Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guide to Network Defense and Countermeasures Second Edition

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Guide to Network Defense and Countermeasures Second Edition"— Presentation transcript:

1 Guide to Network Defense and Countermeasures Second Edition
Chapter 1 Network Defense Fundamentals

2 Objectives Explain the fundamentals of TCP/IP networking
Describe the threats to network security Explain the goals of network security Describe a layered approach to network defense Explain how network security defenses affect your organization Guide to Network Defense and Countermeasures, Second Edition

3 TCP/IP Networking Review
Transmission Control Protocol/Internet Protocol (TCP/IP) Suite of many protocols Allows information to be transmitted from point to point on a network Guide to Network Defense and Countermeasures, Second Edition

4 The Open Systems Interconnect (OSI) Model
Guide to Network Defense and Countermeasures, Second Edition

5 IP Addressing Attackers can gain access to networks by determining IP addresses of computers IP address components Network address Host address Subnet mask Try to hide IP addresses to prevent certain attacks Network Address Translation (NAT) Translate IP addresses into other IP addresses Used to hide real IP addresses Proxy servers are also used to hide IP addresses Guide to Network Defense and Countermeasures, Second Edition

6 Guide to Network Defense and Countermeasures, Second Edition

7 Guide to Network Defense and Countermeasures, Second Edition

8 Exploring IP Packet Structure
IP datagrams Discrete chunk of information TCP/IP messages are transmitted using multiple datagrams Contain information about source and destination IP addresses and control settings Divided into different sections IP header structure Part of an IP packet that computers used to communicate IP header plays an important role in terms of network security and intrusion detection Guide to Network Defense and Countermeasures, Second Edition

9 Guide to Network Defense and Countermeasures, Second Edition

10 Guide to Network Defense and Countermeasures, Second Edition

11 Exploring IP Packet Structure (continued)
IP data Firewalls, VPNs and proxy servers are used to protect data in a packet IP fragmentation Allows large packets to pass through routers Routers divide packets into multiple fragments and send them along the network Fragmentation creates security problems Port numbers appear only in fragment 0 Fragments 1 and higher pass through filters without being scrutinized Guide to Network Defense and Countermeasures, Second Edition

12 ICMP Messages Internet Control Message Protocol (ICMP)
Assists TCP/IP networks with troubleshooting communication problems Can tell if another host is alive Firewalls and packet filters should be used to filter ICMP messages Guide to Network Defense and Countermeasures, Second Edition

13 Guide to Network Defense and Countermeasures, Second Edition

14 TCP Headers Provide hosts with additional flags
Flags are important from a security standpoint Used to create packet-filtering rules Flags URG (urgent) ACK (acknowledge) PSH (push function) RST (reset the connection) SYN (synchronize sequence numbers) FIN (finished) Guide to Network Defense and Countermeasures, Second Edition

15 Guide to Network Defense and Countermeasures, Second Edition

16 UDP Headers UDP provides a datagram transport service for IP
UDP is considered unreliable Because it is connectionless UDP is used for broadcasting messages Attackers scan for open UDP services to exploit UDP packets have their own headers Guide to Network Defense and Countermeasures, Second Edition

17 Guide to Network Defense and Countermeasures, Second Edition

18 Domain Name Service (DNS)
DNS servers translate fully qualified domain names to IP addresses DNS can be used to block unwanted communications Administrators can block Web sites containing offensive content DNS attacks Buffer overflow Zone transfer Cache poisoning Guide to Network Defense and Countermeasures, Second Edition

19 Encryption Concealing information to render it unreadable
Except to the intended recipients Firewalls often encrypt data leaving the network and decrypt incoming packets Encryption often makes use of digital certificates Digital certificate Electronic document containing encryption keys and a digital signature Public Key Infrastructure Makes possible distribution of certificates Guide to Network Defense and Countermeasures, Second Edition

20 Overview of Threats to Network Security
Security problems Network intrusions Loss of data Loss of privacy First step in defeating the enemy is to know your enemy Guide to Network Defense and Countermeasures, Second Edition

21 Types of Attackers Knowing the types of attackers helps you anticipate
Motivation to break into systems Status Revenge Financial gain Industrial espionage Guide to Network Defense and Countermeasures, Second Edition

22 Types of Attackers (continued)
Crackers Attempt to gain access to unauthorized resources Circumventing passwords, firewalls, or other protective measures Disgruntled employees Access customer information, financial files, job records, or other sensitive information from inside an organization When an employee is terminated, security measures should be taken immediately Guide to Network Defense and Countermeasures, Second Edition

23 Types of Attackers (continued)
Criminal and Industrial Spies Steal and sell a company’s confidential information to its competitors Script Kiddies and Packet Monkeys Script kiddies Young, immature computer programmers Spread viruses and other malicious scripts Use techniques to exploit known weakness Packet monkeys Block Web site activities using DDoS attacks Guide to Network Defense and Countermeasures, Second Edition

24 Types of Attackers (continued)
Terrorists Attack computer systems for several reasons Making a political statement Achieving a political goal Causing damage to critical systems Disrupting a target’s financial stability Guide to Network Defense and Countermeasures, Second Edition

25 Malicious Code Malware
Use system’s well known vulnerabilities to spread Virus Code that copies itself surreptitiously Can be benign or harmful Spread methods Running executable code Sharing disks or memory sticks Opening attachments Guide to Network Defense and Countermeasures, Second Edition

26 Malicious Code (continued)
Worm Creates files that copy themselves and consume disk space Does not require user intervention to be launched Some worms install back doors A way of gaining unauthorized access to computer or other resources Others can destroy data on hard disks Trojan program Harmful computer program that appears to be something useful Can create a back door Guide to Network Defense and Countermeasures, Second Edition

27 Malicious Code (continued)
Macro viruses Macro is a type of script that automates repetitive tasks in Microsoft Word or similar applications Macros run a series of actions automatically Macro viruses run actions that tend to be harmful Guide to Network Defense and Countermeasures, Second Edition

28 Other Threats to Network Security
It is not possible to prepare for every possible risk to your systems Try to protect your environment for today’s threat Be prepared for tomorrow’s threats Guide to Network Defense and Countermeasures, Second Edition

29 Social Engineering: The People Factor
Social engineers try to gain access to resources through people Employees do not always observe accepted security practices Employees are fooled by attackers into giving out passwords or other access codes Guide to Network Defense and Countermeasures, Second Edition

30 Common Attacks and Defenses
Guide to Network Defense and Countermeasures, Second Edition

31 Common Attacks and Defenses (continued)
Guide to Network Defense and Countermeasures, Second Edition

32 Common Attacks and Defenses (continued)
Guide to Network Defense and Countermeasures, Second Edition

33 Internet Security Concerns
Socket Port number combined with a computer’s IP address Attacker software looks for open sockets Open sockets are an invitation to be attacked Sometimes sockets have exploitable vulnerabilities and Communications Home users regularly surf the Web, use and instant messaging programs Personal firewalls keep viruses and Trojan programs from entering a system Guide to Network Defense and Countermeasures, Second Edition

34 Internet Security Concerns (continued)
Scripts Executable code attached to messages or downloaded files that infiltrates a system Difficult for firewalls and IDSs to block all scripts Always-on Connectivity Computers using always-on connections are easier to locate and attack Remote users pose security problems to network administrators Always-on connections effectively extend the boundaries of your corporate network Guide to Network Defense and Countermeasures, Second Edition

35 Goals of Network Security
Goals include Confidentiality Integrity Availability Guide to Network Defense and Countermeasures, Second Edition

36 Providing Secure Connectivity
In the past, network security emphasized blocking attackers from accessing the corporate network Now secure connectivity with trusted users and networks is the priority Activities that require secure connectivity Placing orders for merchandise online Paying bills Accessing account information Looking up personnel records Creating authentication information Guide to Network Defense and Countermeasures, Second Edition

37 Secure Remote Access One of the biggest security challenges VPN
Ideal and cost-effective solution Uses a combination of encryption and authentication mechanisms Guide to Network Defense and Countermeasures, Second Edition

38 Guide to Network Defense and Countermeasures, Second Edition

39 Ensuring Privacy Databases with personal or financial information need to be protected Legislation exists that protects private information Education is an effective way to maintain the privacy of information All employees must be educated about security dangers and security policies Employees are most likely to detect security breaches And to cause one accidentally Employees can monitor activities of their co-workers Guide to Network Defense and Countermeasures, Second Edition

40 Providing Nonrepudiation
Nonrepudiation is important when organizations do business across a network Rather than face-to-face Encryption provides integrity, confidentiality, and authenticity of digital information Encryption can also provide nonrepudiation Nonrepudiation Capability to prevent one participant from denying that it performed an action Guide to Network Defense and Countermeasures, Second Edition

41 Confidentiality, Integrity, and Availability: The CIA Triad
Prevents intentional or unintentional disclosure of communications between sender and recipient Integrity Ensures the accuracy and consistency of information during all processing Availability Makes sure those who are authorized to access resources can do so in a reliable and timely manner Guide to Network Defense and Countermeasures, Second Edition

42 Guide to Network Defense and Countermeasures, Second Edition

43 Using Network Defense Technologies in Layers
No single security measure can ensure complete network protection Assemble a group of methods That work in a coordinated fashion Defense in depth (DiD) Layering approach to network security Guide to Network Defense and Countermeasures, Second Edition

44 Physical Security Refers to measures taken to physically protect a computer or other network device Physical security measures Computer locks Lock protected rooms for critical servers Burglar alarms Uninterruptible power supply (UPS) Guide to Network Defense and Countermeasures, Second Edition

45 Authentication and Password Security
Simple strategy Select good passwords, keep them secure, and change them as needed Use different passwords for different applications Authentication methods Something user knows Something user has Something user is In large organizations, authentication is handled by centralized servers Guide to Network Defense and Countermeasures, Second Edition

46 Operating System Security
Protect operating systems by installing Patches Hot fixes Service packs OSs must be timely updated to protect from security flaws Stop any unneeded services Disable Guest accounts Guide to Network Defense and Countermeasures, Second Edition

47 Antivirus Protection Virus scanning
Examines files or messages for indications that viruses are present Viruses have suspicious file extensions Antivirus software uses virus signatures to detect viruses in your systems You should constantly update virus signatures Firewalls and IDSs are not enough You should install antivirus software in hosts and all network computers Guide to Network Defense and Countermeasures, Second Edition

48 Packet Filtering Block or allow transmission of packets based on
Port number IP addresses Protocol information Some types of packet filters Routers Most common packet filters Operating systems Built-in packet filtering utilities that come with some OSs Software firewalls Enterprise-level programs Guide to Network Defense and Countermeasures, Second Edition

49 Firewalls Firewalls control organizations overall security policies
Permissive versus restrictive policies Permissive Allows all traffic through the gateway and then blocks services on case-by-case basis Restrictive Denies all traffic by default and then allows services on case-by-case basis Guide to Network Defense and Countermeasures, Second Edition

50 Guide to Network Defense and Countermeasures, Second Edition

51 Demilitarized Zone (DMZ)
Network that sits outside the internal network DMZ is connected to the firewall Makes services publicly available While protecting the internal LAN It might also contain a DNS server DMZ is sometimes called a “service network” or “perimeter network” Guide to Network Defense and Countermeasures, Second Edition

52 Intrusion Detection System (IDS)
Recognizes the signs of a possible attack And notifies the administrator Signs of possible attacks are called signatures Combinations of IP address, port number, and frequency of access attempts IDS provides an additional layer of protection Guide to Network Defense and Countermeasures, Second Edition

53 Virtual Private Networks (VPNs)
Provide a low-cost and secure connection that uses the public Internet Alternative to expensive leased lines Provides point-to-point communication Guide to Network Defense and Countermeasures, Second Edition

54 Network Auditing and Log Files
Recording which computers are accessing a network and what resources are being accessed Information is recorded in a log file Reviewing and maintaining log files helps you detect suspicious patterns of activity You can set up blocking rules based on logged information from previous attack attempts Guide to Network Defense and Countermeasures, Second Edition

55 Network Auditing and Log Files (continued)
Log file analysis Tedious and time consuming task Record and analyze rejected connection requests Sort logs by time of day and per hour Check logs during peak traffic time Configuring log files to record System events Security events Traffic Packets Guide to Network Defense and Countermeasures, Second Edition

56 Guide to Network Defense and Countermeasures, Second Edition

57 Guide to Network Defense and Countermeasures, Second Edition

58 Routing and Access Control Methods
Border routers are critical to the movement of all network traffic Can be equipped with their own firewall software Attackers exploit open points of entry, such as Vulnerable services gateways Porous borders Methods of access control Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role Based Access Control (RBAC) Guide to Network Defense and Countermeasures, Second Edition

59 The Impact of Defense Cost of securing systems might seem high
Cost of a security breach can be much higher Support from upper management Key factor in securing systems Securing systems will require Time Money Understanding and cooperation from fellow employees Guide to Network Defense and Countermeasures, Second Edition

60 Summary Knowledge of TCP/IP networking is important when securing a network IP and TCP (or UDP) header section contain setting that can be exploited Domain Name Service (DNS) General-purpose service that translates fully qualified domain names into IP addresses Encryption can be used to protect data Network intruders are motivated by a variety of reasons Guide to Network Defense and Countermeasures, Second Edition

61 Summary (continued) is one of the most important services to secure Malicious scripts can be delivered via Goals of network security Confidentiality Integrity Availability Defense in depth (DiD) Layering approach to security Auditing helps identify possible attacks and prevent from other attacks Guide to Network Defense and Countermeasures, Second Edition

62 Summary (continued) Routers at the border of a network are critical to the movement of all traffic Legitimate and harmful Access control methods Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role Based Access Control (RBAC) Defense affects the entire organization You should always look for support from upper management Guide to Network Defense and Countermeasures, Second Edition

Download ppt "Guide to Network Defense and Countermeasures Second Edition"

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.

Chapter 12 Network Security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Similar presentations

Ads by Google