FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Part06 infrastructure security
1. 3/7/2012
Contents
Crafting a Security Network
Applying Network Security Devices
Protocol Analyzers
Integrated Network Security Hardware
Network Defenses
A Defense-in-Depth Approach
IT Falcuty – DaLat University
March - 2012
2 Phan Thi Thanh Nga
Crafting a Security Network Security through Network Design
Security through Network Design Subnetting
Network segmentation/ Subnetting Instead of just having networks and hosts,
Virtual LAN (VLAN) using subnetting, networks can essentially be
Demilitarized Zone (DMZ) divided into three parts: network, subnet, and
host
Security through Network Technologies Each network can contain several subnets
Network Address Translation (NAT) and each subnet connected through different
Network Access Control (NAC) routers can contain multiple hosts
3 Phan Thi Thanh Nga 4 Phan Thi Thanh Nga
Security through Network Design Security through Network Design
Advantages of subnetting
5 Phan Thi Thanh Nga 6 Phan Thi Thanh Nga
1
2. 3/7/2012
Security through Network Design Security through Network Design
Subnetting: improve network security Subnetting: improve network security
Networks can be subnetted so that each Wireless subnetworks, research and
department, remote office, campus building, development subnetworks, finance
floor in a building, or group of users can have subnetworks, human resource subnetworks,
its own subnet address and subnetworks that face the Internet can all
Network administrators can utilize network be separate
security tools to make it easier to regulate The source of potential security issues can
who has access in and out of a particular be quickly addressed
subnetwork
7 Phan Thi Thanh Nga 8 Phan Thi Thanh Nga
Security through Network Design Security through Network Design
Subnetting: improve network security Virtual LAN (VLAN)
It allows network administrators to hide the ln most network environments, networks are
internal network layout divided or segmented by using switches to
This can make it more difficult for attackers divide the network into a hierarchy.
to target their attacks. Core switches reside at the top of the
hierarchy and carry traffic between switches,
while workgroup switches are connected
directly to the devices on the network
9 Phan Thi Thanh Nga 10 Phan Thi Thanh Nga
Security through Network Design Security through Network Design
Virtual LAN (VLAN)
Grouping by user can sometimes be difficult
because all users may not be in the same
location and served by the same switch.
Segment a network by separating devices
into logical groups. This is known as creating
a virtual LAN (VLAN)
VLANS can be isolated so that sensitive data
is transmitted only to members of the VLAN
11 Phan Thi Thanh Nga 12 Phan Thi Thanh Nga
2
3. 3/7/2012
Security through Network Design Security through Network Design
Virtual LAN (VLAN) Demilitarized Zone (DMZ)
VLANS can also be victims of attacks Devices that provide services to outside users
Because a VLAN is heavily dependent upon are most vulnerable to attack
the switch for correctly directing packets, If attackers are able to penetrate the security
of these servers,they may be able to access
devices on the internal LAN .
An additional level of security would be to
isolate these services in their own network.
13 Phan Thi Thanh Nga 14 Phan Thi Thanh Nga
Security through Network Design Security through Network Design
Demilitarized Zone (DMZ)
A demilitarized zone (DMZ) is a separate
network that sits outside the secure network
perimeter
Outside users can access the DM Z but
cannot enter the secure network
15 Phan Thi Thanh Nga 16 Phan Thi Thanh Nga
Security through Network Design Security through Network Design
Demilitarized Zone (DMZ): DMZ with
single firewall
A single firewall with three network interfaces
is used: the link to the lnternet, the DMZ, and
the secure internal LAN
this makes the firewall device a single point
of failure for the network
the firewall device also take care of all of the
traffic to both the DMZ and internal network
17 Phan Thi Thanh Nga 18 Phan Thi Thanh Nga
3
4. 3/7/2012
Security through Network Technologies Security through Network Technologies
Network Address Translation (NAT)
“You cannot attack what you cannot see” is
the security philosophy behind systems using
network address translation (NAT).
NAT hides the IP addresses of network
devices from attackers.
An attacker who captures the packet on the
lnternet cannot determine the actual IP address
of the sender
Without that address, it is more difficult to
identify and attack a computer
19 Phan Thi Thanh Nga 20 Phan Thi Thanh Nga
Security through Network Technologies Security through Network Technologies
Network Access Control (NAC)
NAC examines the current state of a system
or network device before it is allowed to
connect to the network
Any device that does not meet a specified set
of criteria, such as having the most current
antivirus signature or the software firewall
properly enabled is only allowed to connect to
a ''quarantine'' network where the security
deficiencies are corrected
21 Phan Thi Thanh Nga 22 Phan Thi Thanh Nga
Security through Network Technologies Security through Network Technologies
NAC process NAC process
The cient performs a self-assessment using a If the client is approved by the HRA it is
System Health Agent (SHA) to determine its issued a Health Certificate.
current security posture The HeaIth Certificate is then presented to the
The assessment, known as a Statement of network servers to verify that the client's
Hea1th (SoH), is sent to a server called the security condition has been approved.
Health Registration Authority (HRA). This If the client is not approved, it is connected to
server enforces the security policies of the a quarantine VLAN where the deficien-cies
network. It also integrates with other external are corrected, and then the computer is
authorities such as antivirus and patch allowed to connect to the network
management servers in order to retrieve
current configuration information
23 Phan Thi Thanh Nga 24 Phan Thi Thanh Nga
4
5. 3/7/2012
Security through Network Technologies Contents
NAC
NAC can be an effective tool for identifying Crafting a Security Network
and correcting systems that do not have
adequate security installed and preventing Applying Network Security Devices
these devices from infecting others.
Protocol Analyzers
Integrated Network Security Hardware
A Defense-in-Depth Approach
25 Phan Thi Thanh Nga 26 Phan Thi Thanh Nga
Applying Network Security Devices Applying Network Security Devices
Firewall Firewall
Proxy Server A firewall is a hardware or software
component designed to protect one network
Honey pots
from another
Network Intrusion Detection Systems Often, firewalls are deployed between a
(NIDS) private trusted network and a public untrusted
Host and Network Intrusion Prevention network (such as the Internet) or between two
Systems (HIPS/NIPS) networks that belong to the same organization
but are from different departments
27 Phan Thi Thanh Nga 28 Phan Thi Thanh Nga
Applying Network Security Devices Applying Network Security Devices
Firewall There are three basic types of
Firewalls manage traffic using filters. firewalls, plus an additional form
A filter is just a rule. If a packet meets the (stateful inspection) that combines the
identification criteria of a rule, then the action features of the first three
of that rule is applied. If a packet doesn’t meet Packet filter
the criteria of rule, then no action from that
Circuit-level gateway
rule is applied, and the next rule is checked.
Application-level gateway
Stateful inspection firewall
29 Phan Thi Thanh Nga 30 Phan Thi Thanh Nga
5
6. 3/7/2012
Firewall Firewall
Packet filter Circuit-level gateway
A packet filter firewall filters traffic based on A circuit-level gateway firewall filters traffic by
basic identification items found in a network monitoring the activity within a session
packet’s header between an internal trusted host and an
Packet-filtering firewalls operate at the external untrusted host.
Network layer (layer 3) of the OSI model This monitoring occurs at the Session layer
(layer 5) of the OSI model
31 Phan Thi Thanh Nga 32 Phan Thi Thanh Nga
Firewall Firewall
Application-level gateway Stateful inspection firewall
Filters traffic based on user access, group Combines features of the three basic firewall
membership, the application or service used, types and includes the ability to understand
or even the type of resources being the context of communications across multiple
transmitted. packets and across multiple layers.
This type of firewall operates at the
Application layer (layer 7) of the OSI model.
33 Phan Thi Thanh Nga 34 Phan Thi Thanh Nga
Firewall Applying Network Security Devices
Proxy
A proxy server is a computer system (or an
application program) that intercepts internal
user requests and then processes that
request on behalf of the user.
Similar to NAT, the goal of a proxy server is to
hide the IP address of client systems inside
the secure network.
35 Phan Thi Thanh Nga 36 Phan Thi Thanh Nga
6
7. 3/7/2012
Applying Network Security Devices Applying Network Security Devices
Reverse proxy
A reverse proxy does not serve clients but
instead routes incoming requests to the
correct server.
Requests for services are sent to the reverse
proxy that then forwards it to the server.
To the outside user the IP address of the
reverse proxy is the final IP address for
requesring services
Only the reverse proxy can access the
internal servers.
37 Phan Thi Thanh Nga 38 Phan Thi Thanh Nga
Applying Network Security Devices Applying Network Security Devices
Honeypot
A honeypot is a computer typically located in
a DMZ
Loaded with software and data files that
appear to be authentic, yet they are actually
imitations of real data files.
Intended to trap or trick attackers
39 Phan Thi Thanh Nga 40 Phan Thi Thanh Nga
Honeypot Applying Network Security Devices
There are three primary purposes of a Network Intrusion Detection Systems
honeypot: (NIDS)
Deflect attention Attempts to identify inappropriate activity
• direct an attacker's attention away from legitimate (same functionality as a burglar alarm system)
servers Host lntrusion Detection Systems (HIDS)
• encourages attackers to spend their time and attempt to monitor and possibly prevent
energy on the decoy server
attempts to attack a local system
Early warnings of new attacks
A network intrusion detection system (NIDS)
Examine attacker techniques watches for attempts to penetrate a network
41 Phan Thi Thanh Nga 42 Phan Thi Thanh Nga
7
8. 3/7/2012
Applying Network Security Devices Applying Network Security Devices
Host and Network Intrusion Prevention
Systems (HIPS/NIPS)
finds malicious traffic deals with it immediately
block all incoming traffic on a specific port
HIPS: monitoring and intercepting requests in
order to prevent attacks.
NIPS: work to protect the entire network and
all devices that are connected to it.
43 Phan Thi Thanh Nga 44 Phan Thi Thanh Nga
Contents Protocol Analyzers
There are three ways in which an
Crafting a Security Network
intrusion detection system or intrusion
prevention system can detect a
Applying Network Security Devices potential intrusion.
detect statistical anomalies.
Protocol Analyzers
examine network traffic and look for well-
Integrated Network Security Hardware
known patterns of attack, much like antivirus
scanning.
A Defense-in-Depth Approach
• the pattern lcgi-bin/pbf? usually indicates that an
attacker is attempting to access a vulnerable script
on a W eb server.
45 Phan Thi Thanh Nga 46 Phan Thi Thanh Nga
Protocol Analyzers Contents
Use protocol analyzer technology.
• Protocol analyzers can fully decode application-
Crafting a Security Network
layer network protocols
• Once these protocols are decoded, the different
Applying Network Security Devices
parts of the protocol can be analyzed for any
suspicious behavior.
Protocol Analyzers
Integrated Network Security Hardware
A Defense-in-Depth Approach
47 Phan Thi Thanh Nga 48 Phan Thi Thanh Nga
8
9. 3/7/2012
Integrated Network Security Hardware Integrated Network Security Hardware
lnformation can be protected either by Dedicated security appliances:
using software that runs on the device provide a single security service, such as
that is being protected or by a separate firewall or antivirus protection
hardware device. more easily scale as needs increase.
Software-only defenses are more often Multipurpose security appliances:
limited to home computers Provide multiple security functions, such as:
Most organizations use security Antispam and antiphishing, Antivirus and
antispyware, Bandwidth optimization, Content
hardware appliances.
filtering, Encryption, Firewall, lnstant
messaging control, lntrusion protection
system, Web filtering
49 Phan Thi Thanh Nga 50 Phan Thi Thanh Nga
Integrated Network Security Hardware Contents
Recent trend:
Combine or integrate multipurpose security Crafting a Security Network
appliances with a traditional network device
such as a switch or router to create integrated Applying Network Security Devices
network security hardware.
Advantage: these network devices already Protocol Analyzers
process every packet that flows across the
network. Integrated Network Security Hardware
A Defense-in-Depth Approach
51 Phan Thi Thanh Nga 52 Phan Thi Thanh Nga
A Defense-in-Depth Approach A Defense-in-Depth Approach
Defense in depth increases security by Defense-in-
Data
raising the cost of an attack. Depth
This system places multiple barriers Applications
between an attacker and your business Security Model Hosts
critical information resources: the
deeper an attacker tries to go, the Internal
harder it gets Perimeter
53 Phan Thi Thanh Nga 54 Phan Thi Thanh Nga
9
10. 3/7/2012
Network Defenses Network Segmentation
Network Segmentation
Access Points
Routers and Switches
Firewalls
Content Filtering
IDS / IPS
Remote Access
Event Management
Vulnerability Management
55 Phan Thi Thanh Nga 56 Phan Thi Thanh Nga
Network Access / Entry Points Network Access Points
Entry points into the network
infrastructure
Classify the access points
Develop a security risk profile for each
access point
Each access point presents a threat for
unauthorized and malicious access to
the network infrastructure.
57 Phan Thi Thanh Nga 58 Phan Thi Thanh Nga
Routers and Switches Simple Router & Switch Network
Typically responsible for transporting
data to all areas of the network
Sometimes overlooked as being able to
provide a defense layer
Capable of providing an efficient and
effective security role in a Defense-in-
Depth strategy
59 Phan Thi Thanh Nga 60 Phan Thi Thanh Nga
10
11. 3/7/2012
Firewalls Firewalls
First defenses thought of when working on a
Defense-in-Depth strategy
Provide granular access controls for a
network infrastructure
Firewall Types:
Packet filtering
Proxy based
Stateful Inspection
Continuing to increase their role by
performing application layer defenses on the
network
61 Phan Thi Thanh Nga 62 Phan Thi Thanh Nga
Content Filtering Content Filtering
Protection of application and data content
being delivered across the network
Content filtering looks for:
Virus
File attachments
SPAM
Erroneous Web Surfing
Proprietary / Intellectual Property
Commonly used network protocols:
SMTP, HTTP, FTP, and instant messaging
63 Phan Thi Thanh Nga 64 Phan Thi Thanh Nga
IDS / IPS IDS / IPS
Detect malicious network traffic and
unauthorized computer usage
Detection Strategies
Signature-based
Anomaly-based
Heuristic-based
Behavioral-based
View of traffic from a single point
Similar technologies are applied at the
host and network layers
65 Phan Thi Thanh Nga 66 Phan Thi Thanh Nga
11
12. 3/7/2012
Remote Access Remote Access
Identify all remote access points into
the network infrastructure.
Driven by the need to promote
business productivity
Expanding the perimeter
Requires strict access controls and
continuous activity monitor
67 Phan Thi Thanh Nga 68 Phan Thi Thanh Nga
Security Event Management Security Event Management
The collection and correlation events
on all devices attached to the network
infrastructure.
Provides insight into events which
would go unnoticed at other individual
defense layers
Provide automated alerts of suspicious
activity
69 Phan Thi Thanh Nga 70 Phan Thi Thanh Nga
Vulnerability Management Vulnerability Management
Continuous process of assessing and
evaluating the network infrastructure
Multiple views / perspectives
Integration with Patch Management and
ticketing systems
Configuration & maintenance validation
71 Phan Thi Thanh Nga 72 Phan Thi Thanh Nga
12
13. 3/7/2012
Additional Defenses References
Connecting the Hosts & Network James Michael Stewart, Security+ Fass
Security Policies Pass, Sybex, 2004
Network Admission Control (NAC) Mark Ciampa, Security+ Guide to Network
Authentication Services Security Fundamentals, Third Edition
Data Encryption
Jason A. Wessel, Network Security: A
Patch Management
Defense-in-Depth Approach, AVP Security
Application Layer Gateway Services, CADRE – Information Security
CEH v7, Module 16
73 Phan Thi Thanh Nga 74 Phan Thi Thanh Nga
13