hands-on ethical hacking and network defense chapter 13 protecting networks with security devices
TRANSCRIPT
![Page 1: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/1.jpg)
Hands-On Ethical Hacking and Network Defense
Chapter 13Protecting Networks with Security Devices
![Page 2: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/2.jpg)
Hands-On Ethical Hacking and Network Defense 2
Objectives
• Describe network security devices
• Describe firewall technology
• Describe intrusion detection systems
• Describe honeypots
![Page 3: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/3.jpg)
Hands-On Ethical Hacking and Network Defense 3
Understanding Network Security Devices
• Network security devices• Routers• Firewalls• Intrusion detection systems• Honeypots
![Page 4: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/4.jpg)
Hands-On Ethical Hacking and Network Defense 4
Understanding Routers
• Routers are hardware devices used on a network to send packets to different network segments• Operate at the network layer of the OSI model
• Routing protocols used by routers• Link-state routing protocol
• Router advertises link-state to identify network topology and any changes on paths
• Distance-vector routing protocol• Router passes its routing table to all routers
participating on the network
![Page 5: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/5.jpg)
Hands-On Ethical Hacking and Network Defense 5
Understanding Basic Hardware Routers• Cisco routers are widely used in the
networking community• More than one million Cisco 2500 series
routers are currently being used by companies around the world
• Vulnerabilities exist in Cisco as they do in any operating system• Security professionals must consider these
vulnerabilities when conducting a security test
![Page 6: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/6.jpg)
Hands-On Ethical Hacking and Network Defense 6
Cisco Router Components• A Cisco router uses the Cisco Internetwork
Operating System (IOS) to function• Components• Random access memory (RAM)
• Holds the router’s running configuration, routing tables, and buffers
• If you turn off the router, the contents stored in RAM are wiped out
• Nonvolatile RAM (NVRAM)• Holds the router’s configuration file, but the information
is not lost if the router is turned off
![Page 7: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/7.jpg)
Hands-On Ethical Hacking and Network Defense 7
Cisco Router Components (continued)• Components (continued)• Flash memory
• Holds the IOS the router is using• Is rewritable memory, so you can upgrade the IOS
• Read-only memory (ROM)• Contains a minimal version of the IOS used to boot
the router if flash memory gets corrupted
• Interfaces• Hardware connectivity points• Example: an Ethernet port is an interface that
connects to a LAN
![Page 8: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/8.jpg)
Hands-On Ethical Hacking and Network Defense 8
![Page 9: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/9.jpg)
Hands-On Ethical Hacking and Network Defense 9
Cisco Router Configuration
• Configuration modes:• User mode
• Administrator can perform basic troubleshooting tests and list information stored on the router
• Router-name>, indicates that you are in user mode
• Privileged mode• Administrator can perform full router configuration tasks• Router-name#, indicates that you are in privileged mode
• By default, you are in user mode• Type “enable” or “en” to change to privileged mode
![Page 10: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/10.jpg)
Hands-On Ethical Hacking and Network Defense 10
Cisco Router Configuration (continued)
• Once in privileged mode, you can change to two more configuration modes• Global configuration mode• Administrator can configure router settings that
affect overall router operation• To use this mode, you enter the command config t
at the Router-name# prompt• Router-name (config)# tells the user she is in global
configuration mode
![Page 11: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/11.jpg)
Hands-On Ethical Hacking and Network Defense 11
Cisco Router Configuration (continued)
• Once in privileged mode, you can change to two more configuration modes (continued)• Interface configuration mode
• Administrator can configure an interface on the router
• To use this mode, you enter global configuration mode first
• Next, you enter the command for interface configuration mode and the interface name you want to configure
• Router-name(config-if)# indicates you are in interface configuration mode
![Page 12: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/12.jpg)
Hands-On Ethical Hacking and Network Defense 12
![Page 13: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/13.jpg)
Hands-On Ethical Hacking and Network Defense 13
Understanding Access Control Lists• There are several types of access control lists• We will focus on IP access lists
• IP access lists• Lists of IP addresses, subnets, or networks that
are allowed or denied access through a router’s interface
• Two different types of access lists on Cisco router• Standard IP access lists• Extended IP access lists
![Page 14: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/14.jpg)
Hands-On Ethical Hacking and Network Defense 14
Standard IP Access Lists
• Can restrict IP traffic entering or leaving a router’s interface based on source IP address
• The syntax of a standard access list is as follows:access-list [list #] [permit|deny] [source address][source wildcard mask]
• [list #] is a number in the range of 1 to 99• permit | deny] are keywords to permit or deny traffic• [source address] specifies the IP address of the
source host• [source wildcard mask] signifies which bits of the
source address are significant
![Page 15: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/15.jpg)
Hands-On Ethical Hacking and Network Defense 15
![Page 16: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/16.jpg)
Hands-On Ethical Hacking and Network Defense 16
Standard IP Access Lists (continued)• Example:
access-list 1 deny 173.110.0.0 0.0.255.255access-list permit any
• A wildcard mask is similar to a subnet mask• Example: access-list 1 deny 10.10.1.112 0.0.0.0• The 0s used after the IP address signify that every
octet in the IP address must match the IP address being filtered
• Another example:access-list 1 deny 192.168.10.0 0.0.0.255access-list 1 permit any
![Page 17: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/17.jpg)
Hands-On Ethical Hacking and Network Defense 17
Standard IP Access Lists (continued)• Cisco allows a shortcut for the mask 0.0.0.0
access-list 1 deny host 192.168.10.112
• Access lists always end with an implicit deny rule• To avoid this, you must add the “permit any” statementaccess-list 1 deny host 192.168.10.112access-list 1 permit any
• Steps for applying the access list to an interface• Enter global configuration mode• Create the access list• Enter interface configuration mode• Use the ip access-group command
![Page 18: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/18.jpg)
Hands-On Ethical Hacking and Network Defense 18
Standard IP Access Lists (continued)• Example
Router> en
Password ******
Router# config t
Router(config)# access-list 1 deny 172.16.5.0 0.0.0.255
Router(config)# access-list 1 permit any
Router(config)# int e0
Router(config-if)# ip access-group 1 out
Router(config-if) Ctrl+z [to save and exit global configuration mode]
Router#
![Page 19: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/19.jpg)
Hands-On Ethical Hacking and Network Defense 19
Extended IP Access Lists
• Allow packet filtering based on• Source IP address• Destination IP address• Protocol type• Application port number
• Syntax for extended IP access listsaccess-list [list #] [permit|deny] [protocol] [source IP address] [source wildcard mask] [destination IP address] [destination wildcard mask] [operator] [port] [log]
• [list #] is a number in the range of 100 to 199• [permit | deny] are keywords to permit or deny
traffic
![Page 20: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/20.jpg)
Hands-On Ethical Hacking and Network Defense 20
Extended IP Access Lists (continued)• Syntax for extended IP access lists (continued)• [protocol] can be IP, TCP, UDP, ICMP, and so on• [source IP address] is the IP address of the source• [source wildcard mask] determines significant bits of
source IP address• [destination IP address] is the IP address of the
destination• [destination wildcard mask] determines significant bits
of destination IP address• [operator] can be lt, gt, eq, or neq
![Page 21: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/21.jpg)
Hands-On Ethical Hacking and Network Defense 21
Extended IP Access Lists (continued)
• Syntax for extended IP access lists (continued)• [port] port number of the protocol to be filtered• [log] logs all activity of the access list for the
administrator
• Example:access-list 100 deny tcp host 172.16.1.112 host
172.30.1.100 eq www
![Page 22: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/22.jpg)
Hands-On Ethical Hacking and Network Defense 22
Extended IP Access Lists (continued)
• Applying an access list to an interfaceRouter> en
Password ******
Router# config t
Router(config)# access-list 100 deny tcp host 172.16.1.112 host 172.30.1.100
Router(config)# access-list 100 permit any
Router(config)# int e0
Router(config-if)# ip access-group 100 in
Router(config-if) Ctrl+z
Router#
![Page 23: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/23.jpg)
Hands-On Ethical Hacking and Network Defense 23
Understanding Firewalls
• Firewalls are hardware devices or software installed on a system and have two purposes• Controlling access to all traffic that enters an
internal network• Controlling all traffic that leaves an internal
network
• Advantages of hardware firewalls• They are usually faster than software firewalls• They can handle a larger throughput than
software firewalls
![Page 24: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/24.jpg)
Hands-On Ethical Hacking and Network Defense 24
Understanding Firewalls (continued)
• Disadvantage of hardware firewalls• You are locked into the firewall’s hardware
• Advantage of software firewalls• You can easily add NICs to the server running
the firewall software
• Disadvantage of software firewalls• You might have to worry about configuration
problems• They rely on the OS on which they are running
![Page 25: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/25.jpg)
Hands-On Ethical Hacking and Network Defense 25
Understanding Firewall Technology
• Firewall technologies• Network address translation (NAT)• Access control lists• Packet filtering• Stateful packet inspection (SPI)
![Page 26: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/26.jpg)
Hands-On Ethical Hacking and Network Defense 26
Network Address Translation (NAT)• The most basic security feature of a firewall
• With NAT, internal private IP addresses are mapped to public external IP addresses• Hiding the internal infrastructure
• Port Address Translation (PAT)• Technology derived from NAT• This allows thousands of internal IP addresses to
be mapped to one external IP address
![Page 27: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/27.jpg)
Hands-On Ethical Hacking and Network Defense 27
Access Control Lists• Access lists are used to filter traffic based on
source IP address, destination IP address, and ports or services
• Firewalls also use this technology
• Creating access control lists in a firewall is a similar process to creating them in a router
![Page 28: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/28.jpg)
Hands-On Ethical Hacking and Network Defense 28
Packet Filtering
• Packet filters screen packets based on information contained in the packet header• Protocol type• IP address• TCP/UDP port
![Page 29: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/29.jpg)
Hands-On Ethical Hacking and Network Defense 29
Stateful Packet Inspection (SPI)• Stateful packet filters record session-specific
information about a network connection• Create a state table
• Can help reduce port scans that rely on spoofing or sending packets after a three-way handshake
• Stateful packet filters recognize types of anomalies that most routers ignore
• Stateless packet filters handle each packet on an individual basis• Spoofing or DoS attacks are more prevalent
![Page 30: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/30.jpg)
Hands-On Ethical Hacking and Network Defense 30
![Page 31: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/31.jpg)
Hands-On Ethical Hacking and Network Defense 31
Implementing a Firewall• Placing a firewall between a company’s internal
network and the Internet is dangerous• It leaves the company open to attack if a hacker
compromises the firewall
• Use a demilitarized zone instead
![Page 32: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/32.jpg)
Hands-On Ethical Hacking and Network Defense 32
Demilitarized Zone (DMZ)• DMZ is a small network containing resources
available to Internet users• Helps maintain security on the company’s internal
network
• Sits between the Internet and the internal network
• It is sometimes referred to as a “perimeter network”
![Page 33: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/33.jpg)
Hands-On Ethical Hacking and Network Defense 33
![Page 34: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/34.jpg)
Hands-On Ethical Hacking and Network Defense 34
![Page 35: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/35.jpg)
Hands-On Ethical Hacking and Network Defense 35
Understanding the Private Internet Exchange (PIX) Firewall
• Cisco PIX firewall• One of the most popular firewalls on the market
![Page 36: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/36.jpg)
Hands-On Ethical Hacking and Network Defense 36
Configuration of the PIX Firewall• Working with a PIX firewall is similar to working
with any other Cisco router
• Login promptIf you are not authorized to be in this XYZ Hawaii network
device,
log out immediately!
User Access Verification
Password:
• This banner serves a legal purpose
• General prompt example:Type help or '?' for a list of available commands.
xyz>
![Page 37: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/37.jpg)
Hands-On Ethical Hacking and Network Defense 37
Configuration of the PIX Firewall (continued)• You should enter privileged mode to configure
the PIX firewall
• To enter configuration mode in PIX, you use the same command as on a Cisco routerxyz# configure terminal
xyz(config)# ?
• Nameif is a PIX command to name an interface• PIX allows the administrator to assign values to an
interface that designate its security level• Values can be from 0 to 100
![Page 38: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/38.jpg)
Hands-On Ethical Hacking and Network Defense 38
Configuration of the PIX Firewall (continued)
• Access lists• PIX enables an administrator to use descriptive
names for the access list instead of numbers
• PIX also uses the implicit deny rule
![Page 39: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/39.jpg)
Hands-On Ethical Hacking and Network Defense 39
Understanding Microsoft ISA
• Microsoft’s software approach to firewalls• Microsoft Internet Security and Acceleration
(ISA) Server• Functions as a software router, firewall, and IDS
• ISA has the same functionality as any hardware router• Packet filtering to control incoming traffic• Application filtering through the examination of
protocols• Intrusion detection filters• Access policies to control outgoing traffic
![Page 40: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/40.jpg)
Hands-On Ethical Hacking and Network Defense 40
IP Packet Filters• ISA enables administrators to filter IP
traffic based on the following:• Source and destination IP address• Network protocol, such as HTTP• Source port or destination port
• ISA provides a GUI for these configurations• A network segment can be denied or allowed
HTTP access in the Remote Computer tab
![Page 41: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/41.jpg)
Hands-On Ethical Hacking and Network Defense 41
![Page 42: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/42.jpg)
Hands-On Ethical Hacking and Network Defense 42
![Page 43: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/43.jpg)
Hands-On Ethical Hacking and Network Defense 43
Application Filters• Can accept or deny data from specific
applications or data containing specific content
• SMTP filter can restrict• E-mail with specific attachments• E-mail from a specific user or domain• E-mail containing specific keywords• SMTP commands
• SMTP Filter Properties dialog box• Administrator can filter a specific e-mail attachment
based on a rule he or she configures
![Page 44: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/44.jpg)
Hands-On Ethical Hacking and Network Defense 44
![Page 45: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/45.jpg)
Hands-On Ethical Hacking and Network Defense 45
![Page 46: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/46.jpg)
Hands-On Ethical Hacking and Network Defense 46
![Page 47: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/47.jpg)
Hands-On Ethical Hacking and Network Defense 47
Application Filters (continued)• Users/Domains tab in the SMTP Filter
Properties dialog box• Administrator can filter e-mail messages sent from a
user or from specific domains
• As a security professional, you might be asked to restrict e-mails containing certain keywords
• SMTP Commands tab• Administrator can prevent a user from running
SMTP commands
![Page 48: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/48.jpg)
Hands-On Ethical Hacking and Network Defense 48
![Page 49: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/49.jpg)
Hands-On Ethical Hacking and Network Defense 49
![Page 50: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/50.jpg)
Hands-On Ethical Hacking and Network Defense 50
![Page 51: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/51.jpg)
Hands-On Ethical Hacking and Network Defense 51
Intrusion Detection Filters• Analyze all traffic for possible known intrusions• DNS intrusion detection filter• POP intrusion detection filter• FTP Access filter• H.323 filter• HTTP Redirector filter• RPC filter• SMTP filter• SOCKSV4 filter• Streaming Media filter
![Page 52: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/52.jpg)
Hands-On Ethical Hacking and Network Defense 52
![Page 53: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/53.jpg)
Hands-On Ethical Hacking and Network Defense 53
![Page 54: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/54.jpg)
Hands-On Ethical Hacking and Network Defense 54
Access Policies• Allow administrators to control outgoing traffic
• An access policy consists of the following• Policy rules• Site and content rules• IP filter rules
![Page 55: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/55.jpg)
Hands-On Ethical Hacking and Network Defense 55
![Page 56: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/56.jpg)
Hands-On Ethical Hacking and Network Defense 56
Understanding Intrusion Detection Systems (IDSs)• Monitor network devices so that security
administrators can identify attacks in progress and stop them
• An IDS look at the traffic and compare it with known exploits• Similar to virus software using a signature file to
identify viruses
• Types• Network-based IDSs• Host-based IDSs
![Page 57: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/57.jpg)
Hands-On Ethical Hacking and Network Defense 57
Network-Based and Host-Based IDSs• Network-based IDSs• Monitor activity on network segments• They sniff traffic and alert a security administrator
when something suspicious occurs
• Host-based IDSs• Used to protect a critical network server or
database server• The software is installed on the server you’re
attempting to protect
![Page 58: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/58.jpg)
Hands-On Ethical Hacking and Network Defense 58
Network-Based and Host-Based IDSs (continued)• IDSs are categorized by how they react when
they detect suspicious behavior• Passive systems• Send out an alert and log the activity
• Active systems• Log events and send out alerts• Can also interoperate with routers and firewalls
![Page 59: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/59.jpg)
Hands-On Ethical Hacking and Network Defense 59
![Page 60: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/60.jpg)
Hands-On Ethical Hacking and Network Defense 60
Understanding Honeypots• Honeypot• Computer placed on the perimeter of a network• Contains information intended to lure and then trap
hackers
• Computer is configured to have vulnerabilities
• Goal• Keep hackers connected long enough so they can
be traced back
![Page 61: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/61.jpg)
Hands-On Ethical Hacking and Network Defense 61
How They Work• A honeypot appears to have important data
or sensitive information stored on it• Could store fake financial data that tempts
hackers to attempt browsing through the data
• Hackers will spend time attacking the honeypot• And stop looking for real vulnerabilities in the
company’s network
• Honeypots also enable security professionals to collect data on attackers
• Honeypots are available commercially and through open-source avenues
![Page 62: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/62.jpg)
Hands-On Ethical Hacking and Network Defense 62
![Page 63: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/63.jpg)
Hands-On Ethical Hacking and Network Defense 63
![Page 64: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/64.jpg)
Hands-On Ethical Hacking and Network Defense 64
How They Work (continued)• Virtual honeypots• Honeypots created using software solutions instead
of hardware devices• Example: Honeyd
![Page 65: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/65.jpg)
Hands-On Ethical Hacking and Network Defense 65
Summary• Security devices• Routers• Firewalls• IDSs
• Routers use access lists to accept or deny traffic through their interfaces
• Firewalls can be hardware devices or software installed on computer systems• Firewalls use NAT, IP filtering, and access
control lists to filter incoming and outgoing network traffic
![Page 66: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/66.jpg)
Hands-On Ethical Hacking and Network Defense 66
Summary (continued)• Firewall examples• Cisco PIX (hardware)• Microsoft ISA (software)
• Stateful packet filters vs. stateless packet filters
• PGP is a free public key encryption program to encrypt e-mail messages
• Demilitarized zones (DMZs)• Add a layer of defense between the Internet
and a company’s internal network
![Page 67: Hands-On Ethical Hacking and Network Defense Chapter 13 Protecting Networks with Security Devices](https://reader031.vdocuments.mx/reader031/viewer/2022032523/56649d8e5503460f94a77d4f/html5/thumbnails/67.jpg)
Hands-On Ethical Hacking and Network Defense 67
Summary (continued)
• Intrusion detection systems (IDSs)• Network-based IDSs• Host-based IDSs• Passive IDSs vs. active IDSs
• Honeypots