Click to edit Master subtitle style Chapter 15: Physical and Hardware Security Instructor: Click to edit Master subtitle style

Chapter 15 Objectives The Following CompTIA Network+ Exam Objectives Are Covered in This Chapter: 5.5 Given a scenario, install and configure a basic firewall. Types: Software and hardware firewalls Port security Stateful inspection vs. packet filtering Firewall rules: Block/allow Implicit deny ACL NAT/PAT DMZ 2

Chapter 15 Objectives (Cont) 5.6 Categorize different types of network security appliances and methods. IDS and IPS: Behavior based Signature based Network based Host based Vulnerability scanners: NESSUS NMAP Methods: Honeypots Honeynets 3

Using Hardware and Software Security Devices In medium to large enterprise networks, strategies for security usually include some combination of internal and perimeter routers plus firewall devices. Internal routers provide added security by screening traffic to the more vulnerable parts of a corporate network though a wide array of strategic access lists. 4

Firewalls Firewalls are usually a combination of hardware and software. The hardware part is usually a router, but it can also be computer or a dedicated piece of hardware called a black box that has two Network Interface Cards (NICs) in it. One of the NICs connects to the public side, and the other one connects to the private side. The software part is configured to control how the firewall actually works to protect your network by scrutinizing each incoming and outgoing packet and rejecting any suspicious ones. 5

Firewalls Network-Based Firewalls A network-based firewall is used to protect private network from public networks. This type of firewall is designed to protect an entire network of computers instead of just one system. Usually a combination of hardware and software. Host-Based Firewalls A host-based firewall is implemented on a single machine so it only protects that one machine. Usually a software implementation. 6

Firewall Technologies Access Control Lists (ACLs) The first line of defense for any network that’s connected to the Internet are access control lists. These reside on your routers and determine by IP addresses and/or ports which machines are allowed to use those routers and in what direction. 7

Port Security Use port security to define a set of MAC addresses that are allowed to access a port where a sensitive device is located. Use is to set unused ports to only be available to a preconfigured set of MAC addresses. 8

Firewall Technologies Demilitarized Zone (DMZ) A demilitarized zone (DMZ) is a network segment that isn’t public or private but halfway between the two. 9

Firewall Technologies Protocol Switching Protocol switching protects data on the inside of a firewall 10

Firewall Technologies Dynamic Packet Filtering Packet filtering refers to the ability of a router or a firewall to discard packets that don’t meet the right criteria. 11

Firewall Technologies Proxy Services Proxies act on behalf of the whole network to completely separate packets from internal hosts and external hosts. 12

Firewall Technologies Firewalls at the Application Layer vs. the Network Layer Stateful vs Stateless Network-Layer Firewalls Application-Layer Firewalls Scanning Services and Other Firewall Features Key Default Scanning Settings 13

Firewall Technologies Content Filtering Content filtering means blocking data based on the content of the data rather than the source of the data Signature Identification Firewalls can also stop attacks and problems through a process called signature identification. Viruses that are known will have a signature, which is a particular pattern of data, within them. 14

Firewall Technologies Zones A zone is an individual area of the network that has been configured with a specific trust level. Firewalls are ideal devices to regulate the flow of traffic between zones. 15

Intrusion-Detection and Intrusion-Prevention Systems Firewalls are designed to block nasty traffic from entering your network, but IDS is more of an auditing tool: It keeps track of all activity on your network so you can see if someone has been trespassing. 16

Intrusion-Detection and Intrusion-Prevention Systems Network-Based IDS The most common implementation of a detection system is a network-based IDS (NIDS). The IDS system is a separate device attached to the network via a machine like a switch or directly via a tap. 17

Intrusion-Detection and Intrusion-Prevention Systems Changing network configuration An IDS can close the port either temporarily or permanently. If the IDS closes ports, legitimate traffic may not be able to get through either, but it will definitely stop the attack. 18

Intrusion-Detection and Intrusion-Prevention Systems Deceiving the attacker Trick the attacker into thinking their attack is really working when it’s not. The system logs information, trying to pinpoint who’s behind the attack and which methods they’re using. A honeypot is a device or sever which the hacker is directed to; it’s intended keep their interest long enough to gather enough information to identify them and their attack method. 19

Vulnerability Scanners NESSUS Propriety vulnerability scanning program that requires a license to use commercially yet is the single most popular scanning program in use NMAP Originally intended to simply identify devices on the network for the purpose of creating a network diagram, its functionality has evolved 20

VPN Concentrators A VPN concentrator is a device that creates remote access for virtual private networks (VPNs) either for users logging in remotely or for a large site-to-site VPN. In contrast to standard remote-access connections, remote-access VPNs often allow higher data throughput and provide encryption. Cisco produces VPN concentrators that support anywhere from 100 users up to 10,000 simultaneous remote-access connections. 21

Understanding Problems Affecting Device Security Physical Security Physical Barriers Security Zones 22

Understanding Problems Affecting Device Security Logical Security Configurations Ensure your network has an outside barrier and/or a perimeter defense. Have a solid firewall, and it’s best to have an IDS or IPS of some sort as well. 23

Understanding Problems Affecting Device Security Maybe traffic is heavy, and you need to break up physical segments. Perhaps different groups are in different buildings or on different floors of a building, and you want to effectively segment them. 24

Summary Summary Exam Essentials Section Written Labs Review Questions 25