1 / 85

Enterprise Network Security

Enterprise Network Security. Accessing the WAN – Chapter 4. Objectives. Describe the general methods used to mitigate security threats to Enterprise networks Configure Basic Router Security Explain how to disable unused Cisco router network services and interfaces

jbessey
Download Presentation

Enterprise Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Network Security Accessing the WAN– Chapter 4

  2. Objectives • Describe the general methods used to mitigate security threats to Enterprise networks • Configure Basic Router Security • Explain how to disable unused Cisco router network services and interfaces • Explain how to use Cisco SDM • Manage Cisco IOS devices

  3. Security Threats • White hat-An individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them. • Hacker-A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.

  4. Security Threats Continued • Black hat - Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat. • Cracker - A more accurate term to describe someone who tries to gain unauthorized access to network resources with malicious intent. • Phreaker - An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls.

  5. Security Threats Continued • Phreaker - An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls. • Spammer - An individual who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages. • Phisher - Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.

  6. Describe the General Methods used to Mitigate Security Threats to Enterprise Networks • Explain how sophisticated attack tools and open networks have created an increased need for network security and dynamic security policies

  7. Security Policy • RFC2196 states that a "security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide.“ • The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have published a security standard document called ISO/IEC 27002. This document refers specifically to information technology and outlines a code of practice for information security management.

  8. ISO/IEC 27002 - 12 Sections • Risk assessment • Security policy • Organization of information security • Asset management • Human resources security • Physical and environmental security • Communications and operations management • Access control • Information systems acquisition, development, and maintenance • Information security incident management • Business continuity management • Compliance

  9. Security Policy Function • Protects people and information • Sets the rules for expected behavior by users, system administrators, management, and security personnel • Authorizes security personnel to monitor, probe, and investigate • Defines and authorizes the consequences of violations

  10. Physical Security Threats

  11. Describe the General Methods used to Mitigate Security Threats to Enterprise Networks • Describe the most common security threats and how they impact enterprises

  12. Describe the General Methods used to Mitigate Security Threats to Enterprise Networks • Describe the most common types of network attacks and how they impact enterprises

  13. Reconnaissance • Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes another type of attack. Reconnaissance is similar to a thief casing a neighborhood for vulnerable homes to break into, such as an unoccupied residence, easy-to-open doors, or open windows. • Internet information queries • Ping sweeps • Port scans • Packetsniffers

  14. System Access • System access is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.

  15. Denial of Service • Denial of service (DoS) is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable. • DoS can also be as simple as deleting or corrupting information. • In most cases, performing the attack involves simply running a hack or script. For these reasons, DoS attacks are the most feared.

  16. Denial of Service

  17. TCP SYN Flood Attack • A flood of TCP SYN packets is sent, often with a forged sender address. • Each packet is handled like a connection request, causing the server to spawn a half-open connection by sending back a TCP SYN-ACK packet and waiting for a packet in response from the sender address. • The response never comes. • These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends.

  18. Worms, Viruses and Trojan Horses • Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services. Common names for this type of software are worms, viruses, and Trojan horses.

  19. Describe the General Methods used to Mitigate Security Threats to Enterprise Networks • Describe the common mitigation techniques that enterprises use to protect themselves against threats • Personal firewall • Antivirus • OS patches

  20. Describe the General Methods used to Mitigate Security Threats to Enterprise Networks • Explain the concept of the Network Security Wheel

  21. The Security Wheel • Continuous process • Develop security policy • Secure the network • Monitor Security • Test • Improve

  22. The Role of Routers in Network Security Advertise networks and filter who can use them. Provide access to network segments and subnetworks.

  23. Routers are Targets - Router Security • Physical security • Regular router IOS upgrades • Router configuration and IOS backups • Port Security • Disable unused services

  24. Configure Basic Router Security

  25. Encrypt Passwords

  26. Passwords Always use the <enable secret> password command

  27. Minimum Length

  28. Securing Remote Access

  29. Preventing Logins on Unused Lines

  30. Control Incoming VTY Access

  31. Remote Access with SSH SSH uses port 22

  32. SSH Configurations • Step 1: configure router hostname • Step 2: set the domain name • Step 3: generate asymmetric keys • Step 4: configure local authentication and VTY protocol • Step 5: configure ssh timeouts • Step 6: use ssh

  33. Sample SSH Configuration username student password 0 cisco ! ipssh version 1 ipssh time-out 15 ipssh authentication-retries 2 ip domain-name cisco.com ! line vty 0 5 login local transport input ssh

  34. Verifying SSH r1#sho ip ssh SSH Enabled - version 1 Authentication timeout: 120 secs; Authentication retries: 3 More SSH Information in the Network Security course

  35. Show crypto key

  36. Logging Router Activity • Logs allow you to verify that a router is working properly or to determine whether the router has been compromised. In some cases, a log can show what types of probes or attacks are being attempted against the router or the protected network. • Configuring logging (syslog) on the router should be done carefully. • Send the router logs to a designated log host. The log host should be connected to a trusted or protected network or an isolated and dedicated router interface. • Harden the log host by removing all unnecessary services and accounts.

  37. Explain How to Disable Unused Cisco Router Network Services and Interfaces • Describe the router services and interfaces that are vulnerable to network attack

  38. Disable Unused Services

  39. Explain How to Disable Unused Cisco Router Network Services and Interfaces • Explain the vulnerabilities posed by commonly configured management services Covered in CCNP Course

  40. Securing Routing Protocols • Falsified routing information may generally be used to cause systems to misinform (lie to) each other, cause a DoS, or cause traffic to follow a path it would not normally follow. The consequences of falsifying routing information are as follows: • 1. Redirect traffic to create routing loops as shown in the figure • 2. Redirect traffic so it can be monitored on an insecure link • 3. Redirect traffic to discard it

  41. Routing Protocol Authentication

  42. Routing Updates Authentication

  43. Verify RIP

  44. OSPF Authentication

  45. EIGRP Authentication

  46. Auto Secure • Cisco AutoSecure uses a single command to disable non-essential system processes and services, eliminating potential security threats. You can configure AutoSecure in privileged EXEC mode using the auto secure command in one of these two modes: • Interactive mode - This mode prompts you with options to enable and disable services and other security features. This is the default mode. • Non-interactive mode - This mode automatically executes the auto secure command with the recommended Cisco default settings. This mode is enabled with the no-interact command option.

  47. Securing the Router with AutoSecure

  48. Security Device Manager (SDM) • The Cisco Router and Security Device Manager (SDM) is an easy-to-use, web-based device-management tool designed for configuring LAN, WAN, and security features on Cisco IOS software-based routers. • The SDM files can be installed on the router, a PC, or on both. An advantage of installing SDM on the PC is that it saves router memory, and allows you to use SDM to manage other routers on the network. If Cisco SDM is pre-installed on the router, Cisco recommends using Cisco SDM to perform the initial configuration.

More Related