Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Network Security, Firewalls, and VPNs

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Firewall management = testing, monitoring, & troubleshooting, review, backup- backup-backup.  Why one over the other?  The simplest form is a - packet filtering firewall.  Major threats: internal vs. external  Software versus hardware  Building versus buying

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. STIGs would be of benefit is in the configuration of a desktop computer. Most OS are not secure! A STIG describes how to minimize network-based attacks / preventing system access when the attacker is either physically at the machine, or over a network. STIGs also describe maintenance processes, such as software updates and vulnerability patching.vulnerability patching

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Create a written firewall policy  Evaluate potential and known threats  Confirm that the existing firewall policy and setup is sufficient or correct based on known threats  Maintain physical security control over all access to firewalls  Limit and filter Internet connectivity

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Filter systems attached to the network  Defense in depth – layer defenses along pathways of communication and transaction  Use Internet Protocol Security (IPSec) to secure all intranet communications  Harden internal and border firewalls  Focus on default deny rather than default permit  Monitor logs for signs of breach attempts

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Create an intrusion and incident response plan  Create business continuity and disaster recovery plans  Prioritize securing against the largest threats first  Probability, frequency, and consequences  Develop and periodically confirm your firewall checklist  Periodically reassess your security assumptions against current evolving guidelines

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Perform internal compliance audits periodically  Use an ethical hacking team to attempt penetration of the network  You won't learn unless you make mistakes! There are always new lessons to be learned and new challenges to be met – keep educating yourself!

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Specialized device or computer installed with specialized software  Selectively filters and blocks traffic between networks  Involves hardware and software combination  Firewall location  Between two interconnected private networks  Between private network and public network (network-based firewall)

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Packet-filtering firewall  Simplest firewall  Examines header of every entering packet  Can block traffic entering or exiting a LAN  Firewall default configuration  Blocks most common security threats  Preconfigured to accept and deny certain traffic types  Network administrators often customize settings

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Port blocking  Prevents connection to and transmission completion through ports  Optional firewall functions  Encryption  User authentication  Central management  Easy rule establishment  Filtering based on data contained in packets

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Optional firewall functions (cont’d.)  Logging, auditing capabilities  Protect internal LAN’s address identity  Monitor data stream from end to end (stateful firewall)  Tailoring a firewall  Consider type of traffic to filter  Consider exceptions to rules  Packet-filtering firewalls  Cannot distinguish user trying to breach firewall from authorized user

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Exploit can convert almost any protocol at any layer of the OSI model into an encapsulation or tunneling protocol Works in two Modes TransportTunnel

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Strictly enforce deny by default for both inbound and outbound communications  Clearly define in the acceptable use policy (AUP) what is not authorized and deemed a risk  Use network and host IDS/IPS monitoring  Deploy whitelist controls to prevent the installation of unapproved software  Limit mobile code, such as ActiveX, Java, Flash, Silverlight, and JavaScript

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Use a brute-force technique to craft packets and other forms of input directed toward the target Stress a system to determine whether it will react improperly, fail, or reveal unknown vulnerabilities. Can discover coding errors, buffer overflows, race conditions, remote exploit flaws, injection weaknesses, and so on Can take a significant amount of time to discover anything interesting

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Firewalls are incomplete security on their own  Tools and software will be dictated by budget and threat evaluation—don’t over buy or under buy  The nature of exploits and attack methodologies can change quickly which limits the useful lifespan of any recommendation

 Nmap (Zenmap)  Netstat  Tcpview  Fport  Snort

 Nmap – a network mapper, port scanner, and OS fingerprinting tool. Can check the state of ports, identify targets, and probe services.  Tcpview – a GUI tool to list the current open, listening, and connection sockets on a system as well as the service/program related to each socket  Wireshark – a free packet capture/protocol analyzer/sniffer that can analyze packets/frames as the enter or leave a firewall  Kali– a Linux distribution that includes hundreds of security and hacking tools, including Nessus and Metasploit. Can perform attacks against or through a firewall for testing purposes  Netstat – a simple command line tool to list the current open, listening, and connection sockets on a system

Fport - a command line tool to list the current open, listening, and connection sockets on a system as well as the service/program related to each socket Snort – a open source rule-based IDS that can detect firewall breaches Nessus – an open source vulnerability assessment engine that can scan for known vulnerabilities Netcat – a hacker tool that creates network communication links using UDP or TCP ports that support the transmission of standard input and output. Commonly creates covert channels to control a target system remotely or bypass a firewall. Can test a firewall’s ability to detect and block covert channels. Cryptcat offers similar capabilities using encryption Syslog – a centralized logging service that hosts a duplicate copy of log files. Provides real-time backup of every log on every participating host

 Nessus  OpenVAS  Wireshark  Netcat  Kali  Syslog

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Control traffic through routers  Router’s main functions  Examine packets  Determine destination  Based on Network layer addressing information  ACL (access control list)  Also called access list  Routers can decline to forward certain packets  ACL variables used to permit or deny traffic  Network layer protocol (IP, ICMP)  Transport layer protocol (TCP, UDP)  Source IP address  Source netmask  Destination IP address  Destination netmask  TCP or UDP port number

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Router receives packet, examines packet  Refers to ACL for permit, deny criteria  Drops packet if deny characteristics match  Forwards packet if permit characteristics match  Access list statement examples  Deny all traffic from source address with netmask  Deny all traffic destined for TCP port 23  Separate ACL’s for:  Interfaces; inbound and outbound traffic

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Trouble involving network security demands a prompt resolution Be patient Know your firewall thoroughly Focus Isolate the problem Simplify – KISS IT Try the quick-and-easy fixes first Avoid destructive or non-reversible solutions Try the free options before the costly ones Let the problem guide and direct you – READ ME Make fixes one at a time Test after each attempt Reverse or undo solution failures

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.  Good documentation and planning makes troubleshooting firewalls simpler  Useful troubleshooting information  Complete hardware and software inventory (relative to firewalls)  Written and electronic copies of configuration settings  Firewall policy  Change documentation  Previous troubleshooting logs  Activity, error, and alert logs  Maintenance logs  Any information about the current problem

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.

Network Security, Firewalls, and VPNs © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved.