160 likes | 266 Views
Agenda. Review route summarization Cisco acquire Sourcefire Review Final Exam. Route Summarization.
E N D
Agenda • Review route summarization • Cisco acquire Sourcefire • Review Final Exam
Route Summarization When you summarize routes in RIP, IGRP, EIGRP, or OSPF, you're replacing a series of routes with a summary route and mask. With RIP, IGRP, and EIGRP, this actually lessens the size of the routing update packet itself – multiple routes are replaced with the summary route. For instance, the routes 8.0.0.0/8, 9.0.0.0/8, 10.0.0.0/8, and 11.0.0.0/8 can be summarized as 8.0.0.0 252.0.0.0. Only the summary address will be found in the update packet, making it concise yet complete.
Route Summarization Summarizing routes can also make the routing table smaller, yet still allow for complete IP connectivity when done correctly. Using the above example, the four more-specific routes will be replaced by a single summary route. Since the entire routing table is parsed before the routing process is complete, keeping the routing table as small as possible does help speed the routing process as a whole.
Route Summarization Route summarization is all about making the routing table smaller. The larger the routing table the inefficient the router becomes i.e when the packet comes/goes out of the router the router has to check against all the routing table entries and find the best routes. route summarization shrinks the routing table.
Sourcefire Sourcefire, Inc develops network security hardware and software. The company's FirePOWER network security appliances are based on Snort, an open-source intrusion detection system (IDS). Sourcefire delivers effective, highly automated security through continuous awareness, detection and protection across its industry-leading portfolio, including next-generation intrusion prevention systems, next-generation firewall, and advanced malware protection.
Snort Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines signature, protocol and anomaly based inspection methods. Developed in tandem with the Snort open source community, its developers claim it is the most widely deployed intrusion detection and prevention technology worldwide.
Network Hardening Consider the range of difficulty for penetrating a attack surface on a building. Envision, starting with the easiest entry points to the most difficult entry points. Certainly unlocked doors and windows are much easier to enter than digging a tunnel underneath the building, however, we shouldn’t exclude the possibility of entering through the ventilation shaft. We take this analogy then and apply it to a single Linux system (the same analysis may be performed for groups of systems).
Network Hardening In order to determine the possible attack vectors for any system installation, we must have a full understanding for the server’s role. The primary attack vector for network-based applications is the network. Similarly, the primary attack vector for systems where the application is primarily non-network-based is usually through the file system or via inter-process communication of some form.
Network Hardening The most common tool used for hardening the network layer is a firewall with a policy of default-deny for both inbound and outbound access. A common mistake in firewall configuration on the host is to filter only inbound traffic. A well configured firewall will have default-deny of inbound and outbound traffic with strict exceptions made which exactly fit the application. Earlier we discussed that an attacker must download their toolkit so they can proceed effectively at compromising the system, thus, when properly configured, outbound filtering will block most attempts at toolkit retrieval.
Network Hardening Network security hardening for a specific application extends into the process space, such that we can allow or deny access down to a per-user granularity. For example, one user may need FTP access, while another user requires email access and we can restrict each user to only the access that they require for proper functionality (formally, this is known as separation of duty.)
Network Hardening Secure network devices are foundational to the security of mission-critical networks and business data. Vulnerable devices potentially open the door to attacks that can compromise a network’s security defenses