Network Access and Security

Chapter 13 – 15

Topics

• Security protocols– IPSec– L2TP– SSL– WEP– WPA– 802.x

• Authentication Protocols• Firewalls• Proxy Services• Disaster Recovery

Accessing Network Resources

• Client Selection– Installing the Windows 2003

Client

Managing User Account and Password Security

• Usernames and passwords are key to network security, and you use them to control initial access to your system.

Network Resource-Sharing Security Models

• You can secure files that are shared over the network in two ways:– Share-Level Security– User-Level Security

Managing Accounts

• Creating• Renaming• Disabling• Removing accounts.• Create and disable temporary

accounts.• Setup accounts for Anonymous

Access.

Managing Passwords

• Strong Passwords– Minimum Length– Complexity– Avoid weak passwords

• Password Management– Password History– Minimum Age– Maximum Age– Minimum Length– Require Complexity– Account Lockout duration– Account Lockout Threshold– Reset Lockout counter time

Using Firewalls

• Firewall Technologies– Statefull– Stateless

• Access Control Lists (ACL)

The Demilitarized Zone (DMZ)

Protocol Switching

• Internally use IPX instead of TCP• Use IPX in a dead zone

– Example on page 335• Dynamic Packet Filtering• Proxy Servers

– IP Proxy: An IP proxy hides the IP addresses of all stations

– Web (HTTP) Proxy: Web proxies (also called HTTP [Hypertext Transfer Protocol] proxies) handle HTTP requests on behalf of the sending workstation.

– FTP Proxy: FTP proxies handle the uploading and downloading of files from a server on behalf of a workstation.

– SMTP Proxy: SMTP proxies handle Internet e-mail. Here, the actual contents of the packet and mail can be automatically searched.

Security Protocols

• Layer 2 Tunneling Protocol (L2TP)• Internet Protocol Security (IPSec)• Secure Sockets Layer (SSL)• Kerberos• Wired Equivalent Privacy (WEP)• Wi-Fi Protected Access (WPA)• 802.1x• Password Authentication Protocol (PAP)• Challenge Handshake Authentication Protocol

(CHAP)• Microsoft Challenge Handshake Authentication

Protocol (MS-CHAP)• Remote Authentication Dial-In User Service

(RADIUS)

Comparing Firewall Operating System Platforms

• UNIX allows you to lock down servers.– Many Hardware Firewalls are built around

Linux/UNIX.

• NetWare uses BorderManager which integrates with NDS.

• Windows has its own ISA server which is a statefull firewall. There are also many third party firewalls.

• Cisco PIX and others.

Understanding and Defending AgainstHacker Attacks

• Hacker Tools: Common Network Attacks– IP Spoofing– The Ping of Death– WinNuke– SYN Flood

Intruder Detection: Defence Techniques

• Three Types– Active Detection– Passive Detection– Proactive Defence

Certified Operating Systems and Networks

• Not all versions of an operating system are certified. This is the case even within the same vendor’s product line.

Understanding Encryption

• The NSA has classified encryption tools and formulas as munitions since 1979 and therefore regulates them.

• Not all systems use encryption. Older utilities like FTP and Telnet do not.

• There are third party utilities to provide data encryption.– PGP provides encryption for email– VPN– Https

How Encryption works

• Number substitution– A=1, B=2, C=3 …

• Letter substitution– A=Z, B=Y, C=X …

• Encryption Key– Private Key

• DES and Triple DES• Skipjack and Clipper

– Public Key• RSA Data Security• PGP (Pretty Good Privacy)

Security Policies

• A security policy defines how security will be implemented in an organization, including physical security, document security, and network security.– Security Audit– Clean Desk Policy– Recording Equipment

Other Common Security Policies

• Notification• Equipment Access• Wiring• Door Locks/Swipe Mechanisms• Badges• Tracking• Passwords• Monitor Viewing

Breaking Policy

• Major Infractions• Minor Infractions• The Exit Interview• Returning and Logging Property• Disabling Accounts

Recognizing Security Threats

• Denial of Service (DoS)• Ping of Death• Distributed Denial of Service (DDoS)• Man in the Middle• Smurf

Recognizing Security Threats

• SYN Flood– SYN flags are only used to initiate new

communications. To initiate a SYN flood, a hacker sends a barrage of SYN packets.

– Any further incoming connections to the victimized device will be rejected until it can respond to the barrage of connection requests it’s already busy trying to deal with.

DoS/SYN flood attack

Recognizing Security Threats

• Tribe Flood Network (TFN) and Tribe Flood Network 2000 (TFN2K)– They’re called distributed denial of

service (DDos) attacks and also make use of IP spoofing.

Recognizing Security Threats

• Stacheldraht• It basically incorporates TFN and

adds a dash of encryption to the mix. • The nightmare begins with a huge

invasion at the root level, followed with a DoS attack finale.

Viruses

In their simplest form, viruses are basically little programs that cause a variety of very bad things to happen on your computer, ranging from merely annoying to totally devastating.

Types of Viruses

• File Viruses• Macro Viruses• Boot-Sector Viruses• Multipartite Viruses

– Anthrax and Tequila are both multipartite viruses.

• Worms

Attackers and Their Tools

• IP Spoofing

Attackers and Their Tools

• Application-Layer Attacks• Active-X Attacks• Autorooters• Backdoors• Network Reconnaissance• Packet Sniffers• Password Attacks• Brute-Force Attacks

Attackers and Their Tools

• Port-Redirection Attacks• Trust-Exploitation Attacks• Man-in-the-Middle Attacks• Rogue Access Points• Social Engineering (Phishing)

Patch Management

• Updating Windows• Updating Antivirus• Fixing an infected PC

Types of Attacks

• Application-Layer Attacks• Active-X Attacks• Autorooters• Backdoors• Network Reconnaissance• Packet Sniffers• Password Attacks• Brute-Force Attacks• Port-Redirection Attacks• Trust-Exploitation Attacks• Man-in-the-Middle Attacks

Other Security Threats

• Rogue Access Points• Social Engineering (Phishing)

Understanding Mitigation Techniques

• Active Detection• Passive Detection• Proactive Defense

Policies and Procedures

• Security Policies• Security Audit• Clean-Desk Policy• Recording Equipment

Other Common Security Policies

DMZ

Summary

• Summary and • Exam Essentials• Review Questions