network access and security chapter 13 – 15. topics security protocols –ipsec –l2tp –ssl...
TRANSCRIPT
Network Access and Security
Chapter 13 – 15
Topics
• Security protocols– IPSec– L2TP– SSL– WEP– WPA– 802.x
• Authentication Protocols• Firewalls• Proxy Services• Disaster Recovery
Accessing Network Resources
• Client Selection– Installing the Windows 2003
Client
Managing User Account and Password Security
• Usernames and passwords are key to network security, and you use them to control initial access to your system.
Network Resource-Sharing Security Models
• You can secure files that are shared over the network in two ways:– Share-Level Security– User-Level Security
Managing Accounts
• Creating• Renaming• Disabling• Removing accounts.• Create and disable temporary
accounts.• Setup accounts for Anonymous
Access.
Managing Passwords
• Strong Passwords– Minimum Length– Complexity– Avoid weak passwords
• Password Management– Password History– Minimum Age– Maximum Age– Minimum Length– Require Complexity– Account Lockout duration– Account Lockout Threshold– Reset Lockout counter time
Using Firewalls
• Firewall Technologies– Statefull– Stateless
• Access Control Lists (ACL)
The Demilitarized Zone (DMZ)
Protocol Switching
• Internally use IPX instead of TCP• Use IPX in a dead zone
– Example on page 335• Dynamic Packet Filtering• Proxy Servers
– IP Proxy: An IP proxy hides the IP addresses of all stations
– Web (HTTP) Proxy: Web proxies (also called HTTP [Hypertext Transfer Protocol] proxies) handle HTTP requests on behalf of the sending workstation.
– FTP Proxy: FTP proxies handle the uploading and downloading of files from a server on behalf of a workstation.
– SMTP Proxy: SMTP proxies handle Internet e-mail. Here, the actual contents of the packet and mail can be automatically searched.
Security Protocols
• Layer 2 Tunneling Protocol (L2TP)• Internet Protocol Security (IPSec)• Secure Sockets Layer (SSL)• Kerberos• Wired Equivalent Privacy (WEP)• Wi-Fi Protected Access (WPA)• 802.1x• Password Authentication Protocol (PAP)• Challenge Handshake Authentication Protocol
(CHAP)• Microsoft Challenge Handshake Authentication
Protocol (MS-CHAP)• Remote Authentication Dial-In User Service
(RADIUS)
Comparing Firewall Operating System Platforms
• UNIX allows you to lock down servers.– Many Hardware Firewalls are built around
Linux/UNIX.
• NetWare uses BorderManager which integrates with NDS.
• Windows has its own ISA server which is a statefull firewall. There are also many third party firewalls.
• Cisco PIX and others.
Understanding and Defending AgainstHacker Attacks
• Hacker Tools: Common Network Attacks– IP Spoofing– The Ping of Death– WinNuke– SYN Flood
Intruder Detection: Defence Techniques
• Three Types– Active Detection– Passive Detection– Proactive Defence
Certified Operating Systems and Networks
• Not all versions of an operating system are certified. This is the case even within the same vendor’s product line.
Understanding Encryption
• The NSA has classified encryption tools and formulas as munitions since 1979 and therefore regulates them.
• Not all systems use encryption. Older utilities like FTP and Telnet do not.
• There are third party utilities to provide data encryption.– PGP provides encryption for email– VPN– Https
How Encryption works
• Number substitution– A=1, B=2, C=3 …
• Letter substitution– A=Z, B=Y, C=X …
• Encryption Key– Private Key
• DES and Triple DES• Skipjack and Clipper
– Public Key• RSA Data Security• PGP (Pretty Good Privacy)
Security Policies
• A security policy defines how security will be implemented in an organization, including physical security, document security, and network security.– Security Audit– Clean Desk Policy– Recording Equipment
Other Common Security Policies
• Notification• Equipment Access• Wiring• Door Locks/Swipe Mechanisms• Badges• Tracking• Passwords• Monitor Viewing
Breaking Policy
• Major Infractions• Minor Infractions• The Exit Interview• Returning and Logging Property• Disabling Accounts
Recognizing Security Threats
• Denial of Service (DoS)• Ping of Death• Distributed Denial of Service (DDoS)• Man in the Middle• Smurf
Recognizing Security Threats
• SYN Flood– SYN flags are only used to initiate new
communications. To initiate a SYN flood, a hacker sends a barrage of SYN packets.
– Any further incoming connections to the victimized device will be rejected until it can respond to the barrage of connection requests it’s already busy trying to deal with.
DoS/SYN flood attack
Recognizing Security Threats
• Tribe Flood Network (TFN) and Tribe Flood Network 2000 (TFN2K)– They’re called distributed denial of
service (DDos) attacks and also make use of IP spoofing.
Recognizing Security Threats
• Stacheldraht• It basically incorporates TFN and
adds a dash of encryption to the mix. • The nightmare begins with a huge
invasion at the root level, followed with a DoS attack finale.
Viruses
In their simplest form, viruses are basically little programs that cause a variety of very bad things to happen on your computer, ranging from merely annoying to totally devastating.
Types of Viruses
• File Viruses• Macro Viruses• Boot-Sector Viruses• Multipartite Viruses
– Anthrax and Tequila are both multipartite viruses.
• Worms
Attackers and Their Tools
• IP Spoofing
Attackers and Their Tools
• Application-Layer Attacks• Active-X Attacks• Autorooters• Backdoors• Network Reconnaissance• Packet Sniffers• Password Attacks• Brute-Force Attacks
Attackers and Their Tools
• Port-Redirection Attacks• Trust-Exploitation Attacks• Man-in-the-Middle Attacks• Rogue Access Points• Social Engineering (Phishing)
Patch Management
• Updating Windows• Updating Antivirus• Fixing an infected PC
Types of Attacks
• Application-Layer Attacks• Active-X Attacks• Autorooters• Backdoors• Network Reconnaissance• Packet Sniffers• Password Attacks• Brute-Force Attacks• Port-Redirection Attacks• Trust-Exploitation Attacks• Man-in-the-Middle Attacks
Other Security Threats
• Rogue Access Points• Social Engineering (Phishing)
Understanding Mitigation Techniques
• Active Detection• Passive Detection• Proactive Defense
Policies and Procedures
• Security Policies• Security Audit• Clean-Desk Policy• Recording Equipment
Other Common Security Policies
DMZ
Summary
• Summary and • Exam Essentials• Review Questions