1 / 62

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition. Chapter 1 Network Defense Fundamentals. Objectives. Explain the fundamentals of TCP/IP networking Describe the threats to network security Explain the goals of network security Describe a layered approach to network defense

Patman
Download Presentation

Guide to Network Defense and Countermeasures Second Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Guide to Network Defense and CountermeasuresSecond Edition Chapter 1 Network Defense Fundamentals

  2. Objectives • Explain the fundamentals of TCP/IP networking • Describe the threats to network security • Explain the goals of network security • Describe a layered approach to network defense • Explain how network security defenses affect your organization Guide to Network Defense and Countermeasures, Second Edition

  3. TCP/IP Networking Review • Transmission Control Protocol/Internet Protocol (TCP/IP) • Suite of many protocols • Allows information to be transmitted from point to point on a network Guide to Network Defense and Countermeasures, Second Edition

  4. The Open Systems Interconnect (OSI) Model Guide to Network Defense and Countermeasures, Second Edition

  5. IP Addressing • Attackers can gain access to networks by determining IP addresses of computers • IP address components • Network address • Host address • Subnet mask • Try to hide IP addresses to prevent certain attacks • Network Address Translation (NAT) • Translate IP addresses into other IP addresses • Used to hide real IP addresses • Proxy servers are also used to hide IP addresses Guide to Network Defense and Countermeasures, Second Edition

  6. Guide to Network Defense and Countermeasures, Second Edition

  7. Guide to Network Defense and Countermeasures, Second Edition

  8. Exploring IP Packet Structure • IP datagrams • Discrete chunk of information • TCP/IP messages are transmitted using multiple datagrams • Contain information about source and destination IP addresses and control settings • Divided into different sections • IP header structure • Part of an IP packet that computers used to communicate • IP header plays an important role in terms of network security and intrusion detection Guide to Network Defense and Countermeasures, Second Edition

  9. Guide to Network Defense and Countermeasures, Second Edition

  10. Guide to Network Defense and Countermeasures, Second Edition

  11. Exploring IP Packet Structure (continued) • IP data • Firewalls, VPNs and proxy servers are used to protect data in a packet • IP fragmentation • Allows large packets to pass through routers • Routers divide packets into multiple fragments and send them along the network • Fragmentation creates security problems • Port numbers appear only in fragment 0 • Fragments 1 and higher pass through filters without being scrutinized Guide to Network Defense and Countermeasures, Second Edition

  12. ICMP Messages • Internet Control Message Protocol (ICMP) • Assists TCP/IP networks with troubleshooting communication problems • Can tell if another host is alive • Firewalls and packet filters should be used to filter ICMP messages Guide to Network Defense and Countermeasures, Second Edition

  13. Guide to Network Defense and Countermeasures, Second Edition

  14. TCP Headers • Provide hosts with additional flags • Flags are important from a security standpoint • Used to create packet-filtering rules • Flags • URG (urgent) • ACK (acknowledge) • PSH (push function) • RST (reset the connection) • SYN (synchronize sequence numbers) • FIN (finished) Guide to Network Defense and Countermeasures, Second Edition

  15. Guide to Network Defense and Countermeasures, Second Edition

  16. UDP Headers • UDP provides a datagram transport service for IP • UDP is considered unreliable • Because it is connectionless • UDP is used for broadcasting messages • Attackers scan for open UDP services to exploit • UDP packets have their own headers Guide to Network Defense and Countermeasures, Second Edition

  17. Guide to Network Defense and Countermeasures, Second Edition

  18. Domain Name Service (DNS) • DNS servers translate fully qualified domain names to IP addresses • DNS can be used to block unwanted communications • Administrators can block Web sites containing offensive content • DNS attacks • Buffer overflow • Zone transfer • Cache poisoning Guide to Network Defense and Countermeasures, Second Edition

  19. Encryption • Concealing information to render it unreadable • Except to the intended recipients • Firewalls often encrypt data leaving the network and decrypt incoming packets • Encryption often makes use of digital certificates • Digital certificate • Electronic document containing encryption keys and a digital signature • Public Key Infrastructure • Makes possible distribution of certificates Guide to Network Defense and Countermeasures, Second Edition

  20. Overview of Threats to Network Security • Security problems • Network intrusions • Loss of data • Loss of privacy • First step in defeating the enemy is to know your enemy Guide to Network Defense and Countermeasures, Second Edition

  21. Types of Attackers • Knowing the types of attackers helps you anticipate • Motivation to break into systems • Status • Revenge • Financial gain • Industrial espionage Guide to Network Defense and Countermeasures, Second Edition

  22. Types of Attackers (continued) • Crackers • Attempt to gain access to unauthorized resources • Circumventing passwords, firewalls, or other protective measures • Disgruntled employees • Access customer information, financial files, job records, or other sensitive information from inside an organization • When an employee is terminated, security measures should be taken immediately Guide to Network Defense and Countermeasures, Second Edition

  23. Types of Attackers (continued) • Criminal and Industrial Spies • Steal and sell a company’s confidential information to its competitors • Script Kiddies and Packet Monkeys • Script kiddies • Young, immature computer programmers • Spread viruses and other malicious scripts • Use techniques to exploit known weakness • Packet monkeys • Block Web site activities using DDoS attacks Guide to Network Defense and Countermeasures, Second Edition

  24. Types of Attackers (continued) • Terrorists • Attack computer systems for several reasons • Making a political statement • Achieving a political goal • Causing damage to critical systems • Disrupting a target’s financial stability Guide to Network Defense and Countermeasures, Second Edition

  25. Malicious Code • Malware • Malicious code • Use system’s well known vulnerabilities to spread • Virus • Code that copies itself surreptitiously • Can be benign or harmful • Spread methods • Running executable code • Sharing disks or memory sticks • Opening e-mail attachments Guide to Network Defense and Countermeasures, Second Edition

  26. Malicious Code (continued) • Worm • Creates files that copy themselves and consume disk space • Does not require user intervention to be launched • Some worms install back doors • A way of gaining unauthorized access to computer or other resources • Others can destroy data on hard disks • Trojan program • Harmful computer program that appears to be something useful • Can create a back door Guide to Network Defense and Countermeasures, Second Edition

  27. Malicious Code (continued) • Macro viruses • Macro is a type of script that automates repetitive tasks in Microsoft Word or similar applications • Macros run a series of actions automatically • Macro viruses run actions that tend to be harmful Guide to Network Defense and Countermeasures, Second Edition

  28. Other Threats to Network Security • It is not possible to prepare for every possible risk to your systems • Try to protect your environment for today’s threat • Be prepared for tomorrow’s threats Guide to Network Defense and Countermeasures, Second Edition

  29. Social Engineering: The People Factor • Social engineers try to gain access to resources through people • Employees do not always observe accepted security practices • Employees are fooled by attackers into giving out passwords or other access codes Guide to Network Defense and Countermeasures, Second Edition

  30. Common Attacks and Defenses Guide to Network Defense and Countermeasures, Second Edition

  31. Common Attacks and Defenses (continued) Guide to Network Defense and Countermeasures, Second Edition

  32. Common Attacks and Defenses (continued) Guide to Network Defense and Countermeasures, Second Edition

  33. Internet Security Concerns • Socket • Port number combined with a computer’s IP address • Attacker software looks for open sockets • Open sockets are an invitation to be attacked • Sometimes sockets have exploitable vulnerabilities • E-mail and Communications • Home users regularly surf the Web, use e-mail and instant messaging programs • Personal firewalls keep viruses and Trojan programs from entering a system Guide to Network Defense and Countermeasures, Second Edition

  34. Internet Security Concerns (continued) • Scripts • Executable code attached to e-mail messages or downloaded files that infiltrates a system • Difficult for firewalls and IDSs to block all scripts • Always-on Connectivity • Computers using always-on connections are easier to locate and attack • Remote users pose security problems to network administrators • Always-on connections effectively extend the boundaries of your corporate network Guide to Network Defense and Countermeasures, Second Edition

  35. Goals of Network Security • Goals include • Confidentiality • Integrity • Availability Guide to Network Defense and Countermeasures, Second Edition

  36. Providing Secure Connectivity • In the past, network security emphasized blocking attackers from accessing the corporate network • Now secure connectivity with trusted users and networks is the priority • Activities that require secure connectivity • Placing orders for merchandise online • Paying bills • Accessing account information • Looking up personnel records • Creating authentication information Guide to Network Defense and Countermeasures, Second Edition

  37. Secure Remote Access • One of the biggest security challenges • VPN • Ideal and cost-effective solution • Uses a combination of encryption and authentication mechanisms Guide to Network Defense and Countermeasures, Second Edition

  38. Guide to Network Defense and Countermeasures, Second Edition

  39. Ensuring Privacy • Databases with personal or financial information need to be protected • Legislation exists that protects private information • Education is an effective way to maintain the privacy of information • All employees must be educated about security dangers and security policies • Employees are most likely to detect security breaches • And to cause one accidentally • Employees can monitor activities of their co-workers Guide to Network Defense and Countermeasures, Second Edition

  40. Providing Nonrepudiation • Nonrepudiation is important when organizations do business across a network • Rather than face-to-face • Encryption provides integrity, confidentiality, and authenticity of digital information • Encryption can also provide nonrepudiation • Nonrepudiation • Capability to prevent one participant from denying that it performed an action Guide to Network Defense and Countermeasures, Second Edition

  41. Confidentiality, Integrity, and Availability: The CIA Triad • Confidentiality • Prevents intentional or unintentional disclosure of communications between sender and recipient • Integrity • Ensures the accuracy and consistency of information during all processing • Availability • Makes sure those who are authorized to access resources can do so in a reliable and timely manner Guide to Network Defense and Countermeasures, Second Edition

  42. Guide to Network Defense and Countermeasures, Second Edition

  43. Using Network Defense Technologies in Layers • No single security measure can ensure complete network protection • Assemble a group of methods • That work in a coordinated fashion • Defense in depth (DiD) • Layering approach to network security Guide to Network Defense and Countermeasures, Second Edition

  44. Physical Security • Refers to measures taken to physically protect a computer or other network device • Physical security measures • Computer locks • Lock protected rooms for critical servers • Burglar alarms • Uninterruptible power supply (UPS) Guide to Network Defense and Countermeasures, Second Edition

  45. Authentication and Password Security • Password security • Simple strategy • Select good passwords, keep them secure, and change them as needed • Use different passwords for different applications • Authentication methods • Something user knows • Something user has • Something user is • In large organizations, authentication is handled by centralized servers Guide to Network Defense and Countermeasures, Second Edition

  46. Operating System Security • Protect operating systems by installing • Patches • Hot fixes • Service packs • OSs must be timely updated to protect from security flaws • Stop any unneeded services • Disable Guest accounts Guide to Network Defense and Countermeasures, Second Edition

  47. Antivirus Protection • Virus scanning • Examines files or e-mail messages for indications that viruses are present • Viruses have suspicious file extensions • Antivirus software uses virus signatures to detect viruses in your systems • You should constantly update virus signatures • Firewalls and IDSs are not enough • You should install antivirus software in hosts and all network computers Guide to Network Defense and Countermeasures, Second Edition

  48. Packet Filtering • Block or allow transmission of packets based on • Port number • IP addresses • Protocol information • Some types of packet filters • Routers • Most common packet filters • Operating systems • Built-in packet filtering utilities that come with some OSs • Software firewalls • Enterprise-level programs Guide to Network Defense and Countermeasures, Second Edition

  49. Firewalls • Firewalls control organizations overall security policies • Permissive versus restrictive policies • Permissive • Allows all traffic through the gateway and then blocks services on case-by-case basis • Restrictive • Denies all traffic by default and then allows services on case-by-case basis Guide to Network Defense and Countermeasures, Second Edition

  50. Guide to Network Defense and Countermeasures, Second Edition

More Related