1 / 42

Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 5 Network Defenses. Objectives. Explain how to enhance security through network design Define network address translation and network access control

nasim-caldwell
Download Presentation

Security+ Guide to Network Security Fundamentals, Third Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses

  2. Objectives Explain how to enhance security through network design Define network address translation and network access control List the different types of network security devices and explain how they can be used Security+ Guide to Network Security Fundamentals, Third Edition

  3. Crafting a Secure Network A common mistake in network security Attempt to _____________________________ that was poorly conceived and implemented __________________________ Securing a network begins with the ___________ of the network and includes _____________________ technologies Security+ Guide to Network Security Fundamentals, Third Edition

  4. Security through Network Design • Network Design elements include: • __________________ • ___________________ • Planning for __________________ • Creating ______________________ More to come on each of these…

  5. Subnetting- Review of CSN120 What does the IP address identify and what comprises an IP address? Subnetting or subnet addressing Allows an IP address to be subdivided Networks can essentially be divided into three parts: ______________________________ Security+ Guide to Network Security Fundamentals, Third Edition

  6. Subnetting-(continued) Security is ______________________ a single network into multiple ______________ isolates groups of hosts Makes it ________________ who has access in and out of a particular subnetwork Properly subnetted networks include addresses which are ________________________________ Subnets also allow network administrators to __________________________________ Security+ Guide to Network Security Fundamentals, Third Edition

  7. Virtual LAN (VLAN) Networks are generally segmented by using ______________________ A __________ allows scattered users to be ________________ together even though they may be attached to different switches Can _______________________ and provide a degree of __________ similar to subnetting: VLANs can be isolated so that sensitive data is transmitted only to _______________________ Security+ Guide to Network Security Fundamentals, Third Edition

  8. On 3 different floors connected to 3 different switches but only to 1 VLAN More powerful switch which carries traffic between switches Connected directly to the devices on the network Security+ Guide to Network Security Fundamentals, Third Edition

  9. Virtual LAN (continued) VLAN communication can take place in _____ ways: All devices are connected to the _______________ Traffic is handled by the switch itself Devices are connected to different switches A special “tagging” ___________ must be used, such as the IEEE __________________________ A VLAN is heavily dependent upon the switch for _________________________________ ________________________ (and also possibly VLANs) that attempt to exploit vulnerabilities such as weak passwords or default accounts are __________________ Security+ Guide to Network Security Fundamentals, Third Edition

  10. Convergence ___________________________ of communication and technology over a ______________________ Example: voice, video and data traffic combined over a single IP network such as Voice over IP (VoIP) Advantages of convergence: __________________________ Management of a __________________ for all applications Applications ____________________ and at a lower cost Infrastructure requirements _________________ Reduced __________________________ the Internet is basically unregulated Increased ______________________ ___________________________ since only one network must be managed and defended Security+ Guide to Network Security Fundamentals, Third Edition

  11. Convergence (continued) • Vulnerabilities still exist • Defenses include ________________________ , installing __________ and _______________________ VoIP applications Security+ Guide to Network Security Fundamentals, Third Edition

  12. Demilitarized Zone (___________) A __________________ that sits _________ the secure network perimeter __________________ can access the DMZ but cannot enter the secure network Devices within the DMZ are often most ___________________________ These devices- ex: Web and e-mail servers- must be isolated in there own network and separate from the internal network Security+ Guide to Network Security Fundamentals, Third Edition

  13. DMZ (continued) First design approach consists of one firewall… Single point of failure and responsible for all traffic flow Security+ Guide to Network Security Fundamentals, Third Edition

  14. Security through Network Design (continued) Second design approach consists of two firewalls… More secure- two separate firewalls would have to be breached to reach the internal network Security+ Guide to Network Security Fundamentals, Third Edition

  15. Security through Network Technologies • Two technologies that help secure a network are: 1. Network Address Translation (_____) 2. Network Access Control (________) More to come on each of these…

  16. Network Address Translation (_____) ____________________________ of network devices from attackers Uses _______________________ What are Private Addresses? NAT ___________________________ from the sender’s packet And replaces it with an _____________________ NAT software maintains a table with address mappings When a packet is returned, the process is ________ An attacker who captures the packet on the Internet cannot determine the actual IP address of the sender Security+ Guide to Network Security Fundamentals, Third Edition

  17. NAT (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  18. Security through Network Technologies (continued) Port address translation (__________) A variation of NAT Each packet is ___________________________ but a __________________________________ Network Access Control (__________) Examines the ____________________________________ _________________ it is _________________ to the network Any device that does not meet a specified set of criteria is only allowed to connect to a ____________________ where the security deficiencies are corrected Once issues are resolved, the device is connected to the network Security+ Guide to Network Security Fundamentals, Third Edition

  19. NAC (continued) ___________ of NAC ____________________________ with sub-optimal security from potentially ______________________ through the network Methods for directing the client to a quarantined VLAN 1. Using a _____________________________ Client first leased an IP address from the quarantined VLAN pool, then later reassigned an IP from the “secure” pool 2. Using ______________________________ Client’s ARP pool is modified so that that client connects to the quarantined VLAN Security+ Guide to Network Security Fundamentals, Third Edition

  20. Different Approaches to NAC Security+ Guide to Network Security Fundamentals, Third Edition

  21. Applying Network Security Devices Devices which help protect the network from attack include: Firewalls Proxy servers Honeypots Network intrusion detection systems Host and network intrusion prevention systems Protocol analyzers Internet content filters Integrated network security hardware Security+ Guide to Network Security Fundamentals, Third Edition

  22. Firewall • Used to _______________ ______________ at the perimeter of the network • Packets that ________________ are allowed to pass through • Sometimes called a _____________________ • Designed to __________________________ from entering the network • A firewall can be _______________-based or ____________________-based • __________ firewalls usually are located _________ the network security _____________ • First line of defense- see next slide… Security+ Guide to Network Security Fundamentals

  23. Firewall (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  24. Firewall (continued) The basis of a firewall is a _____________ Establishes ___________ the firewall should take when it receives a packet (_____, _________, and _________) ____________packet filtering- see next slide Looks at the incoming packet and permits or denies it __________________________________ Provides some degree of protection but not as secure as… ____________packet filtering- see two slides down Keeps a ________________________ between an internal computer and an external server Then ________________________________ as well as the ______________________ Security+ Guide to Network Security Fundamentals, Third Edition

  25. Firewall (continued) Allows traffic in from any web server • this table is from the perspective of traffic coming into the network • if an attacker can discover a valid internal IP address, they can send any traffic through port 80 mimicking an HTML packet Security+ Guide to Network Security Fundamentals, Third Edition

  26. Firewall (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  27. Firewall (continued) _______________________ have gradually improved their functionality Runs as a _______ on a personal computer Most personal software firewalls today also ___________________ as well as _______ traffic Protects users bypreventing malware from connectingto other computers and spreading Disadvantage Only as strong as the OS of the computer OS weakness can be exploited Security+ Guide to Network Security Fundamentals, Third Edition

  28. Proxy Server A computer system (or an application program) that _________________________ and then _______________________ on behalf of the user Goal is to ____________________________ systems inside the secure network Can also make __________________________ as the proxy server will __________ recently requested Reverse proxy Does not serve clients but instead __________________ ____________________________________ Reverse proxy forwards requests to server Security+ Guide to Network Security Fundamentals, Third Edition

  29. Proxy Server (continued) IP address of proxy server Security+ Guide to Network Security Fundamentals, Third Edition

  30. Honeypot Intended to ________________________ A computer typically located in a _______ that is loaded with software and data files that __________ ________________________________ Actually imitations of real data files ___________ configured with ________________ _________ primary purposes of a honeypot: ____________________ away from legitimate servers ____________________ of new attacks Examine _________________________ Security+ Guide to Network Security Fundamentals, Third Edition

  31. Honeypot (continued) Types of honeypots ____________________ used mainly by _________________ to capture limited info ___________________ used by _____________, ________________ etc More complex to deploy and capture extensive info Information gained from studies using honeypots can be helpful in __________ _______________ and crafting defenses Security+ Guide to Network Security Fundamentals, Third Edition

  32. Network Intrusion Detection Systems (_____________) Watches for __________________ and ____________________________ NIDS work on the principle of _________ _____________ or acceptable behavior A NIDS looks for ________________ and will issue an alert Watches network traffic from a monitoring port Security+ Guide to Network Security Fundamentals, Third Edition

  33. NIDS (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  34. Functions a NIDS can Perform: _____________________ to filter out the IP address of the intruder Launch a separate ___________________________ ________ the packets in a file for _____________ Send an __________________________ file __________, page, or a cell phone message to the network administrator stating an attack is taking place ________________ session by forging a TCP FIN packet to force a connection to terminate Security+ Guide to Network Security Fundamentals, Third Edition

  35. Host and Network Intrusion Prevention Systems (HIPS/NIPS) Intrusion prevention system (_________) Finds malicious traffic and ___________________ Takes a proactive approach to security (instead of reactive) A typical IPS response may be to block all incoming traffic on a specific port Host intrusion prevention systems (______) Installed on _____________ (server or desktop) that needs to be protected Rely on _____________ installed directly on the system being protected Work closely with the ____________, monitoring and intercepting requests in order to prevent attacks Security+ Guide to Network Security Fundamentals, Third Edition

  36. HIPS/NIPS (continued) Most HIPS monitor the following desktop functions: _________ instruction that interrupts the program being executed and ________________________ ________________ is monitored to ensure file openings are based on _____________ needs _________________ settings _____________________ is monitored to watch for _______________ activity HIPS are designed to _____________ with existing antivirus, anti-spyware, and firewalls Security+ Guide to Network Security Fundamentals, Third Edition

  37. HIPS/NIPS (continued) Network intrusion prevention systems (___________) Works to protect the ____________________ ___________________ that are connected to it By monitoring network traffic NIPS can ________________________________ NIPS are special-purpose _______________ that analyze, detect, and react to security-related events Security+ Guide to Network Security Fundamentals, Third Edition

  38. Protocol Analyzers ______ ways for detecting a potential intrusion 1. Detecting ______________________ Significant deviation from established baseline raises an alarm 2. Examine network traffic and look for __________ ______________________ Reactive approach which uses a signature file for comparison 3. Use ___________________ to fully decode application-layer network protocols Different parts of the protocol can be analyzed for any suspicious behavior Security+ Guide to Network Security Fundamentals, Third Edition

  39. Internet Content Filters Monitor ______________ and __________ to ______________ Web sites and files A requested Web page is only displayed if it complies with the specified filters Unapproved Web sites can be _________ based on the Uniform Resource Locator (___________) or by matching ___________ Administrator can prevent entire files from being downloaded Security+ Guide to Network Security Fundamentals, Third Edition

  40. Integrated Network Security Hardware Most organizations use _______ (as opposed to software) security appliances to protect the network _____ types of hardware security appliances: _________ security appliances provide a ____________ ____________________ ________________ security appliances that provide ____________________________ranging from antivirus to encryption and IM control etc _______________ network security hardware Combines or __________________________________ _______________________ such as a switch or router Security+ Guide to Network Security Fundamentals, Third Edition

  41. Summary Subnetting involves dividing a network into subnets that are connected through a series of routers Similar to subnetting, a virtual LAN (VLAN) allows users who may be scattered across different floors of a building or campuses to be logically grouped Convergence is the integration of voice and data traffic over a single IP network Network technologies can also help secure a network Network address translation (NAT) Network access control (NAC) Security+ Guide to Network Security Fundamentals, Third Edition

  42. Summary (continued) Different network security devices can be installed to make a network more secure Network intrusion detection systems (NIDS) monitor the network for attacks and if one is detected will alert personnel or perform limited protection activities Internet content filters monitor Internet traffic and block attempts to visit restricted sites Security+ Guide to Network Security Fundamentals, Third Edition

More Related