Slideshow 1

Guide to Tactical Perimeter Defense
Chapter 1 Network Defense Fundamentals

CWSP Guide to Wireless Security
Objectives
Describe the threats to network security Explain the goals of network security Describe a layered approach to network defense Explain how network security defenses affect your organization
Tactical Perimeter Defense
Overview of Threats to Network Security

Motivation of attackers
Status Revenge Financial gain Industrial espionage Principle
Overview of Threats to Network Security (cont.)

Types of attackers
Crackers
Try to gain access to unauthorized network resources Motivations: knowledge/improvement of Internet; destruction; thrill
Disgruntled employees
Motivation: revenge over perceived injustice
Criminal and industrial spies

Motivation: profit; competition; potential victims

Types of attackers (cont.)
Script kiddies
Find viruses/scripts online and spread though weaknesses in computer systems
Packet monkeys
Block Web-site activities through a distributed denial-ofservice (DDoS) attack
Terrorists
Motivations: political goals, psychological effect

Malicious code
Malware: software designed to cause harm to networks or steal information from networks Examples:
Code Red worm MSBlast worm Slammer worm

Types of malware
Virus
Replicates and performs benign or harmful action through executable code, attachments, Web pages
Worm
Replicates repeatedly Self-propagating Can install backdoor or destroy data on disk
Trojan program
Installs malware under guise of performing useful task

Types of malware (cont.)
Macro virus
Script that automates repetitive task in an application
Spyware
Can decrease productivity, carry additional malware, use system resources, or steal information Includes adware, tracking cookies, dialers, and spam

Activity 1-1: Scanning for Spyware
Objective: Download and run Spy Sweeper to scan your computer for spyware
Figure 1-1 The Spy Sweeper user interface

Other threats to network security
Infection of new malware Exploitation of recently discovered vulnerability Natural disaster such as earthquake Solution: cyber-risk insurance

Social engineering
Attackers obtain passwords or access codes from gullible employees Employees abuse accepted security practices Solution: strong, enforced security policy and security awareness training
Table 1-1 Attacks and defenses
Table 1-1 Attacks and defenses (cont.)

Internet security concerns
Sockets
Attackers attempt to identify and exploit sockets that respond to connection requests
E-mail and communications

Attachments or files may contain malware Use personal firewall system for protection
Scripting Always-on connectivity

Internet security concerns (cont.)
Scripting
Executable code attached to e-mail or downloaded files May only be filtered through specialty firewall software
Always-on connectivity
Computers are easier to attack because IP address remains the same while connected Remote users connecting to internal network may cause vulnerability

Activity 1-2: Examining E-mail Content Filters and Security Suites
Objective: Evaluate e-mail security software Read about features of MailMarshal Find three other vendors and create a comparison chart of features and cost

Activity 1-3: Identifying Open Ports
Objective: use the Netstat command to look for open ports on your computer A secure computer should have minimal set of resources and open ports on it Netstat command utility available in Windows and UNIX
In Windows XP: type netstat a Displays protocol and state of TCP/UDP ports
Goals of Network Security

Providing network connectivity
Priority: secure connectivity with trusted users and networks Vulnerable online activities
Placing and purchasing orders Paying bills Accessing account information Looking up personnel records Creating authentication information
Use layered security scheme
Goals of Network Security (cont.)

Securing remote access
For contractors and employees Use a virtual private network (VPN)
Combination of encryption and authentication Cost-effective
Figure 1-2 Providing secure connectivity with VPNs

Ensuring privacy
Maintain customer confidentiality in organizational databases Be aware of laws that protect private information
Sarbanes-Oxley Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act
Educate employees about security dangers and policies

Providing nonrepudiation
Capability of prevent a participant of an electronic transaction from denying that it performed an action Ensures that sender cant deny sending a message and receiver cant deny receiving a message Provided through encryption
Protects integrity, confidentiality, and authentication of digital information

Confidentiality, integrity, and availability: the CIA triad
Confidentiality: prevent intentional or unintentional disclosure of communications between a sender and recipient Integrity: ensure the accuracy and consistency of information during all processing Availability: ensure that those authorized to access resources can do so in a reliable and timely manner
Figure 1-3 The CIA Triad
Using Network Defense Technologies in Layers (cont.)

Physical security
Measures taken to physically protect a computer or network device from theft, fire, or environmental disaster
Computer locks or specialized locks Critical servers in room with lock and/or alarm Engraving tools to identify laptops Uninterruptible power supply (UPS) Fire suppression system with gaseous agent

Password security
Choose strong passwords Keep passwords secure Change passwords regularly Use multiple passwords to protect critical applications

Authentication methods
Something the user knows
Example: username/password combination
Something the user possesses

Example: smart card
Something the user is

Example: retinal scans, fingerprints (biometrics)

Operating system security
Install OS patches that have been issued to address security flaws Keep up with hot fixes and service packs for your system Stop any unneeded services Disable guest accounts

Antivirus protection
Antivirus software is a necessity
Examines files and e-mail messages for file extensions that typically contain malware (.exe, .zip) Compare with current signature files Quarantines malware
Keeping software updated is critical

Packet filtering
Block or allow transmission of packets based on port, IP address, protocol, etc. Evaluates information in packet header and compares it to rule base Can be hardware or software
Routers: use access control list (ACL) Operating system utilities: Iptables, TCP/IP Filtering Software firewalls: Check Point, ZoneAlarm

Firewalls
Use organizations security policy as guide Enforces policy set by network administrator Permissive policies
Allows all traffic by default Blocks services on a case-by-case basis
Restrictive policies
Denies all traffic by default To allow a specific type of traffic, a new rule must be placed before the deny all rule

Demilitarized zones (DMZs)
Subnet that sits outside the internal network but is connected to the firewall Makes service publicly available while protecting internal LAN May contain domain name server (DNS) to resolve domain names to IP addresses

Intrusion detection systems (IDSs)
Offers additional layer of protection for network Recognizes signs or possible attack
Signatures: combination of IP addresses, port number, and frequency of access attempts
Sends notification to administrator

Virtual private networks (VPNs)
Secure connection that uses public Internet Lower cost than leased lines from telecommunication companies

Network auditing and log files
Process of monitoring computers accessing a network and recording that information in a log file Analyzing log files:
Sort logs by time of day and per hour Learn peak times of traffic and most used services Use GUIs and log analyzers to spot trends and create easy-to read log files and trends
Configuring log files

Network auditing and log files (cont.)
Configuring log files: view information in various ways
System events: track operations of IDS or firewall Security events: records alerts that firewall/IDS has issued Traffic Packets
Some programs customize log files and allow searching for items/events

Using GUI log viewers: organizes logged information and enables sorting
Figure 1-5 ZoneAlarms log viewer

Routers and access control methods
Typical access points of entry: vulnerable services; email gateways; porous borders Access control methods
Mandatory Access Control (MAC): defines access capabilities rigorously in advance Discretionary Access Control (DAC): users are allowed to share information with other users Role Based Access Control (RBAC): establishes organizational roles to limit information access by job function/responsibility
The Impact of Defense

Cost of security breach can be very high in terms of return on investment (ROI) Gain management support to ensure sound security scheme
Discuss funding, staff, downtime, and resources for entire span of project
Security systems must be continuously maintained and updated
Summary
Network intruders are motivated by various desires
Data; revenge; financial gain; proprietary information for resale
Understanding network security concerns regarding online communication is essential

Vulnerability of e-mail attachments Use of firewalls and VPNs
Goals for a network security program

Privacy; data integrity; authentication; remote users
Summary (cont.)
Network security has many several layers of defense Auditing and log files help detect vulnerable points in a system Routers at network perimeter need access control for security Defense affects the entire organization

Slideshow 1

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Slideshow 1

Uploaded by

Copyright:

Available Formats

Guide to Tactical Perimeter Defense

Chapter 1 Network Defense Fundamentals

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

Criminal and industrial spies

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

Figure 1-1 The Spy Sweeper user interface

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Table 1-1 Attacks and defenses

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Table 1-1 Attacks and defenses (cont.)

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

E-mail and communications

Scripting Always-on connectivity

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Overview of Threats to Network Security (cont.)

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Goals of Network Security

Use layered security scheme

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Goals of Network Security (cont.)

Tactical Perimeter Defense

CWSP Guide to Wireless Security

Goals of Network Security (cont.)

Figure 1-2 Providing secure connectivity with VPNs

Tactical Perimeter Defense