About this page.

This blog was originally just going to be my Security assignment for electronic logs, but it has now evolved just a bit. In this blog will will find my notes and anything else we do in these classes.

Saturday, March 3, 2012

Chapter 7 Notes


Administering a Secure Network

Objectives
¨  List and describe the functions of common network protocols
¨  Explain how network administration principles can be applied
¨  Define the new types of network applications and how they can be secured

Common Network Protocols
¨  Protocols
¡  Rules of conduct and communication
¡  Essential for proper communication between network devices
¨  Transmission Control Protocol/Internet Protocol (TCP/IP)
¡  Most common protocol suite used for local area networks and the Internet
¨  IP
¡  Protocol that functions primarily at Open Systems Interconnection (OSI) Network Layer (Layer 3)
¨  TCP
¡  Transport Layer (Layer 4) protocol
¡  Establishes connections and reliable data transport between devices
¨  TCP/IP uses a four layer architecture
¡  Network Interface, Internet, Transport, Application
More after the Break


Internet Control Message Protocol (ICMP)
¨  ICMP
¡  One of the core protocols of TCP/IP
¡  Used by devices to communicate updates or error information to other devices
¡  Used to relay query messages
¨  ICMP message fields
¡  Type (8-bit)
¨  Identifies general message category
¡  Code (8-bit)
¨  Gives additional information about the Type field
¡  Checksum (16-bit)
¨  Verifies message integrity
¨  Attacks that use ICMP
¡  Network discovery
¡  Smurf DoS attack
¡  ICMP redirect attack
¡  Ping of death

Simple Network Management Protocol (SNMP)
¨  First introduced in 1988
¨  Supported by most network equipment manufacturers
¨  Allows administrators to remotely monitor, manage, and configure network devices
¨  Functions by exchanging management information between network devices
¨  Each SNMP-managed device has an agent or service
¡  Listens for and executes commands
¨  Agents are password protected
¡  Password is known as community string
¨  Security vulnerabilities were present in SMNP versions 1 and 2
¡  Version 3 introduced in 1998
¡  Uses usernames and passwords along with encryption to address vulnerabilities

Domain Name System (DNS)
¨  DNS
¡  A TCP/IP protocol that maps IP addresses to their symbolic name
¡  Database with name of each site and corresponding IP number
¡  Database is distributed to many different servers on the Internet
¨  DNS can be the focus of attacks
¡  DNS poisoning substitutes fraudulent IP address
¨  Can be done in local host table or external DNS server
¨  Latest edition of DNS software prevents DNS poisoning
¡  Zone transfer allows attacker access to network, hardware, and operating system information

File Transfer Protocols
¨  TCP/IP protocols used for transferring files
¡  File transfer protocol (FTP)
¡  Secure transfer protocol (SCP)
¨  Methods for using FTP on local host computer
¡  Command prompt
¡  Web browser
¡  FTP client
¨  Using FTP behind a firewall can present challenges
¡  FTP active mode
¡  FTP passive mode
¨  FTP vulnerabilities
¡  Does not use encryption
¡  Files transferred using FTP vulnerable to man-in-the-middle attacks
¨  Secure transmission options over FTP
¡  Secure sockets layer (FTPS) encrypts commands
¡  Secure FTP (SFTP)
¨  Secure Copy Protocol (SCP)
¡  Enhanced version of Remote Copy Protocol
¡  Encrypts files and commands
¡  File transfer cannot be interrupted and resumed
¡  Found mainly on Linux and UNIX platforms

IPv6
¨  Current version of IP protocol is version 4 (IPv4)
¡  Developed in 1981
¡  Number of available IP address is limited to 4.3 billion
ú  Number of internet connected devices will grow beyond this number
¡  Has security weaknesses
¨  Internet Protocol version 6 (IPv6)
¡  Next generation of IP protocol
¡  Addresses weaknesses of IPv4
¨  IPv6 (cont’d.)
¡  Provides enhanced security features
ú  Cryptographic protocols
ú  New authentication headers prevent IP packets from being altered

Network Administration Principles
¨  Administering a secure network can be challenging
¨  Rule-based management approach
¡  Relies on following procedures and rules
¡  Rules may be external (applicable laws) or internal
¡  Procedural rules dictate technical rules
¡  Technical rules
ú  Device security
ú  Network management and port security
ú  Example: configuring a firewall to conform to procedural rules

Device Security
¨  Device security
¡  Establishing a secure router configuration
¡  Implementing flood guards
¡  Analyzing device logs
¨  Secure router configuration
¡  Router operates at Network Layer (Layer 3)
ú  Forwards packets across computer networks
¡  Routers can perform a security function
ú  Can be configured to filter out specific types of network traffic
¨  SYN flood attack
¡  Takes advantage of procedures for initiating a session
¨  Flood guard
¡  Protects against denial of service attacks
¡  Controls device’s tolerance for unanswered service requests
ú  Set maximum number of “developing” connections
¡  Commonly found on firewalls, IDSs, and IPSs
¨  Log analysis
¡  Log records events that occur
¡  Monitoring logs can be useful in determining how attack occurred
¡  System logs and security application logs
¡  Network security logs
¨  Types of security hardware logs
¡  NIDS, NIPS, DNS, proxy servers, and firewalls
¨  Firewall log items to be examined
¡  IP addresses rejected and dropped
¡  Probes to ports that have no application servers on them
¡  Source-routed packets
¡  Suspicious outbound connections
¡  Unsuccessful logins

Network Design Management
¨  Growing network may need reconfiguration
¨  Network separation
¡  Provides separation between different parts of the network
¡  Example: order entry network segment cannot access human resources network
¨  Options to accomplish network separation
¡  Physically separate users by connecting them to different switches and routers
¡  Air gap switch
¨  Loop protection
¡  Refer to Figure 7-8 for description of broadcast storm
¡  Host Z wants to send frames to Host X
¡  Switch A floods network with the packet
¡  Packet travels down Segments 1 and 3 to the Switches B and C
¡  Switches B and C add Host Z to their lookup tables
¡  Both switches flood Segment 2 looking for Host X
¨  They receive each other’s packets and flood them back out again
¨  Loop protection can prevent broadcast storms
¡  Uses IEEE 802.1d spanning tree algorithm
¡  Determines which switch has multiple ways to communicate with host
¡  Determines best path and blocks other paths
¨  Virtual LAN (VLAN) management
¡  Network may be segmented into logical groups of physical devices through VLAN
¡  Scattered users may be logically grouped together:
¨  Regardless of which switch they are attached to
¨  General principles for managing VLANs
¡  A VLAN should not communicate with another VLAN unless they are both connected to a router
¡  Configure empty switch ports to connect to an unused VLAN
¡  Different VLANs should be connected to different switches
¡  Change any default VLAN names
¨  General principles for managing VLANs (cont’d.)
¡  Configure switch ports that pass tagged VLAN packets to explicitly forward specific tags
¡  Configure VLANs so that public devices are not on a private VLAN

Port Security
¨  Disabling unused ports
¡  Turn off ports not required on a network
¡  Often overlooked security technique
¡  Switch without port security allows attackers to connect to unused ports and attack network
¡  All ports should be secured before switch is deployed
¡  Network administrator should issue shutdown command to each unused port
¨  MAC limiting and filtering
¡  Filters and limits number of media access control (MAC) addresses allowed on a port
¡  Port can be set to limit of 1
¡  Specific MAC address can be assigned to a port
¨  Enables only single authorized host to connect
¨  IEEE 802.1x
¡  Standard that provides the highest degree of port security
¡  Implements port-based authentication
¡  Blocks all traffic on a port-by-port basis:
¨  Until client is authenticated

Securing Network Applications
¨  Virtualization
¡  Means of managing and presenting computer resources without regard to physical layout or location
¨  Operating system virtualization
¡  Virtual machine simulated as software environment on host system
¨  Virtualization advantages
¡  Test latest patches by downloading on a virtual machine before installing on production computer
¨  Virtualization advantages (cont’d.)
¡  Penetration testing can be performed using simulated network environment
¡  Can be used for training purposes
¨  Server virtualization
¡  Creating and managing multiple server operating systems
¡  Relies on the hypervisor software to manage virtual operating systems
¡  Can reduce costs and energy use
¨  Server virtualization (cont’d.)
¡  Can help provide users uninterrupted server access
¡  Live migration enables virtual machine to be moved to a different computer with no user impact
¨  Can also be used for load balancing
¨  Virtualized environment security concerns
¡  Physical firewall may not be able to inspect and filter amount of traffic coming from running multiple virtualized servers
¨  Virtualized environment security concerns (cont’d.)
¡  Security must be in place to accommodate live migration
¡  Some hypervisors do not have necessary security controls to keep out attackers
¡  Existing security tools do not always adapt well to multiple virtual machines
¡  External physical appliances not designed to protect multiple virtual servers
¡  Virtual machines need protection from other virtual machines running on the same computer

IP Telephony
¨  Shift to all digital technology infrastructure is underway
¡  Converges voice and data traffic over single IP network
¡  IP telephony adds digital voice clients and new voice applications to a data based network
¨  IP telephony advantages
¡  Incoming calls can be selectively forwarded or blocked
¨  IP telephony advantages (cont’d.)
¡  Cost savings
¡  Managing a single network for all applications
¡  Applications can be developed more quickly with fewer resources
¡  Reduced wired infrastructure requirements
¡  Reduced regulatory requirements
¡  Increased user productivity

Cloud Computing
¨  Pay-per-use computing model
¡  Customers pay for only the resources they need
¡  May revolutionize computing
¡  Unlike hosted services, does not require long-term contracts
¨  Three service models of cloud computing
¡  Cloud software as a service (SaaS)
¡  Cloud platform as a service (PaaS)
¡  Cloud infrastructure as a service (IaaS)
¨  Cloud computing security challenges
¡  Cloud provider must guarantee means to approve authorized users and deny imposters
¡  Transmissions from the cloud must be protected
¡  Customers’ data must be isolated from one another

Summary
¨  TCP/IP
¡  Most common protocol for LANs and the Internet
¨  Protocols for transferring files
¡  FTP, FTPS, SFTP, SCP
¨  Router configuration must provide a secure network environment
¨  Flood guard defends against denial-of-service attacks
¨  Networks can be configured to provide separation and increased security
¨  Securing ports is an important step in network management
¡  Unused ports should be disabled
¨  New network applications that have special security considerations
¡  Virtualization
¡  IP telephony
¡  Cloud computing

Posted by at

2 comments:

  1. J. GriffinJune 30, 2012 at 10:18 PM

    Thank you for your posts! They have been very helpful with my online class!

    ReplyDelete
  2. Wargurl83June 30, 2012 at 11:13 PM

    You are very welcome. Glad that it helps someone as well as be a grade :)

    ReplyDelete

Subscribe to: Post Comments (Atom)