed if it

complies with the specified filters Unapproved Web sites can be _________

based on the Uniform Resource Locator (___________) or by matching ___________ Administrator can prevent entire files from being

downloaded

39


Integrated Network Security Hardware Most organizations use _______ (as opposed to software)

security appliances to protect the network _____ types of hardware security appliances:

_________ security appliances provide a ____________ ____________________

________________ security appliances that provide ____________________________ ranging from antivirus to encryption and IM control etc

_______________ network security hardware Combines or __________________________________

_______________________ such as a switch or router

40


Summary Subnetting involves dividing a network into subnets

that are connected through a series of routers Similar to subnetting, a virtual LAN (VLAN) allows

users who may be scattered across different floors of a building or campuses to be logically grouped

Convergence is the integration of voice and data traffic over a single IP network

Network technologies can also help secure a network Network address translation (NAT) Network access control (NAC)

41


Summary (continued)

Different network security devices can be installed to make a network more secure

Network intrusion detection systems (NIDS) monitor the network for attacks and if one is detected will alert personnel or perform limited protection activities

Internet content filters monitor Internet traffic and block attempts to visit restricted sites

42

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Documents

Transcript of Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.