Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network security threats and mitigation Unit objectives Explain common threats and vulnerabilities Explain common mitigation techniques Categorize different.

Published byByron Ford Modified over 9 years ago

Similar presentations

Presentation on theme: "Network security threats and mitigation Unit objectives Explain common threats and vulnerabilities Explain common mitigation techniques Categorize different."— Presentation transcript:

1 Network security threats and mitigation Unit objectives Explain common threats and vulnerabilities Explain common mitigation techniques Categorize different types of network security appliances and methods Install and configure a firewall

2 Topic A Topic A: Network security threats Topic B: Threat mitigation Topic C: Network security appliances and methods Topic D: Installing and configuring a firewall

3 Wireless security threats Theft, rogue devices Default configuration of access points RF traffic Lack of encryption One-way authentication Client connection requests War chalking, war driving

4 Vulnerabilities of access points Physical access Firmware vulnerabilities Default accounts

5 Wi-Fi scanners Physical devices Laptop software –Airsnort –NetStumbler War driving War chalking Interference attacks Evil-twin attacks

6 War chalking symbols

7 Activity A-1 Scanning for insecure access points

8 Denial-of-service attacks Consume or disable resources by flooding systems with TCP/IP packets Hit client computers and servers

9 Distributed DoS attacks Attacker uses multiple hosts Handlers Zombies

10 DDoS countermeasures Packet filtering Turn off directed broadcasts Block ports

11 Man-in-the-middle attacks Web spoofing Information theft TCP hijacking ARP poisoning ICMP redirect DNS poisoning

12 Buffer overflow Attackers insert malicious code Remote execution capability

13 FTP bounce attacks Use FTP port command Bypass security measures

14 Smurf attacks Flood a host with ICMP packets Use third-party network Configure routers to drop specific ICMP packets

15 Malware Viruses Worms

16 Activity A-2 Discussing attacks on wired networks

17 Social engineering Hacking people, not computers Goals include fraud, network intrusion, espionage, identify theft, disruption Shoulder surfing

18 Attack types Dumpster diving Hoax Impersonation Phishing Pharming Shoulder surfing Skimming Spam Spear phishing Spim Tailgating Vishing Whaling

19 Social engineering countermeasures Awareness Communicate security needs Policies

20 Activity A-3 Discussing social engineering

21 Topic B Topic A: Network security threats Topic B: Threat mitigation Topic C: Network security appliances and methods Topic D: Installing and configuring a firewall

22 Antivirus software Combat viruses Real-time scanners Checksum Definition files Antivirus products

23 Securing the operating system Hardening Hotfixes Patches Updates Service packs

24 Windows Update

25 Updates Important Recommended Optional

26 Activity B-1 Updating the operating system

27 Patch management View list of installed updates View update information Uninstall updates when necessary

28 Activity B-2 Managing software patches

29 Security policies Acceptable use Due care Privacy Separation of duties Need-to-know information Password management Account expiration Service-level agreements Ways to destroy or dispose of equipment, electronic media, and printed documents

30 Acceptable use Defines how computer and network resources can be used Protects information and limits liabilities and legal actions Addresses productivity issues Employees should read and sign document

31 Due care Judgment or care exercised in a given circumstance Identifies risks to organization Assesses risks and measures to be taken to ensure information security

32 Privacy Privacy of customer and supplier information –Contracts –Sales documents –Financial data –Personally identifiable information Compromised information causes entities to lose trust

33 Separation of duties Avoids one person having all knowledge of a process –Potential for abuse –Knowledge leaves with person Distribute tasks Document all procedures Security divided into multiple elements –Each element assigned to different people

34 Need to know Sensitive information accessed only by those who must Give IT team just enough permissions to perform duties Give explicit access to those who need it

35 Password management Minimum password length Required characters Reset interval Reuse How users handle Check for weak passwords

36 Account expiration Unneeded counts disabled or deleted Disable accounts for extended leaves

37 Service-level agreement Contract between service provider and end-user Defines levels of support Documents penalties Covers disaster recovery plans Contingency plans

38 Disposal and destruction Degauss magnetic media Zeroize drives Physically destroy media Lock recycle bins Shred or burn documents

39 Activity B-3 Creating a security policy

40 Human resources policies Document manual procedures for automated duties Access policies –ID badges –Keys –Restricted-access areas Personnel management –Hiring process –Employee review and maintenance –Employee termination

41 Incident response policy 1.Preparation 2.Detection 3.Containment 4.Eradication 5.Recovery 6.Follow-up

42 Preparation Have steps in place Balance easy access with effective controls Identify steps to be taken Acceptable risks Due diligence

43 Detection Ask questions and document responses

44 Containment Shut down or take equipment offline Increase monitoring

45 Eradication Clean or delete files Restore data

46 Recovery Equipment Storage devices Passwords

47 Follow-up Document entire process Use documents for training or for legal proceedings

48 Activity B-4 Creating an incident response and reporting policy

49 Education Educate staff about security –Network administrators –End-users Enables all employees to be part of security team Enables regular user to see potential security problems or security violations Customize as needed –Big picture for end-users –Detailed knowledge for administrative users –Exhaustive knowledge for security administrators

50 Communication Identify what information can be shared and with whom Identify what information can never be shared Prove identity Social engineering threats

51 User awareness Reason for training Security contacts Whom to contact about security incidents Actions to take Policies about system account use Policies about system media use Techniques for sanitizing media and hard copies Maintaining security of accounts Application and data policies Internet, Web, and e-mail policies

52 Activity B-5 Identifying the need for user education and training

53 Topic C Topic A: Network security threats Topic B: Threat mitigation Topic C: Network security appliances and methods Topic D: Installing and configuring a firewall

54 Assessment types Threat Vulnerability Risk

55 Vulnerability assessments 1.Establish a baseline 2.Review the code 3.Determine the attack surface 4.Review the architecture 5.Review the design

56 Vulnerability testing tools Port scanners Network mappers Password crackers Nessus and other dedicated scanning applications

57 Intrusion detection Types –Anomaly-based, heuristic –Behavior-based –Signature-based IDS monitors for attacks IPS takes action NIDS: network IDS HIDS: host-based IDS

58 Events True negative True positive False positive False negative

59 Activity C-1 Discussing IDS characteristics

60 NIDS Monitors network for signs of attack Network location Indicators of malicious activity Active reaction options Passive reaction options

61 IDScenter for Snort

62 Example Snort rule alert icmp any any -> any any (msg: “ICMP alert”;sid:2;) Type (alert, log, etc.) Protocol to watch Source IP address Source port ID number (required) Target IP Message for log or alert Target port

63 HIDS Monitors a single host HIDS operation Logs File modifications Application and resource monitoring Network traffic monitoring

64 Advantages of HIDS over NIDS Verify success or failure of attack Monitor individual users Monitor local attacks Not dependent on network (topology, location, and so forth)

65 Activity C-2 Comparing host-based and network intrusion detection systems

66 Honeypots and honeynets Honeypot: single host Honeynet: network Traps for attackers Purposes Ethical and legal considerations

67 Honeypot examples HoneyPoint Symantec Decoy Server Specter PacketDecoy HoneyBot Honeyd Project Honey Pot

68 Honeypot deployment

69 Activity C-3 Examining the role and use of honeypots and honeynets

70 Topic D Topic A: Network security threats Topic B: Threat mitigation Topic C: Network security appliances and methods Topic D: Installing and configuring a firewall

71 Firewalls and proxies Traffic control devices Techniques –NAT and PAT –Packet filtering –Stateful packet inspection –Access control lists

72 Firewall categories Network-layer firewalls Application-layer firewalls

73 Activity D-1 Examining firewalls and proxy servers

74 Security zones Network regions with various levels of security –Trusted zone –Semi-trusted zone –Untrusted zone

75 Intranet zone Organization’s own network Highly trusted Private address space Separated from public network

76 Perimeter network DMZ Network between intranet and Internet Not used in every network

77 DMZ options Screened host Bastion host Three-homed firewall Back-to-back firewalls Dead zone

78 Screened host

79 Bastion host

80 Three-homed firewall

81 Back-to-back firewalls

82 Dead zone

83 Traffic filtering Outgoing traffic Incoming traffic

84 NAT and PAT Correlate internal and external addresses Address availability Security

85 Port address translation Ports differentiate internal servers Common ports PAT enables –Sharing of single external IP address –Added security for internal but publicly accessible servers

86 Activity D-2 Examining NAT and PAT devices

87 Firewall administration Host-based; network-based Software-based firewall vs. dedicated appliance Rules-based Network layer vs. Application layer

88 Rule planning What traffic must always be allowed? What traffic must always be blocked? Which systems must accept unsolicited inbound connections? Can you use IPSec, Kerberos, etc.? Do you need to permit remote access? Do default rules meet your needs?

89 Activity D-3 Configuring firewall rules

90 Port security Blocks rogue applications Configure at host level Use GPO or provisioning tool

91 Activity D-4 Blocking ports with a firewall

92 Unit summary Explained common threats to and vulnerabilities in network security Explained common mitigation techniques Categorized different types of network security appliances and methods Installed and configured a firewall

Download ppt "Network security threats and mitigation Unit objectives Explain common threats and vulnerabilities Explain common mitigation techniques Categorize different."

Similar presentations

Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Separate Domains of IT Infrastructure

Separate Domains of IT Infrastructure
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Similar presentations

Ads by Google