Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

Published byMalcolm Casey Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement."— Presentation transcript:

1 Network Security Chapter 11 powered by DJ 1

2 Chapter Objectives  Describe today's increasing network security threats and explain the need to implement a comprehensive security policy to mitigate the threats.  Explain general methods to mitigate common security threats to network devices, hosts, and applications  Describe the functions of common security appliances and applications  Describe security recommended practices including initial steps to secure network devices At the end of this Chapter you will be able to: powered by DJ 2

3 Perimeter, Firewall, and Internal Routers  Typically, in medium to large enterprise networks, the various strategies for security are based on a some recipe of internal and perimeter routers plus firewall devices. Internal routers provide additional security to the network by screening traffic to various parts of the protected corporate network, and they do this using access lists. You can see where each of these types of devices are found in Figure below. powered by DJ 3

4 A Typical Secured Network powered by DJ 4

5 Recognizing Security Threats let’s examine some common attack profiles:  Application-layer attacks These attacks commonly zero in on well-known holes in the software that’s typically found running on servers. Favorite targets include FTP, send mail, and HTTP. Because the permissions level granted to these accounts is most often “privileged,” bad guys simply access and exploit the machine that’s running one of these applications.  Trojan horse attacks and viruses powered by DJ 5

6  Backdoors These are simply paths leading into a computer or network. Through simple invasions, or via more elaborate “Trojan horse” code, bad guys can use their implanted inroads into a specific host or even a network whenever they want to—until you detect and stop them.  IP spoofing  Packet sniffers  Password attacks  Brute force attack  Port redirection attacks  Denial of service (DoS) attack powered by DJ 6

7 Mitigating Security Threats  What solution should we use to mitigate security threats? Something from Juniper, McAfee, or some other firewall product? NO, we probably should use something from Cisco.  Cisco IOS software runs on upwards of 80 percent of the Internet backbone routers out there; it’s probably the most critical part of network infrastructure. So let’s just keep it real and use the Cisco. IOS’s software-based security, known as the Cisco IOS Firewall feature set, for our end-to-end Internet, intranet, and remote- access network security solutions. It’s a good idea to go with this because Cisco ACLs really are quite efficient tools for mitigating many of the most common threats around. powered by DJ 7

8 Cisco’s IOS Firewall  Authentication proxy A feature that makes users authenticate any time they want to access the network’s resources through HTTP, HTTPS, FTP, and Telnet. It keeps personal network access profiles for users and automatically gets them for you from a RADIUS and applies them as well.  Destination URL policy management A buffet of features that’s commonly referred to as URL Filtering.  Per-user firewalls These are basically personalized, user-specific, downloadable firewalls obtained through service providers. You can also get personalized ACLs and other settings via AAA server profile storage. powered by DJ 8

9  Cisco IOS router and firewall provisioning Allows for no-touch router provisioning, version updates, and security policies.  Denial of service (DoS) detection and prevention A feature that checks packet headers and drops any packets it finds suspicious.  Dynamic port mapping A sort of adapter that permits applications supported by firewalls on nonstandard ports.  Java applet blocking Protects you from any strange, unrecognized Java applets. powered by DJ 9

10  Basic and Advanced Traffic Filtering You can use standard, extended, even dynamic ACLs like Lock-and-Key traffic filtering with Cisco’s IOS Firewall. And you get to apply access controls to any network segment you want. Plus, you can specify the exact kind of traffic you want to allow to pass through any segment.  Policy-based, multi-interface support Allows you to control user access by IP address and interface depending on your security policy. powered by DJ 10

11  Network Address Translation (NAT) Conceals the internal network from the outside, increasing security.  Time-based access lists Determine security policies based upon the exact time of day and the particular day of the week.  Peer router authentication Guarantees that routers are getting dependable routing information from actual, trusted sources. (For this to work, you need a routing protocol that supports authentication, like RIPv2, EIGRP, or OSPF.) powered by DJ 11

12 THANK YOU powered by DJ 12

Download ppt "Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Point Protection 111. Check List AAA to the Network Devices Controlling Packets Destined to the Network Devices Config Audits.

Point Protection 111. Check List AAA to the Network Devices Controlling Packets Destined to the Network Devices Config Audits.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
CIT 742: Network Administration and Security Mohammed A. Saleh 1.

CIT 742: Network Administration and Security Mohammed A. Saleh 1.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
1 Packet Sniffers Prepared By: Amer Alhorini Supervised By: Dr. Lo'ai Tawalbeh NYIT New York Institute of Technology.

1 Packet Sniffers Prepared By: Amer Alhorini Supervised By: Dr. Lo'ai Tawalbeh NYIT New York Institute of Technology.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.

Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Similar presentations

Ads by Google