1 / 22

Network Security

Network Security. A General Introduction. Outline. Network Gatekeepers Identifying network threats and countermeasures Using secure router, firewall, and switch configurations. Network Gatekeepers.

media
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security A General Introduction

  2. Outline • Network Gatekeepers • Identifying network threats and countermeasures • Using secure router, firewall, and switch configurations

  3. Network Gatekeepers • Network is the entry point to application and control access to the various servers in the enterprise environment • The basic components of a network, which act as the front-line gatekeepers, are the: • router, • firewall, and • switch.

  4. Threats and Countermeasures • An attacker looks for poorly configured network devices to exploit. The following are high-level network threats: • Information gathering • Sniffing • Spoofing • Session hijacking • Denial of service

  5. Information Gathering • Information gathering can reveal detailed information about network topology, system configuration, and network devices. Attacks • Using Tracert (Traceroute) to detect network topology • Using Telnet to open ports for banner grabbing • Using port scans to detect open ports • Using broadcast requests to enumerate hosts on a subnet

  6. Countermeasures- Information gathering • Use generic service banners that do not give away configuration information such as software versions or names. • Use firewalls to mask services that should not be publicly exposed

  7. Sniffing Sniffing, also called eavesdropping, is the act of monitoring network traffic for data, such as clear-text passwords or configuration information. Vulnerabilities • Weak physical security • Lack of encryption when sending sensitive data • With a simple packet sniffer, all plaintext traffic can be read easily

  8. Countermeasures Some of the countermeasures: • Strong physical security that prevents rogue devices from being placed on the network • Encrypted credentials and application traffic over the network

  9. Spoofing • Spoofing, is a means to hide one's true identity on the network. • A fake source address is used that does not represent the actual packet originator's address • Vulnerabilities Lack of ingress and egress filtering. • Ingress filtering is the filtering of any IP packets with un-trusted source addresses before they have a chance to enter and affect your system or network. • Egress filtering is the process of filtering outbound traffic from your network.

  10. Countermeasures Countermeasures • Use of ingress and egress filtering on perimeter routers using Access Control Lists (ACLs)

  11. Denial of Service • Network-layer denial of service attacks usually try to deny service by flooding the network with traffic, which consumes the available bandwidth and resources. • Vulnerabilities • Weak router and switch configuration • Unencrypted communication

  12. Countermeasures – denial of service • Filtering broadcast requests • Filtering Internet Control Message Protocol (ICMP) requests • Patching and updating of service software

  13. Router Considerations • The router is the very first line of defense. • It provides packet routing, • It can also be configured to block or filter the forwarding of packet types that are known to be vulnerable or used maliciously, such as ICMP

  14. Router Considerations - Protocol • Protocols • Denial of service attacks take advantage of protocol-level vulnerabilities, for example, by flooding the network Prevent attack • Use ingress and egress filtering. • Incoming packets with an internal address can indicate an intrusion attempt or probe and should be denied entry to the perimeter network • set up router to route outgoing packets only if they have a valid internal IP address • Screen ICMP traffic from the internal network • Blocking ICMP traffic at the outer perimeter router protects you from attacks such as cascading ping floods • ICMP can be used for troubleshooting, it can also be used for network discovery and mapping • Enable ICMP in echo-reply mode only

  15. Router Considerations - Protocol • Protocols • Do Not Receive or Forward Directed Broadcast Traffic • Directed broadcast traffic can be used as a vehicle for a denial of service attack • Example: • 10.0.0.0/8 • 127.0.0.0/8 • 169.254.0.0/16 – link local network • Prevent Traceroute packets Trace routing is a means to collect network topology information. By blocking packets of this type, you prevent an attacker from learning details about your network from trace routes.

  16. Router Considerations • Patches and updates • stay current with both security issues and service patch • Disable unused interfaces. • Apply strong password policies. • Use static routing. • An attacker might try to change routes to cause denial of service or to forward requests to a rogue server • Audit Web facing administration interfaces

  17. Router Considerations- Services • Services • To reduce the attack surface area, default services that are not required should be shut down. • Examples include bootps and Finger, which are rarely required. You should also scan your router to detect which ports are open.

  18. Firewall - 1 • The role of the firewall is to block all unnecessary ports and to allow traffic only from known ports. • A firewall should exist anywhere you interact with an untrusted network, especially the Internet. • Separate your Web servers from downstream application and database servers with an internal firewall • The firewall should be configured to monitor and prevent attacks and detecting intrusion attempts. • Firewall may runs on an operating system , hosted by a router or on a specialist hardware.

  19. Firewall -2 • The configuration categories for the firewall include: • Patches and updates • Filters • Auditing and logging • Perimeter networks • Intrusion detection

  20. Switch • Switches are designed to improve network performance to ease administration • Traffic is not shared between switched segments. T • This is a preventive measure against packet sniffing between networks. • An attacker can circumvent this security by • reconfiguring switching rules • using easily accessed administrative interfaces, I • known account names and passwords

  21. Considerations - Secure switching • Install latest patches and updates • Virtual Local Area Networks (VLANs) • Virtual LANs separate network segments and allow application of access control lists based on security rules. • Insecure defaults • change all factory default passwords and to prevent network enumeration or total control of the switch • Services • all unused services are disabled.

  22. Configure router passwords and banners • Complete the task given in the lab sheet

More Related