1 / 37

ISP Responsibility

ISP Responsibility. Working at a Small-to-Medium Business or ISP – Chapter 8. Objectives. Describe ISP security policies and procedures. Describe the tools used in implementing security at the ISP. Describe the monitoring and managing of the ISP.

manchu
Download Presentation

ISP Responsibility

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8

  2. Objectives • Describe ISP security policies and procedures. • Describe the tools used in implementing security at the ISP. • Describe the monitoring and managing of the ISP. • Describe the responsibilities of the ISP with regard to maintenance and recovery.

  3. 8.1.1 ISP Security Considerations • Helping clients to create secure passwords • Changing frequently, at least 8 characters long • Securing applications • Removing vulnerabilities (unnecessary applications) • Configuring firewalls and Virus Checking • Performing security scans

  4. 8.1.2 ISP Security Considerations Common security practices: • Encrypting data stored on servers • Using permissions to secure access to files and folders • Implement user accounts • Assign levels of access • Principle of “least Privilege” • Provide users with only the access to resources required to do their jobs. • Provide the minimum level of permissions required for users to do their jobs.

  5. 8.1.2 ISP Security Considerations AAA--a three-step process used by Network Administrators to make it difficult for attackers to gain access to a network

  6. 8.1.2 ISP Security Considerations AAA can be used on various types of network connections and requires a database to keep track of user credentials, permissions and account statistics • Authentication—identify user with username and password stored on RADIUS • Authorization—is based on assigns varying levels of rights to users of network resources • Accounting—provides detailed reporting and monitoring of network user behavior, and also keeps a record of every access connection and device configuration change across the network

  7. 8.1.3 Data Encryption • ISPs must be concerned with securing data that is transmitted to and from their servers • By default, data sent over the network is unsecured and transmitted in clear text. • Unauthorized individuals can intercept unsecured data as it is being transmitted

  8. 8.1.3 Data Encryption • Digital Encryption is the process of encrypting all transmitted data between the client and the server • use the secure version of a protocol whenever confidential data is being exchanged KNOW THESE FOR THE TEST

  9. 8.2.1 Access Control Lists and Port Filtering • ISPs are especially vulnerable to denial-of-service (DoS) • This is because the ISP may host sites for many different registered domain names that may or may not require authentication

  10. 8.2.1 Access Control Lists and Port Filtering DoS—Denial of Service • Standard DoS attack is when a server or service is attacked to prevent legitimate access to that service • SYN-Flood, Ping Flood, LAN attack, Bandwidth consumption and buffer over flow attacks

  11. 8.2.1 Access Control Lists and Port Filtering DDoS—Distributed denial-of-service • Multiple computers attack a specific target • Attacker has access to many compromised computer systems, usually on the internet • Attacker can remotely launch the attack

  12. 8.2.1 Access Control Lists and Port Filtering DRDoS—Distributed Reflected denial-of-service attacks • Spoof, mock request to several computers with source address modified to be the targeted computer system • Computer systems receiving the request respond, causing all the requests to be directed at the target computer system • Reflection makes it hard to determine the originator

  13. 8.2.2 Security Tools • Firewalls use ACLs to control which traffic is passed or blocked • Stateful packet inspection firewalls keep track of the actual communication process occurring between the source and destination devices by monitoring the channel of communication • Uses a state table

  14. 8.2.2 Security Tools • Firewalls—add processing time • Dynamic Packet Filter Firewall (Stateful) • Keeps track of actual communication process • Uses a state table • Only traffic belonging to stream is permitted • Firewalls provide perimeter security for an entire network by packet filtering • Based on ports • Based on protocols • Based on source and destination • DMZ (demilitarized zone) area of a network that contains servers that are accessible to internet users

  15. 8.2.3 IDS and IPS • Intrusion Detection System (IDS)—Passive • Detects malicious traffic (that has already passed) only the network and notifies management station • Will block any subsequent malicious traffic • Intrusion Prevention System (IPS)—Active • Block data in real time immediately

  16. 8.2.4 Wireless Security Wireless security can be vulnerable • Changing default settings (SSID, username, passwords) • Don’t broadcast the SSID • Enabling authentication • Default is open • PSK—pre-share key • EAP—two way authentication • MAC filtering • List MAC address of computers • allowed on network • Won’t stop cloning of MAC • Encryption

  17. 8.2.4 Wireless Security Encryption • WEP—encrypts data with 64, 128 or 256 key • Key is static • Every device uses the same key • Old technology (shouldn’t be used) • WPA—newer encryption algorithm • Temporal Key Integrity Protocol • Generates unique key for each client • Rotates the security keys • Both client and server have key and it is never transmitted between host and access point • WPA2—new improved WPA • Uses more secure Advanced Encryption Standard Technology

  18. 8.2.5 Host Security Tools • Host-based firewalls control inbound and outbound network traffic (software based) • Come with predefined rules of traffic to allow

  19. 8.2.5 Host Security Tools Targets of host security: • Known attacks—based on updatable signatures or patterns • Exploitable services—restrict on ports being used • Worms and viruses—prevent spread to servers • Back doors and Trojans allow hackers to remotely gain access to servers on a network

  20. 8.2.5 Host Security Tools • Anti-x software can be installed as a security measure • Some AntiX allows for Remote management and notification that alerts the administrator about an infection • Protects system from • Viruses—Self-replicating computer program that spreads by inserting copies of itself in other executable code or documents • Worms—run independently and can propagate a complete working version of itself onto other hosts on a network • Spyware—monitors the activity of a computer on a network without user’s permission, capturing keystrokes and sending information to the organization launching the spyware • Malware—designed to infiltrate or damage a computer system • Phishing—spam intended to persuade the recipient to provide the sender with access to personal information • Spam—unsolicited or junk email messages sent to multiple recipients for either legitimate or fraudulent purposes

  21. 8.3.1 Monitoring and Managing the ISP • Typical features of a Service Level Agreement (SLA): • Between user and the ISP

  22. 8.3.2 Monitoring and Managing the ISP • Monitoring network link performance You are directly connected with a console cable. Used for initial configuration of devices. This is required if the device is not accessible via the network, or you need to physically look at Allows for easier administration, because you do not have to be directly connected. Protocols such as Telnet, SSH, HTTP and SNMP. This is preferred, because you don’t have to be there present at the location.

  23. 8.3.3 Monitoring and Managing the ISP In-band management: • Telnet Virtual Terminal (VTY) session—no encryption • When you are connected to a router this way, CTRL-SHIFT-6 x keystroke suspends the connection • Secure Shell (SSH): preferred for security • Better choice than Telnet • Offers encryption • HTTP • SNMP

  24. 8.3.4 Using SNMP and Syslog • SNMP enables administrators to gather network data • Management station—used by administrator to monitor • Management agent—software installed on a device uses broadcast to provide a management station with important unsolicited information • Management information base (MIB) • Network Management protocol

  25. 8.3.4 Using SNMP and Syslog • Syslog uses syslog clients to generate and forward log messages to syslog servers • Log messages have • ID of sending device • Message ID • Date and Time and the message

  26. 8.4.1 Backups and Disaster Recovery Factors in choosing backup media: • Amount of data • Cost of media • Performance • Reliability • Ease of offsite storage

  27. 8.4.1 Backups and Disaster Recovery Disadvantages: • Prone to failure and should be replaced often • Drives require regular cleaning to maintain reliability • High failure rate because they wear out • Should be swapped • Should be removed from circulation if old Advantages: • Large capacity • Most cost-effective • Autoloaders and libraries can swap tapes during the backup procedure

  28. 8.4.1 Backups and Disaster Recovery Methods of file backup: Normal, Differential and Incremental • Normal—entirely copies all selected files • Differential • Requires a full backup on first day • Differential copies only files that have changed since the full backup • To restore • Run full backup • Run Differential backup

  29. Backups and Disaster Recovery • Incremental • Saves files that changed since last incremental Backup • To restore • Run last full backup • Then run every incremental backup since the last full backup

  30. 8.4.2 Methods of File Backup How to ensure successful backups: • Swap media • Review backup logs • Perform Trial restores • Drive maintenance

  31. 8.4.3 Cisco IOS Software Backup and Recovery • Use TFTP to protect configurations and Cisco IOS software • Restore a Cisco IOS image using TFTP in ROMmon mode • Copy command syntax first word is where it is copied from second word is where it is copied to • So the command listed would copy the IOS in flash to a TFTP server !!!!!!! On the console mean the transfer is working

  32. 8.4.4 Disaster Recovery Plan • Steps to designing an effective recovery plan: • OBJECTIVE: ensure the business can adapt to the physical and social changes that a disaster causes

  33. 8.4.4 Disaster Recovery Plan • Vulnerability assessment - Assess how vulnerable the critical business processes and associated applications are to common disasters. • Risk assessment - Analyze the risk of a disaster occurring and the associated effects and costs to the business. Create top-ten potential disasters list and the effects • Management awareness - Use information gathered on vulnerability and risks to get senior management approval on the disaster recovery project. Maintaining equipment and locations in the event of a possible disaster recovery could be expensive. • Planning group - Establish a planning group to manage development and implementation of the disaster recovery strategy and plan. Individuals understand their roles and responsibilities. • Prioritize - Assign a priority for each disaster scenario, such as mission critical, important, or minor, for the business network, applications, and systems.

  34. 8.4.4 Disaster Recovery Plan • Phases to creating and implementing a disaster recovery plan:

  35. 8.4.4 Disaster Recovery Plan Phase 1 - Network Design Recovery Strategy • Analyze network design. Some aspects of the network design that should be included in disaster recovery are: • Is the network designed to survive a major disaster? Are there backup connectivity options and redundancy? • Availability of offsite servers that can support applications such as email and database services. • Availability of backup routers, switches, and other network devices should they fail. • Location of services and resources that the network needs. Are they spread over a wide geography? Phase 2 - Inventory and Documentation • Create an inventory of all locations, devices, vendors, used services, and contact names. Verify cost estimates Phase 3 - Verification • Create verification process to prove that the disaster recover strategy works. Practice disaster recovery exercises to ensure that the plan is up to date and workable. Phase 4 - Approval and Implementation • Obtain senior management approval and develop a budget to implement the plan. Phase 5 - Review • After the disaster recovery plan has been implemented for a year, review the plan.

  36. Summary • ISPs provide desktop security services for customers, such as creating passwords, implementing patches and updates, and assigning permissions. • Many protocols offer secure versions utilizing digital encryption, which should be used when the data being exchanged is confidential. • Port filtering and Access Lists use TCP and UDP port features to permit or deny traffic. • Firewalls can utilize hardware or software to define what traffic can come into or go out of parts of a network. • ISPs are responsible for providing efficient and effective backup and disaster recovery methods for their customers.

More Related