Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Third Edition

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security+ Guide to Network Security Fundamentals, Third Edition"— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Third Edition
Chapter 5 Network Defenses

2 Objectives Explain how to enhance security through network design
Define network address translation and network access control List the different types of network security devices and explain how they can be used Security+ Guide to Network Security Fundamentals, Third Edition

3 Crafting a Secure Network
A common mistake in network security Attempt to patch vulnerabilities in a weak network that was poorly conceived and implemented from the start Securing a network begins with the design of the network and includes secure network technologies Security+ Guide to Network Security Fundamentals, Third Edition

4 Security through Network Design
Subnetting IP addresses are actually two addresses: one part is a network address and one part is a host address Classful addressing The split between the network and host portions of the IP address originally was set on the boundaries between the bytes Subnetting or subnet addressing Allows an IP address to be split anywhere Networks can essentially be divided into three parts: network, subnet, and host Security+ Guide to Network Security Fundamentals, Third Edition

5 Security+ Guide to Network Security Fundamentals, Third Edition

6 Security through Network Design (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

7 Security through Network Design (continued)
Security is enhanced by subnetting a single network Multiple smaller subnets isolates groups of hosts Network administrators can utilize network security tools Makes it easier to regulate who has access in and out of a particular subnetwork Subnets also allow network administrators to hide the internal network layout Security+ Guide to Network Security Fundamentals, Third Edition

8 Security through Network Design (continued)
Virtual LAN (VLAN) In most network environments, networks are divided or segmented by using switches A VLAN allows scattered users to be logically grouped together even though they may be attached to different switches Can reduce network traffic and provide a degree of security similar to subnetting: VLANs can be isolated so that sensitive data is transmitted only to members of the VLAN Security+ Guide to Network Security Fundamentals, Third Edition

9 Security+ Guide to Network Security Fundamentals, Third Edition

10 Security+ Guide to Network Security Fundamentals, Third Edition

11 Security through Network Design (continued)
VLAN communication can take place in two ways All devices are connected to the same switch Traffic is handled by the switch itself Devices are connected to different switches A special “tagging” protocol must be used, such as the IEEE 802.1Q-2005 A VLAN is heavily dependent upon the switch for correctly directing packets Attacks on the switch that attempt to exploit vulnerabilities such as weak passwords or default accounts are common Security+ Guide to Network Security Fundamentals, Third Edition

12 Security through Network Design (continued)
Convergence One of the most visible unification efforts is a process known as convergence of voice and data traffic over a single IP network Advantages Cost savings Management Application development Infrastructure requirements Reduced regulatory requirements Increased user productivity Security+ Guide to Network Security Fundamentals, Third Edition

13 Security through Network Design (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

14 Security through Network Design (continued)
Demilitarized Zone (DMZ) A separate network that sits outside the secure network perimeter Outside users can access the DMZ but cannot enter the secure network Security+ Guide to Network Security Fundamentals, Third Edition

15 Security through Network Design (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

16 Security through Network Design (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

17 Security through Network Technologies
Network Address Translation (NAT) Hides the IP addresses of network devices from attackers Private addresses IP addresses not assigned to any specific user or organization Function as regular IP addresses on an internal network Non-routable addresses Security+ Guide to Network Security Fundamentals, Third Edition

18 Security through Network Technologies (continued)
NAT removes the private IP address from the sender’s packet And replaces it with an alias IP address When a packet is returned to NAT, the process is reversed An attacker who captures the packet on the Internet cannot determine the actual IP address of the sender Security+ Guide to Network Security Fundamentals, Third Edition

19 Security through Network Technologies (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

20 Security through Network Technologies (continued)
Port address translation (PAT) A variation of NAT Each packet is given the same IP address but a different TCP port number Network Access Control (NAC) Examines the current state of a system or network device before it is allowed to connect to the network Any device that does not meet a specified set of criteria is only allowed to connect to a “quarantine” network where the security deficiencies are corrected Security+ Guide to Network Security Fundamentals, Third Edition

21 Security through Network Technologies (continued)
Goal of NAC Prevent computers with sub-optimal security from potentially infecting other computers through the network Methods for directing the client to a quarantine VLAN Using a Dynamic Host Configuration Protocol (DHCP) server Using Address Resolution Protocol (ARP) poisoning Security+ Guide to Network Security Fundamentals, Third Edition

22 Security through Network Technologies (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

23 Security+ Guide to Network Security Fundamentals, Third Edition

24 Security through Network Technologies (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

25 Applying Network Security Devices
Devices include: Firewalls Proxy servers Honeypots Network intrusion detection systems Host and network intrusion prevention systems Protocol analyzers Internet content filters Integrated network security hardware Security+ Guide to Network Security Fundamentals, Third Edition

26 Firewall Firewall Typically used to filter packets Sometimes called a packet filter Designed to prevent malicious packets from entering the network A firewall can be software-based or hardware-based Hardware firewalls usually are located outside the network security perimeter As the first line of defense Security+ Guide to Network Security Fundamentals

27 Firewall (continued) Security+ Guide to Network Security Fundamentals, Third Edition

28 Firewall (continued) The basis of a firewall is a rule base
Establishes what action the firewall should take when it receives a packet (allow, block, and prompt) Stateless packet filtering Looks at the incoming packet and permits or denies it based strictly on the rule base Stateful packet filtering Keeps a record of the state of a connection between an internal computer and an external server Then makes decisions based on the connection as well as the rule base Security+ Guide to Network Security Fundamentals, Third Edition

29 Firewall (continued) Security+ Guide to Network Security Fundamentals, Third Edition

30 Firewall (continued) Security+ Guide to Network Security Fundamentals, Third Edition

31 Firewall (continued) Personal software firewalls have gradually improved their functionality Most personal software firewalls today also filter outbound traffic as well as inbound traffic Protects users by preventing malware from connecting to other computers and spreading Security+ Guide to Network Security Fundamentals, Third Edition

32 Security+ Guide to Network Security Fundamentals, Third Edition

33 Proxy Server Proxy server Reverse proxy
A computer system (or an application program) that intercepts internal user requests and then processes that request on behalf of the user Goal is to hide the IP address of client systems inside the secure network Reverse proxy Does not serve clients but instead routes incoming requests to the correct server Security+ Guide to Network Security Fundamentals, Third Edition

34 Security+ Guide to Network Security Fundamentals, Third Edition

35 Proxy Server (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

36 Honeypot Honeypot Three primary purposes of a honeypot:
Intended to trap or trick attackers A computer typically located in a DMZ that is loaded with software and data files that appear to be authentic Yet they are actually imitations of real data files Three primary purposes of a honeypot: Deflect attention Early warnings of new attacks Examine attacker techniques Security+ Guide to Network Security Fundamentals, Third Edition

37 Honeypot (continued) Types of honeypots
Production honeypots Research honeypots Information gained from honeypots can be both useful as well as alarming Information gained from studies using honeypots can be helpful in identifying attacker behavior and crafting defenses Security+ Guide to Network Security Fundamentals, Third Edition

38 Network Intrusion Detection Systems (NIDS)
Network intrusion detection system (NIDS) Watches for attempts to penetrate a network NIDS work on the principle of comparing new behavior against normal or acceptable behavior A NIDS looks for suspicious patterns Security+ Guide to Network Security Fundamentals, Third Edition

39 Network Intrusion Detection Systems (NIDS) (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

40 Network Intrusion Detection Systems (NIDS) (continued)
Functions a NIDS can perform: Configure the firewall to filter out the IP address of the intruder Launch a separate program to handle the event Play an audio file that says “Attack is taking place” Save the packets in a file for further analysis Send an entry to a system log file Send , page, or a cell phone message to the network administrator Terminate the TCP session by forging a TCP FIN packet to force a connection to terminate Security+ Guide to Network Security Fundamentals, Third Edition

41 Host and Network Intrusion Prevention Systems (HIPS/NIPS)
Intrusion prevention system (IPS) Finds malicious traffic and deals with it immediately A typical IPS response may be to block all incoming traffic on a specific port Host intrusion prevention systems (HIPS) Installed on each system that needs to be protected Rely on agents installed directly on the system being protected Work closely with the operating system, monitoring and intercepting requests in order to prevent attacks Security+ Guide to Network Security Fundamentals, Third Edition

42 Host and Network Intrusion Prevention Systems (HIPS/NIPS) (continued)
Most HIPS monitor the following desktop functions: System calls File system access System Registry settings Host input/output HIPS are designed to integrate with existing antivirus, anti-spyware, and firewalls HIPS provide an additional level of security that is proactive instead of reactive Security+ Guide to Network Security Fundamentals, Third Edition

43 Host and Network Intrusion Prevention Systems (HIPS/NIPS) (continued)
Network intrusion prevention systems (NIPS) Work to protect the entire network and all devices that are connected to it By monitoring network traffic NIPS can immediately react to block a malicious attack NIPS are special-purpose hardware platforms that analyze, detect, and react to security-related events Can drop malicious traffic based on their configuration or security policy Security+ Guide to Network Security Fundamentals, Third Edition

44 Protocol Analyzers Three ways for detecting a potential intrusion
Detecting statistical anomalies Examine network traffic and look for well-known patterns of attack Use protocol analyzer technology Protocol analyzers Can fully decode application-layer network protocols Different parts of the protocol can be analyzed for any suspicious behavior Security+ Guide to Network Security Fundamentals, Third Edition

45 Internet Content Filters
Monitor Internet traffic and block access to preselected Web sites and files A requested Web page is only displayed if it complies with the specified filters Unapproved Web sites can be restricted based on the Uniform Resource Locator (URL) or by matching keywords Security+ Guide to Network Security Fundamentals, Third Edition

46 Internet Content Filters (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

47 Integrated Network Security Hardware
Types of hardware security appliances: Dedicated security appliances provide a single security service Multipurpose security appliances that provide multiple security functions Integrated network security hardware Combines or integrates multipurpose security appliances with a traditional network device such as a switch or router Particularly attractive for networks that use IDS Security+ Guide to Network Security Fundamentals, Third Edition

48 Summary Subnetting involves dividing a network into subnets that are connected through a series of routers Similar to subnetting, a virtual LAN (VLAN) allows users who may be scattered across different floors of a building or campuses to be logically grouped Convergence is the integration of voice and data traffic over a single IP network Network technologies can also help secure a network Network address translation (NAT) Network access control (NAC) Security+ Guide to Network Security Fundamentals, Third Edition

49 Summary (continued) Different network security devices can be installed to make a network more secure Network intrusion detection systems (NIDS) monitor the network for attacks and if one is detected will alert personnel or perform limited protection activities Internet content filters monitor Internet traffic and block attempts to visit restricted sites Security+ Guide to Network Security Fundamentals, Third Edition

Download ppt "Security+ Guide to Network Security Fundamentals, Third Edition"

Similar presentations

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security.

Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security.
Chapter 12 Network Security.

Chapter 12 Network Security.
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Similar presentations

Ads by Google