11

CONFIGURING TCP/IP ADDRESSING AND SECURITY

Chapter 11

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 2

OVERVIEW

Understand IP addressing

Manage IP subnetting and subnet masks

Understand IP security terminology

Manage Internet security features of Windows XP

Configure and troubleshoot Windows Firewall

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 3

UNDERSTANDING BINARY NUMBERS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 4

CONVERTING DECIMAL ADDRESSES TO BINARY

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 5

CONVERTING BINARY ADDRESSES TO DECIMAL

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 6

USING CALCULATOR TO CONVERT NUMBERS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 7

SUBNET MASKS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 8

PROBLEMS WITH CLASSFUL ADDRESSES

Wasted addresses

Shortage of address blocks

Excessive routing table entries

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 9

SUBNETTING A LARGE NETWORK

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 10

CLASSLESS INTERDOMAIN ROUTING (CIDR)

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 11

SUPERNETS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 12

SECURING IP COMMUNICATIONS

Internet threats

Protective technologies

Configuring and managing Windows Firewall

Monitoring Internet communications security

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 13

INTERNET THREATS

Viruses (the oldest threat)

Worms (the most persistent threat)

Trojan horses

Spyware

Zombies

Direct hacking

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 14

VIRUSES

Take advantage of gullible users

Infect document, graphics, andexecutable files

Often include mass-mailing components

Can carry destructive payloads

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 15

WORMS

Self-replicating

Network-aware

Use bugs in programs or systems to spread

Can carry viruses or other payloads

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 16

TROJAN HORSES

Usually e-mailed or downloaded

Appear to be a useful program or game

Carry payload or back door application

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 17

SPYWARE

Has attributes of Trojan horses or worms

Spies on its victim

Might transmit marketing data or transmit personal data to the spyware author

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 18

ZOMBIES

Payload of worm or Trojan horse

Remotely controlled to attack network targets

Participate in large-scale assaults on public Web sites

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 19

DIRECT HACKING

Relatively low incidence

Hardest form of attack to defeat

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 20

PROTECTIVE TECHNOLOGIES

Security Center

Windows Firewall

Internet Connection Sharing (ICS)

Third-party utilities

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 21

SECURITY CENTER

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 22

FIREWALL TERMINOLOGY

Packet filtering

Stateful packet filtering

Exceptions (packet filter rules)

Allowed traffic

Rejected traffic

Logging

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 23

ENABLING WINDOWS FIREWALL

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 24

FIREWALL EXCEPTIONS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 25

ADVANCED WINDOWS FIREWALL SETTINGS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 26

MONITORING INTERNET SECURITY

Windows Firewall monitoring

Service logs

Event logs

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 27

WINDOWS FIREWALL ALERTS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 28

WINDOWS FIREWALL LOGS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 29

SERVER LOGS

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 30

SUMMARY

IP addresses are 32-bit binary addresses.

The network portion of IP addresses determines location.

CIDR allows creation of custom netblocks.

CIDR permits use of variable-length subnet masks.

Windows Firewall blocks unauthorized packets.

Windows Firewall exceptions allow specified traffic to pass through the firewall.

Alerts and logs warn of attempted attacks.