Network Security
Objectives
¨ List
the different types of network security devices and explain how they can be
used
¨ Define
network address translation and network access control
¨ Explain
how to enhance security through network design
Security Through Network Devices
¨ Not
all applications designed, written with security in mind
¡ Network
must provide protection
¨ Networks
with weak security invite attackers
¨ Aspects
of building a secure network
¡ Network
devices
¡ Network
technologies
¡ Design
of the network itself
More after the break
Standard Network Devices
¨ Security
features found in network hardware
¡ Provide
basic level of security
¨ Open
systems interconnection (OSI) model
¡ Network
devices classified based on function
¡ Standards
released in 1978, revised in 1983, still used today
¡ Illustrates:
ú How
network device prepares data for delivery
ú How
data is handled once received
¨ OSI
model breaks networking steps into seven layers
¡ Each
layer has different networking tasks
¡ Each
layer cooperates with adjacent layers
¨ Hubs
¡ Connect
multiple Ethernet devices together:
ú To
function as a single network segment
¡ Use
twisted-pair copper or fiber-optic cables
¡ Work
at Layer 1 of the OSI model
¡ Do
not read data passing through them
¡ Ignorant
of data source and destination
¡ Rarely
used today because of inherent security vulnerability
¨ Switches
¡ Network
switch connects network segments
¡ Operate
at Data Link Layer (Layer 2)
¡ Determine
which device is connected to each port
¡ Can
forward frames sent to that specific device
ú Or
broadcast to all devices
¡ Use
MAC address to identify devices
¡ Provide
better security than hubs
¨ Network
administrator should be able to monitor network traffic
¡ Helps
identify and troubleshoot network problems
¨ Traffic
monitoring methods
¡ Port
mirroring
¡ Network
tap (test access point)
ú Separate
device installed between two network devices
¨ Routers
¡ Forward
packets across computer networks
¡ Operate
at Network Layer (Layer 3)
¡ Can
be set to filter out specific types of network traffic
¨ Load
balancers
¡ Help
evenly distribute work across a network
¡ Allocate
requests among multiple devices
¨ Advantages
of load-balancing technology
¡ Reduces
probability of overloading a single server
¡ Optimizes
bandwidth of network computers
¡ Reduces
network downtime
¨ Load
balancing is achieved through software or hardware device (load balancer)
¨ Security
advantages of load balancing
¡ Can
stop attacks directed at a server or application
¡ Can
detect and prevent denial-of-service attacks
¡ Some
can deny attackers information about the network
ú Hide
HTTP error pages
ú Remove
server identification headers from HTTP responses
Network Security Hardware
¨ Specifically
designed security hardware devices
¡ Greater
protection than standard networking devices
¨ Firewalls
¡ Hardware-based
network firewall inspects packets
¡ Can
either accept or deny packet entry
¡ Usually
located outside network security perimeter
¨ Firewall
actions on a packet
¡ Allow
(let packet pass through)
¡ Block
(drop packet)
¡ Prompt
(ask what action to take)
¨ Rule-based
firewall settings
¡ Set
of individual instructions to control actions
¨ Settings-based
firewall
¡ Allows
administrator to create parameters
¨ Methods
of firewall packet filtering
¡ Stateless
packet filtering
¨ Inspects
incoming packet and permits or denies based on conditions set by administrator
¡ Stateful
packet filtering
¨ Keeps
record of state of connection
¨ Makes
decisions based on connection and conditions
¨ Web
application firewall
¡ Looks
deeply into packets that carry HTTP traffic
¨ Web
browsers
¨ FTP
¨ Telnet
¡ Can
block specific sites or specific known attacks
¡ Can
block XSS and SQL injection attacks
¨ Proxies
¡ Devices
that substitute for primary devices
¨ Proxy
server
¡ Computer
or application that intercepts and processes user requests
¡ If
a previous request has been fulfilled:
¨ Copy
of the Web page may reside in proxy server’s cache
¡ If
not, proxy server requests item from external Web server using its own IP
address
¨ Proxy
server advantages
¡ Increased
speed (requests served from the cache)
¡ Reduced
costs (cache reduces bandwidth required)
¡ Improved
management
¨ Block
specific Web pages or sites
¡ Stronger
security
¨ Intercept
malware
¨ Hide
client system’s IP address from the open Internet
¨ Reverse
proxy
¡ Does
not serve clients
¡ Routes
incoming requests to correct server
¡ Reverse
proxy’s IP address is visible to outside users
¨ Internal
server’s IP address hidden
¨ Spam
filters
¡ Enterprise-wide
spam filters block spam before it reaches the host
¨ Email
systems use two protocols
¡ Simple
Mail Transfer Protocol (SMTP)
¨ Handles
outgoing mail
¡ Post
Office Protocol (POP)
¨ Handles
incoming mail
¨ Spam
filters installed with the SMTP server
¡ Filter
configured to listen on port 25
¡ Pass
non-spam e-mail to SMTP server listening on another port
¡ Method
prevents SMTP server from notifying spammer of failed message delivery
¨ Spam
filters installed on the POP3 server
¡ All
spam must first pass through SMTP server and be delivered to user’s mailbox
¡ Can
result in increased costs
¨ Storage,
transmission, backup, deletion
¨ Third-party
entity contracted to filter spam
¡ All
email directed to third-party’s remote spam filter
¡ E-mail
cleansed before being redirected to organization
¨ Virtual
private network (VPN)
¡ Uses
unsecured network as if it were secure
¡ All
data transmitted between remote device and network is encrypted
¨ Types
of VPNs
¡ Remote-access
¨ User
to LAN connection
¡ Site-to-site
¨ Multiple
sites can connect to other sites over the Internet
¨ Endpoints
¡ Used
in communicating VPN transmissions
¡ May
be software on local computer
¡ May
be VPN concentrator (hardware device)
¡ May
be integrated into another networking device
¨ VPNs
can be software-based or hardware-based
¡ Hardware-based
generally have better security
¡ Software-based
have more flexibility in managing network traffic
¨ Internet
content filters
¡ Monitor
Internet traffic
¡ Block
access to preselected Web sites and files
¡ Unapproved
sites identified by URL or matching keywords
¨ Web
security gateways
¡ Can
block malicious content in real time
¡ Block
content through application level filtering
¨ Examples
of blocked Web traffic
¡ ActiveX
objects
¡ Adware,
spyware
¡ Peer
to peer file sharing
¡ Script
exploits
¨ Passive
and active security can be used in a network
¡ Active
measures provide higher level of security
¨ Passive
measures
¡ Firewall
¡ Internet
content filter
¨ Intrusion
detection system (IDS)
¡ Active
security measure
¡ Can
detect attack as it occurs
¨ Monitoring
methodologies
¡ Anomaly-based
monitoring
¨ Compares
current detected behavior with baseline
¡ Signature-based
monitoring
¨ Looks
for well-known attack signature patterns
¡ Behavior-based
monitoring
¨ Detects
abnormal actions by processes or programs
¨ Alerts
user who decides whether to allow or block activity
¡ Heuristic
monitoring
¨ Uses
experience-based techniques
¨ Host
intrusion detection system (HIDS)
¡ Software-based
application that can detect attack as it occurs
¡ Installed
on each system needing protection
¡ Monitors
system calls and file system access
¡ Can
recognize unauthorized Registry modification
¡ Monitors
all input and output communications
¨ Detects
anomalous activity
¨ Disadvantages
of HIDS
¡ Cannot
monitor network traffic that does not reach local system
¡ All
log data is stored locally
¡ Resource-intensive
and can slow system
¨ Network
intrusion detection system (NIDS)
¡ Watches
for attacks on the network
¡ NIDS
sensors installed on firewalls and routers:
¨ Gather
information and report back to central device
¡ Passive
NIDS will sound an alarm
¡ Active
NIDS will sound alarm and take action
¨ Actions
may include filtering out intruder’s IP address or terminating TCP session
¨ Network
intrusion prevention system (NIPS)
¡ Similar
to active NIDS
¡ Monitors
network traffic to immediately block a malicious attack
¡ NIPS
sensors located in line on firewall itself
¨ All-in-one
network security appliances
¡ One
integrated device replaces multiple security devices
¨ Recent
trend:
¡ Combining
multipurpose security appliances with traditional device such as a router
¡ Advantage
of approach
¨ Network
devices already process all packets
¨ Switch
that contains anti-malware software can inspect all packets
Security Through Network Technologies
•
Internet routers normally drop packet with a
private address
¨ Network
address translation (NAT)
¡ Allows
private IP addresses to be used on the public Internet
¡ Replaces
private IP address with public address
¨ Port
address translation (PAT)
¡ Variation
of NAT
ú Outgoing
packets given same IP address but different TCP port number
¨ Advantages
of NAT
¡ Masks
IP addresses of internal devices
¡ Allows
multiple devices to share smaller number of public IP addresses
¨ Network
access control
¡ Examines
current state of system or network device:
ú Before
allowing network connection
¡ Device
must meet set of criteria
ú If
not met, NAC allows connection to quarantine network until deficiencies
corrected
Security Through Network Design Elements
¨ Elements
of a secure network design
¡ Demilitarized
zones
¡ Subnetting
¡ Virtual
LANs
¡ Remote
access
Demilitarized Zone (DMZ)
¨ Separate
network located outside secure network perimeter
¨ Untrusted
outside users can access DMZ but not secure network
Subnetting
¨ IP
address may be split anywhere within its 32 bits
¨ Network
can be divided into three parts
¡ Network
¡ Subnet
¡ Host
¨ Each
network can contain several subnets
¨ Each
subnet can contain multiple hosts
¨ Improves
network security by isolating groups of hosts
¨ Allows
administrators to hide internal network layout
Virtual LANs (VLAN)
¨ Allow
scattered users to be logically grouped together:
¡ Even
if attached to different switches
¨ Can
isolate sensitive data to VLAN members
¨ Communication
on a VLAN
¡ If
connected to same switch, switch handles packet transfer
¡ Special
“tagging” protocol used for communicating between switches
Remote Access
¨ Working
away from the office commonplace today
¡ Telecommuters
¡ Traveling
sales representatives
¡ Traveling
workers
¨ Strong
security for remote workers must be maintained
¡ Transmissions
are routed through networks not managed by the organization
¨ Provides
same functionality as local users
¡ Through
VPN or dial-up connection
Summary
¨ Standard
network security devices provide a degree of security
¡ Hubs,
switches, router, load balancer
¨ Hardware
devices specifically designed for security give higher protection level
¡ Hardware-based
firewall, Web application firewall
¨ Proxy
server intercepts and processes user requests
¨ Virtual
private network uses unsecured public network and encryption to provide
security
¨ Intrusion
detection system designed to detect attack as it occurs
¨ Network
technologies can help secure a network
¡ Network
address translation
¡ Network
access control
¨ Methods
for designing a secure network
¡ Demilitarized
zones
¡ Virtual
LANs
No comments:
Post a Comment