About this page.

This blog was originally just going to be my Security assignment for electronic logs, but it has now evolved just a bit. In this blog will will find my notes and anything else we do in these classes.

Friday, March 2, 2012

Chapter 6


Network Security

Objectives
¨  List the different types of network security devices and explain how they can be used
¨  Define network address translation and network access control
¨  Explain how to enhance security through network design

Security Through Network Devices
¨  Not all applications designed, written with security in mind
¡  Network must provide protection
¨  Networks with weak security invite attackers
¨  Aspects of building a secure network
¡  Network devices
¡  Network technologies
¡  Design of the network itself
More after the break


Standard Network Devices
¨  Security features found in network hardware
¡  Provide basic level of security
¨  Open systems interconnection (OSI) model
¡  Network devices classified based on function
¡  Standards released in 1978, revised in 1983, still used today
¡  Illustrates:
ú  How network device prepares data for delivery
ú  How data is handled once received
¨  OSI model breaks networking steps into seven layers
¡  Each layer has different networking tasks
¡  Each layer cooperates with adjacent layers
¨  Hubs
¡  Connect multiple Ethernet devices together:
ú  To function as a single network segment
¡  Use twisted-pair copper or fiber-optic cables
¡  Work at Layer 1 of the OSI model
¡  Do not read data passing through them
¡  Ignorant of data source and destination
¡  Rarely used today because of inherent security vulnerability
¨  Switches
¡  Network switch connects network segments
¡  Operate at Data Link Layer (Layer 2)
¡  Determine which device is connected to each port
¡  Can forward frames sent to that specific device
ú  Or broadcast to all devices
¡  Use MAC address to identify devices
¡  Provide better security than hubs
¨  Network administrator should be able to monitor network traffic
¡  Helps identify and troubleshoot network problems
¨  Traffic monitoring methods
¡  Port mirroring
¡  Network tap (test access point)
ú  Separate device installed between two network devices
¨  Routers
¡  Forward packets across computer networks
¡  Operate at Network Layer (Layer 3)
¡  Can be set to filter out specific types of network traffic
¨  Load balancers
¡  Help evenly distribute work across a network
¡  Allocate requests among multiple devices
¨  Advantages of load-balancing technology
¡  Reduces probability of overloading a single server
¡  Optimizes bandwidth of network computers
¡  Reduces network downtime
¨  Load balancing is achieved through software or hardware device (load balancer)
¨  Security advantages of load balancing
¡  Can stop attacks directed at a server or application
¡  Can detect and prevent denial-of-service attacks
¡  Some can deny attackers information about the network
ú  Hide HTTP error pages
ú  Remove server identification headers from HTTP responses

Network Security Hardware
¨  Specifically designed security hardware devices
¡  Greater protection than standard networking devices
¨  Firewalls
¡  Hardware-based network firewall inspects packets
¡  Can either accept or deny packet entry
¡  Usually located outside network security perimeter
¨  Firewall actions on a packet
¡  Allow (let packet pass through)
¡  Block (drop packet)
¡  Prompt (ask what action to take)
¨  Rule-based firewall settings
¡  Set of individual instructions to control actions
¨  Settings-based firewall
¡  Allows administrator to create parameters
¨  Methods of firewall packet filtering
¡  Stateless packet filtering
¨  Inspects incoming packet and permits or denies based on conditions set by administrator
¡  Stateful packet filtering
¨  Keeps record of state of connection
¨  Makes decisions based on connection and conditions
¨  Web application firewall
¡  Looks deeply into packets that carry HTTP traffic
¨  Web browsers
¨  FTP
¨  Telnet
¡  Can block specific sites or specific known attacks
¡  Can block XSS and SQL injection attacks
¨  Proxies
¡  Devices that substitute for primary devices
¨  Proxy server
¡  Computer or application that intercepts and processes user requests
¡  If a previous request has been fulfilled:
¨  Copy of the Web page may reside in proxy server’s cache
¡  If not, proxy server requests item from external Web server using its own IP address
¨  Proxy server advantages
¡  Increased speed (requests served from the cache)
¡  Reduced costs (cache reduces bandwidth required)
¡  Improved management
¨  Block specific Web pages or sites
¡  Stronger security
¨  Intercept malware
¨  Hide client system’s IP address from the open Internet
¨  Reverse proxy
¡  Does not serve clients
¡  Routes incoming requests to correct server
¡  Reverse proxy’s IP address is visible to outside users
¨  Internal server’s IP address hidden
¨  Spam filters
¡  Enterprise-wide spam filters block spam before it reaches the host
¨  Email systems use two protocols
¡  Simple Mail Transfer Protocol (SMTP)
¨  Handles outgoing mail
¡  Post Office Protocol (POP)
¨  Handles incoming mail
¨  Spam filters installed with the SMTP server
¡  Filter configured to listen on port 25
¡  Pass non-spam e-mail to SMTP server listening on another port
¡  Method prevents SMTP server from notifying spammer of failed message delivery
¨  Spam filters installed on the POP3 server
¡  All spam must first pass through SMTP server and be delivered to user’s mailbox
¡  Can result in increased costs
¨  Storage, transmission, backup, deletion
¨  Third-party entity contracted to filter spam
¡  All email directed to third-party’s remote spam filter
¡  E-mail cleansed before being redirected to organization
¨  Virtual private network (VPN)
¡  Uses unsecured network as if it were secure
¡  All data transmitted between remote device and network is encrypted
¨  Types of VPNs
¡  Remote-access
¨  User to LAN connection
¡  Site-to-site
¨  Multiple sites can connect to other sites over the Internet
¨  Endpoints
¡  Used in communicating VPN transmissions
¡  May be software on local computer
¡  May be VPN concentrator (hardware device)
¡  May be integrated into another networking device
¨  VPNs can be software-based or hardware-based
¡  Hardware-based generally have better security
¡  Software-based have more flexibility in managing network traffic
¨  Internet content filters
¡  Monitor Internet traffic
¡  Block access to preselected Web sites and files
¡  Unapproved sites identified by URL or matching keywords
¨  Web security gateways
¡  Can block malicious content in real time
¡  Block content through application level filtering
¨  Examples of blocked Web traffic
¡  ActiveX objects
¡  Adware, spyware
¡  Peer to peer file sharing
¡  Script exploits
¨  Passive and active security can be used in a network
¡  Active measures provide higher level of security
¨  Passive measures
¡  Firewall
¡  Internet content filter
¨  Intrusion detection system (IDS)
¡  Active security measure
¡  Can detect attack as it occurs
¨  Monitoring methodologies
¡  Anomaly-based monitoring
¨  Compares current detected behavior with baseline
¡  Signature-based monitoring
¨  Looks for well-known attack signature patterns
¡  Behavior-based monitoring
¨  Detects abnormal actions by processes or programs
¨  Alerts user who decides whether to allow or block activity
¡  Heuristic monitoring
¨  Uses experience-based techniques
¨  Host intrusion detection system (HIDS)
¡  Software-based application that can detect attack as it occurs
¡  Installed on each system needing protection
¡  Monitors system calls and file system access
¡  Can recognize unauthorized Registry modification
¡  Monitors all input and output communications
¨  Detects anomalous activity
¨  Disadvantages of HIDS
¡  Cannot monitor network traffic that does not reach local system
¡  All log data is stored locally
¡  Resource-intensive and can slow system
¨  Network intrusion detection system (NIDS)
¡  Watches for attacks on the network
¡  NIDS sensors installed on firewalls and routers:
¨  Gather information and report back to central device
¡  Passive NIDS will sound an alarm
¡  Active NIDS will sound alarm and take action
¨  Actions may include filtering out intruder’s IP address or terminating TCP session
¨  Network intrusion prevention system (NIPS)
¡  Similar to active NIDS
¡  Monitors network traffic to immediately block a malicious attack
¡  NIPS sensors located in line on firewall itself
¨  All-in-one network security appliances
¡  One integrated device replaces multiple security devices
¨  Recent trend:
¡  Combining multipurpose security appliances with traditional device such as a router
¡  Advantage of approach
¨  Network devices already process all packets
¨  Switch that contains anti-malware software can inspect all packets

Security Through Network Technologies 
          Internet routers normally drop packet with a private address
¨  Network address translation (NAT)
¡  Allows private IP addresses to be used on the public Internet
¡  Replaces private IP address with public address
¨  Port address translation (PAT)
¡  Variation of NAT
ú  Outgoing packets given same IP address but different TCP port number
¨  Advantages of NAT
¡  Masks IP addresses of internal devices
¡  Allows multiple devices to share smaller number of public IP addresses
¨  Network access control
¡  Examines current state of system or network device:
ú  Before allowing network connection
¡  Device must meet set of criteria
ú  If not met, NAC allows connection to quarantine network until deficiencies corrected

Security Through Network Design Elements
¨  Elements of a secure network design
¡  Demilitarized zones
¡  Subnetting
¡  Virtual LANs
¡  Remote access

Demilitarized Zone (DMZ)
¨  Separate network located outside secure network perimeter
¨  Untrusted outside users can access DMZ but not secure network

Subnetting
¨  IP address may be split anywhere within its 32 bits
¨  Network can be divided into three parts
¡  Network
¡  Subnet
¡  Host
¨  Each network can contain several subnets
¨  Each subnet can contain multiple hosts
¨  Improves network security by isolating groups of hosts
¨  Allows administrators to hide internal network layout

Virtual LANs (VLAN)
¨  Allow scattered users to be logically grouped together:
¡  Even if attached to different switches
¨  Can isolate sensitive data to VLAN members
¨  Communication on a VLAN
¡  If connected to same switch, switch handles packet transfer
¡  Special “tagging” protocol used for communicating between switches

Remote Access
¨  Working away from the office commonplace today
¡  Telecommuters
¡  Traveling sales representatives
¡  Traveling workers
¨  Strong security for remote workers must be maintained
¡  Transmissions are routed through networks not managed by the organization
¨  Provides same functionality as local users
¡  Through VPN or dial-up connection

Summary
¨  Standard network security devices provide a degree of security
¡  Hubs, switches, router, load balancer
¨  Hardware devices specifically designed for security give higher protection level
¡  Hardware-based firewall, Web application firewall
¨  Proxy server intercepts and processes user requests
¨  Virtual private network uses unsecured public network and encryption to provide security
¨  Intrusion detection system designed to detect attack as it occurs
¨  Network technologies can help secure a network
¡  Network address translation
¡  Network access control
¨  Methods for designing a secure network
¡  Demilitarized zones
¡  Virtual LANs

No comments:

Post a Comment