Security Awareness: Applying Practical Security in Your World Chapter 5: Network Security

Objectives Give an overview of how networks work List and describe three types of network attacks Explain how network defenses can be used to enhance a network security perimeter Tell how a wireless local area network (WLAN) functions and list some of its security features Security Awareness: Applying Practical Security in Your World

Network Security Computer networks in organizations are prime targets for hackers. Computer networks are also found in homes The growth of home networks has resulted in more attacks Security Awareness: Applying Practical Security in Your World

How Networks Work Personal computers  Isolated from other computers (See Figure 5-1) Function limited to the hardware, software, and data on that one computer Computer network  Interconnected computers and devices (See Figure 5-2) Sharing increases functionality, reduces costs, and increases accuracy Security Awareness: Applying Practical Security in Your World

How Networks Work (continued) Security Awareness: Applying Practical Security in Your World

How Networks Work (continued) Security Awareness: Applying Practical Security in Your World

Types of Networks Local area network (LAN)  A network of computers located relatively close to each other Wide area network (WAN)  A network of computers geographically dispersed Security Awareness: Applying Practical Security in Your World

Types of Networks (continued) Security Awareness: Applying Practical Security in Your World

Transmitting Data Protocols  Sets of rules used by sending and receiving devices to transmit data Both sender and receiver must use same set of rules Transmission Control Protocol/Internet Protocol (TCP/IP)  Most common protocol in use IP Address  Unique number assigned to each device on a TCP/IP network that identifies it from all other devices Data is divided into smaller units called packets for transmission through a network (See Figure 5-4) Security Awareness: Applying Practical Security in Your World

Figure 5-4 Security Awareness: Applying Practical Security in Your World

Devices on a Network Different types of equipment perform different functions Many devices are responsible for sending packets through the LAN or across a WAN Router  Directs packets “toward” their destination Network perimeter  Line of defense around a network made up of products, procedures and people (See Figure 5-5) Security Awareness: Applying Practical Security in Your World

Devices on a Network (continued) Security Awareness: Applying Practical Security in Your World

Network Attacks Hackers attack network perimeters in different ways Attacks include: Denial of Service (DoS) Man-in-the-Middle Spoofing Security Awareness: Applying Practical Security in Your World

Denial of Service (DoS) Normal conditions  Computers contact a server with a request Denial of Service (DoS)  Server is flooded with requests, making it unavailable to legitimate users (See Figure 5-6) Attacking computers programmed not to reply to the server’s response Server “holds the line open” for each request (See Figure 5-7) and eventually runs out of resources as more requests are received Security Awareness: Applying Practical Security in Your World

Denial of Service (DoS) (continued) Security Awareness: Applying Practical Security in Your World

Denial of Service (DoS) (continued) Security Awareness: Applying Practical Security in Your World

Distributed Denial of Service (DDoS) Distributed Denial of Service (DDoS)  Variant of a DoS that uses many computers to attack a target Hacker finds a handler Special software is loaded on the handler and it searches for zombies Software is loaded on the zombies without the user’s knowledge Eventually that hacker instructs all zombies to flood a particular server Security Awareness: Applying Practical Security in Your World

Man-in-the-Middle Man-in-the-Middle  Two computers are tricked into thinking they are communicating with each other when there is actually a hidden third party between them (See Figure 5-8) Communications can be monitored or modified Security Awareness: Applying Practical Security in Your World

Man-in-the-Middle (continued) Security Awareness: Applying Practical Security in Your World

Spoofing Spoofing  Pretending to be the legitimate owner IP Address Spoofing  False IP address inserted into packets ARP Spoofing  ARP table changed to redirect packets (See Figure 5-10) ARP table  Address Resolution Protocol table stores list of MAC addresses and corresponding IP addresses (See Figure 5-9) MAC Address*  Media Access Control address is the hardware address of the Network Interface Card (NIC) Security Awareness: Applying Practical Security in Your World

Spoofing (continued) Security Awareness: Applying Practical Security in Your World

Spoofing (continued) Security Awareness: Applying Practical Security in Your World

Network Defenses Three groups of networks defenses: Devices Configurations Countermeasures Security Awareness: Applying Practical Security in Your World

Devices Firewalls  Designed to prevent malicious packets from entering Typically outside the security perimeter (See Figure 5-11) Software based  Runs as a local program to protect one computer (personal firewall) or as a program on a separate computer (network firewall) to protect the network Hardware based  separate devices that protect the entire network (network firewalls) Security Awareness: Applying Practical Security in Your World

Devices (continued) Security Awareness: Applying Practical Security in Your World

Devices (continued) Firewall rule base  AKA Access control list (ACL)  Establishes what action the firewall should take when it receives a packet Allow Block Prompt Should reflect the organization's security policy Security Awareness: Applying Practical Security in Your World

Devices (continued) Stateless packet filtering  Allows or denies packets based strictly on the rule base Stateful packet filtering  Keeps a record of the state of a connection Makes decisions based on the rule base and the connection Security Awareness: Applying Practical Security in Your World

Devices (continued) Intrusion Detection System (IDS)  Examines the activity on a network Goal is to detect intrusions and take action Two types of IDS: Host-based IDS  Installed on a server or other computers (sometimes all) Monitors traffic to and from that particular computer Network-based IDS  Located behind the firewall and monitors all network traffic (See Figure 5-12) Security Awareness: Applying Practical Security in Your World

Devices (continued) Security Awareness: Applying Practical Security in Your World

Devices (continued) Network Address Translation (NAT) Systems  Hides the IP address of network devices Located just behind the firewall (See Figure 5-13) NAT device uses an alias IP address in place of the sending machine’s real one (See Figure 5-14) “You cannot attack what you can’t see” Security Awareness: Applying Practical Security in Your World

Devices (continued) Security Awareness: Applying Practical Security in Your World

Devices (continued) Security Awareness: Applying Practical Security in Your World

Devices (continued) Proxy Server  Operates similar to NAT, but also examines packets to look for malicious content Replaces the protected computer’s IP address with the proxy server’s address Protected computers never have a direct connection outside the network The proxy server intercepts requests (See Figure 5-15) Acts “on behalf of” the requesting client Security Awareness: Applying Practical Security in Your World

Devices (continued) Security Awareness: Applying Practical Security in Your World

Network Design The key to effective network design is a single point of entry into a network  Difficult to maintain Employees or others may bypass security by installing unauthorized entry points (See Figure 5-16) Common design tools: Demilitarized Zones (DMZ) Virtual Private Networks (VPNs) Security Awareness: Applying Practical Security in Your World

Network Design (continued) Security Awareness: Applying Practical Security in Your World

Network Design (continued) Demilitarized Zones (DMZ)  Another network that sits outside the secure network perimeter Outside users can access the DMZ, but not the secure network (See Figure 5-17) Some DMZs use two firewalls (See Figure 5-18) This prevents outside users from even accessing the internal firewall  Provides an additional layer of security Security Awareness: Applying Practical Security in Your World

Network Design (continued) Security Awareness: Applying Practical Security in Your World

Network Design (continued) Security Awareness: Applying Practical Security in Your World

Network Design (continued) Virtual Private Networks (VPNs)  A secure network connection over a public network (See Figure 5-19) Allows mobile users to securely access information Sets up a unique connection called a tunnel Security Awareness: Applying Practical Security in Your World

Network Design (continued) Security Awareness: Applying Practical Security in Your World

Network Design (continued) Advantages of VPNs: Low cost Flexibility Security Standards Security Awareness: Applying Practical Security in Your World

Network Design (continued) Honeypots  Computer located in a DMZ and loaded with files and software that appear to be authentic, but are actually imitations (See Figure 5-21) Intentionally configured with security holes Goals: Direct attacker’s attention away from real targets Examine the techniques used by hackers Security Awareness: Applying Practical Security in Your World

Network Design (continued) Security Awareness: Applying Practical Security in Your World

Components of a WLAN Wireless network interface card (WNIC)  Card inserted into the wireless device that sends and receives signals from the access point Access point (AP)  Acts as the base station and is connected to the wired network Multiple access points allow ease of roaming (See Figure 5-22) Security Awareness: Applying Practical Security in Your World

Components of a WLAN (continued) Security Awareness: Applying Practical Security in Your World

Security in a WLAN WLANs include a different set of security issues Steps to secure: Turn off broadcast information MAC address filtering WEP encryption Password protect the access point Physically secure the access point Use enhanced WLAN security standards whenever possible Security Awareness: Applying Practical Security in Your World

Summary A computer network allows users to share hardware, programs and data. Two types of computer networks are: Local area network (LAN)  computers all close together Wide area network (WAN)  Computers geographically dispersed On most networks, each computer or device must be assigned a unique address called the IP address. Security Awareness: Applying Practical Security in Your World

Summary (continued) Hackers attacks network perimeters in several ways: Denial of Service (DoS) Distributed Denial of Service (DDoS) Man-in-the-Middle Spoofing Security Awareness: Applying Practical Security in Your World

Summary (continued) There are devices that can be installed to make the network perimeter more secure. Firewalls Hardware or software based Intrusion-detection system (IDS) Host-based or network-based Network Address Translation (NAT) Proxy server Security Awareness: Applying Practical Security in Your World

Summary (continued) Network security can be enhanced by its design. Single point of entry is best, but hard to maintain Technologies frequently used to enhance secure network design: Demilitarized zones (DMZ) Virtual private networks (VPNs) Honeypots Security Awareness: Applying Practical Security in Your World

Summary (continued) Wireless local area networks are becoming increasingly common. Two basic components: Wireless network interface card (WNIC) Access point (AP) Securing a WLAN requires additional steps beyond those required for a wired network. Security Awareness: Applying Practical Security in Your World