Network Security

AttacksTechnical Solutions

AcknowledgmentsMaterial is sourced from: CISA® Review Manual 2011, © 2010, ISACA. All rights reserved. Used by

permission. CISM® Review Manual 2012, © 2011, ISACA. All rights reserved. Used by

permission. Many other Network Security sources http://www.csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf

Author: Susan J Lincke, PhDUniv. of Wisconsin-Parkside

Reviewers/Contributors: Todd Burri, Kahili Cheng

Funded by National Science Foundation (NSF) Course, Curriculum and Laboratory Improvement (CCLI) grant 0837574: Information Security: Audit, Case Study, and Service Learning.

Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and/or source(s) and do not necessarily reflect the views of the National Science Foundation.

ObjectivesThe student should be able to:Define attacks: script kiddy, social engineering, logic bomb, Trojan horse, phishing, pharming, war driving, war dialing, man-in-the-middle attack, SQL injection, virus, worm, root kit, dictionary attack, brute force attack, DOS, DDOS, botnet, spoofing, packet reply.Describe defenses: defense in depth, bastion host, content filter, packet filter, stateful inspection, circuit-level firewall, application-level firewall, de-militarized zone, multi-homed firewall, IDS, IPS, NIDS, HIDS, signature-based IDS, statistical-based IDS, neural network, VPN, network access server (RADIUS/TACACS), honeypot, honeynet, hash, secret key encryption, public key encryption, digital signature, PKI, vulnerability assessmentIdentify techniques (what they do): SHA1/SHA2, MD2/MD4/MD5, DES, AES, RSA, ECC.Describe and define security goals: confidentiality, authenticity, integrity, non-repudiationDefine service’s & server’s data in the correct sensitivity class and roles with accessDefine services that can enter and leave a networkDraw network Diagram with proper zones and security equipment

The Problem of Network Security

The Internet allows an attacker to attack from anywhere in the world from their home desk.

They just need to find one vulnerability: a security analyst need to close every vulnerability.

Solution: Layered defense

Stages of a Cyber-OperationTarget Identification Opportunistic Attack:

focuses on any easy-to-break-into site

Targeted Attack: specific victim in mind Searches for a vulnerability

that will work.

Hacking NetworksReconnaissance Stage Physical Break-In Dumpster Diving Google, Newsgroups,

Web sites Social Engineering

Phishing: fake email Pharming: fake web pages

WhoIs Database & arin.net

Domain Name Server Interrogations

Registrant: Microsoft Corporation One Microsoft Way Redmond, WA 98052 US

Domain name: MICROSOFT.COM

Administrative Contact: Administrator, Domain domains@microsoft.com One Microsoft Way Redmond, WA 98052 US +1.4258828080 Technical Contact: Hostmaster, MSN msnhst@microsoft.com One Microsoft Way Redmond, WA 98052 US +1.4258828080

Registration Service Provider: DBMS VeriSign, dbms-support@verisign.com 800-579-2848 x4 Please contact DBMS VeriSign for domain updates,

DNS/Nameserver changes, and general domain support questions.

Registrar of Record: TUCOWS, INC. Record last updated on 27-Aug-2006. Record expires on 03-May-2014. Record created on 02-May-1991.

Domain servers in listed order: NS3.MSFT.NET 213.199.144.151 NS1.MSFT.NET 207.68.160.190 NS4.MSFT.NET 207.46.66.126 NS2.MSFT.NET 65.54.240.126 NS5.MSFT.NET 65.55.238.126

Hacking NetworksReconnaissance StageWar Driving: Can I find a wireless network?War Dialing: Can I find a modem to connect to?Network Scanning: What IP addresses, open ports,

applications exist? Protocol Sniffing: What is being sent over

communications lines?

Passive Attacks

Eavesdropping: Listen to packets from other parties = Sniffing

Traffic Analysis: Learn about network from observing traffic patterns

Footprinting: Test to determine software installed on system = Network Mapping

B

Packet

A

C

Bob

Jennie

Carl

Login: Ginger Password: Snap

Hacking Networks:Gaining Access Stage

Network Attacks: IP Address Spoofing Man-in-the-Middle

System Attacks: Buffer Overflow Password Cracking SQL Injection Web Protocol Abuse Watering Hole Attack Trap Door Virus, Worm, Trojan horse

aaaabac…babb…aaaaabaac…

Some Active AttacksDenial of Service: Message

did not make it; or service could not run

Masquerading or Spoofing: The actual sender is not the claimed sender

Message Modification: The message was modified in transmission

Packet Replay: A past packet is transmitted again in order to gain access or otherwise cause damage

Denial of Service Joe

Ann

BillSpoofingJoe (Actually Bill)

Ann

Bill

MessageModification Joe

Ann

Packet Replay Joe

Ann

Bill

Bill

Man-in-the-Middle Attack

10.1.1.1

10.1.1.2

10.1.1.3(1) Login

(3) Password

(2) Login

(4) Password

SQL Injection Java Original: “SELECT * FROM

users_table WHERE username=” + “’” + username + “’” + “ AND password = “ + “’” + password + “’”;

Inserted Password: Aa’ OR ‘’=’ Java Result: “SELECT * FROM

users_table WHERE username=’anyname’ AND password = ‘Aa’ OR ‘ ‘ = ‘ ‘;

Inserted Password: foo’;DELETE FROM users_table WHERE username LIKE ‘%

Java Result: “SELECT * FROM users_table WHERE username=’anyname’ AND password = ‘foo’; DELETE FROM users_table WHERE username LIKE ‘%’

Inserted entry: ‘|shell(“cmd /c echo “ & char(124) & “format c:”)|’

Login:

Password:

Welcome to My System

NIST SP 800-118 Draft

Password Cracking:Dictionary Attack & Brute Force

Pattern Calculation

Result Time to Guess(2.6x1018/month)

Personal Info: interests, relatives 20 Manual 5 minutesSocial Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second4 chars: lower case alpha 264 5x105

8 chars: lower case alpha 268 2x1011

8 chars: alpha 528 5x1013

8 chars: alphanumeric 628 2x1014 3.4 min.

8 chars alphanumeric +10 728 7x1014 12 min.

8 chars: all keyboard 958 7x1015 2 hours

12 chars: alphanumeric 6212 3x1021 96 years

12 chars: alphanumeric + 10 7212 2x1022 500 years

12 chars: all keyboard 9512 5x1023

16 chars: alphanumeric 6216 5x1028

Hacking Networks:Hiding Presence; Establishing Persistence

Backdoor

Trojan Horse

Spyware/Adware

Command & ControlUser-Level Rootkit

Kernel-Level Rootkit

Replaces systemexecutables: e.g. Login, ls, du

Replaces OS kernel:e.g. process or filecontrol to hide

Control system:system commands,log keystrokes, pswd

Useful utility actuallycreates a backdoor.

Slave forwards/performscommands;

Spyware: Keystroke logger collects info: passwords,

collect credit card #s,AdWare: insert ads,filter search results

Spread & infect,list email addrs, DDOS attacks

Bot

Distributed Denial of Service Zombies

VictimAttacker Handler

Can barrage a victimserver with requests,causing the networkto fail to respond to anyone

Russia Bulgaria UnitedStates

Zombies

Question

An attack where multiple computers send connection packets to a server simultaneously to slow the firewall is known as:

1. Spoofing2. DDOS3. Worm4. Rootkit

Question

A man in the middle attack is implementing which additional type of attack:

1. Spoofing2. DoS3. Phishing4. Pharming

Network Security

Network DefenseEncryption

Security: Defense in Depth

Border RouterPerimeter firewallInternal firewallIntrusion Detection SystemPolicies & Procedures & AuditsAuthenticationAccess Controls

Bastion Host

Computer fortified against attackers

Applications turned off

Operating system patched

Security configuration tightened

Attacking the NetworkWhat ways do you see of getting in?

The Internet

De-MilitarizedZone

Private Network

Border Router/Firewall

Commercial Network

Internal FirewallWLAN

Filters: Firewalls & Routers

Route Filter: Verifies source/destination IP addressesPacket Filter: Scans headers of packets Content Filter: Scans contents of packet (e.g., IPS)

Default Deny: Any packet not explicitly permitted is rejected

Fail Safe or Fail Secure: If router fails, it fails shut

The good, the bad &the ugly…

Filter

The bad &the ugly

The Good

Packet Filter Firewall

Web Request

Ping Request

FTP request

Email Connect Request

Web Response

Telnet Request

Email Response

SSH Connect Request

DNS Request

Email Response

WebResponse

Illegal Source IP Address

Illegal Dest IP Address

Microsoft NetBIOS Name Service

CampusDesire2Learn

Lab

HealthServices

Register

Library

Students &Instructors

Students &Instructors

Nurses

Public Web

Public: Potential Students

Graduates

Login

Confidential

Private

Public

Legend

Advisors &Registrars

Informal Path of Logical Access

PoS

Staff

Step 1: Determine Services: Who, What, Where?

WorkbookService

(e.g., web, sales database)

Source(e.g., home, world, local

computer)

Destination(local server, home,

world, etc.)Registration, Desire2Learn

Students and Instructors:Anywhere in the World

Computer Service Servers

Registration Registrars and Advisers: On campus

Computer Service Servers

Library databases

On campus students and staff.Off-campus requires login

Specific off-site library facilities

Health Services On campus: nurses office Computer Service Servers

External (Internet) web services

On campus: Campus labs, dorms, faculty offices

Anywhere in the world

Step 2: Determine Sensitivity of Services

WorkbookService Name

(E.g., web, email)

Sensitivity Class(E.g.,

Confidential)

Roles(E.g., sales, engineering)

Server(*=Virtual)

Desire2-Learn

Private Current Students, Instructors

Student_Scholastic

Registration

Confidential

Current Students, Registration, Accounting, Advising, Instructors

Student_Register

Health Service

Confidential

Nurses Health_Services

Web Pages: activities, news, departments, …

Public Students, Employees, Public

Web_Services*

Isolation & Compartmentalization

Compartmentalize network by Sensitivity Class & Role

Segment Network into Regions = Zones E.g., DMZ, wireless, Payment Card

Isolate Apps on Servers: physical vs. virtual (e.g. VMware) Virtual Servers combine onto one Physical server.

has own OS and limited section of disk. Hypervisor software is interface between virtual system’s

OS and real computer’s OS.

External DNS

Web Server

E-Commerce EmailServer

Protected Internal Network

Zone

Database/File Servers

Internet

Multi-Homed Firewall:Separate Zones

Demilitarized ZoneScreened

Host

The router serves as a screen for theFirewall, preventing Denial of Serviceattacks to the Firewall.

ScreeningDevice:Router

PrivatePayment Card

Zone IPS

IDS

Step 3: Allocate Network ZonesWorkbook

Zone Services 

Zone Description(You may delete or add rows as necessary)

Internet This zone is external to the organization. De-Militar-ized Zone

Web, Email, DNS

This zone houses services the public are allowed to access in our network.

Wireless Network

Wireless local employees

This zone connects wireless/laptop employees/students (and crackers) to our internal network. They have wide access.

Private Server Zone

Databases This zone hosts our student learning databases, faculty servers, and student servers.

Confidential Zone

Payment card, health, grades info

This highly-secure zone hosts databases with payment and other confidential (protected by law) information.

Private user Zone

Wired staff/ students

This zone hosts our wired/fixed employee/classroom computer terminals. They have wide univ. & external access.

Student Lab Zone

Student labs

This zone hosts our student lab computers, which are highly vulnerable to malware. They have wide access

Step 4: Define ControlsWorkbook

Zone Server(*=Virtual)

Service Required Controls(Conf., Integrity, Auth., Nonrepud., with tools: e.g.,

Encryption/VPN, hashing, IPS)De-Militarized Zone

Web_Services*,Email_ServerDNS_Server

Web, Email, DNS

Hacking: Intrusion Prevention System, Monitor alarm logs, Anti-virus software within Email package.

Wireless Network

  Wireless local users

Confidentiality: WPA2 EncryptionAuthentication: WPA2 Authentication

Private Server Zone

StudentScholasticStudent_FilesFaculty_Files

Classroom software,Faculty & student storage.

Confidentiality: Secure Web (HTTPS), Secure Protocols (SSH, SFTP).Authentication: Single Sign-on through TACACSHacking: Monitor logs

Data Privacy Confidentiality: Unauthorized

parties cannot access information (->Secret Key Encryption

Authenticity: Ensuring that the actual sender is the claimed sender. (->Public Key Encryption)

Integrity: Ensuring that the message was not modified in transmission. (->Hashing)

Nonrepudiation: Ensuring that sender cannot deny sending a message at a later time. (->Digital Signature)

Confidentiality Joe

Ann

Bill

AuthenticityJoe (Actually Bill)

Ann

Bill

Integrity Joe

Ann

Non-Repudiation Joe

Ann

Bill

Confidentiality:

Encryption – Secret KeyExamples: DES, AES

EncryptKsecret

DecryptKsecret

plaintextciphertext

plaintext

Sender, Receiver have IDENTICAL keysPlaintext = Decrypt(Ksecret, Encrypt(Ksecret,Plaintext))

NIST Recommended: 3DES w. CBC AES 128 Bit

Confidentiality, Authentication, Non-Repudiation

Public Key EncryptionExamples: RSA, ECC, Quantum

EncryptKpublic

DecryptKprivate

Key ownerJoe

Encryption(e.g., RCS)

DecryptKpublic

EncryptKprivate

Message, private key

Digital Signature

Key owner

Authentication,Non-repudiationJoe

Sender, Receiver have Complimentary KeysPlaintext = Decrypt(kPRIV, Encrypt(kPUB,Plaintext))

Plaintext = Decrypt(kPUB, Encrypt(kPRIV,Plaintext))NIST Recommended:2011: RSA 2048 bit

Confidentiality:

Remote Access Security

Virtual Private Network (VPN) often implemented with IPSec

Can authenticate and encrypt data through Internet (red line) Easy to use and inexpensive Difficult to troubleshoot Susceptible to malicious software and unauthorized actions Often router or firewall is the VPN endpoint

The Internet

Firewall

VPN Concentrator

Integrity:

Secure Hash FunctionsExamples: HMAC, SHA-2, SHA-3

Message

H

K Message H MessageK H H

Compare

Secure Hash

Message

H

Message Message

H

H H H

H

Compare

HMAC

K K

Ensures the message was not modified during transmission

NIST Recommended: SHA-2, SHA-3

HTransmitted Hash

Encrypted K(Sender’s Private)

Non-Repudiation:

Digital Signature Electronic Signature Uses public key

algorithm Verifies integrity of

data Verifies identity of

sender: non-repudiation

Message

Msg Digest

Authentication:

Public Key Infrastructure (PKI)

DigitalCertificate User: Sue

Public Key:2456

1. Sue registers withCA through RA

Certificate Authority(CA)

Register(Owner, Public Key) 2. Registration Authority(RA) verifies owners

3. Send approvedDigital Certificates

5. Tom requests Sue’s DC 6. CA sends Sue’s DC

Sue

Tom

4. Sue sendsTom messagesigned withDigital Signature

7. Tom confirmsSue’s DS

Hacking Defense:

Intrusion Detection/Prevention Systems (IDS or IPS)

Network IDS=NIDS Examines packets for attacks Can find worms, viruses, or

defined attacks Warns administrator of attack IPS=Packets are routed

through IPS

Host IDS=HIDS Examines actions or resources

for attacks Recognize unusual or

inappropriate behavior E.g., Detect modification or

deletion of special files

Router

Firewall

IDS

IDS/IPS Intelligence Systems

Signature-Based: Specific patterns are recognized

as attacks

Statistical-Based: The expected behavior of the

system is understood If variations occur, they may be

attacks (or maybe not)Neural Networks: Statistical-Based with self-learning

(or artificial intelligence) Recognizes patterns

Attacks:NastyVirusBlastWorm

NastyVirus NIDS:

ALARM!!!

0102030405060708090

Mon. Tues. Wed. Thurs.

SalesPersonnelFactory

Nor

mal

Hacking Defense:

Evaluating Applications Unified Threat Management = SuperFirewall

= firewall + IPS + anti-virus + VPN capabilitiesConcerns are redundancy and bandwidth.

Blacklist= restrict access to particular web sites, e.g., social and email sites

Whitelist= permit access to only a limited set of web sites.

Hacking Defense:

Honeypot & HoneynetHoneypot: A system with a special software application

which appears easy to break intoHoneynet: A network which appears easy to break into Purpose: Catch attackers All traffic going to honeypot/net is suspicious If successfully penetrated, can launch further attacks Must be carefully monitored

External DNS

IDS Web Server

E-Commerce VPNServer

Firewall

HoneyPot

Hacking Defense:

Vulnerability Assessment Scan servers, work stations, and control

devices for vulnerabilitiesOpen services, patching, configuration

weaknesses Testing controls for effectiveness

Adherence to policy & standards Penetration testing

Router

External DNS

Email PublicWeb Server

E-Commerce

Firewall

Zone 1:Student Labs & Files

Internet

Step 5: Draw Network DiagramWorkbook

Demilitarized Zone

Zone 2:Faculty Labs & Files

Student Records

Student Billing

Transcripts

StudentScholastic

StudentHistory

Zone 3:Confidential Data

StudentBilling

Path of Logical AccessHow would access control be improved?

The Internet

De-MilitarizedZone

Private Network

Border Router/Firewall

Router/FirewallWLAN

Protecting the Network

The Internet

De-MilitarizedZone

Private Network

Border Router: Packet Filter

Bastion Hosts

Proxy server firewallWLAN

University Scenario:

Dual in-line Firewalls

Writing Rules

Policies Network Filter Capabilities

Write Rules

Protected Network

Audit Failures

Corrections

Fail-Safe: If the filter fails, it fails closedDefault Deny: If a specific rule does not apply,

The packet is dropped.

FirewallConfigurations

A A

terminal

firewall

hostRouter Packet Filtering:Packet header is inspectedSingle packet attacks caughtVery little overhead in firewall: very quickHigh volume filter

A A

terminal

firewall

host

A

Stateful InspectionState retained in firewall memoryMost multi-packet attacks caughtMore fields in packet header inspectedLittle overhead in firewall: quick

FirewallConfigurations

A B

terminal

firewall

hostCircuit-Level Firewall:Packet session terminated and recreated via a Proxy ServerAll multi-packet attacks caughtPacket header completely inspectedHigh overhead in firewall: slow

A B

terminal

firewall

host

A

Application-Level FirewallPacket session terminated and recreated via a Proxy ServerPacket header completely inspectedMost or all of application inspectedHighest overhead: slow & low volume

A B

B

Web Page Security

SQL Filtering: Filtering of web input for SQL Injection

Encryption/Authentication: Ensuring Confidentiality, Integrity, Authenticity, Non-repudiation

Web Protocol Protection: Protection of State

Summary of ControlsConf-ident.

Integ-rity

Authen. Non-repud.

Anti-Hack

Encryption Protocols: S-HTTP, HTTPS, SSL, SSH2, PGP, S/MIME

x ? ?

Virtual Private Network (VPN): IPsec x x x

Wireless: WPA2, TKIP, IEEE 802.11i x x x

Hashing: HMAC, SHA, MD5 x

Digital Signature x x

Public Key Infrastructure x x x

Centralized Access Control: RADIUS, TACACS

x

Kerberos x x

Authentication: biometric, flash drive, token x

Conf-ident.

Integ-rity

Authen. Non-repud.

Anti-Hack

Firewall, App. or web firewall x

Mobile device mgmt x

Antivirus, Endpoint Security x

Event Logs/SIEM x

Intrusion Detection/Prevention Systems x

Unified Threat Mgmt x

Vulnerability Assessment x

Risk, Policy Mgmt x

Honeypot/Honeynet x

Email security mgmt x x

Bastion host x

Question

A map of the network that shows where service requests enter and are processed

1. Is called the Path of Physical Access2. Is primarily used in developing security policies3. Can be used to determine whether sufficient

Defense in Depth is implemented4. Helps to determine where antivirus software

should be installed

Question

The filter with the most extensive filtering capability is the

1. Packet filter2. Application-level firewall3. Circuit-level firewall4. State Inspection

Question

The technique which implements non-repudiation is:

1. Hash2. Secret Key Encryption3. Digital Signature4. IDS

Question

Anti-virus software typically implements which type of defensive software:

1. Neural Network2. Statistical-based3. Signature-based4. Packet filter

Question

MD5 is an example of what type of software:

1. Public Key Encryption2. Secret Key Encryption3. Message Authentication4. PKI

Question

A personal firewall implemented as part of the OS or antivirus software qualifies as a:

1. Dual-homed firewall2. Packet filter3. Screened host4. Bastion host

HEALTH FIRST CASE STUDYDesigning Network Security

Jamie Ramon MDDoctor

Chris Ramon RDDietician

TerryLicensed Practicing Nurse

PatSoftware Consultant

Defining Services which can Enter and Leave the Network

Service Source(e.g., home, world, local computer)

Destination(local server, home, world,

etc.)

          

Defining Services and ServersWorkbook

Service(e.g., web, sales

database)

Source(e.g., home, world, local

computer)

Destination(local server, home,

world, etc.)Registration, Desire2Learn

Students and Instructors:Anywhere in the World

Computer Service Servers

Registration Registrars and Advisers: On campus

Computer Service Servers

Library databases

On campus students and staff.Off-campus requires login

Specific off-site library facilities

Health Services On campus: nurses office Computer Service Servers

External (Internet) web services

On campus: Campus labs, dorms, faculty offices

Anywhere in the world

Define Services & Servers

Which data can be grouped together by role and sensitivity/criticality?

Service Name

Sensitivity Class.

Roles with Access

Server Name

              

Confidential –Management

Public – Web Pages

Privileged –Contracts

Evaluating Service Classes & RolesWorkbook

Service Name(E.g., web,

email)

Sensitivity Class(E.g.,

Confidential)

Roles(E.g., sales, engineering)

Server(*=Virtual)

Desire2-Learn

Private Current Students, Instructors

Student_Scholastic

Registration

Confidential

Current Students, Registration, Accounting, Advising, Instructors

Student_Register

Health Service

Confidential

Nurses Health_Services

Web Pages: activities, news, departments, …

Public Students, Employees, Public

Web_Services*

Defining Zones and Controls

Compartmentalization:Zone = Region (E.g., DMZ, wireless, internet)Servers can be physical or virtual

Zone Service 

Server Required Controls (Conf., Integrity, Auth., Nonrepud., with tools: e.g., Encryption/VPN)

              

Defining ZonesWorkbook

Zone Services 

Zone Description(You may delete or add rows as necessary)

Internet This zone is external to the organization. De-Militar-ized Zone

Web, Email, DNS

This zone houses services the public are allowed to access in our network.

Wireless Network

Wireless local employees

This zone connects wireless/laptop employees/students (and crackers) to our internal network. They have wide access.

Private Server Zone

Databases This zone hosts our student learning databases, faculty servers, and student servers.

Confidential Zone

Payment card, health, grades info

This highly-secure zone hosts databases with payment and other confidential (protected by law) information.

Private user Zone

Wired staff/ students

This zone hosts our wired/fixed employee/classroom computer terminals. They have wide univ. & external access.

Student Lab Zone

Student labs

This zone hosts our student lab computers, which are highly vulnerable to malware. They have wide access

Defining Controls for ServicesWorkbook

Zone Server(*=Virtual)

Service Required Controls(Conf., Integrity, Auth., Nonrepud., with tools: e.g.,

Encryption/VPN, hashing, IPS)De-Militarized Zone

Web_Services*,Email_ServerDNS_Server

Web, Email, DNS

Hacking: Intrusion Prevention System, Monitor alarm logs, Anti-virus software within Email package.

Wireless Network

  Wireless local users

Confidentiality: WPA2 EncryptionAuthentication: WPA2 Authentication

Private Server Zone

StudentScholasticStudent_FilesFaculty_Files

Classroom software,Faculty & student storage.

Confidentiality: Secure Web (HTTPS), Secure Protocols (SSH, SFTP).Authentication: Single Sign-on through TACACSHacking: Monitor logs

Router

External DNS

Email PublicWeb Server

E-Commerce

Firewall

Zone 1:Student Labs & Files

Internet

Draw the Network Diagram

Demilitarized Zone

Zone 2:Faculty Labs & Files

Student Records

Student Billing

Transcripts

StudentScholastic

StudentHistory

Zone 3:Student Data

StudentBilling

MSVisioDiagram

ReferenceSlide # Slide Title Source of Information

7 Passive Attacks CISA: page 331,333, 3529 Some Active Attacks CISA: page 330, 332, 35210 Man-in-the –Middle Attack CISA: page 33112 Password Cracking: dictionary Attack & Brute Force CISA: page 330

14 Botnets CISA: page 33015 Distributed Denial of Service CISA: page 33023 Packet Filter Firewall CISA: page 353, 35424 Firewall Configurations CISA: page 353 – 35525 Firewall Configurations CISA: page 35426 Multi-Homed Firewall: Separate Zones CISA: page 35533 Intrusion Detection Systems (IDS)

Intrusion Prevention System (IPS)CISA: page 355, 356

34 IDS Intelligence Systems CISA: page 35635 Honeypot & Honeynet CISA: page 356, 35737 Encryption – Secret Key CISA: page 35738 Public Key Encryption CISA: page 357, 35839 Remote Access Security CISA: page 36140 Secure Hash Functions CISA: page 359, 361, 362

41 Digital Signature CISA: page 35942 Public Key Infrastructure (PKI) CISA: page 359, 360