Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security.

Slides:



Advertisements
Similar presentations
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Advertisements

Guide to Network Defense and Countermeasures Second Edition
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals, Third Edition
Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems
Guide to Network Defense and Countermeasures Third Edition
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
Security Awareness: Applying Practical Security in Your World
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.
Networking Components
Firewalls: General Principles & Configuration (in Linux)
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.
Chapter 6: Packet Filtering
Common Devices Used In Computer Networks
– Chapter 5 – Secure LAN Switching
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Chapter 6 – Connectivity Devices
The Internet The internet is simply a worldwide computer network that uses standardised communication protocols to transmit and exchange data.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Firewall Security.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
TCP/IP (Transmission Control Protocol / Internet Protocol)
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
Security fundamentals Topic 10 Securing the network perimeter.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
Network System Security - Task 2. Russell Johnston.
Defining Network Infrastructure and Network Security Lesson 8.
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Security fundamentals
Security+ Guide to Network Security Fundamentals, Fifth Edition
CompTIA Security+ Study Guide (SY0-401)
1.
Click to edit Master subtitle style
CompTIA Security+ Study Guide (SY0-401)
6.6 Firewalls Packet Filter (=filtering router)
Security+ Guide to Network Security Fundamentals, Third Edition
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Firewalls Chapter 8.
Introduction to Network Security
Presentation transcript:

Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition Objectives List the different types of network security devices and explain how they can be used Define network address translation and network access control Explain how to enhance security through network design 2

Security Through Network Devices Not all applications designed, written with security in mind –Network must provide protection Networks with weak security invite attackers Aspects of building a secure network –Network devices –Network technologies –Design of the network itself Security+ Guide to Network Security Fundamentals, Fourth Edition3

Standard Network Devices Security features found in network hardware –Provide basic level of security Open systems interconnection (OSI) model –Network devices classified based on function –Standards released in 1978, revised in 1983, still used today –Illustrates: How network device prepares data for delivery How data is handled once received Security+ Guide to Network Security Fundamentals, Fourth Edition4

Standard Network Devices (cont’d.) OSI model breaks networking steps into seven layers –Each layer has different networking tasks –Each layer cooperates with adjacent layers Security+ Guide to Network Security Fundamentals, Fourth Edition5

6 Table 6-1 OSI reference model

Standard Network Devices (cont’d.) Hubs –Connect multiple Ethernet devices together: To function as a single network segment –Use twisted-pair copper or fiber-optic cables –Work at Layer 1 of the OSI model –Do not read data passing through them –Ignorant of data source and destination –Rarely used today because of inherent security vulnerability Security+ Guide to Network Security Fundamentals, Fourth Edition7

Standard Network Devices (cont’d.) Switches –Network switch connects network segments –Operate at Data Link Layer (Layer 2) –Determine which device is connected to each port –Can forward frames sent to that specific device Or broadcast to all devices –Use MAC address to identify devices –Provide better security than hubs Security+ Guide to Network Security Fundamentals, Fourth Edition8

Standard Network Devices (cont’d.) Network administrator should be able to monitor network traffic –Helps identify and troubleshoot network problems Traffic monitoring methods –Port mirroring –Network tap (test access point) Separate device installed between two network devices Security+ Guide to Network Security Fundamentals, Fourth Edition9

10 Figure 6-1 Port mirroring © Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition11 Figure 6-2 Network tap © Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition12 Table 6-2 Protecting the switch

Standard Network Devices (cont’d.) Routers –Forward packets across computer networks –Operate at Network Layer (Layer 3) –Can be set to filter out specific types of network traffic Load balancers –Help evenly distribute work across a network –Allocate requests among multiple devices Security+ Guide to Network Security Fundamentals, Fourth Edition13

Standard Network Devices (cont’d.) Advantages of load-balancing technology –Reduces probability of overloading a single server –Optimizes bandwidth of network computers –Reduces network downtime Load balancing is achieved through software or hardware device (load balancer) Security+ Guide to Network Security Fundamentals, Fourth Edition14

Standard Network Devices (cont’d.) Security advantages of load balancing –Can stop attacks directed at a server or application –Can detect and prevent denial-of-service attacks –Some can deny attackers information about the network Hide HTTP error pages Remove server identification headers from HTTP responses Security+ Guide to Network Security Fundamentals, Fourth Edition15

Network Security Hardware Specifically designed security hardware devices –Greater protection than standard networking devices Firewalls –Hardware-based network firewall inspects packets –Can either accept or deny packet entry –Usually located outside network security perimeter Security+ Guide to Network Security Fundamentals, Fourth Edition16

Security+ Guide to Network Security Fundamentals, Fourth Edition17 Figure 6-3 Firewall location © Cengage Learning 2012

Network Security Hardware (cont’d.) Firewall actions on a packet –Allow (let packet pass through) –Block (drop packet) –Prompt (ask what action to take) Rule-based firewall settings –Set of individual instructions to control actions Settings-based firewall –Allows administrator to create parameters Security+ Guide to Network Security Fundamentals, Fourth Edition18

Security+ Guide to Network Security Fundamentals, Fourth Edition19 Table 6-3 Rule for Web page transmission

Network Security Hardware (cont’d.) Methods of firewall packet filtering –Stateless packet filtering Inspects incoming packet and permits or denies based on conditions set by administrator –Stateful packet filtering Keeps record of state of connection Makes decisions based on connection and conditions Security+ Guide to Network Security Fundamentals, Fourth Edition20

Network Security Hardware (cont’d.) Web application firewall –Looks deeply into packets that carry HTTP traffic Web browsers FTP Telnet –Can block specific sites or specific known attacks –Can block XSS and SQL injection attacks Security+ Guide to Network Security Fundamentals, Fourth Edition21

Network Security Hardware (cont’d.) Proxies –Devices that substitute for primary devices Proxy server –Computer or application that intercepts and processes user requests –If a previous request has been fulfilled: Copy of the Web page may reside in proxy server’s cache –If not, proxy server requests item from external Web server using its own IP address Security+ Guide to Network Security Fundamentals, Fourth Edition22

Security+ Guide to Network Security Fundamentals, Fourth Edition23 Figure 6-4 Proxy server © Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition24 Figure 6-5 Configuring access to proxy servers © Cengage Learning 2012

Network Security Hardware (cont’d.) Proxy server advantages –Increased speed (requests served from the cache) –Reduced costs (cache reduces bandwidth required) –Improved management Block specific Web pages or sites –Stronger security Intercept malware Hide client system’s IP address from the open Internet Security+ Guide to Network Security Fundamentals, Fourth Edition25

Network Security Hardware (cont’d.) Reverse proxy –Does not serve clients –Routes incoming requests to correct server –Reverse proxy’s IP address is visible to outside users Internal server’s IP address hidden Security+ Guide to Network Security Fundamentals, Fourth Edition26

Security+ Guide to Network Security Fundamentals, Fourth Edition27 Figure 6-6 Reverse proxy © Cengage Learning 2012

Network Security Hardware (cont’d.) Spam filters –Enterprise-wide spam filters block spam before it reaches the host systems use two protocols –Simple Mail Transfer Protocol (SMTP) Handles outgoing mail –Post Office Protocol (POP) Handles incoming mail Security+ Guide to Network Security Fundamentals, Fourth Edition28

Network Security Hardware (cont’d.) Spam filters installed with the SMTP server –Filter configured to listen on port 25 –Pass non-spam to SMTP server listening on another port –Method prevents SMTP server from notifying spammer of failed message delivery Security+ Guide to Network Security Fundamentals, Fourth Edition29

Security+ Guide to Network Security Fundamentals, Fourth Edition30 Figure 6-7 Spam filter with SMTP server © Cengage Learning 2012

Network Security Hardware (cont’d.) Spam filters installed on the POP3 server –All spam must first pass through SMTP server and be delivered to user’s mailbox –Can result in increased costs Storage, transmission, backup, deletion Third-party entity contracted to filter spam –All directed to third-party’s remote spam filter – cleansed before being redirected to organization Security+ Guide to Network Security Fundamentals, Fourth Edition31

Security+ Guide to Network Security Fundamentals, Fourth Edition32 Figure 6-8 Spam filter on POP3 server © Cengage Learning 2012

Network Security Hardware (cont’d.) Virtual private network (VPN) –Uses unsecured network as if it were secure –All data transmitted between remote device and network is encrypted Types of VPNs –Remote-access User to LAN connection –Site-to-site Multiple sites can connect to other sites over the Internet Security+ Guide to Network Security Fundamentals, Fourth Edition33

Network Security Hardware (cont’d.) Endpoints –Used in communicating VPN transmissions –May be software on local computer –May be VPN concentrator (hardware device) –May be integrated into another networking device VPNs can be software-based or hardware-based –Hardware-based generally have better security –Software-based have more flexibility in managing network traffic Security+ Guide to Network Security Fundamentals, Fourth Edition34

Network Security Hardware (cont’d.) Internet content filters –Monitor Internet traffic –Block access to preselected Web sites and files –Unapproved sites identified by URL or matching keywords Security+ Guide to Network Security Fundamentals, Fourth Edition35

Security+ Guide to Network Security Fundamentals, Fourth Edition36 Table 6-4 Internet content filter features

Network Security Hardware (cont’d.) Web security gateways –Can block malicious content in real time –Block content through application level filtering Examples of blocked Web traffic –ActiveX objects –Adware, spyware –Peer to peer file sharing –Script exploits Security+ Guide to Network Security Fundamentals, Fourth Edition37

Network Security Hardware (cont’d.) Passive and active security can be used in a network –Active measures provide higher level of security Passive measures –Firewall –Internet content filter Intrusion detection system (IDS) –Active security measure –Can detect attack as it occurs Security+ Guide to Network Security Fundamentals, Fourth Edition38

Network Security Hardware (cont’d.) Monitoring methodologies –Anomaly-based monitoring Compares current detected behavior with baseline –Signature-based monitoring Looks for well-known attack signature patterns –Behavior-based monitoring Detects abnormal actions by processes or programs Alerts user who decides whether to allow or block activity –Heuristic monitoring Uses experience-based techniques Security+ Guide to Network Security Fundamentals, Fourth Edition39

Security+ Guide to Network Security Fundamentals, Fourth Edition40 Table 6-5 Methodology comparisons to trap port-scanning application

Network Security Hardware (cont’d.) Host intrusion detection system (HIDS) –Software-based application that can detect attack as it occurs –Installed on each system needing protection –Monitors system calls and file system access –Can recognize unauthorized Registry modification –Monitors all input and output communications Detects anomalous activity Security+ Guide to Network Security Fundamentals, Fourth Edition41

Network Security Hardware (cont’d.) Disadvantages of HIDS –Cannot monitor network traffic that does not reach local system –All log data is stored locally –Resource-intensive and can slow system Security+ Guide to Network Security Fundamentals, Fourth Edition42

Network Security Hardware (cont’d.) Network intrusion detection system (NIDS) –Watches for attacks on the network –NIDS sensors installed on firewalls and routers: Gather information and report back to central device –Passive NIDS will sound an alarm –Active NIDS will sound alarm and take action Actions may include filtering out intruder’s IP address or terminating TCP session Security+ Guide to Network Security Fundamentals, Fourth Edition43

Security+ Guide to Network Security Fundamentals, Fourth Edition44 Table 6-6 NIDS evaluation techniques

Network Security Hardware (cont’d.) Network intrusion prevention system (NIPS) –Similar to active NIDS –Monitors network traffic to immediately block a malicious attack –NIPS sensors located in line on firewall itself Security+ Guide to Network Security Fundamentals, Fourth Edition45

Network Security Hardware (cont’d.) All-in-one network security appliances –One integrated device replaces multiple security devices Recent trend: –Combining multipurpose security appliances with traditional device such as a router –Advantage of approach Network devices already process all packets Switch that contains anti-malware software can inspect all packets Security+ Guide to Network Security Fundamentals, Fourth Edition46

Security Through Network Technologies Internet routers normally drop packet with a private address Network address translation (NAT) –Allows private IP addresses to be used on the public Internet –Replaces private IP address with public address Port address translation (PAT) –Variation of NAT Outgoing packets given same IP address but different TCP port number Security+ Guide to Network Security Fundamentals, Fourth Edition47

Security+ Guide to Network Security Fundamentals, Fourth Edition48 Table 6-7 Private IP addresses Figure 6-9 Network address translation (NAT) © Cengage Learning 2012

Security Through Network Technologies (cont’d.) Advantages of NAT –Masks IP addresses of internal devices –Allows multiple devices to share smaller number of public IP addresses Network access control –Examines current state of system or network device: Before allowing network connection –Device must meet set of criteria If not met, NAC allows connection to quarantine network until deficiencies corrected Security+ Guide to Network Security Fundamentals, Fourth Edition49

Security+ Guide to Network Security Fundamentals, Fourth Edition50 Figure 6-10 Network access control framework © Cengage Learning 2012

Security Through Network Design Elements Elements of a secure network design –Demilitarized zones –Subnetting –Virtual LANs –Remote access Security+ Guide to Network Security Fundamentals, Fourth Edition51

Demilitarized Zone (DMZ) Separate network located outside secure network perimeter Untrusted outside users can access DMZ but not secure network Security+ Guide to Network Security Fundamentals, Fourth Edition52

Security+ Guide to Network Security Fundamentals, Fourth Edition53 Figure 6-11 DMZ with one firewall © Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition54 Figure 6-12 DMZ with two firewalls © Cengage Learning 2012

Subnetting IP address may be split anywhere within its 32 bits Network can be divided into three parts –Network –Subnet –Host Each network can contain several subnets Each subnet can contain multiple hosts Security+ Guide to Network Security Fundamentals, Fourth Edition55

Subnetting (cont’d.) Improves network security by isolating groups of hosts Allows administrators to hide internal network layout Security+ Guide to Network Security Fundamentals, Fourth Edition56

Security+ Guide to Network Security Fundamentals, Fourth Edition57 Table 6-8 Advantages of subnetting

Security+ Guide to Network Security Fundamentals, Fourth Edition58 Figure 6-13 Subnets © Cengage Learning 2012

Virtual LANs (VLAN) Allow scattered users to be logically grouped together: –Even if attached to different switches Can isolate sensitive data to VLAN members Communication on a VLAN –If connected to same switch, switch handles packet transfer –Special “tagging” protocol used for communicating between switches Security+ Guide to Network Security Fundamentals, Fourth Edition59

Remote Access Working away from the office commonplace today –Telecommuters –Traveling sales representatives –Traveling workers Strong security for remote workers must be maintained –Transmissions are routed through networks not managed by the organization Provides same functionality as local users –Through VPN or dial-up connection Security+ Guide to Network Security Fundamentals, Fourth Edition60

Summary Standard network security devices provide a degree of security –Hubs, switches, router, load balancer Hardware devices specifically designed for security give higher protection level –Hardware-based firewall, Web application firewall Proxy server intercepts and processes user requests Virtual private network uses unsecured public network and encryption to provide security Security+ Guide to Network Security Fundamentals, Fourth Edition61

Summary (cont’d.) Intrusion detection system designed to detect attack as it occurs Network technologies can help secure a network –Network address translation –Network access control Methods for designing a secure network –Demilitarized zones –Virtual LANs Security+ Guide to Network Security Fundamentals, Fourth Edition62

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.