Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557

Course Objectives Critical Security Controls Networks Weaknesses, Defenses and Vigilances Protection, Detection and Decontamination Past, Current and Theoretical

CSIA WARNING The material that you will learn in the CSIA track is dual use. The ethical and legal implications of your use of information and techniques presented should always be part of your decisions.

Outline Intro to Course Critical Security Controls LAN Network Security LAN Network Assessment Intrusion Detection Systems Vulnerability Assessment Internet Security (IPSec, VPN's and SSL) Secure Computing Environment Design

Course Requirements 1 Hour Test20% 1 Final Exam 7:30) 30% Lab Reports & Exercises30% Security +20%

Texts Suggested – Linux Firewalls, 2nd, Ziegler, New Rider – ISBN

Schedule Week 1- Intro &Critical Security Controls Week 2- Network review Week 3 - LAN Security Week 4 - Firewalls Week 5- LAN Assessment Week 6- Midterm Week 7 - Intrusion Detection Week 8- Network Design Week IPSEC & SSL

Lab Reports Significant portion of the course 2 people to a workstation Collaborative work Independent reports Reports are important Well written in English

Lab Projects 1.Stateful Trace 2.Use of net tools 3.Firewall – Installation and test 4.Nmap exercisae 5.IDS – Installation, configuration and evaluation 6.IPSEC Trace

Lab Report Description Purpose Step by step description Justification Test and evaluation Conclusions

Lab Grades Adherence to requirements Innovation Completeness Correctness Clarity Independence

Information Security Model Confidentiality Integrity Availability Transmission Storage Processing Technology Policies Training Information States Critical Information Characteristics Security Measures

Information Systems Security Engineering ISSE Art and science of discovering users' information protection needs. Designing systems with economy and elegance, so that safely resists the forces to which they will be subjected. Building and testing such systems.

Network Security The Perimeter Design Firewalls Routers Design NAT

Network Assessment Be careful Vulnerability scanners Port scanners Audits

Intrusion Detection Systems Who's after me? What did they get? What did I do wrong? How did they do it?

Internet Security Cryptography IPSec and VPN's SSH SSL

Network Design Perimeter Security Security in depth Layered protection

Server Configuration Gateway configuration Apache installation and configuration DNS installation and configuration Design of a small home/office network

Security Dogma Policy of least privilege Deny all Permit only with a lot of whining

Network Security Fundamentals Definitions Defense in Depth – The perimeter – The DMZ – The internal networks

Definitions – The perimeter – Border router – Firewall – IDS – Secure session – Software architecture – DMZ – Screened subnets

The Perimeter The perimeter is a fortified boundary controlling ingress and egress. Routers Firewalls IDS Software Screened subnets Secure sessions

Border Router The first point of ingress The last point of egress Choke point between the organization and the Internet First and last line of defense

Firewall Application or device with rules that accepts or rejects network traffic Types Hardware, application or script Static, stateful or proxy – Static – Nortel Accellar – Stateful – iptables, Cisco pix, Linksys – Proxy -Secure Computing's Sidewinder

IDS Intrusion Detection System Consists of a set of sensors and an analysis program Sensors – host based and network based Sensors collect data on network traffic patterns Analysis program – Suspicious activity – Predefined signatures Sends alerts on suspected intrusion

Secure Session Secure communication from outside the network to inside the network VPN – virtual private networks ssl & ssh https Encrypted communication channel

Software Architecture The collection of applications that the organization makes available outside the organization's network. Includes supporting applications e-commerce site Web sites

DMZ DeMilitarized Zone Portion of the network between the border router and the non-public computing services

Screened Subnets Subnetworks that are protected by a firewall Each subnet has a particular function within the organization. It's firewall has rules specific for that function.

Defense in Depth Architecture of an onion but no odor Every layer has a single point of egress and ingress All layers have a specified configuration Each configuration must be maintained

Internal Networks Ingress & egress filtering on every router Internal firewalls to segregate resources Proxy firewalls at certain choke points IDS sensors on each subnet and router

Configuration Management Windows boxes are patched at level x Linux boxes are running kernel.x.x.x. Anti-virus, spyware updated daily Accepted acceptable use policy Remote access protected and source is hardened

Audit Check configuration periodically Enforce the configuration policy Issue final audit report Follow up on recommendations

Hardened Hosts Every host both remote and local must be hardened in accordance with policy – Personal firewalls – Anti-virus protection – OS hardening

Host Hardening Local attacks Network attacks Application attacks

Hardening against Local Attacks Restrict administrative utilities Levels of administrative privileges File permissions Derive from policies Users and groups Derive from policies Strict adherence Log everything that is important and that will be analyzed

Hardening against Network Attacks Eliminate unnecessary accounts Enforce strong password policy Disable all unnecessary network services Disable resource sharing Disable remote access services SNMP

Hardening against Application Attacks Controlling access of applications Application passwords Patch everything always