Network hardening Chapter 14.

Slides:



Advertisements
Similar presentations
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.
Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Network Security Testing Techniques Presented By:- Sachin Vador.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
COEN 252: Computer Forensics Router Investigation.
Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
– Chapter 5 – Secure LAN Switching
1. 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and.
Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Linux Networking and Security
Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Chapter 6: Securing the Local Area Network
Chapter 3.  Upon completion of this chapter, you should be able to:  Select and install network cards to meet network connection requirements  Connect.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Role Of Network IDS in Network Perimeter Defense.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
Chapter 6.  Upon completion of this chapter, you should be able to:  Configure switches  Configure VLANs  Verify configuration settings  Troubleshoot.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Hardware and software that can provide a good level of security In this presentation I am going to provide advices on hardware and software that needs.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
CompTIA Security+ Study Guide (SY0-401)
Troubleshooting ip Chapter 5e.
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
CompTIA Security+ SY0-401 Real Exam Question Answer
Instructor Materials Chapter 7 Network Security
Secure Software Confidentiality Integrity Data Security Authentication
Wireless Network Security
Lesson Objectives Aims You should be able to:
Click to edit Master subtitle style
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
– Chapter 5 – Secure LAN Switching
Introduction to Networking
Chapter 2: Basic Switching Concepts and Configuration
Security of a Local Area Network
CompTIA Security+ Study Guide (SY0-401)
Digital Pacman: Firewall Edition
Guide to Computer Network Security
Information Security Session October 24, 2005
Security+ Guide to Network Security Fundamentals, Third Edition
ISMS Information Security Management System
Troubleshooting ip Chapter 5e.
Firewalls Chapter 8.
Intrusion-Detection Systems
Protection Mechanisms in Security Management
6. Application Software Security
Presentation transcript:

Network hardening Chapter 14

objectives Upon completion of this chapter, you should be able to: Identify different types of Intrusion Detection Systems and Prevention Systems Describe how an IDS responds, detects threats and where it runs Describe how to perform a vulnerability assessment Harden a network and its devices Identify switch port security methods

Detection & prevention 14.1 Detection & prevention

Intrusion detection & prevention After implementing security, you don’t wait for an attack Use an IDS (Intrusion Detection System) or IPS (Intrusion Prevention System) Two types of IDS’ Passive (IDS) Active (IPS) Classified by how they detect & respond to attacks

Classifying an ids: how it responds Passive IDS Monitors network for threats Alert if threat is found ONLY DETECTS - DOES NOT TRY TO STOP THREAT Active IDS AKA Intrusion Prevention System (IPS) Detects attack – Takes action! Example: A port is attacked; it closes the port until the attack stops

Classifying an ids: How it detects Signature Recognition Has a list of known attacks MATCH= take action Can only detect identified/listed attacks Anomaly Recognition Identifies typical network traffic Then looks for abnormal traffic Uses a measurement above normal values to determine if action should be taken Anomaly: If there is a sudden increase of ICMP traffic, it will take action.

Classifying an ids: where it runs Host-based Runs on a single PC Monitors application activity & system files Anti-virus software Uses list of virus definitions to detect; SIGNATURE-BASED IDS Network-based Acts like a firewall Put AV on the device so it can scan all PCs Centralized admin point This is called a Detection Scope. Don’t let the equipment do all of the work. YOU still need to monitor the network.

More ways to prevent attacks Create fake resources Honeypot Device or virtual machine that entices intruders by having an obvious vulnerability Distracts hackers from valuable resources You can observe them, gather info about them, prosecute them

Vulnerability assessment Identifies vulnerabilities in a network Vulnerability scanner Scans open ports, software holes, missing patches, misconfigurations, default passwords Ping scanner Detects incoming ICMP requests Allows you to block them on each device’s firewall Port scanner Scans for open ports Password Cracker Identifies weak passwords by trying to crack them Can scan a device or the whole network.

activity TestOut 14.1.2- DEMO Configuring an IDS/IPS TestOut 14.1.5- LAB Configure Intrusion Prevention TestOut 14.1.6- LAB Enable Wireless Intrusion Prevention TestOut 14.1.9- Practice Questions (15Q)

Penetration testing Test that simulates an attack on a network Hire someone to do it; shows any vulnerabilities Black Box Testing Testers have no knowledge of network “see what you can find” White Box Testing Testers have knowledge of network Simulates someone who has details of network Grey Box Testing Testers have some knowledge of network Simulates someone who has done some research

activity TestOut 14.2.3- Explore Penetration Testing Video (DEMO)

14.3 Network hardening Process of securing devices

Hardening devices Switches, routers, firewalls Switches & routers Installed in secure location; locked doors Change default admin username/complex password Limit admin user access Switches & routers Use VLANs to isolate traffic ACLs Port security/MAC address SSH (not Telnet)

More Hardening Servers User Accounts Passwords Install only needed software (no extras) Install anti-malware software Apply patches & service packs Avoid using one server for everything User Accounts Multi-factor; username/password & smartcard Account lockout Time of day restrictions Passwords Aging- change password every so often Can’t reuse old passwords Un-needed software still installed can increase chance of an attack Remove old accounts; account expiration

Switch port security Switches have CAM table with MAC addresses learned & port they are on Two security methods: Restrict each port to a specific MAC address Set max # of MAC addresses a port can learn Switch learns the MAC on a port & puts it in the table. If a PC disconnects and a new PC connects, it will remove the old entry and put the new one in. You can lock down the switch so this does not happen. Specify which devices can connect to a switch & the maximum amount of devices that can connect.

Switch port security actions Protect Discards frames; Disallows unknown MAC Restrict Discards frames; Disallow unknown MAC Creates a log message Shut down Port disabled & admin must reactivate it

Dhcp snooping On a switch Filters out untrusted DHCP messages Prevents rogue DHCP servers (possibly from outside the network) from offering clients an IP address

activity PT Lab- Configure Port Security TestOut 14.3.5- LAB Configure Port Security

Review & study Complete the study guide handout Complete TestOut Practice in Packet Tracer Jeopardy review

Network hardening Chapter 14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.