Network Securityand Firewalls
Lesson 1:What Is Security
Objectives
Define security
Explain the need for network security
Identify resources that need security
Identify the two general security threat types
List security standards and organizations
What Is Security?
LANs
WANs
VPNs
Network perimeters
Hacker Statistics
One of every five Internet sites has experienced a security breach
Losses due to security breaches are estimated at $10 billion each year
Intrusions have increased an estimated 50 percent in the past year
What Is the Risk?
Categorizing attacks
Countering attacks systematically
The Myth of 100-Percent Security
Security as balance
Security policies
Attributes of anEffective Security Matrix Allows access control
Easy to use
Appropriate cost of ownership
Flexible and scalable
Superior alarming and reporting
What You AreTrying to Protect
End user resources
Network resources
Server resources
Information storage resources
Who Is the Threat?
Casual attackers
Determined attackers
Spies
Security Standards
Security services- Authentication- Access control- Data confidentiality- Data integrity- Nonrepudiation
Security mechanisms- The Orange Book
Summary
Define security
Explain the need for network security
Identify resources that need security
Identify the two general security threat types
List security standards and organizations
Lesson 2:Elements of Security
Objectives
Formulate the basics of an effective security policy
Identify the key user authentication methods
Explain the need for access control methods
Describe the function of an access control list
Objectives (cont’d)
List the three main encryption methods used in internetworking
Explain the need for auditing
Elements of Security
Audit Administration
Encryption Access Control
User Authentication
Corporate Security Policy
The Security Policy
Classify systems Prioritize resources Assign risk factors Define acceptable and unacceptable
activities Define measures to apply to resources Define education standards Assign policy administration
Encryption
Encryption categories- Symmetric- Asymmetric- Hash
Encryption strength
Authentication
Authentication methods- Proving what you know- Showing what you have- Demonstrating who you are- Identifying where you are
SpecificAuthentication Techniques
Kerberos
One-time passwords
Access Control
Access Control List- Objects
Execution Control List- Sandboxing
Auditing
Passive auditing
Active auditing
Security Tradeoffsand Drawbacks
Increased complexity
Slower system response time
Summary
Formulate the basics of an effective security policy
Identify the key user authentication methods
Explain the need for access control methods
Describe the function of an access control list
Summary (cont’d)
List the three main encryption methods used in internetworking
Explain the need for auditing
Lesson 3:Applied
Encryption
Objectives
Create a trust relationship using public-key cryptography
List specific forms of symmetric, asymmetric, and hash encryption
Deploy PGP in Windows 2000 and Linux
Creating Trust Relationships
Manually
Automatically
Rounds, Parallelizationand Strong Encryption Round
- Discrete part of the encryption process
Parallelization- Use of multiple processes, processors
or machines to work on cracking one encryption algorithm
Strong encryption- Use of any key longer than 128 bits
Symmetric-KeyEncryption
One key is used to encrypt and decrypt messages
SymmetricAlgorithms
Data encryption standard
Triple DES
Symmetric algorithms created by the RSA Security Corporation
International Data Encryption Algorithm
Blowfish and Twofish
Skipjack
MARS
Rijndael and Serpent
Advanced Encryption Standard
Asymmetric Encryption
Asymmetric-key encryption elements- RSA- DSA- Diffie-Hellman
Hash Encryption
Signing
Hash algorithms- MD2, MD4, and MD5- Secure hash algorithm
AppliedEncryption Processes
PGP and GPG
S-MIME
Encrypting drives
Web server encryption
Summary
Create a trust relationship using public-key cryptography
List specific forms of symmetric, asymmetric, and hash encryption
Deploy PGP in Windows 2000 and Linux
Lesson 4:Types
of Attacks
Objectives
Describe specific types of security attacks
Recognize specific attack incidents
Brute-Force andDictionary Attacks
Brute-force attack- Repeated access attempts
Dictionary attack- Customized version of brute-force
attack
System Bugs and Back Doors
Buffer overflow
Trojans and root kits
Social Engineeringand Nondirect Attacks Call and ask for the password
Fraudulent e-mail
DOS and DDOS attacks
Spoofing
Trojans
Information leakage
Hijacking and man-in-the-middle attacks
Summary
Describe specific types of security attacks
Recognize specific attack incidents
Lesson 5:General
Security Principles
Objectives
Describe the universal guidelines and principles for effective network security
Use universal guidelines to create effective specific solutions
CommonSecurity Principles
Be paranoid
Have a security policy
No system stands alone
Minimize the damage
Deploy companywide enforcement
Provide training
Integrate security strategies
Place equipment according to needs
Identify security business issues
Consider physical security
Summary
Describe the universal guidelines and principles for effective network security
Use universal guidelines to create effective specific solutions
Lesson 6:Protocol Layers
and Security
Objectives
List the protocols that pass through a firewall
Identify potential threats at different layers of the TCP/IP stack
TCP/IP andNetwork Security
The Internet and TCP/IP were not designed around strong security principles
The TCP/IP Suite andthe OSI Reference Model Physical layer
Network layer
Transport layer
Application layer
Presentation layer
Session layer
Data link layer
TCP/IPPacket Construction
TCP Segment
Header Body
IP Datagram
Header Body
Ethernet Frames
Application Message: e-mail, FTP, Telnet
Header Body Trailer
Summary
List the protocols that pass through a firewall
Identify potential threats at different layers of the TCP/IP stack
Lesson 7:Securing Resources
Objectives
Consistently apply security principles
Secure TCP/IP services
Describe the importance of testing and evaluating systems and services
Discuss network security management applications
Implementing Security
Categorize resources and needs
Define a security policy
Secure each resource and service
Log, test, and evaluate
Repeat the process and keep current
Resources and Services
Protecting services- Protect against profiling- Coordinate methods and techniques- Protect services by changing default
settings- Remove unnecessary services
ProtectingTCP/IP Services
The Web Server- CGI scripts- CGI and programming
Securing IIS
Additional HTTP servers
FTP servers- Access control
Simple MailTransfer Protocol
The Internet Worm
The Melissa virus
E-mail and virus scanning
Access control measures
Testing and Evaluating
Testing existing systems
Security Testing Software
Specific tools- Network scanners- Operating system add-ons- Logging and log analysis tools
Security and Repetition
Understanding the latest exploits
Summary
Consistently apply security principles
Secure TCP/IP services
Describe the importance of testing and evaluating systems and services
Discuss network security management applications
Lesson 8:Firewalls and
Virtual Private Networks
Objectives
Describe the role a firewall plays in a company’s security policy
Define common firewall terms
Describe packet-filtering rules
Describe circuit-level gateways
Configure an application-level gateway
Explain PKI
Discuss public keys and VPNs
The Roleof a Firewall
Implement a company’s security policy
Create a choke point
Log Internet activity
Limit network host exposure
FirewallTerminology
Packet filter
Proxy server
NAT
Bastion host
Operating system hardening
Screening and choke routers
DMZ
CreatingPacket Filter Rules
Process- Packet filters work at the network layer
of the OSI/RM
Rules and fields
Packet Filter Advantages and Disadvantages
Drawbacks
Stateful multi-layer inspection
Popular packet-filtering products
Using the ipchains and iptables commands in Linux
ConfiguringProxy Servers
Recommending a proxy-oriented firewall
Advantages and disadvantages- Authentication- Logging and alarming- Caching- Reverse proxies and proxy arrays- Client configuration- Speed
Remote Access andVirtual Private Networks Virtual network perimeter
Tunneling protocols
IPsec
ESP
PPTP
L2TP
Public KeyInfrastructure (PKI)
Standards- Based on X.509 standard
Terminology
Certificates
Summary
Describe the role a firewall plays in a company’s security policy
Define common firewall terms
Describe packet-filtering rules
Describe circuit-level gateways
Configure an application-level gateway
Explain PKI
Discuss public keys and VPNs
Lesson 9:Levels of
Firewall Protection
Objectives
Plan a firewall system that incorporates several levels of protection
Describe the four types of firewall systems design and their degrees of security
Implement a packet-filtering firewall
FirewallStrategies and Goals
Resource placement
Physical access points
Site administration
Monitoring tools
Hardware
Building a Firewall
Design principles- Keep design simple- Make contingency plans
Types ofBastion Hosts
Single-homed bastion host
Dual-homed bastion host
Single-purpose bastion hosts- Internal bastion hosts
Hardware Issues
Operating system
Services
Daemons
CommonFirewall Designs
Screening routers
Screened host firewall (single-homed bastion)
Screened host firewall (dual-homed bastion)
Screened subnet firewall (demilitarized zone)
Summary
Plan a firewall system that incorporates several levels of protection
Describe the four types of firewall systems design and their degrees of security
Implement a packet-filtering firewall
Lesson 10:Detecting and
Distracting Hackers
Objectives
Customize your network to manage hacker activity
Implement proactive detection
Distract hackers and contain their activity
Set traps
Deploy Tripwire for Linux
Proactive Detection
Automated security scans
Login scripts
Automated audit analysis
Checksum analysis
Distractingthe Hacker
Dummy accounts
Dummy files
Dummy password files
Tripwires and automated checksums
Jails
Punishingthe Hacker
Methods
Tools
Summary
Customize your network to manage hacker activity
Implement proactive detection
Distract hackers and contain their activity
Set traps
Deploy Tripwire for Linux
Lesson 11:Incident Response
Objectives
Respond appropriately to a security breach
Identify some of the security organizations that can help you in case your system is attacked
Subscribe to respected security alerting organizations
DecideAhead of Time
Itemize a detailed list of procedures
Include the list in a written policy
Be sure all employees have a copy
Incident Response
Do not panic
Document everything
Assess the situation
Stop or contain the activity
Execute the response plan
Analyze and learn
Summary
Respond appropriately to a security breach
Identify some of the security organizations that can help you in case your system is attacked
Subscribe to respected security alerting organizations
NetworkSecurity and FirewallsWhat Is Security?
Elements of Security
Applied Encryption
Types of Attacks
General Security Principles
Protocol Layers and Security
NetworkSecurity and FirewallsSecuring Resources
Firewalls and Virtual Private Networks
Levels of Firewall Protection
Detecting and Distracting Hackers
Incident Response
Top Related