understand network isolation part 2 lesson 3.3_b 98-367 security fundamentals
DESCRIPTION
Security Fundamentals LESSON 3.3_B Anticipatory Set Many risks are associated with VPNs because workstations connect to the network and measures need to be addressed to ensure that the risk is eliminated. 1. What are these risks? 2. How can you control access?TRANSCRIPT
Understand Network IsolationPart 2
LESSON 3.3_B
98-367 Security Fundamentals
98-367 Security Fundamentals
LESSON 3.3_B
Lesson Overview
In this lesson, you will learn about:
VPN Perimeter network Honeypot Server and domain isolation
98-367 Security Fundamentals
LESSON 3.3_B
Anticipatory SetMany risks are associated with VPNs because workstations connect to the
network and measures need to be addressed to ensure that the risk is eliminated.
1. What are these risks?2. How can you control access?
98-367 Security Fundamentals
LESSON 3.3_B
VPN and Perimeter Network In a common configuration the firewall is connected to the Internet and
the VPN server is another intranet resource connected to a perimeter network. o The perimeter network is an IP network segment that typically
contains resources available to Internet users such as Web servers and FTP servers.
o The VPN server has an interface on the perimeter network and an interface on the intranet.
The firewall must be configured with input and output filters on its Internet interface to allow the passing of tunnel maintenance traffic and tunneled data to the VPN server.
Additional filters can allow the passing of traffic to Web servers, FTP servers, and other types of servers on the perimeter network.
98-367 Security Fundamentals
LESSON 3.3_B
VPN and Perimeter Network (continued)
98-367 Security Fundamentals
LESSON 3.3_B
VPN A virtual private network . The extension of a private network that encompasses links across
shared or public networks like the Internet . Enables you to send data between two computers across a shared or
public internetwork in a manner that emulates the properties of a point-to-point private link.
Configuring and creating a virtual private network is known as virtual private networking.
98-367 Security Fundamentals
LESSON 3.3_B
VPN (continued)
98-367 Security Fundamentals
LESSON 3.3_B
Basic VPN Scenario Used to facilitate controlled access to organization resources and
information. Must allow roaming or remote clients to connect to LAN resources. Must allow remote offices to connect to each other to share resources
and information (router-to-router connections). Must ensure the privacy and integrity of data. Helps reduce the risk of network-borne security threats. Therefore, a VPN solution should provide at least all of the following: User Authentication Address Management Data Encryption Key Management
98-367 Security Fundamentals
LESSON 3.3_B
Basic VPN ElementsHoneypots Performs a function very similar to that of a “honeypot” in the outside
world: a sweet lure. Used to attract the attention of prospective attackers, to learn how they
are attempting to infiltrate the system and what they would likely do once they gain access.
There are literally thousands of honeypot networks and systems available from security professionals and hobbyists.o Can provide a wealth of information in assessing trends in network
intrusion.
98-367 Security Fundamentals
LESSON 3.3_B
Basic VPN Elements (continued)Server and Domain Isolation A solution based on Microsoft® Windows® Internet Protocol security
(IPsec) and the Active Directory® Domain Services enables administrators to dynamically segment their Windows environment into more secure and isolated logical networks based on policy and without costly changes to their network infrastructure or applications.
Benefits:o Creates an additional layer of protection.o Helps better protect against costly network attacks.o Helps prevent unauthorized access to trusted networked resources.o Achieves regulatory compliance.o Reduces operational costs.
98-367 Security Fundamentals
LESSON 3.3_B
Server and Domain Isolation
98-367 Security Fundamentals
LESSON 3.3_B
Lesson ReviewA few useful tools for Intrusion Detection and Integrity Analysis are: Tripwire: (sourceforge.net/projects/tripwire/) For monitoring data
integrity. It takes a snapshot of a system binaries (or other directory), creates a checksum, checks system integrity, and reports any deviation.
The Coroner's Toolkit: (www.porcupine.org/forensics/tct.html) A suite of utilities for checking running process and file/filesystem information, recent changes, and other such information.
Snort: (www.snort.org) A great tool for traffic analysis and intrusion detection. There is a great FAQ on the website.
Chkrootkit: (freshmeat.net) A utility for identifying rootkits installed on the system.