Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.

Published byDerrick Paul Modified over 8 years ago

Similar presentations

Presentation on theme: "Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam."— Presentation transcript:

1

2 Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam

3 Route Summarization When you summarize routes in RIP, IGRP, EIGRP, or OSPF, you're replacing a series of routes with a summary route and mask. With RIP, IGRP, and EIGRP, this actually lessens the size of the routing update packet itself – multiple routes are replaced with the summary route. For instance, the routes 8.0.0.0/8, 9.0.0.0/8, 10.0.0.0/8, and 11.0.0.0/8 can be summarized as 8.0.0.0 252.0.0.0. Only the summary address will be found in the update packet, making it concise yet complete.

4 Route Summarization Summarizing routes can also make the routing table smaller, yet still allow for complete IP connectivity when done correctly. Using the above example, the four more-specific routes will be replaced by a single summary route. Since the entire routing table is parsed before the routing process is complete, keeping the routing table as small as possible does help speed the routing process as a whole.

5 Route Summarization Route summarization is all about making the routing table smaller. The larger the routing table the inefficient the router becomes i.e when the packet comes/goes out of the router the router has to check against all the routing table entries and find the best routes. route summarization shrinks the routing table.

6 Route Summarization

7

8

9 Sourcefire Sourcefire, Inc develops network security hardware and software. The company's FirePOWER network security appliances are based on Snort, an open-source intrusion detection system (IDS). Sourcefire delivers effective, highly automated security through continuous awareness, detection and protection across its industry-leading portfolio, including next-generation intrusion prevention systems, next-generation firewall, and advanced malware protection.

10 Snort Snort is an open source network intrusion prevention and detection system utilizing a rule- driven language, which combines signature, protocol and anomaly based inspection methods. Developed in tandem with the Snort open source community, its developers claim it is the most widely deployed intrusion detection and prevention technology worldwide.

11 Network Hardening Consider the range of difficulty for penetrating a attack surface on a building. Envision, starting with the easiest entry points to the most difficult entry points. Certainly unlocked doors and windows are much easier to enter than digging a tunnel underneath the building, however, we shouldn’t exclude the possibility of entering through the ventilation shaft. We take this analogy then and apply it to a single Linux system (the same analysis may be performed for groups of systems).

12 Network Hardening In order to determine the possible attack vectors for any system installation, we must have a full understanding for the server’s role. The primary attack vector for network-based applications is the network. Similarly, the primary attack vector for systems where the application is primarily non-network-based is usually through the file system or via inter-process communication of some form.

13 Network Hardening The most common tool used for hardening the network layer is a firewall with a policy of default-deny for both inbound and outbound access. A common mistake in firewall configuration on the host is to filter only inbound traffic. A well configured firewall will have default-deny of inbound and outbound traffic with strict exceptions made which exactly fit the application. Earlier we discussed that an attacker must download their toolkit so they can proceed effectively at compromising the system, thus, when properly configured, outbound filtering will block most attempts at toolkit retrieval.

14 Network Hardening Network security hardening for a specific application extends into the process space, such that we can allow or deny access down to a per- user granularity. For example, one user may need FTP access, while another user requires email access and we can restrict each user to only the access that they require for proper functionality (formally, this is known as separation of duty.)

15 Network Hardening Secure network devices are foundational to the security of mission-critical networks and business data. Vulnerable devices potentially open the door to attacks that can compromise a network’s security defenses

16 Network Hardening

Download ppt "Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Routing Basics By Craig Lindstrom. Overview Routing Process Routing Process Default Routing Default Routing Static Routing Static Routing Dynamic Routing.

Routing Basics By Craig Lindstrom. Overview Routing Process Routing Process Default Routing Default Routing Static Routing Static Routing Dynamic Routing.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Policy Based Routing using ACL & Route Map By Group 7 Nischal (304360958) Pranali (304378534)

Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : 97077200 7 August 1999 The Chinese University.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Department Of Computer Engineering

Department Of Computer Engineering
Network Perimeter Security Yu Wang. Main Topics Border Router Firewall IPS/IDS VLAN SPAM AAA Q/A.

Network Perimeter Security Yu Wang. Main Topics Border Router Firewall IPS/IDS VLAN SPAM AAA Q/A.

Similar presentations

Ads by Google