IS 6973

1
IS 6973

• Secure Network Design
• Chapter Eight
• Common Application Design Considerations

2
Chapter Focus

• Best Practices for deployment of
• Email
• DNS
• HTTP/HTTPS
• FTP

3
E-Mail

• Focus on separating internal and external mail
  and providing for network virus scanning via
  server-based email filtering
• Basic Two-Tier E-mail Design (Fig. 8-1) Used on
  small and mid-size networks - uses both internal
  and external mail server. Internal mail server
  allows internal communication and forwards mail
  intended for outside to external mail server
• Distributed Two-Tier E-mail Design - (Fig. 8-2)
  for larger networks multiple servers for POP3
  and SNMP dedicated server(s) for email antivirus
  processing

4
Mail Application Design Recommendations

• Allow external servers to relay outbound mail
  only when sent from internal servers. Prevents
  others from using your external servers as blind
  relays, allowing forged email, such as spam
• Lock down the SMTP relay application

5
DNS

• Dont put all DNS servers in one place makes
  them vulnerable to DoS
• Have more than one authoritative DNS server
  could still be hit with DoS against authoritative
  server
• Make external DNS servers non-recursive
  responders only DNS server responds with best
  known answer and will not make further queries
• Protect internal recursive DNS servers
• Limit zone transfers to authorized servers
• An answer to a DNS query to list all DNS
  information (such as Name Servers, host names,
  Time To Live (TTL) records, etc) for a Domain
• Attacker can use this info for spoofing can also
  compromise DNS data integrity

6
HTTP/HTTPS

• Dependent upon application security, web
  security, and concerned about limiting exposure
  and gaining visibility of potential attacks

7
Simple Web Design

• If content is static, design is straightforward
• Firewall can be configured to allow only TCP 80
  traffic into the web server

8
Two-Tier Web Design (Fig. 8-7)

• If have web applications and a database server,
  content is dynamic, and will probably need to
  process input from user
• Best to separate functions
• Web server displays content to the user
• Application/database server processes user input
  and generates the content
• Web server is only device that can communicate
  with application/database server

9
Three-Tier Web Design

• All of the above plus accommodates the security
  requirements entrusted customer data
• Separates application and database servers (Fig.
  8-8 (3 firewalls) and Fig. 8-9 (2 firewalls).

10
FTP

• Active Mode Default FTP mode server opens a
  connection to the client in addition to client
  having a connection with the server
• Passive Mode more secure option all
  communications are initiated by the client

11
Application Evaluation

• Is the application worth evaluating? If
  likelihood of attack and potential impact are
  both low, spend your time and money elsewhere
• Obtain documentation from vendor
• Use a sniffer to capture packets off the wire.
  Are the payload and/or authentication information
  secure? If not, reassess
• Sniff to determine how the protocol works. Does
  it use well-known or random ports? Does it
  change ports based on imbedded information?
• Review the source code, if possible

12
Potential Results of the Evaluation

• Application highly insecure and not salvageable.
  Quarantine until you can replace
• Application risk can be mitigated. May need to
  add controls such as cryptology and secure
  tunneling
• Application is fine as it is

13
For Case

• Refer to DNS filtering case studies pp.
  308-310.
• Do you need a web interface? Why? What type of
  web design is best for your company?

14
Chapter Eight Review Questions

• Discuss the best practices for the deployment of
• Email
• DNS
• HTTP/HTTPS
• FTP
• Discuss potential steps for evaluating an
  application.