network security and firewalls

Copyright © 2002 ProsoftTraining. All rights reserved.

Network Securityand Firewalls


Lesson 1:What Is Security

Objectives

• Define security• Explain the need for network security• Identify resources that need security• Identify the two general security threat types• List security standards and organizations

What Is Security?

• LANs• WANs• VPNs• Network perimeters

Hacker Statistics

• One of every five Internet sites has experienced a security breach

• Losses due to security breaches are estimated at $10 billion each year

• Intrusions have increased an estimated 50 percent in the past year

What Is the Risk?

• Categorizing attacks• Countering attacks systematically

The Myth of 100-Percent Security

• Security as balance• Security policies

Attributes of anEffective Security Matrix

• Allows access control• Easy to use• Appropriate cost of ownership• Flexible and scalable• Superior alarming and reporting

What You AreTrying to Protect

• End user resources• Network resources• Server resources• Information storage resources

Who Is the Threat?

• Casual attackers• Determined attackers• Spies

Security Standards

• Security services– Authentication– Access control– Data confidentiality– Data integrity– Nonrepudiation

• Security mechanisms– The Orange Book

Summary

Define security Explain the need for network security Identify resources that need security Identify the two general security threat types List security standards and organizations


Lesson 2:Elements of Security

Objectives

• Formulate the basics of an effective security policy

• Identify the key user authentication methods• Explain the need for access control methods• Describe the function of an access control

list

Objectives (cont’d)

• List the three main encryption methods used in internetworking

• Explain the need for auditing

Elements of Security

Audit Administration

Encryption Access Control

User Authentication

Corporate Security Policy

The Security Policy

• Classify systems• Prioritize resources• Assign risk factors• Define acceptable and unacceptable activities• Define measures to apply to resources• Define education standards• Assign policy administration

Encryption

• Encryption categories– Symmetric– Asymmetric– Hash

• Encryption strength

Authentication

• Authentication methods– Proving what you know– Showing what you have– Demonstrating who you are– Identifying where you are

SpecificAuthentication Techniques

• Kerberos• One-time passwords

Access Control

• Access Control List– Objects

• Execution Control List– Sandboxing

Auditing

• Passive auditing• Active auditing

Security Tradeoffsand Drawbacks

• Increased complexity• Slower system response time

Summary

Formulate the basics of an effective security policy

Identify the key user authentication methods Explain the need for access control methods Describe the function of an access control

list

Summary (cont’d)

List the three main encryption methods used in internetworking

Explain the need for auditing


Lesson 3:Applied Encryption

Objectives

• Create a trust relationship using public-key cryptography

• List specific forms of symmetric, asymmetric, and hash encryption

• Deploy PGP in Windows 2000 and Linux

Creating Trust Relationships

• Manually• Automatically

Rounds, Parallelizationand Strong Encryption

• Round– Discrete part of the encryption process

• Parallelization– Use of multiple processes, processors or

machines to work on cracking one encryption algorithm

• Strong encryption– Use of any key longer than 128 bits

Symmetric-KeyEncryption

• One key is used to encrypt and decrypt messages

SymmetricAlgorithms

• Data encryption standard

• Triple DES• Symmetric

algorithms created by RSA Security Corporation

• International Data Encryption Algorithm

• Blowfish • Twofish• Skipjack• MARS• Rijndael• Serpent• Advanced

Encryption Standard

Asymmetric Encryption

• Asymmetric-key encryption elements– RSA– DSA– Diffie-Hellman

Hash Encryption

• Signing• Hash algorithms

– MD2, MD4, and MD5– Secure hash algorithm

AppliedEncryption Processes

• E-mail• PGP and GPG• S-MIME• Encrypting drives• Web server encryption

Summary

Create a trust relationship using public-key cryptography

List specific forms of symmetric, asymmetric, and hash encryption

Deploy PGP in Windows 2000 and Linux


Lesson 4:Types of Attacks

Objectives

• Describe specific types of security attacks• Recognize specific attack incidents

Brute-Force andDictionary Attacks

• Brute-force attack– Repeated access attempts

• Dictionary attack– Customized version of brute-force attack

System Bugs and Back Doors

• Buffer overflow• Trojans and root kits

Social Engineeringand Nondirect Attacks

• Call and ask for the password• Fraudulent e-mail• DOS and DDOS attacks• Spoofing• Trojans• Information leakage• Hijacking and man-in-the-middle attacks

Summary

Describe specific types of security attacks Recognize specific attack incidents


Lesson 5:General

Security Principles

Objectives

• Describe the universal guidelines and principles for effective network security

• Use universal guidelines to create effective specific solutions

CommonSecurity Principles

• Be paranoid• Have a security

policy• No system stands

alone• Minimize damage• Deploy company-

wide enforcement

• Provide training• Integrate security

strategies• Place equipment

according to needs• Identify security

business issues• Consider physical

security

Summary

Describe the universal guidelines and principles for effective network security

Use universal guidelines to create effective specific solutions


Lesson 6:Protocol Layers

and Security

Objectives

• List the protocols that pass through a firewall

• Identify potential threats at different layers of the TCP/IP stack

TCP/IP andNetwork Security

• The Internet and TCP/IP were not designed around strong security principles

The TCP/IP Suite andthe OSI Reference Model

• Physical layer• Network layer• Transport layer• Application layer• Presentation layer• Session layer• Data link layer

TCP/IPPacket Construction

TCP Segment

Header Body

IP Datagram

Header Body

Ethernet Frames

Application Message: e-mail, FTP, Telnet

Header Body Trailer

Summary

List the protocols that pass through a firewall

Identify potential threats at different layers of the TCP/IP stack


Lesson 7:Securing Resources

Objectives

• Consistently apply security principles• Secure TCP/IP services• Describe the importance of testing and

evaluating systems and services• Discuss network security management

applications

Implementing Security

• Categorize resources and needs• Define a security policy• Secure each resource and service• Log, test, and evaluate• Repeat the process and keep current

Resources and Services

• Protecting services– Protect against profiling– Coordinate methods and techniques– Protect services by changing default

settings– Remove unnecessary services

ProtectingTCP/IP Services

• The Web Server– CGI scripts– CGI and programming

• Securing IIS• Additional HTTP servers• FTP servers

– Access control

Simple MailTransfer Protocol

• The Internet Worm• The Melissa virus• E-mail and virus scanning• Access control measures

Testing and Evaluating

• Testing existing systems

Security Testing Software

• Specific tools– Network scanners– Operating system add-ons– Logging and log analysis tools

Security and Repetition

• Understanding the latest exploits

Summary

Consistently apply security principles Secure TCP/IP services Describe the importance of testing and

evaluating systems and services Discuss network security management

applications


Lesson 8:Firewalls and

Virtual Private Networks

Objectives

• Describe the role a firewall plays in a company’s security policy

• Define common firewall terms• Describe packet-filtering rules• Describe circuit-level gateways• Configure an application-level gateway• Explain PKI• Discuss public keys and VPNs

The Roleof a Firewall

• Implement a company’s security policy• Create a choke point• Log Internet activity• Limit network host exposure

FirewallTerminology

• Packet filter• Proxy server• NAT• Bastion host• Operating system hardening• Screening and choke routers• DMZ

CreatingPacket Filter Rules

• Process– Packet filters work at the network layer of

the OSI/RM• Rules and fields

Packet Filter Advantages and Disadvantages

• Drawbacks• Stateful multi-layer inspection• Popular packet-filtering products• Using the ipchains and iptables

commands in Linux

ConfiguringProxy Servers

• Recommending a proxy-oriented firewall• Advantages and disadvantages

– Authentication– Logging and alarming– Caching– Reverse proxies and proxy arrays– Client configuration– Speed

Remote Access andVirtual Private Networks

• Virtual network perimeter• Tunneling protocols• IPsec• ESP• PPTP• L2TP

Public KeyInfrastructure (PKI)

• Standards– Based on X.509 standard

• Terminology• Certificates

Summary

Describe the role a firewall plays in a company’s security policy

Define common firewall terms Describe packet-filtering rules Describe circuit-level gateways Configure an application-level gateway Explain PKI Discuss public keys and VPNs


Lesson 9:Levels of

Firewall Protection

Objectives

• Plan a firewall system that incorporates several levels of protection

• Describe the four types of firewall systems design and their degrees of security

• Implement a packet-filtering firewall

FirewallStrategies and Goals

• Resource placement• Physical access points• Site administration• Monitoring tools• Hardware

Building a Firewall

• Design principles– Keep design simple– Make contingency plans

Types ofBastion Hosts

• Single-homed bastion host• Dual-homed bastion host• Single-purpose bastion hosts

– Internal bastion hosts

Hardware Issues

• Operating system• Services• Daemons

CommonFirewall Designs

• Screening routers• Screened host firewall (single-homed bastion)• Screened host firewall (dual-homed bastion)• Screened subnet firewall (demilitarized zone)

Summary

Plan a firewall system that incorporates several levels of protection

Describe the four types of firewall systems design and their degrees of security

Implement a packet-filtering firewall


Lesson 10:Detecting and

Distracting Hackers

Objectives

• Customize your network to manage hacker activity

• Implement proactive detection• Distract hackers and contain their activity• Set traps• Deploy Tripwire for Linux

Proactive Detection

• Automated security scans• Login scripts• Automated audit analysis• Checksum analysis

Distractingthe Hacker

• Dummy accounts• Dummy files• Dummy password files• Tripwires and automated checksums• Jails

Punishingthe Hacker

• Methods• Tools

Summary

Customize your network to manage hacker activity

Implement proactive detection Distract hackers and contain their activity Set traps Deploy Tripwire for Linux


Lesson 11:Incident Response

Objectives

• Respond appropriately to a security breach• Identify some of the security organizations

that can help you in case your system is attacked

• Subscribe to respected security alerting organizations

DecideAhead of Time

• Itemize a detailed list of procedures• Include the list in a written policy• Be sure all employees have a copy

Incident Response

• Do not panic• Document everything• Assess the situation• Stop or contain the activity• Execute the response plan• Analyze and learn

Summary

Respond appropriately to a security breach Identify some of the security organizations

that can help you in case your system is attacked

Subscribe to respected security alerting organizations

NetworkSecurity and Firewalls

What Is Security? Elements of Security Applied Encryption Types of Attacks General Security Principles Protocol Layers and Security

NetworkSecurity and Firewalls

Securing Resources Firewalls and Virtual Private Networks Levels of Firewall Protection Detecting and Distracting Hackers Incident Response

network security and firewalls

Documents

security breachlosses

security breaches

access control methodsdescribe

main encryption methods

percent securitysecurity

scalablesuperior alarming

hash encryptiondeploy

internet sites