Title: Network%20Security%20and%20Firewalls
1Network Securityand Firewalls
2Lesson 1What Is Security
3Objectives
- Define security
- Explain the need for network security
- Identify resources that need security
- Identify the two general security threat types
- List security standards and organizations
4What Is Security?
- LANs
- WANs
- VPNs
- Network perimeters
5Hacker Statistics
- One of every five Internet sites has experienced
a security breach - Losses due to security breaches are estimated at
10 billion each year - Intrusions have increased an estimated 50 percent
in the past year
6What Is the Risk?
- Categorizing attacks
- Countering attacks systematically
7The Myth of 100-Percent Security
- Security as balance
- Security policies
8Attributes of anEffective Security Matrix
- Allows access control
- Easy to use
- Appropriate cost of ownership
- Flexible and scalable
- Superior alarming and reporting
9What You AreTrying to Protect
- End user resources
- Network resources
- Server resources
- Information storage resources
10Who Is the Threat?
- Casual attackers
- Determined attackers
- Spies
11Security Standards
- Security services
- Authentication
- Access control
- Data confidentiality
- Data integrity
- Nonrepudiation
- Security mechanisms
- The Orange Book
12Summary
- Define security
- Explain the need for network security
- Identify resources that need security
- Identify the two general security threat types
- List security standards and organizations
13Lesson 2Elements of Security
14Objectives
- Formulate the basics of an effective security
policy - Identify the key user authentication methods
- Explain the need for access control methods
- Describe the function of an access control list
15Objectives (contd)
- List the three main encryption methods used in
internetworking - Explain the need for auditing
16Elements of Security
Audit
Administration
Encryption
Access Control
User Authentication
Corporate Security Policy
17The Security Policy
- Classify systems
- Prioritize resources
- Assign risk factors
- Define acceptable and unacceptable activities
- Define measures to apply to resources
- Define education standards
- Assign policy administration
18Encryption
- Encryption categories
- Symmetric
- Asymmetric
- Hash
- Encryption strength
19Authentication
- Authentication methods
- Proving what you know
- Showing what you have
- Demonstrating who you are
- Identifying where you are
20SpecificAuthentication Techniques
- Kerberos
- One-time passwords
21Access Control
- Access Control List
- Objects
- Execution Control List
- Sandboxing
22Auditing
- Passive auditing
- Active auditing
23Security Tradeoffsand Drawbacks
- Increased complexity
- Slower system response time
24Summary
- Formulate the basics of an effective security
policy - Identify the key user authentication methods
- Explain the need for access control methods
- Describe the function of an access control list
25Summary (contd)
- List the three main encryption methods used in
internetworking - Explain the need for auditing
26Lesson 3Applied Encryption
27Objectives
- Create a trust relationship using public-key
cryptography - List specific forms of symmetric, asymmetric, and
hash encryption - Deploy PGP in Windows 2000 and Linux
28Creating Trust Relationships
29Rounds, Parallelizationand Strong Encryption
- Round
- Discrete part of the encryption process
- Parallelization
- Use of multiple processes, processors or machines
to work on cracking one encryption algorithm - Strong encryption
- Use of any key longer than 128 bits
30Symmetric-KeyEncryption
- One key is used to encrypt and decrypt messages
31SymmetricAlgorithms
- Data encryption standard
- Triple DES
- Symmetric algorithms created by the RSA Security
Corporation - International Data Encryption Algorithm
- Blowfish and Twofish
- Skipjack
- MARS
- Rijndael and Serpent
- Advanced Encryption Standard
32Asymmetric Encryption
- Asymmetric-key encryption elements
- RSA
- DSA
- Diffie-Hellman
33Hash Encryption
- Signing
- Hash algorithms
- MD2, MD4, and MD5
- Secure hash algorithm
34AppliedEncryption Processes
- E-mail
- PGP and GPG
- S-MIME
- Encrypting drives
- Web server encryption
35Summary
- Create a trust relationship using public-key
cryptography - List specific forms of symmetric, asymmetric, and
hash encryption - Deploy PGP in Windows 2000 and Linux
36Lesson 4Types of Attacks
37Objectives
- Describe specific types of security attacks
- Recognize specific attack incidents
38Brute-Force andDictionary Attacks
- Brute-force attack
- Repeated access attempts
- Dictionary attack
- Customized version of brute-force attack
39System Bugs and Back Doors
- Buffer overflow
- Trojans and root kits
40Social Engineeringand Nondirect Attacks
- Call and ask for the password
- Fraudulent e-mail
- DOS and DDOS attacks
- Spoofing
- Trojans
- Information leakage
- Hijacking and man-in-the-middle attacks
41Summary
- Describe specific types of security attacks
- Recognize specific attack incidents
42Lesson 5General Security Principles
43Objectives
- Describe the universal guidelines and principles
for effective network security - Use universal guidelines to create effective
specific solutions
44CommonSecurity Principles
- Be paranoid
- Have a security policy
- No system stands alone
- Minimize the damage
- Deploy companywide enforcement
- Provide training
- Integrate security strategies
- Place equipment according to needs
- Identify security business issues
- Consider physical security
45Summary
- Describe the universal guidelines and principles
for effective network security - Use universal guidelines to create effective
specific solutions
46Lesson 6Protocol Layersand Security
47Objectives
- List the protocols that pass through a firewall
- Identify potential threats at different layers of
the TCP/IP stack
48TCP/IP andNetwork Security
- The Internet and TCP/IP were not designed around
strong security principles
49The TCP/IP Suite andthe OSI Reference Model
- Physical layer
- Network layer
- Transport layer
- Application layer
- Presentation layer
- Session layer
- Data link layer
50TCP/IPPacket Construction
Application Message e-mail, FTP, Telnet
TCP Segment
Header Body
IP Datagram
Header Body
Ethernet Frames
Header Body Trailer
51Summary
- List the protocols that pass through a firewall
- Identify potential threats at different layers of
the TCP/IP stack
52Lesson 7Securing Resources
53Objectives
- Consistently apply security principles
- Secure TCP/IP services
- Describe the importance of testing and evaluating
systems and services - Discuss network security management applications
54Implementing Security
- Categorize resources and needs
- Define a security policy
- Secure each resource and service
- Log, test, and evaluate
- Repeat the process and keep current
55Resources and Services
- Protecting services
- Protect against profiling
- Coordinate methods and techniques
- Protect services by changing default settings
- Remove unnecessary services
56ProtectingTCP/IP Services
- The Web Server
- CGI scripts
- CGI and programming
- Securing IIS
- Additional HTTP servers
- FTP servers
- Access control
57Simple MailTransfer Protocol
- The Internet Worm
- The Melissa virus
- E-mail and virus scanning
- Access control measures
58Testing and Evaluating
59Security Testing Software
- Specific tools
- Network scanners
- Operating system add-ons
- Logging and log analysis tools
60Security and Repetition
- Understanding the latest exploits
61Summary
- Consistently apply security principles
- Secure TCP/IP services
- Describe the importance of testing and evaluating
systems and services - Discuss network security management applications
62Lesson 8Firewalls andVirtual Private Networks
63Objectives
- Describe the role a firewall plays in a companys
security policy - Define common firewall terms
- Describe packet-filtering rules
- Describe circuit-level gateways
- Configure an application-level gateway
- Explain PKI
- Discuss public keys and VPNs
64The Roleof a Firewall
- Implement a companys security policy
- Create a choke point
- Log Internet activity
- Limit network host exposure
65FirewallTerminology
- Packet filter
- Proxy server
- NAT
- Bastion host
- Operating system hardening
- Screening and choke routers
- DMZ
66CreatingPacket Filter Rules
- Process
- Packet filters work at the network layer of the
OSI/RM - Rules and fields
67Packet Filter Advantages and Disadvantages
- Drawbacks
- Stateful multi-layer inspection
- Popular packet-filtering products
- Using the ipchains and iptables commands in Linux
68ConfiguringProxy Servers
- Recommending a proxy-oriented firewall
- Advantages and disadvantages
- Authentication
- Logging and alarming
- Caching
- Reverse proxies and proxy arrays
- Client configuration
- Speed
69Remote Access andVirtual Private Networks
- Virtual network perimeter
- Tunneling protocols
- IPsec
- ESP
- PPTP
- L2TP
70Public KeyInfrastructure (PKI)
- Standards
- Based on X.509 standard
- Terminology
- Certificates
71Summary
- Describe the role a firewall plays in a companys
security policy - Define common firewall terms
- Describe packet-filtering rules
- Describe circuit-level gateways
- Configure an application-level gateway
- Explain PKI
- Discuss public keys and VPNs
72Lesson 9Levels of Firewall Protection
73Objectives
- Plan a firewall system that incorporates several
levels of protection - Describe the four types of firewall systems
design and their degrees of security - Implement a packet-filtering firewall
74FirewallStrategies and Goals
- Resource placement
- Physical access points
- Site administration
- Monitoring tools
- Hardware
75Building a Firewall
- Design principles
- Keep design simple
- Make contingency plans
76Types ofBastion Hosts
- Single-homed bastion host
- Dual-homed bastion host
- Single-purpose bastion hosts
- Internal bastion hosts
77Hardware Issues
- Operating system
- Services
- Daemons
78CommonFirewall Designs
- Screening routers
- Screened host firewall (single-homed bastion)
- Screened host firewall (dual-homed bastion)
- Screened subnet firewall (demilitarized zone)
79Summary
- Plan a firewall system that incorporates several
levels of protection - Describe the four types of firewall systems
design and their degrees of security - Implement a packet-filtering firewall
80Lesson 10Detecting andDistracting Hackers
81Objectives
- Customize your network to manage hacker activity
- Implement proactive detection
- Distract hackers and contain their activity
- Set traps
- Deploy Tripwire for Linux
82Proactive Detection
- Automated security scans
- Login scripts
- Automated audit analysis
- Checksum analysis
83Distractingthe Hacker
- Dummy accounts
- Dummy files
- Dummy password files
- Tripwires and automated checksums
- Jails
84Punishingthe Hacker
85Summary
- Customize your network to manage hacker activity
- Implement proactive detection
- Distract hackers and contain their activity
- Set traps
- Deploy Tripwire for Linux
86Lesson 11Incident Response
87Objectives
- Respond appropriately to a security breach
- Identify some of the security organizations that
can help you in case your system is attacked - Subscribe to respected security alerting
organizations
88DecideAhead of Time
- Itemize a detailed list of procedures
- Include the list in a written policy
- Be sure all employees have a copy
89Incident Response
- Do not panic
- Document everything
- Assess the situation
- Stop or contain the activity
- Execute the response plan
- Analyze and learn
90Summary
- Respond appropriately to a security breach
- Identify some of the security organizations that
can help you in case your system is attacked - Subscribe to respected security alerting
organizations
91NetworkSecurity and Firewalls
- What Is Security?
- Elements of Security
- Applied Encryption
- Types of Attacks
- General Security Principles
- Protocol Layers and Security
92NetworkSecurity and Firewalls
- Securing Resources
- Firewalls and Virtual Private Networks
- Levels of Firewall Protection
- Detecting and Distracting Hackers
- Incident Response