security+ guide to network security fundamentals, third edition chapter 5 network defenses
Post on 22-Dec-2015
229 Views
Preview:
TRANSCRIPT
Security+ Guide to Network Security Fundamentals, Third Edition
Objectives
Explain how to enhance security through network design
Define network address translation and network access control
List the different types of network security devices and explain how they can be used
2
Security+ Guide to Network Security Fundamentals, Third Edition
Crafting a Secure Network
A common mistake in network security Attempt to _____________________________
that was poorly conceived and implemented __________________________
Securing a network begins with the ___________ of the network and includes _____________________ technologies
3
Security through Network Design Network Design elements include:
__________________ ___________________ Planning for __________________ Creating ______________________
More to come on each of these…
Security+ Guide to Network Security Fundamentals, Third Edition
Subnetting- Review of CSN120 What does the IP address identify and what
comprises an IP address? Subnetting or subnet addressing
Allows an IP address to be subdivided Networks can essentially be divided into three
parts: ______________________________
5
Security+ Guide to Network Security Fundamentals, Third Edition
Subnetting-(continued) Security is ______________________ a
single network into multiple ______________ isolates groups of hosts
Makes it ________________ who has access in and out of a particular subnetwork Properly subnetted networks include addresses
which are ________________________________ Subnets also allow network administrators to
__________________________________
6
Security+ Guide to Network Security Fundamentals, Third Edition
Virtual LAN (VLAN)
Networks are generally segmented by using ______________________
A __________ allows scattered users to be ________________ together even though they may be attached to different switches
Can _______________________ and provide a degree of __________ similar to subnetting: VLANs can be isolated so that sensitive data is
transmitted only to _______________________
7
Security+ Guide to Network Security Fundamentals, Third Edition 8
On 3 different floors connected to 3 different switches but only to 1 VLAN
More powerful switch which carries traffic between switches
Connected directly to the devices on the network
Security+ Guide to Network Security Fundamentals, Third Edition
Virtual LAN (continued)
VLAN communication can take place in _____ ways: All devices are connected to the _______________
Traffic is handled by the switch itself Devices are connected to different switches
A special “tagging” ___________ must be used, such as the IEEE __________________________
A VLAN is heavily dependent upon the switch for _________________________________ ________________________ (and also possibly VLANs)
that attempt to exploit vulnerabilities such as weak passwords or default accounts are __________________
9
Security+ Guide to Network Security Fundamentals, Third Edition
Convergence ___________________________ of communication
and technology over a ______________________ Example: voice, video and data traffic combined over a
single IP network such as Voice over IP (VoIP) Advantages of convergence:
__________________________ Management of a __________________ for all applications Applications ____________________ and at a lower cost Infrastructure requirements _________________ Reduced __________________________ the Internet is
basically unregulated Increased ______________________ ___________________________ since only one network
must be managed and defended
10
Security+ Guide to Network Security Fundamentals, Third Edition 11
Convergence (continued)
Vulnerabilities still exist
Defenses include ________________________ , installing __________ and _______________________ VoIP applications
Security+ Guide to Network Security Fundamentals, Third Edition
Demilitarized Zone (___________) A __________________ that sits _________
the secure network perimeter __________________ can access the DMZ
but cannot enter the secure network Devices within the DMZ are often most
___________________________ These devices- ex: Web and e-mail servers- must
be isolated in there own network and separate from the internal network
12
Security+ Guide to Network Security Fundamentals, Third Edition 13
DMZ (continued)
First design approach consists of one firewall…
Single point of failure and responsible for all traffic flow
Security+ Guide to Network Security Fundamentals, Third Edition 14
Security through Network Design (continued)
Second design approach consists of two firewalls…
More secure- two separate firewalls would have to be breached to reach the internal network
Security through Network Technologies Two technologies that help secure a network
are:1. Network Address Translation (_____)
2. Network Access Control (________)
More to come on each of these…
Security+ Guide to Network Security Fundamentals, Third Edition
Network Address Translation (_____) ____________________________ of network
devices from attackers Uses _______________________
What are Private Addresses? NAT ___________________________ from the
sender’s packet And replaces it with an _____________________ NAT software maintains a table with address mappings
When a packet is returned, the process is ________ An attacker who captures the packet on the Internet
cannot determine the actual IP address of the sender
16
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network Technologies (continued)
Port address translation (__________) A variation of NAT Each packet is ___________________________ but a
__________________________________ Network Access Control (__________)
Examines the ____________________________________ _________________ it is _________________ to the network
Any device that does not meet a specified set of criteria is only allowed to connect to a ____________________ where the security deficiencies are corrected Once issues are resolved, the device is connected to the
network
18
Security+ Guide to Network Security Fundamentals, Third Edition
NAC (continued) ___________ of NAC
____________________________ with sub-optimal security from potentially ______________________ through the network
Methods for directing the client to a quarantined VLAN1. Using a _____________________________
Client first leased an IP address from the quarantined VLAN pool, then later reassigned an IP from the “secure” pool
2. Using ______________________________ Client’s ARP pool is modified so that that client connects to
the quarantined VLAN
19
Security+ Guide to Network Security Fundamentals, Third Edition
Applying Network Security Devices Devices which help protect the network from
attack include: Firewalls Proxy servers Honeypots Network intrusion detection systems Host and network intrusion prevention systems Protocol analyzers Internet content filters Integrated network security hardware
21
Firewall Used to _______________ ______________ at the
perimeter of the network Packets that ________________ are allowed to pass through
Sometimes called a _____________________ Designed to __________________________ from
entering the network A firewall can be _______________-based or
____________________-based __________ firewalls usually are located
_________ the network security _____________ First line of defense- see next slide…
Security+ Guide to Network Security Fundamentals 22
Security+ Guide to Network Security Fundamentals, Third Edition
Firewall (continued) The basis of a firewall is a _____________
Establishes ___________ the firewall should take when it receives a packet (_____, _________, and _________)
____________ packet filtering- see next slide Looks at the incoming packet and permits or denies it
__________________________________ Provides some degree of protection but not as secure as…
____________ packet filtering- see two slides down Keeps a ________________________ between an internal
computer and an external server Then ________________________________ as well as
the ______________________
24
Security+ Guide to Network Security Fundamentals, Third Edition 25
Firewall (continued)
Allows traffic in from any web server
• this table is from the perspective of traffic coming into the network
• if an attacker can discover a valid internal IP address, they can send any traffic through port 80 mimicking an HTML packet
Security+ Guide to Network Security Fundamentals, Third Edition
Firewall (continued)
_______________________ have gradually improved their functionality Runs as a _______ on a personal computer Most personal software firewalls today also
___________________ as well as _______ traffic Protects users by preventing malware from connecting
to other computers and spreading Disadvantage
Only as strong as the OS of the computer OS weakness can be exploited
27
Security+ Guide to Network Security Fundamentals, Third Edition
Proxy Server A computer system (or an application program) that
_________________________ and then _______________________ on behalf of the user
Goal is to ____________________________ systems inside the secure network
Can also make __________________________ as the proxy server will __________ recently requested
Reverse proxy Does not serve clients but instead __________________
____________________________________ Reverse proxy forwards requests to server
28
Security+ Guide to Network Security Fundamentals, Third Edition 29
Proxy Server (continued)
IP address of proxy server
Security+ Guide to Network Security Fundamentals, Third Edition
Honeypot Intended to ________________________ A computer typically located in a _______ that is
loaded with software and data files that __________ ________________________________ Actually imitations of real data files
___________ configured with ________________ _________ primary purposes of a honeypot:
____________________ away from legitimate servers ____________________ of new attacks Examine _________________________
30
Security+ Guide to Network Security Fundamentals, Third Edition
Honeypot (continued)
Types of honeypots ____________________ used mainly by
_________________ to capture limited info ___________________ used by _____________,
________________ etc More complex to deploy and capture extensive info
Information gained from studies using honeypots can be helpful in __________ _______________ and crafting defenses
31
Security+ Guide to Network Security Fundamentals, Third Edition
Network Intrusion Detection Systems (_____________) Watches for __________________ and
____________________________ NIDS work on the principle of _________
_____________ or acceptable behavior A NIDS looks for ________________ and will
issue an alert Watches network traffic from a monitoring
port
32
Security+ Guide to Network Security Fundamentals, Third Edition
Functions a NIDS can Perform: _____________________ to filter out the IP address
of the intruder Launch a separate ___________________________ ________ the packets in a file for _____________ Send an __________________________ file __________, page, or a cell phone message to the
network administrator stating an attack is taking place
________________ session by forging a TCP FIN packet to force a connection to terminate
34
Security+ Guide to Network Security Fundamentals, Third Edition
Host and Network Intrusion Prevention Systems (HIPS/NIPS) Intrusion prevention system (_________)
Finds malicious traffic and ___________________ Takes a proactive approach to security (instead of reactive) A typical IPS response may be to block all incoming traffic
on a specific port Host intrusion prevention systems (______)
Installed on _____________ (server or desktop) that needs to be protected
Rely on _____________ installed directly on the system being protected Work closely with the ____________, monitoring and
intercepting requests in order to prevent attacks
35
Security+ Guide to Network Security Fundamentals, Third Edition
HIPS/NIPS (continued) Most HIPS monitor the following desktop
functions: _________ instruction that interrupts the program
being executed and ________________________ ________________ is monitored to ensure file
openings are based on _____________ needs _________________ settings _____________________ is monitored to watch for
_______________ activity HIPS are designed to _____________ with
existing antivirus, anti-spyware, and firewalls
36
Security+ Guide to Network Security Fundamentals, Third Edition
HIPS/NIPS (continued) Network intrusion prevention systems
(___________) Works to protect the ____________________
___________________ that are connected to it By monitoring network traffic NIPS can
________________________________ NIPS are special-purpose _______________
that analyze, detect, and react to security-related events
37
Security+ Guide to Network Security Fundamentals, Third Edition
Protocol Analyzers ______ ways for detecting a potential intrusion
1. Detecting ______________________ Significant deviation from established baseline raises an
alarm
2. Examine network traffic and look for __________ ______________________ Reactive approach which uses a signature file for
comparison
3. Use ___________________ to fully decode application-layer network protocols Different parts of the protocol can be analyzed for any
suspicious behavior
38
Security+ Guide to Network Security Fundamentals, Third Edition
Internet Content Filters
Monitor ______________ and __________ to ______________ Web sites and files A requested Web page is only displayed if it
complies with the specified filters Unapproved Web sites can be _________
based on the Uniform Resource Locator (___________) or by matching ___________ Administrator can prevent entire files from being
downloaded
39
Security+ Guide to Network Security Fundamentals, Third Edition
Integrated Network Security Hardware Most organizations use _______ (as opposed to software)
security appliances to protect the network _____ types of hardware security appliances:
_________ security appliances provide a ____________ ____________________
________________ security appliances that provide ____________________________ ranging from antivirus to encryption and IM control etc
_______________ network security hardware Combines or __________________________________
_______________________ such as a switch or router
40
Security+ Guide to Network Security Fundamentals, Third Edition
Summary Subnetting involves dividing a network into subnets
that are connected through a series of routers Similar to subnetting, a virtual LAN (VLAN) allows
users who may be scattered across different floors of a building or campuses to be logically grouped
Convergence is the integration of voice and data traffic over a single IP network
Network technologies can also help secure a network Network address translation (NAT) Network access control (NAC)
41
Security+ Guide to Network Security Fundamentals, Third Edition
Summary (continued)
Different network security devices can be installed to make a network more secure
Network intrusion detection systems (NIDS) monitor the network for attacks and if one is detected will alert personnel or perform limited protection activities
Internet content filters monitor Internet traffic and block attempts to visit restricted sites
42
top related