Cyber security Chapter 05 Network Defenses
AzarHamid
18 views
49 slides
May 05, 2024
Slide 1 of 49
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
About This Presentation
It will helps you in Cyber security
Slide Content
Cyber Security + Guide to Network
Security Fundamentals
Chapter 5
Network Defenses
Security Fundamentals
Chapter 5
Network Defenses
Security+ Guide to Network Security Fundamentals, Third Edition
Objectives
•Explain how to enhance security through network
design
•Define network address translation and network
access control
•List the different types of network security devices
and explain how they can be used
2
Objectives
•Explain how to enhance security through network
design
•Define network address translation and network
access control
•List the different types of network security devices
and explain how they can be used
2
Security+ Guide to Network Security Fundamentals, Third Edition
Crafting a Secure Network
•A common mistake in network security
–Attempt to patch vulnerabilities in a weak network that
was poorly conceived and implemented from the start
•Securing a network begins with the design of the
network and includes secure network technologies
3
Crafting a Secure Network
•A common mistake in network security
–Attempt to patch vulnerabilities in a weak network that
was poorly conceived and implemented from the start
•Securing a network begins with the design of the
network and includes secure network technologies
3
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network Design
•Subnetting
–IP addresses are actually two addresses: one part is a
network address and one part is a host address
•Classful addressing
–The split between the network and host portions of the
IP address originally was set on the boundaries
between the bytes
•Subnetting orsubnet addressing
–Allows an IP address to be split anywhere
–Networks can essentially be divided into three parts:
network, subnet, and host
4
Security through Network Design
•Subnetting
–IP addresses are actually two addresses: one part is a
network address and one part is a host address
•Classful addressing
–The split between the network and host portions of the
IP address originally was set on the boundaries
between the bytes
•Subnetting orsubnet addressing
–Allows an IP address to be split anywhere
–Networks can essentially be divided into three parts:
network, subnet, and host
4
Security+ Guide to Network Security Fundamentals, Third Edition 5
Security+ Guide to Network Security Fundamentals, Third Edition 6
Security through Network Design
(continued)
Security through Network Design
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network Design
(continued)
•Security is enhanced by subnetting a single network
–Multiple smaller subnets isolates groups of hosts
•Network administrators can utilize network security
tools
–Makes it easier to regulate who has access in and out
of a particular subnetwork
•Subnets also allow network administrators to hide
the internal network layout
7
Security through Network Design
(continued)
•Security is enhanced by subnetting a single network
–Multiple smaller subnets isolates groups of hosts
•Network administrators can utilize network security
tools
–Makes it easier to regulate who has access in and out
of a particular subnetwork
•Subnets also allow network administrators to hide
the internal network layout
7
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network Design
(continued)
•Virtual LAN (VLAN)
–In most network environments, networks are divided
or segmented by using switches
–A VLAN allows scattered users to be logically grouped
together even though they may be attached to
different switches
–Can reduce network traffic and provide a degree of
security similar to subnetting:
•VLANs can be isolated so that sensitive data is
transmitted only to members of the VLAN
8
Security through Network Design
(continued)
•Virtual LAN (VLAN)
–In most network environments, networks are divided
or segmented by using switches
–A VLAN allows scattered users to be logically grouped
together even though they may be attached to
different switches
–Can reduce network traffic and provide a degree of
security similar to subnetting:
•VLANs can be isolated so that sensitive data is
transmitted only to members of the VLAN
8
Security+ Guide to Network Security Fundamentals, Third Edition 9
Security+ Guide to Network Security Fundamentals, Third Edition 10
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network Design
(continued)
•VLAN communication can take place in two ways
–All devices are connected to the same switch
•Traffic is handled by the switch itself
–Devices are connected to different switches
•A special “tagging” protocol must be used, such as the
IEEE 802.1Q-2005
•A VLAN is heavily dependent upon the switch for
correctly directing packets
–Attacks on the switch that attempt to exploit
vulnerabilities such as weak passwords or default
accounts are common
11
Security through Network Design
(continued)
•VLAN communication can take place in two ways
–All devices are connected to the same switch
•Traffic is handled by the switch itself
–Devices are connected to different switches
•A special “tagging” protocol must be used, such as the
IEEE 802.1Q-2005
•A VLAN is heavily dependent upon the switch for
correctly directing packets
–Attacks on the switch that attempt to exploit
vulnerabilities such as weak passwords or default
accounts are common
11
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network Design
(continued)
•Convergence
–One of the most visible unification efforts is a process
known as convergence of voice and data traffic over a
single IP network
•Advantages
–Cost savings
–Management
–Application development
–Infrastructure requirements
–Reduced regulatory requirements
–Increased user productivity
12
Security through Network Design
(continued)
•Convergence
–One of the most visible unification efforts is a process
known as convergence of voice and data traffic over a
single IP network
•Advantages
–Cost savings
–Management
–Application development
–Infrastructure requirements
–Reduced regulatory requirements
–Increased user productivity
12
Security+ Guide to Network Security Fundamentals, Third Edition 13
Security through Network Design
(continued)
Security through Network Design
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network Design
(continued)
•Demilitarized Zone (DMZ)
–A separate network that sits outside the secure
network perimeter
–Outside users can access the DMZ but cannot enter
the secure network
14
Security through Network Design
(continued)
•Demilitarized Zone (DMZ)
–A separate network that sits outside the secure
network perimeter
–Outside users can access the DMZ but cannot enter
the secure network
14
Security+ Guide to Network Security Fundamentals, Third Edition 15
Security through Network Design
(continued)
Security through Network Design
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition 16
Security through Network Design
(continued)
Security through Network Design
(continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network
Technologies
•Network Address Translation (NAT)
–Hides the IP addresses of network devices from
attackers
•Private addresses
–IP addresses not assigned to any specific user or
organization
–Function as regular IP addresses on an internal
network
–Non-routable addresses
17
Security through Network
Technologies
•Network Address Translation (NAT)
–Hides the IP addresses of network devices from
attackers
•Private addresses
–IP addresses not assigned to any specific user or
organization
–Function as regular IP addresses on an internal
network
–Non-routable addresses
17
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network
Technologies (continued)
•NAT removes the private IP address from the
sender’s packet
–And replaces it with an alias IP address
•When a packet is returned to NAT, the process is
reversed
•An attacker who captures the packet on the Internet
cannot determine the actual IP address of the
sender
18
Security through Network
Technologies (continued)
•NAT removes the private IP address from the
sender’s packet
–And replaces it with an alias IP address
•When a packet is returned to NAT, the process is
reversed
•An attacker who captures the packet on the Internet
cannot determine the actual IP address of the
sender
18
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network
Technologies (continued)
19
Security through Network
Technologies (continued)
19
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network
Technologies (continued)
•Port address translation (PAT)
–A variation of NAT
–Each packet is given the same IP address but a
different TCP port number
•Network Access Control (NAC)
–Examines the current state of a system or network
device before it is allowed to connect to the network
–Any device that does not meet a specified set of
criteria is only allowed to connect to a “quarantine”
network where the security deficiencies are corrected
20
Security through Network
Technologies (continued)
•Port address translation (PAT)
–A variation of NAT
–Each packet is given the same IP address but a
different TCP port number
•Network Access Control (NAC)
–Examines the current state of a system or network
device before it is allowed to connect to the network
–Any device that does not meet a specified set of
criteria is only allowed to connect to a “quarantine”
network where the security deficiencies are corrected
20
Security+ Guide to Network Security Fundamentals, Third Edition
Security through Network
Technologies (continued)
•Goal of NAC
–Prevent computers with sub-optimal security from
potentially infecting other computers through the
network
•Methods for directing the client to a quarantine
VLAN
–Using a Dynamic Host Configuration Protocol (DHCP)
server
–Using Address Resolution Protocol (ARP) poisoning
21
Security through Network
Technologies (continued)
•Goal of NAC
–Prevent computers with sub-optimal security from
potentially infecting other computers through the
network
•Methods for directing the client to a quarantine
VLAN
–Using a Dynamic Host Configuration Protocol (DHCP)
server
–Using Address Resolution Protocol (ARP) poisoning
21
Security+ Guide to Network Security Fundamentals, Third Edition 22
Security through Network
Technologies (continued)
Security through Network
Technologies (continued)
Security+ Guide to Network Security Fundamentals, Third Edition 23
Security+ Guide to Network Security Fundamentals, Third Edition 24
Security through Network
Technologies (continued)
Security through Network
Technologies (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Applying Network Security Devices
•Devices include:
–Firewalls
–Proxy servers
–Honeypots
–Network intrusion detection systems
–Host and network intrusion prevention systems
–Protocol analyzers
–Internet content filters
–Integrated network security hardware
25
Applying Network Security Devices
•Devices include:
–Firewalls
–Proxy servers
–Honeypots
–Network intrusion detection systems
–Host and network intrusion prevention systems
–Protocol analyzers
–Internet content filters
–Integrated network security hardware
25
Firewall
•Firewall
–Typically used to filter packets
–Sometimes called a packet filter
–Designed to prevent malicious packets from entering
the network
–A firewall can be software-based or hardware-based
•Hardware firewalls usually are located outside the
network security perimeter
–As the first line of defense
Security+ Guide to Network Security Fundamentals 26
•Firewall
–Typically used to filter packets
–Sometimes called a packet filter
–Designed to prevent malicious packets from entering
the network
–A firewall can be software-based or hardware-based
•Hardware firewalls usually are located outside the
network security perimeter
–As the first line of defense
Security+ Guide to Network Security Fundamentals 26
Security+ Guide to Network Security Fundamentals, Third Edition 27
Firewall (continued)
Firewall (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Firewall (continued)
•The basis of a firewall is a rule base
–Establishes what action the firewall should take when
it receives a packet (allow, block, and prompt)
•Stateless packet filtering
–Looks at the incoming packet and permits or denies it
based strictly on the rule base
•Stateful packet filtering
–Keeps a record of the state of a connection between
an internal computer and an external server
–Then makes decisions based on the connection as
well as the rule base
28
Firewall (continued)
•The basis of a firewall is a rule base
–Establishes what action the firewall should take when
it receives a packet (allow, block, and prompt)
•Stateless packet filtering
–Looks at the incoming packet and permits or denies it
based strictly on the rule base
•Stateful packet filtering
–Keeps a record of the state of a connection between
an internal computer and an external server
–Then makes decisions based on the connection as
well as the rule base
28
Security+ Guide to Network Security Fundamentals, Third Edition 29
Firewall (continued)
Firewall (continued)
Security+ Guide to Network Security Fundamentals, Third Edition 30
Firewall (continued)
Firewall (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Firewall (continued)
•Personal software firewalls have gradually improved
their functionality
–Most personal software firewalls today also filter
outbound traffic as well as inbound traffic
–Protects users by preventing malware from
connecting to other computers and spreading
31
Firewall (continued)
•Personal software firewalls have gradually improved
their functionality
–Most personal software firewalls today also filter
outbound traffic as well as inbound traffic
–Protects users by preventing malware from
connecting to other computers and spreading
31
Security+ Guide to Network Security Fundamentals, Third Edition 32
Security+ Guide to Network Security Fundamentals, Third Edition
Proxy Server
•Proxy server
–A computer system (or an application program) that
intercepts internal user requests and then processes
that request on behalf of the user
–Goal is to hide the IP address of client systems inside
the secure network
•Reverse proxy
–Does not serve clients but instead routes incoming
requests to the correct server
33
Proxy Server
•Proxy server
–A computer system (or an application program) that
intercepts internal user requests and then processes
that request on behalf of the user
–Goal is to hide the IP address of client systems inside
the secure network
•Reverse proxy
–Does not serve clients but instead routes incoming
requests to the correct server
33
Security+ Guide to Network Security Fundamentals, Third Edition 34
Security+ Guide to Network Security Fundamentals, Third Edition 35
Proxy Server (continued)
Proxy Server (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Honeypot
•Honeypot
–Intended to trap or trick attackers
–A computer typically located in a DMZ that is loaded
with software and data files that appear to be
authentic
•Yet they are actually imitations of real data files
•Three primary purposes of a honeypot:
–Deflect attention
–Early warnings of new attacks
–Examine attacker techniques
36
Honeypot
•Honeypot
–Intended to trap or trick attackers
–A computer typically located in a DMZ that is loaded
with software and data files that appear to be
authentic
•Yet they are actually imitations of real data files
•Three primary purposes of a honeypot:
–Deflect attention
–Early warnings of new attacks
–Examine attacker techniques
36
Security+ Guide to Network Security Fundamentals, Third Edition
Honeypot (continued)
•Types of honeypots
–Production honeypots
–Research honeypots
•Information gained from honeypots can be both
useful as well as alarming
•Information gained from studies using honeypots
can be helpful in identifying attacker behavior and
crafting defenses
37
Honeypot (continued)
•Types of honeypots
–Production honeypots
–Research honeypots
•Information gained from honeypots can be both
useful as well as alarming
•Information gained from studies using honeypots
can be helpful in identifying attacker behavior and
crafting defenses
37
Security+ Guide to Network Security Fundamentals, Third Edition
Network Intrusion Detection Systems
(NIDS)
•Network intrusion detection system (NIDS)
–Watches for attempts to penetrate a network
•NIDS work on the principle of comparing new
behavior against normal or acceptable behavior
•A NIDS looks for suspicious patterns
38
Network Intrusion Detection Systems
(NIDS)
•Network intrusion detection system (NIDS)
–Watches for attempts to penetrate a network
•NIDS work on the principle of comparing new
behavior against normal or acceptable behavior
•A NIDS looks for suspicious patterns
38
Security+ Guide to Network Security Fundamentals, Third Edition 39
Network Intrusion Detection Systems
(NIDS) (continued)
Network Intrusion Detection Systems
(NIDS) (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Network Intrusion Detection Systems
(NIDS) (continued)
•Functions a NIDS can perform:
–Configure the firewall to filter out the IP address of the
intruder
–Launch a separate program to handle the event
–Play an audio file that says “Attack is taking place”
–Save the packets in a file for further analysis
–Send an entry to a system log file
–Send e-mail, page, or a cell phone message to the
network administrator
–Terminate the TCP session by forging a TCP FIN
packet to force a connection to terminate
40
Network Intrusion Detection Systems
(NIDS) (continued)
•Functions a NIDS can perform:
–Configure the firewall to filter out the IP address of the
intruder
–Launch a separate program to handle the event
–Play an audio file that says “Attack is taking place”
–Save the packets in a file for further analysis
–Send an entry to a system log file
–Send e-mail, page, or a cell phone message to the
network administrator
–Terminate the TCP session by forging a TCP FIN
packet to force a connection to terminate
40
Security+ Guide to Network Security Fundamentals, Third Edition
Host and Network Intrusion Prevention
Systems (HIPS/NIPS)
•Intrusion prevention system (IPS)
–Finds malicious traffic and deals with it immediately
•A typical IPS response may be to block all incoming
traffic on a specific port
•Host intrusion prevention systems (HIPS)
–Installed on each system that needs to be protected
–Rely on agents installed directly on the system being
protected
•Work closely with the operating system, monitoring and
intercepting requests in order to prevent attacks
41
Host and Network Intrusion Prevention
Systems (HIPS/NIPS)
•Intrusion prevention system (IPS)
–Finds malicious traffic and deals with it immediately
•A typical IPS response may be to block all incoming
traffic on a specific port
•Host intrusion prevention systems (HIPS)
–Installed on each system that needs to be protected
–Rely on agents installed directly on the system being
protected
•Work closely with the operating system, monitoring and
intercepting requests in order to prevent attacks
41
Security+ Guide to Network Security Fundamentals, Third Edition
Host and Network Intrusion Prevention
Systems (HIPS/NIPS) (continued)
•Most HIPS monitor the following desktop functions:
–System calls
–File system access
–System Registry settings
–Host input/output
•HIPS are designed to integrate with existing
antivirus, anti-spyware, and firewalls
•HIPS provide an additional level of security that is
proactive instead of reactive
42
Host and Network Intrusion Prevention
Systems (HIPS/NIPS) (continued)
•Most HIPS monitor the following desktop functions:
–System calls
–File system access
–System Registry settings
–Host input/output
•HIPS are designed to integrate with existing
antivirus, anti-spyware, and firewalls
•HIPS provide an additional level of security that is
proactive instead of reactive
42
Security+ Guide to Network Security Fundamentals, Third Edition
Host and Network Intrusion Prevention
Systems (HIPS/NIPS) (continued)
•Network intrusion prevention systems (NIPS)
–Work to protect the entire network and all devices that
are connected to it
–By monitoring network traffic NIPS can immediately
react to block a malicious attack
•NIPS are special-purpose hardware platforms that
analyze, detect, and react to security-related events
–Can drop malicious traffic based on their configuration
or security policy
43
Host and Network Intrusion Prevention
Systems (HIPS/NIPS) (continued)
•Network intrusion prevention systems (NIPS)
–Work to protect the entire network and all devices that
are connected to it
–By monitoring network traffic NIPS can immediately
react to block a malicious attack
•NIPS are special-purpose hardware platforms that
analyze, detect, and react to security-related events
–Can drop malicious traffic based on their configuration
or security policy
43
Security+ Guide to Network Security Fundamentals, Third Edition
Protocol Analyzers
•Three ways for detecting a potential intrusion
–Detecting statistical anomalies
–Examine network traffic and look for well-known
patterns of attack
–Use protocol analyzer technology
•Protocol analyzers
–Can fully decode application-layer network protocols
–Different parts of the protocol can be analyzed for any
suspicious behavior
44
Protocol Analyzers
•Three ways for detecting a potential intrusion
–Detecting statistical anomalies
–Examine network traffic and look for well-known
patterns of attack
–Use protocol analyzer technology
•Protocol analyzers
–Can fully decode application-layer network protocols
–Different parts of the protocol can be analyzed for any
suspicious behavior
44
Security+ Guide to Network Security Fundamentals, Third Edition
Internet Content Filters
•Internet content filters
–Monitor Internet traffic and block access to
preselected Web sites and files
–A requested Web page is only displayed if it complies
with the specified filters
•Unapproved Web sites can be restricted based on
the Uniform Resource Locator (URL) or by matching
keywords
45
Internet Content Filters
•Internet content filters
–Monitor Internet traffic and block access to
preselected Web sites and files
–A requested Web page is only displayed if it complies
with the specified filters
•Unapproved Web sites can be restricted based on
the Uniform Resource Locator (URL) or by matching
keywords
45
Security+ Guide to Network Security Fundamentals, Third Edition
Internet Content Filters (continued)
46
Internet Content Filters (continued)
46
Security+ Guide to Network Security Fundamentals, Third Edition
Integrated Network Security Hardware
•Types of hardware security appliances:
–Dedicated security appliances provide a single
security service
–Multipurpose security appliances that provide multiple
security functions
•Integrated network security hardware
–Combines or integrates multipurpose security
appliances with a traditional network device such as a
switch or router
–Particularly attractive for networks that use IDS
47
Integrated Network Security Hardware
•Types of hardware security appliances:
–Dedicated security appliances provide a single
security service
–Multipurpose security appliances that provide multiple
security functions
•Integrated network security hardware
–Combines or integrates multipurpose security
appliances with a traditional network device such as a
switch or router
–Particularly attractive for networks that use IDS
47
Security+ Guide to Network Security Fundamentals, Third Edition
Summary
•Subnetting involves dividing a network into subnets
that are connected through a series of routers
•Similar to subnetting, a virtual LAN (VLAN) allows
users who may be scattered across different floors of
a building or campuses to be logically grouped
•Convergence is the integration of voice and data
traffic over a single IP network
•Network technologies can also help secure a network
–Network address translation (NAT)
–Network access control (NAC)
48
Summary
•Subnetting involves dividing a network into subnets
that are connected through a series of routers
•Similar to subnetting, a virtual LAN (VLAN) allows
users who may be scattered across different floors of
a building or campuses to be logically grouped
•Convergence is the integration of voice and data
traffic over a single IP network
•Network technologies can also help secure a network
–Network address translation (NAT)
–Network access control (NAC)
48
Security+ Guide to Network Security Fundamentals, Third Edition
Summary (continued)
•Different network security devices can be installed to
make a network more secure
•Network intrusion detection systems (NIDS) monitor
the network for attacks and if one is detected will alert
personnel or perform limited protection activities
•Internet content filters monitor Internet traffic and
block attempts to visit restricted sites
49
Summary (continued)
•Different network security devices can be installed to
make a network more secure
•Network intrusion detection systems (NIDS) monitor
the network for attacks and if one is detected will alert
personnel or perform limited protection activities
•Internet content filters monitor Internet traffic and
block attempts to visit restricted sites
49
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 18
- Slides 49
- Age 575 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views