290 likes | 526 Views
Chapter 5. Fundamentals of Network Security. Objectives. In this chapter, you will: Learn the fundamentals of network communication Identify a number of network devices Recognize the various forms of network addressing Understand other defense-in-depth technologies.
E N D
Chapter 5 Fundamentals of Network Security
Objectives In this chapter, you will: • Learn the fundamentals of network communication • Identify a number of network devices • Recognize the various forms of network addressing • Understand other defense-in-depth technologies
Network Communication Overview – Network Functions • Error control • Names and addresses • Prioritization and flow control • Segmentation • Synchronization
Network Communication Overview – OSI Reference Model • Examples • Physical (Layer 1): RS-232 • Data link (Layer 2): Ethernet • Network (Layer 3): IP • Transport (Layer 4): TCP • Session (Layer 5): RPC • Presentation (Layer 6): MPEG • Application (Layer 7): HTTP
Network Devices • Security concerns • NIC – promiscuous mode • Repeater – broadcasts malicious traffic • Hub – broadcasts malicious traffic • Bridge – broadcasts malicious traffic
Network Devices • Security concerns • Switch – some switches have mini-OS which can be subverted • Router – mini-OS requires regular patches, review of access control lists, and implementation ingress and egress filters • Modem – may allow remote caller to connect to the network
Network Devices - Firewalls • Firewalls can: • Restrict traffic between networks • Provide a single chokepoint that can be more easily defended • Record network activity
Network Devices – Firewalls • Packet-filtering • Allows or blocks ingress traffic • Allows or blocks egress traffic • Examines network packet headers • Dynamic packet-filtering • Same features as packet-filtering • Able to view more of network packet to determine whether to allow or block
Network Devices – Firewalls • Proxy • Intermediary between client and server • Can change characteristics of network packets • Can cache information • Bastion host – usually a proxy server that has been locked down to prevent attack and functions as the sole intermediary between the trusted internal network and a public untrusted network • Circuit-level gateway monitors each attempted session to determine whether it meets established criteria • Application-level gateway secures the network traffic used by a specific application
Network Addressing • MAC addresses are used at Layer 2
Network Addressing • MAC addresses are used at Layer 2
Network Addressing • IP addresses are used in Layer 3
Network Addressing • TCP ports are used in Layer 4
Network Addressing • TCP ports • Ports 0 to 1023: Standard (also known as well-known ports) • Ports 1024 to 49151: Registered ports • Ports 49152 to 65535: Dynamic ports (also known as private or ephemeral)
Network Addressing • UDP ports are used in Layer 4
Defense in Depth • NAT • One Class A (10.0.0.0 - 10.255.255.255) • One Class B (192.168.0.0 - 192.168.255.255) • Several Class Cs (172.16.0.0 - 172.31.255.255) • DMZ • System firewalls
Summary • Network communication systems provide five major functions: naming and addressing, error control, prioritization and flow control, segmentation, and synchronization. • The OSI reference model provides a standard framework for network communication. • There are seven layers within the OSI model: physical, data link, network, transport, session, presentation, and application. • The NIC, repeater, and hub operate at the Physical layer of the OSI reference model. • Bridges and switches generally operate at the Data Link layer of the OSI reference model and help to reduce overall network congestion by directing traffic to specific hardware or MAC addresses. • 5
Summary • Routers generally operate within the Network layer and are crucial devices in TCP/IP networks. As such, routers must be protected from subversion by abusers. • Firewalls enforce network security policy by allowing or disallowing specific network traffic. Whether the firewall filters packets, inspects the state of the traffic, or is a specific application proxy, firewalls must be employed to help ensure that only trusted communications are permitted on the network. • Modems and phone networks are normally the overlooked data communication cousin to normal networks. Because network traffic and computer systems can still be exploited using analog phone lines, these entry points should also be closely monitored.
Summary • Network protocols form standards to ensure that everyone on a network is speaking the same language.The Ethernet and TCP/IP protocols form the basis for most modern networks. • Ethernet MAC addresses are 48-bit addresses usually expressed in hexadecimal format (e.g., 00-50-56-C0-00-08). IPv4 addresses are 32-bit addresses normally expressed in decimal format (e.g., 192.168.100.50). • IP addressing comprises both an IP address and subnet mask. By applying the subnet mask to an IP address, routers can direct network traffic to the proper network and host ID.
Summary • TCP and UDP protocols operate within the Transport layer and provide another layer of functionality to the IP protocol.TCP is a connection-oriented protocol that helps to ensure proper delivery and reception of IP traffic. UDP is connectionless and thus less reliable than TCP; however, UDP offers greater delivery speeds of IP traffic. • Networks should be protected by several layers of security protections. This “defense in depth” approach helps to ensure that the network is constantly protected, even if one defense is compromised. NAT, DMZs, and system firewalls are just a few technologies that can be applied to the network to help create security layers.