Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Slides:



Advertisements
Similar presentations
Network Security Essentials Chapter 11
Advertisements

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Chapter 12 Network Security.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Intrusion Detection Chapter 12.
BUSINESS B1 Information Security.
Chapter 13 – Network Security
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Security fundamentals Topic 10 Securing the network perimeter.
A Network Security -Firewall Bruce Turin.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Role Of Network IDS in Network Perimeter Defense.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Computer Security Firewalls and Intrusion Prevention Systems.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Click to edit Master subtitle style Chapter 15: Physical Security and Risk.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Defining Network Infrastructure and Network Security Lesson 8.
Security fundamentals
Click to edit Master subtitle style
CompTIA Security+ Study Guide (SY0-401)
Click to edit Master subtitle style
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Security in Networking
CompTIA Security+ Study Guide (SY0-401)
6.6 Firewalls Packet Filter (=filtering router)
Network Security: IP Spoofing and Firewall
Firewalls Routers, Switches, Hubs VPNs
Firewalls Jiang Long Spring 2002.
Introduction to Network Security
FIREWALL.
Presentation transcript:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Destination server Gateway Interne t Client Information direction Client Proxy Interne t Destination server Information direction Proxies and gateways A gateway is a network point that acts as an entrance to another network. a proxy server acts as a go-between requests from clients seeking resources and servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules and pass on the request, if allowed, to the appropriate server. A computer server acting as a gateway node is often also acting as a proxy server and a firewall server.

Internet Allowable outgoing IP addresses: Net 1 Net 2 Firewall Allowable incoming IP addresses: Packet filter router or Firewall A firewall is an integrated collection of security measures designed to prevent unauthorized access to an intranet network. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.

Application-level firewall Client Proxy (FTP) Proxy (HTTP) External systems Network connection

Gateway Internet Firewall A Firewall A Firewall A only accepts data packets addressed to the gateway Firewall B Firewall B Firewall B only accepts data packets addressed to the gateway Net 1 Net 2 Application-level firewall

Router Firewall Site 1 Firewall Site 2 Firewall Site 3 Firewall Audit monitor Audit monitor Single external connection To the Internet Ring-fenced firewall

Filtering routers (Firewalls) Firewall IP TCP/UDP Source IP address Destination IP address Source Port Destination Port Protocol (TCP/UDP) INCOMING OUTGOING Allowed Disallowed Firewall Monitoring Software Monitoring Software Site 2 Site 3 Site 1

Internet Firewall Net 3 Net 4 Net 2 Firewall Net 1 Routers with encyption/ decryption Intranet over the Internet Encryption tunnels or Virtual Private Network (VPN)

Encryption tunnels Public key Private key Public key Private key User’s public key is used to encrypt data User’s private key is used to decrypt data Encrypted data INFO ENCR INFO

Virtual Private Network (VPN) A typical VPN might have a main LAN at the corporate headquarters of a company, other LANs at remote offices or facilities and individual users connecting from out in the field. Basically, a VPN is a private network (LAN) that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real- world connection such as leased line, a VPN uses "virtual“connections routed through the Internet from the company's private network to the remote site or employee.

Security Risks Security 1.Data protection. This is typically where sensitive or commercially important information is kept. It might include information databases, design files or source code files. One method of reducing this risk is to encrypt important files with a password and/or some form of data encryption. 2.Software protection. This involves protecting all the software packages from damage or from being misconfigured. A misconfigured software package can cause as much damage as a physical attack on a system, because it can take a long time to find the problem. 3.Physical system protection. This involves protecting systems from intruders who might physically attack the systems. Normally, important systems are locked in rooms and then within locked rack-mounted cabinets. 4.Transmission protection. This involves a hacker tampering with a transmission connection. It might involve tapping into a network connection or total disconnection. Tapping can be avoided by many methods, including using optical fibres which are almost impossible to tap into (as it would typically involve sawing through a cable with hundreds of fibre cables, which would each have to be connected back as they were connected initially). Underground cables can avoid total disconnection, or its damage can be reduced by having redundant paths (such as different connections to the Internet). Security 1.Data protection. This is typically where sensitive or commercially important information is kept. It might include information databases, design files or source code files. One method of reducing this risk is to encrypt important files with a password and/or some form of data encryption. 2.Software protection. This involves protecting all the software packages from damage or from being misconfigured. A misconfigured software package can cause as much damage as a physical attack on a system, because it can take a long time to find the problem. 3.Physical system protection. This involves protecting systems from intruders who might physically attack the systems. Normally, important systems are locked in rooms and then within locked rack-mounted cabinets. 4.Transmission protection. This involves a hacker tampering with a transmission connection. It might involve tapping into a network connection or total disconnection. Tapping can be avoided by many methods, including using optical fibres which are almost impossible to tap into (as it would typically involve sawing through a cable with hundreds of fibre cables, which would each have to be connected back as they were connected initially). Underground cables can avoid total disconnection, or its damage can be reduced by having redundant paths (such as different connections to the Internet).

Security issues Hacking methods IP spoofing. Involves a hacker stealing an authorized IP address, and using it. Packet-sniffing. Listens from TCP/IP. Password attack. Hacker runs programs which determine the password of a user. Once into the system the hacker can then move onto other, more trusted, users. Session hi-jacking attacks. Hacker taps into a conversation between two computers. A remote trusted user could start the conversation, but the hacker could continue it. Shared library attacks. Social engineering attacks. Typically a hacker uses social methods to determine a user’s password. Technological vulnerability attack. The hacker attacks a vulnerable part of the system, such as rebooting the computer, spreading viruses, etc. Trust-access attacks. Hacker adds their system to one of the trusted systems. The hacker can then get full administrator privileges. Hacking methods IP spoofing. Involves a hacker stealing an authorized IP address, and using it. Packet-sniffing. Listens from TCP/IP. Password attack. Hacker runs programs which determine the password of a user. Once into the system the hacker can then move onto other, more trusted, users. Session hi-jacking attacks. Hacker taps into a conversation between two computers. A remote trusted user could start the conversation, but the hacker could continue it. Shared library attacks. Social engineering attacks. Typically a hacker uses social methods to determine a user’s password. Technological vulnerability attack. The hacker attacks a vulnerable part of the system, such as rebooting the computer, spreading viruses, etc. Trust-access attacks. Hacker adds their system to one of the trusted systems. The hacker can then get full administrator privileges.

1.BAN EXTERNAL CONNECTIONS. In a highly secure network, all external traffic should go through a strong firewall. There should be no other external connections on the network. If possible, telephone lines should be monitored to stop data being transferred over without going through firewall. 2.SECURE ACCESS TO RESOURCES. Typically users must use swipe cards, or some biometric technique to gain access to a restricted domain. 3.VIRUSES PROTECTION. All computers which access the Internet should be well protected against malicious programs and viruses. 4.FIREWALLS USED BETWEEN DOMAINS. Internal hackers can be as big a problem as external hackers. Thus firewalls should be used between domains to limit access. 5.BASE AUTHENTICATION ON MAC ADDRESSES. Network addresses do not offer good authentication of a user, as they can be easily spoofed. An improved method is to check the MAC address of the computer (as no two computers have the same MAC address). 6.MONITORING of LOG EVENT. All the important security related events should be monitored within each domain. If possible they should be recorded over a long period of time. Software should be used to try and determine incorrect usage. 1.BAN EXTERNAL CONNECTIONS. In a highly secure network, all external traffic should go through a strong firewall. There should be no other external connections on the network. If possible, telephone lines should be monitored to stop data being transferred over without going through firewall. 2.SECURE ACCESS TO RESOURCES. Typically users must use swipe cards, or some biometric technique to gain access to a restricted domain. 3.VIRUSES PROTECTION. All computers which access the Internet should be well protected against malicious programs and viruses. 4.FIREWALLS USED BETWEEN DOMAINS. Internal hackers can be as big a problem as external hackers. Thus firewalls should be used between domains to limit access. 5.BASE AUTHENTICATION ON MAC ADDRESSES. Network addresses do not offer good authentication of a user, as they can be easily spoofed. An improved method is to check the MAC address of the computer (as no two computers have the same MAC address). 6.MONITORING of LOG EVENT. All the important security related events should be monitored within each domain. If possible they should be recorded over a long period of time. Software should be used to try and determine incorrect usage. Best practices for high-security networks

Intrusion Detection System (IDS) intrusion detection is an important part of solid network security strategy, especially for administrator that implement the best practice of defense in depth. provides monitoring of network resources to detect intrusion and attacks that were not stopped by the preventative techniques. For many reasons, it is impossible for firewalls to prevent all attacks.

Intrusion Detection approach anomaly detection: *Baseline is defined to describe normal state of network or host *Any activity outside baseline is considered to be an attack

signature detection: *Also know as misuse detection *IDS analyzes information it gathers and compares it to a database of known attacks, which are identified by their individual signatures. The signature detection method is good at detecting known attacks.Signature enable the IDS to detect an attack without any knowledge of normal traffic in given network, but also requires a signature be created and entered onto the sensors database

Protected System primarily two types of intrusion detection systems on the market today, those that are host based and those that are network based.

Host-based IDS to protect a critical network server host-based IDS agent use resources on the host server (disk space, memory, and processor time) analyzing the logs of operating systems and applications monitoring of file checksums to identify change

Network-based IDS monitor activity on one or more network segments, while host- based IDS are software agents that reside on the protected system NIDS analyze all passing traffic NIDS sensors usually have two network connection, one that operates to sniff passing traffic, and to send data such as alerts to a centralized management system

NIDS Architecture Place IDS sensors strategically to defend most valuable assets Typical locations of IDS sensors –Just inside the firewall –On the DMZ –On the server farm segment –On network segments connecting mainframe or midrange hosts

Firewalls Basic packet filtering –Protocol type –IP address –TCP/UDP port –Source routing information Access control lists (ACL) Rules built according to organizational policy that defines who can access portions of the network.

Demilitarized zone (DMZ) Area set aside for servers that are publicly accessible or have lower security requirements Sits between the Internet and internal network’s line of defense

shunning or blocking

Network IDS reactions Tcp resets