Objectives
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

Objectives: PowerPoint PPT Presentation


  • 65 Views
  • Uploaded on
  • Presentation posted in: General

Chapter 10: Data Centre and Network Security. Objectives:. Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * *. Proxies and gateways. Information direction. Internet. Gateway. Client. Destination server. Information direction. Internet.

Download Presentation

Objectives:

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Objectives

Chapter 10: Data Centre and Network Security

Objectives:

  • Proxies and Gateways* Firewalls* Virtual Private Network (VPN)* Security issues * * * *


Objectives 3115492

Proxies and gateways

Information direction

Internet

Gateway

Client

Destination

server

Information direction

Internet

Proxy

Destination

server

Client

  • A gateway is a network point that acts as an entrance to another network.

  • a proxy server acts as a go-between requests from clients seeking resources and servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules and pass on the request, if allowed, to the appropriate server.

  • A computer server acting as a gateway node is often also acting as a proxy server and a firewall server.


Objectives 3115492

Net 1

Allowable incoming

IP addresses:

55.65.100.10

192.54.192.3

Internet

Net 2

Firewall

Allowable outgoing

IP addresses:

146.176.151.10

146.176.151.112

146.176.155.122

Packet filter router or Firewall

A firewall is an integrated collection of security measures designed to prevent unauthorized access to an intranet network. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.


Objectives 3115492

Application-level firewall

Network

connection

Proxy (FTP)

Client

External

systems

Proxy (HTTP)


Objectives 3115492

Application-level firewall

Net 1

Internet

Net 2

Firewall

A

Gateway

Firewall

B

Firewall A only

accepts data packets

addressed to the gateway

Firewall B only

accepts data packets

addressed to the gateway


Objectives 3115492

Ring-fenced firewall

Audit

monitor

Site 1

Firewall

Audit

monitor

Site 2

Firewall

Router

Firewall

Single external

connection

To the Internet

Site 3

Firewall


Objectives 3115492

Filtering routers (Firewalls)

Site 1

Site 3

Firewall

Monitoring

Software

Site 2

Firewall

IP

TCP/UDP

INCOMING OUTGOING

Allowed Disallowed Allowed Disallowed

Protocol (TCP/UDP)

Source Port

Destination Port

Source IP address

Destination IP address


Objectives 3115492

Net 3

Intranet

over the Internet

Internet

Net 4

Firewall

Routers with

encyption/

decryption

Firewall

Net 1

Net 2

Encryption tunnels or Virtual Private Network (VPN)


Encryption tunnels

Encryption tunnels

User’s public key is

used to encrypt data

Encrypted

data

ENCR

INFO

INFO

User’s private key is

used to decrypt data

Private

Private

Public

Public

key

key

key

key


Objectives 3115492

Virtual Private Network (VPN)

Basically, a VPN is a private network (LAN) that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses "virtual“connections routed through the Internet from the company's private network to the remote site or employee.

A typical VPN might have a main LANat the corporate headquarters of a company, other LANs at remote offices or facilities and individual users connecting from out in the field.


Security risks

Security Risks

  • Security

  • Data protection. This is typically where sensitive or commercially important information is kept. It might include information databases, design files or source code files. One method of reducing this risk is to encrypt important files with a password and/or some form of data encryption.

  • Software protection. This involves protecting all the software packages from damage or from being misconfigured. A misconfigured software package can cause as much damage as a physical attack on a system, because it can take a long time to find the problem.

  • Physical system protection. This involves protecting systems from intruders who might physically attack the systems. Normally, important systems are locked in rooms and then within locked rack-mounted cabinets.

  • Transmission protection. This involves a hacker tampering with a transmission connection. It might involve tapping into a network connection or total disconnection. Tapping can be avoided by many methods, including using optical fibres which are almost impossible to tap into (as it would typically involve sawing through a cable with hundreds of fibre cables, which would each have to be connected back as they were connected initially). Underground cables can avoid total disconnection, or its damage can be reduced by having redundant paths (such as different connections to the Internet).


Security issues

Security issues

  • Hacking methods

  • IP spoofing. Involves a hacker stealing an authorized IP address, and using it.

  • Packet-sniffing. Listens from TCP/IP.

  • Password attack. Hacker runs programs which determine the password of a user. Once into the system the hacker can then move onto other, more trusted, users.

  • Session hi-jacking attacks. Hacker taps into a conversation between two computers. A remote trusted user could start the conversation, but the hacker could continue it.

  • Shared library attacks.

  • Social engineering attacks. Typically a hacker uses social methods to determine a user’s password.

  • Technological vulnerability attack. The hacker attacks a vulnerable part of the system, such as rebooting the computer, spreading viruses, etc.

  • Trust-access attacks. Hacker adds their system to one of the trusted systems. The hacker can then get full administrator privileges.


Best practices for high security networks

Best practices for high-security networks

BAN EXTERNAL CONNECTIONS. In a highly secure network, all external traffic should go through a strong firewall. There should be no other external connections on the network. If possible, telephone lines should be monitored to stop data being transferred over without going through firewall.

SECURE ACCESS TO RESOURCES. Typically users must use swipe cards, or some biometric technique to gain access to a restricted domain.

VIRUSES PROTECTION. All computers which access the Internet should be well protected against malicious programs and viruses.

FIREWALLS USED BETWEEN DOMAINS. Internal hackers can be as big a problem as external hackers. Thus firewalls should be used between domains to limit access.

BASE AUTHENTICATION ON MAC ADDRESSES. Network addresses do not offer good authentication of a user, as they can be easily spoofed. An improved method is to check the MAC address of the computer (as no two computers have the same MAC address).

MONITORING of LOG EVENT. All the important security related events should be monitored within each domain. If possible they should be recorded over a long period of time. Software should be used to try and determine incorrect usage.


Intrusion detection system ids

Intrusion Detection System (IDS)

intrusion detection is an important part of solid network security strategy, especially for administrator that implement the best practice of defense in depth.

provides monitoring of network resources to detect intrusion and attacks that were not stopped by the preventative techniques. For many reasons, it is impossible for firewalls to prevent all attacks.


Intrusion detection approach

Intrusion Detection approach

  • anomaly detection:

  • *Baseline is defined to describe normal state of network or host

  • *Any activity outside baseline is considered to be an attack


Signature detection

signature detection:

  • *Also know as misuse detection

  • *IDS analyzes information it gathers and compares it to a database of known attacks, which are identified by their individual signatures.

  • The signature detection method is good at detecting known attacks .Signature enable the IDS to detect an attack without any knowledge of normal traffic in given network, but also requires a signature be created and entered onto the sensors database


Protected system

Protected System

  • primarily two types of intrusion detection systems on the market today , those that are host based and those that are network based.


Host based ids

Host-based IDS

  • to protect a critical network server

  • host-based IDS agent use resources on the host server (disk space, memory, and processor time)

  • analyzing the logs of operating systems and applications

  • monitoring of file checksums to identify change


Network based ids

Network-based IDS

  • monitor activity on one or more network segments, while host-based IDS are software agents that reside on the protected system

  • NIDS analyze all passing traffic

  • NIDS sensors usually have two network connection , one that operates to sniff passing traffic , and to send data such as alerts to a centralized management system


Nids architecture

NIDS Architecture

  • Place IDS sensors strategically to defend most valuable assets

  • Typical locations of IDS sensors

    • Just inside the firewall

    • On the DMZ

    • On the server farm segment

    • On network segments connecting mainframe or midrange hosts


Firewalls

Firewalls

  • Basic packet filtering

    • Protocol type

    • IP address

    • TCP/UDP port

    • Source routing information

  • Access control lists (ACL)

  • Rules built according to organizational policy that defines who can access portions of the network.


Demilitarized zone dmz

Demilitarized zone (DMZ)

  • Area set aside for servers that are publicly accessible or have lower security requirements

  • Sits between the Internet and internal network’s line of defense


Shunning or blocking

shunning or blocking


Network ids reactions

Network IDS reactions

  • Tcp resets


  • Login