Beruflich Dokumente
Kultur Dokumente
Objectives
Explain the fundamentals of TCP/IP networking Describe the threats to network security Explain the goals of network security Describe a layered approach to network defense Explain how network security defenses affect your organization
IP Addressing
Attackers can gain access to networks by determining IP addresses of computers IP address components
Network address Host address Subnet mask
Try to hide IP addresses to prevent certain attacks Network Address Translation (NAT)
Translate IP addresses into other IP addresses Used to hide real IP addresses
IP header structure
Part of an IP packet that computers used to communicate IP header plays an important role in terms of network security and intrusion detection
Guide to Network Defense and Countermeasures, Second Edition 8
10
IP fragmentation
Allows large packets to pass through routers Routers divide packets into multiple fragments and send them along the network Fragmentation creates security problems
Port numbers appear only in fragment 0 Fragments 1 and higher pass through filters without being scrutinized
Guide to Network Defense and Countermeasures, Second Edition 11
ICMP Messages
Internet Control Message Protocol (ICMP) Assists TCP/IP networks with troubleshooting communication problems Can tell if another host is alive Firewalls and packet filters should be used to filter ICMP messages
12
13
TCP Headers
Provide hosts with additional flags Flags are important from a security standpoint
Used to create packet-filtering rules
Flags
URG (urgent) ACK (acknowledge) PSH (push function) RST (reset the connection) SYN (synchronize sequence numbers) FIN (finished)
14
15
UDP Headers
UDP provides a datagram transport service for IP UDP is considered unreliable
Because it is connectionless
UDP is used for broadcasting messages Attackers scan for open UDP services to exploit UDP packets have their own headers
16
17
DNS attacks
Buffer overflow Zone transfer Cache poisoning
18
Encryption
Concealing information to render it unreadable
Except to the intended recipients
Firewalls often encrypt data leaving the network and decrypt incoming packets Encryption often makes use of digital certificates Digital certificate
Electronic document containing encryption keys and a digital signature
19
20
Types of Attackers
Knowing the types of attackers helps you anticipate Motivation to break into systems
Status Revenge Financial gain Industrial espionage
21
Disgruntled employees
Access customer information, financial files, job records, or other sensitive information from inside an organization When an employee is terminated, security measures should be taken immediately
Guide to Network Defense and Countermeasures, Second Edition 22
Packet monkeys
Block Web site activities using DDoS attacks
Guide to Network Defense and Countermeasures, Second Edition 23
24
Malicious Code
Malware
Malicious code
25
Trojan program
Harmful computer program that appears to be something useful Can create a back door
Guide to Network Defense and Countermeasures, Second Edition 26
27
28
29
30
31
32
33
Always-on Connectivity
Computers using always-on connections are easier to locate and attack Remote users pose security problems to network administrators Always-on connections effectively extend the boundaries of your corporate network
Guide to Network Defense and Countermeasures, Second Edition 34
35
37
38
Ensuring Privacy
Databases with personal or financial information need to be protected
Legislation exists that protects private information
39
Providing Nonrepudiation
Nonrepudiation is important when organizations do business across a network
Rather than face-to-face
Nonrepudiation
Capability to prevent one participant from denying that it performed an action
40
Integrity
Ensures the accuracy and consistency of information during all processing
Availability
Makes sure those who are authorized to access resources can do so in a reliable and timely manner
41
42
43
Physical Security
Refers to measures taken to physically protect a computer or other network device Physical security measures
Computer locks Lock protected rooms for critical servers Burglar alarms Uninterruptible power supply (UPS)
44
Authentication methods
Something user knows Something user has Something user is
OSs must be timely updated to protect from security flaws Stop any unneeded services Disable Guest accounts
46
Antivirus Protection
Virus scanning
Examines files or e-mail messages for indications that viruses are present
Viruses have suspicious file extensions Antivirus software uses virus signatures to detect viruses in your systems
You should constantly update virus signatures
Firewalls and IDSs are not enough You should install antivirus software in hosts and all network computers
Guide to Network Defense and Countermeasures, Second Edition 47
Packet Filtering
Block or allow transmission of packets based on
Port number IP addresses Protocol information
Operating systems
Built-in packet filtering utilities that come with some OSs
Software firewalls
Enterprise-level programs
Guide to Network Defense and Countermeasures, Second Edition 48
Firewalls
Firewalls control organizations overall security policies Permissive versus restrictive policies
Permissive
Allows all traffic through the gateway and then blocks services on case-by-case basis
Restrictive
Denies all traffic by default and then allows services on case-by-case basis
49
50
It might also contain a DNS server DMZ is sometimes called a service network or perimeter network
51
52
53
Reviewing and maintaining log files helps you detect suspicious patterns of activity You can set up blocking rules based on logged information from previous attack attempts
54
Tedious and time consuming task Record and analyze rejected connection requests Sort logs by time of day and per hour Check logs during peak traffic time
System events Security events Traffic Packets
55
56
57
59
Summary
Knowledge of TCP/IP networking is important when securing a network IP and TCP (or UDP) header section contain setting that can be exploited Domain Name Service (DNS)
General-purpose service that translates fully qualified domain names into IP addresses
Encryption can be used to protect data Network intruders are motivated by a variety of reasons
Guide to Network Defense and Countermeasures, Second Edition 60
Summary (continued)
E-mail is one of the most important services to secure
Malicious scripts can be delivered via e-mail
Auditing helps identify possible attacks and prevent from other attacks
Guide to Network Defense and Countermeasures, Second Edition 61
Summary (continued)
Routers at the border of a network are critical to the movement of all traffic
Legitimate and harmful