slide1
Download
Skip this Video
Download Presentation
Introduction to Network Security November 20 th , 2007

Loading in 2 Seconds...

play fullscreen
1 / 43

Network Security slides - PowerPoint PPT Presentation


  • 365 Views
  • Uploaded on

Introduction to Network Security November 20 th , 2007. Presented by Aliza Bailey and Phil Ames. The Net is NOT the Web. The Internet: TCP/IP, the “road” if you will that other protocols run on

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Network Security slides' - sherlock_clovis


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Introduction to Network Security

November 20th, 2007

Presented by Aliza Bailey and Phil Ames

the net is not the web
The Net is NOT the Web

The Internet: TCP/IP, the “road” if you will that other protocols run on

The Web: one of the “vehicles” that run on this road. Other vehicles would include email, chat programs, file transfer programs and protocols, etc.

slide3

Introducing…

Your Network Exploits

malware

Malware

“A generic term for a number of different types of malicious code, can include spyware, worms, viruses, etc created with the intent of infiltrating a system without permission and causing destruction, also called “Computer Contaminants””

virus

Virus

“A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting - i.e., inserting a copy of itself into and becoming part of - another program. A virus cannot run by itself; it requires that its host program be run to make the virus active “

trojans backdoors

Trojans/Backdoors

“A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.”

keyloggers

Keyloggers

“Programs designed to log key strokes entered by a user on a machine. When used negatively, this information is transmitted to a remote location to collect the personal data”

rootkits

Rootkits

“A collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.”

botnets

Botnets

“A collection of compromised, broadband-enabled PC’s hijacked during a worm/virus attack and infected with software that links them to a server where they receive “instructions” from a botnet controller. These are then used to participate in further virus/worm/spam assaults and Denial of Service attacks”

denial of service aka dos

Denial of Serviceaka DoS

“An event or series of events that prevents a system or network from performing its intended function”

This can come from a botnet or a more direct attack. In the basic sense, more packets or data is sent to a victim than the victim can handle and the system crashes.

phishing spam

Phishing & Spam

“The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with. Spam is any unwanted unsolicited message. Spam is usually sent via email”

breaking down barriers

Breaking Down Barriers

Eliminate the “Does not apply to me” attitude with users

breaking down barriers15
Breaking Down Barriers
  • Users need to be active members of your “security team” as they are certainly members of your “network abuse” squad
  • Educate them now on proper security practices and their benefits before they have to learn the hard way
  • One compromised machine in a network is all that is needed to affect the entire network
getting to know your network

Getting to Know Your Network

You can not defend what you do not understand.

getting to know your network18
Getting to Know Your Network
  • DOCUMENTATION IS KEY
    • Baseline your network and core devices
    • Port to Jack conversion list
    • MAC Address inventory
    • Static IP address list
    • Knowing where to go when an event occurs is absolutely necessary
      • Vendor information
      • Physical location of devices
getting to know your network19
Getting to Know Your Network
  • Understand the flow of traffic in your network
    • Ingress traffic
      • This is your inbound traffic
    • Egress traffic
      • This is your outbound traffic
    • Traceroutes
      • Is your network symmetrical? Do you have more than one internet presence? Are your packets traveling the correct route?
getting to know your network20
Getting to Know Your Network
  • RESEARCH YOUR PRODUCTS!!!
    • What Operating Systems live in your environment?
    • Understand any products you want to introduce into your network, including their purpose, placement, and your expectations
    • Create a test environment mirroring your production network to fully test new equipment
defense in depth

Defense in Depth

Multiple layers are always better than one.

defense in depth22
Defense in Depth
  • Proactive Defense
    • Preventing the fire from starting
      • Firewalls
      • Content Filtering
      • Intrusion Prevention Devices
      • Traffic engineering
      • Network Monitoring
      • Base lining your network and core devices
      • Acceptable use policies
defense in depth23
Defense in Depth
  • Reactive Defense
    • Putting out the fires
      • Intrusion Detection Systems
      • System backups
      • Forensic based programs
        • Fport, nmap
      • Network Monitoring tools
        • TCPDump, WinDump, Ethereal, Snort
defense in depth24

Defense in Depth

Desktop Level

defense in depth25
Defense in Depth
  • Antivirus
    • The “flu shot” of the security world
      • Anti virus is the most basic level of desktop security and should be present on all workstations, servers, laptops, etc
      • This is not a replacement for better security practices. Definitions need constant updating to meet the ever growing number of viruses present. The time between virus identification and definition distribution has shrunk as technology increases, however the gap still exists
defense in depth26
Defense in Depth
  • Anti-Spyware
    • Common programs available are spybot, ad-aware, and most antivirus suites now include anti-spyware options
    • As with anti virus software, these programs require regular updates to remain effective
defense in depth27
Defense in Depth
  • Host Based Firewalls
    • Windows XP comes standard with a firewall, there are also popular options such as ZoneAlarm, Norton Personal Firewall, Black Ice, McAfee Personal Firewall, etc
    • Controls application access on machines while network based firewalls control the data flow to the machine
    • Learning curve: end users usually need assistance in configuring the rules properly to avoid blocking legitimate applications
defense in depth28
Defense in Depth
  • Physical Access
    • Login: All machines should require authentication to the box or domain controller, no guest accounts!
    • Removable storage: unless otherwise needed, removable storage like thumb drives should be restricted from being introduced to your network
    • Location: Are your servers open to be accessed by anyone? Is your file server sitting on your desk?
defense in depth29
Defense in Depth
  • Passwords
    • Passphrases: easier to remember, can be “fun” and more personal
    • Special Characters, Numbers, Case sensitivity
    • Length: longer = better
    • Set a minimum password policy!
defense in depth31
Defense in Depth
  • Patching & Updating
    • Set it and forget it! Setting up all machines to automatically download and install updates takes the guess work out of it
    • Do not forget to patch and update all softwares used, not just the OS. This includes Microsoft Office, Quicktime, antivirus, anti-malware, etc.
network level defense

Network Level Defense

Border Patrol

Keeping the bad guys from reaching your users

network level defense33
Network Level Defense
  • Router Security
    • Routers allow for more concise security measures to be implemented than their switch and hub brethren
    • Networks can be segregated by VLANS
    • Traffic can be engineered with access control lists
network level defense34
Network Level Defense
  • Router Security
    • Lock down access to the router
      • Always require a login, be it a local account, RADIUS authentication, etc.
      • Restrict access only to those networks/IP addresses that should be accessing the device
        • Do you access this router from outside your work network?
        • Do you only access this router from one particular workstation?
network level defense35
Network Level Defense
  • Router Security
    • Lock down port access
      • Restricting what can be plugged into your network and where reduces the occurrence of rogue routers/switches/hubs, wireless access points, and laptops
      • Usually accomplished by MAC address restrictions
network level defense36
Network Level Defense
  • Access Control Lists (ACL’s)
    • A Standard ACL can restrict ingress and egress network traffic based upon the source IP, network, or subnet
    • An Extended ACL (Cisco) can restrict ingress and egress network traffic based upon source and destination networks, along with ports and protocols
    • Extremely important to map out EXACTLY what you want to allow/deny access to
    • As with Firewalls, better to maintain a “deny all, permit by exception” list
network level defense37
Network Level Defense

· Routers apply lists sequentially in the order in which you type them into the router.· Routers apply lists to packets sequentially, from top down, one line at a time.· Packets are processed only until a match is made and then they are acted upon based on the access list criteria contained in the access list statements.· Lists always end with an implicit deny. Routers discard any packets that do not match any of the access list statements.· Access lists must be applied to an interface as either inbound or outbound traffic filters.· Only one list per direction can be applied to an interface.

network level defense38
Network Level Defense

Example: Restricting network access only to one network

Permits any IP in the 64.251.55.0/28 network to go anywhere, denies all else

IP access list 99

10 permit ip 64.251.55.0 0.0.0.15 any

20 deny ip any any

interface Vlan2

ip address 64.251.55.1 255.255.255.240

ip access-group 100 in

no ip unreachables

Applied INBOUND to the VLAN interface. Inbound means traffic coming into that interface from machines internal to your network

network level defense39
Network Level Defense

Example: Restricting traffic even more with extended ACL’s

ip access-list extended School_Security

permit tcp 10.10.10.0 0.0.0.255 10.0.0.0 0.255.255.255 eq smtp

permit tcp 10.10.10.0 0.0.0.255 160.241.0.0 0.0.255.255 eq smtp

deny tcp any any eq smtp

deny udp any any eq snmp

permit tcp 10.10.10.0 0.0.0.255 any eq www

permit tcp 10.10.10.0 0.0.0.255 any eq 8888

deny ip any any

This ACL will allow SMTP access for the 10.10.10.0/24 network only to the two networks stated, deny all others. Next, access to WWW and TCP port 8888 is allowed, nothing else. This example works in direct conjunction with our HTTPS proxy

network level defense40
Network Level Defense
  • Firewalls
    • A firewall is similar to a wall around a city or a wall around a building. It can prevent traffic from going into or out of the city except through designated gates. Another term for these gates would be ports. For example, if you want someone to be able to send you email, you would open up a specific gate and email could get into your network.
network level defense41
Network Level Defense
  • Firewalls
    • Network Layer
      • Packet filtering usually based on source IP address, source port, destination IP address or port, destination service like WWW or FTP
    • Application Layer
      • Filters for applications, like XML/WWW/FTP, to provide more protection for the specified application
    • Proxies
      • May be used in a firewall fashion to hide internal networks
network level defense42
Network Level Defense
  • Wireless Security
    • Restrict access! No public access should be available
      • Disable SSID broadcasting
      • Restrict access to known users (by MAC)
    • ENCRYPT ENCRYPT ENCRYPT!!!
      • Even if you only use WEP, use it.
      • Consult your product documentation for instructions
slide43

“Best Practices” Summary

  • Document your network
  • Research your products
  • Inform and educate your users
  • Set a security policy and follow it
  • Be proactive or suffer the consequences of only reacting to events
  • Multiple layers of security: Network and Desktop
  • Passwords!
  • Patch and Update everything
  • Secure ALL wireless connections!!!
  • DENY ALL PERMIT BY EXCEPTION
ad