Transcript Document
Network Security and Firewalls Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 1: What Is Security Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • • • • • Define security Explain the need for network security Identify resources that need security Identify the two general security threat types List security standards and organizations What Is Security? • • • • LANs WANs VPNs Network perimeters Hacker Statistics • One of every five Internet sites has experienced a security breach • Losses due to security breaches are estimated at $10 billion each year • Intrusions have increased an estimated 50 percent in the past year What Is the Risk? • Categorizing attacks • Countering attacks systematically The Myth of 100-Percent Security • Security as balance • Security policies Attributes of an Effective Security Matrix • • • • • Allows access control Easy to use Appropriate cost of ownership Flexible and scalable Superior alarming and reporting What You Are Trying to Protect • • • • End user resources Network resources Server resources Information storage resources Who Is the Threat? • Casual attackers • Determined attackers • Spies Security Standards • Security services – Authentication – Access control – Data confidentiality – Data integrity – Nonrepudiation • Security mechanisms – The Orange Book Summary Define security Explain the need for network security Identify resources that need security Identify the two general security threat types List security standards and organizations Lesson 2: Elements of Security Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Formulate the basics of an effective security policy • Identify the key user authentication methods • Explain the need for access control methods • Describe the function of an access control list Objectives (cont’d) • List the three main encryption methods used in internetworking • Explain the need for auditing Elements of Security Audit Administration Encryption Access Control User Authentication Corporate Security Policy The Security Policy • • • • • • • Classify systems Prioritize resources Assign risk factors Define acceptable and unacceptable activities Define measures to apply to resources Define education standards Assign policy administration Encryption • Encryption categories – Symmetric – Asymmetric – Hash • Encryption strength Authentication • Authentication methods – Proving what you know – Showing what you have – Demonstrating who you are – Identifying where you are Specific Authentication Techniques • Kerberos • One-time passwords Access Control • Access Control List – Objects • Execution Control List – Sandboxing Auditing • Passive auditing • Active auditing Security Tradeoffs and Drawbacks • Increased complexity • Slower system response time Summary Formulate the basics of an effective security policy Identify the key user authentication methods Explain the need for access control methods Describe the function of an access control list Summary (cont’d) List the three main encryption methods used in internetworking Explain the need for auditing Lesson 3: Applied Encryption Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Create a trust relationship using public-key cryptography • List specific forms of symmetric, asymmetric, and hash encryption • Deploy PGP in Windows 2000 and Linux Creating Trust Relationships • Manually • Automatically Rounds, Parallelization and Strong Encryption • Round – Discrete part of the encryption process • Parallelization – Use of multiple processes, processors or machines to work on cracking one encryption algorithm • Strong encryption – Use of any key longer than 128 bits Symmetric-Key Encryption • One key is used to encrypt and decrypt messages Symmetric Algorithms • Data encryption standard • Triple DES • Symmetric algorithms created by RSA Security Corporation • International Data Encryption Algorithm • • • • • • • Blowfish Twofish Skipjack MARS Rijndael Serpent Advanced Encryption Standard Asymmetric Encryption • Asymmetric-key encryption elements – RSA – DSA – Diffie-Hellman Hash Encryption • Signing • Hash algorithms – MD2, MD4, and MD5 – Secure hash algorithm Applied Encryption Processes • • • • • E-mail PGP and GPG S-MIME Encrypting drives Web server encryption Summary Create a trust relationship using public-key cryptography List specific forms of symmetric, asymmetric, and hash encryption Deploy PGP in Windows 2000 and Linux Lesson 4: Types of Attacks Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Describe specific types of security attacks • Recognize specific attack incidents Brute-Force and Dictionary Attacks • Brute-force attack – Repeated access attempts • Dictionary attack – Customized version of brute-force attack System Bugs and Back Doors • Buffer overflow • Trojans and root kits Social Engineering and Nondirect Attacks • • • • • • • Call and ask for the password Fraudulent e-mail DOS and DDOS attacks Spoofing Trojans Information leakage Hijacking and man-in-the-middle attacks Summary Describe specific types of security attacks Recognize specific attack incidents Lesson 5: General Security Principles Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Describe the universal guidelines and principles for effective network security • Use universal guidelines to create effective specific solutions Common Security Principles • Be paranoid • Have a security policy • No system stands alone • Minimize damage • Deploy companywide enforcement • Provide training • Integrate security strategies • Place equipment according to needs • Identify security business issues • Consider physical security Summary Describe the universal guidelines and principles for effective network security Use universal guidelines to create effective specific solutions Lesson 6: Protocol Layers and Security Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • List the protocols that pass through a firewall • Identify potential threats at different layers of the TCP/IP stack TCP/IP and Network Security • The Internet and TCP/IP were not designed around strong security principles The TCP/IP Suite and the OSI Reference Model • • • • • • • Physical layer Network layer Transport layer Application layer Presentation layer Session layer Data link layer TCP/IP Packet Construction Application Message: e-mail, FTP, Telnet TCP Segment Header Body IP Datagram Header Body Ethernet Frames Header Body Trailer Summary List the protocols that pass through a firewall Identify potential threats at different layers of the TCP/IP stack Lesson 7: Securing Resources Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Consistently apply security principles • Secure TCP/IP services • Describe the importance of testing and evaluating systems and services • Discuss network security management applications Implementing Security • • • • • Categorize resources and needs Define a security policy Secure each resource and service Log, test, and evaluate Repeat the process and keep current Resources and Services • Protecting services – Protect against profiling – Coordinate methods and techniques – Protect services by changing default settings – Remove unnecessary services Protecting TCP/IP Services • The Web Server – CGI scripts – CGI and programming • Securing IIS • Additional HTTP servers • FTP servers – Access control Simple Mail Transfer Protocol • • • • The Internet Worm The Melissa virus E-mail and virus scanning Access control measures Testing and Evaluating • Testing existing systems Security Testing Software • Specific tools – Network scanners – Operating system add-ons – Logging and log analysis tools Security and Repetition • Understanding the latest exploits Summary Consistently apply security principles Secure TCP/IP services Describe the importance of testing and evaluating systems and services Discuss network security management applications Lesson 8: Firewalls and Virtual Private Networks Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Describe the role a firewall plays in a company’s security policy • Define common firewall terms • Describe packet-filtering rules • Describe circuit-level gateways • Configure an application-level gateway • Explain PKI • Discuss public keys and VPNs The Role of a Firewall • • • • Implement a company’s security policy Create a choke point Log Internet activity Limit network host exposure Firewall Terminology • • • • • • • Packet filter Proxy server NAT Bastion host Operating system hardening Screening and choke routers DMZ Creating Packet Filter Rules • Process – Packet filters work at the network layer of the OSI/RM • Rules and fields Packet Filter Advantages and Disadvantages • • • • Drawbacks Stateful multi-layer inspection Popular packet-filtering products Using the ipchains and iptables commands in Linux Configuring Proxy Servers • Recommending a proxy-oriented firewall • Advantages and disadvantages – Authentication – Logging and alarming – Caching – Reverse proxies and proxy arrays – Client configuration – Speed Remote Access and Virtual Private Networks • • • • • • Virtual network perimeter Tunneling protocols IPsec ESP PPTP L2TP Public Key Infrastructure (PKI) • Standards – Based on X.509 standard • Terminology • Certificates Summary Describe the role a firewall plays in a company’s security policy Define common firewall terms Describe packet-filtering rules Describe circuit-level gateways Configure an application-level gateway Explain PKI Discuss public keys and VPNs Lesson 9: Levels of Firewall Protection Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Plan a firewall system that incorporates several levels of protection • Describe the four types of firewall systems design and their degrees of security • Implement a packet-filtering firewall Firewall Strategies and Goals • • • • • Resource placement Physical access points Site administration Monitoring tools Hardware Building a Firewall • Design principles – Keep design simple – Make contingency plans Types of Bastion Hosts • Single-homed bastion host • Dual-homed bastion host • Single-purpose bastion hosts – Internal bastion hosts Hardware Issues • Operating system • Services • Daemons Common Firewall Designs • • • • Screening routers Screened host firewall (single-homed bastion) Screened host firewall (dual-homed bastion) Screened subnet firewall (demilitarized zone) Summary Plan a firewall system that incorporates several levels of protection Describe the four types of firewall systems design and their degrees of security Implement a packet-filtering firewall Lesson 10: Detecting and Distracting Hackers Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Customize your network to manage hacker activity • Implement proactive detection • Distract hackers and contain their activity • Set traps • Deploy Tripwire for Linux Proactive Detection • • • • Automated security scans Login scripts Automated audit analysis Checksum analysis Distracting the Hacker • • • • • Dummy accounts Dummy files Dummy password files Tripwires and automated checksums Jails Punishing the Hacker • Methods • Tools Summary Customize your network to manage hacker activity Implement proactive detection Distract hackers and contain their activity Set traps Deploy Tripwire for Linux Lesson 11: Incident Response Copyright © 2002 ProsoftTraining. All rights reserved. Objectives • Respond appropriately to a security breach • Identify some of the security organizations that can help you in case your system is attacked • Subscribe to respected security alerting organizations Decide Ahead of Time • Itemize a detailed list of procedures • Include the list in a written policy • Be sure all employees have a copy Incident Response • • • • • • Do not panic Document everything Assess the situation Stop or contain the activity Execute the response plan Analyze and learn Summary Respond appropriately to a security breach Identify some of the security organizations that can help you in case your system is attacked Subscribe to respected security alerting organizations Network Security and Firewalls What Is Security? Elements of Security Applied Encryption Types of Attacks General Security Principles Protocol Layers and Security Network Security and Firewalls Securing Resources Firewalls and Virtual Private Networks Levels of Firewall Protection Detecting and Distracting Hackers Incident Response