Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.

Slides:



Advertisements
Similar presentations
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Advertisements

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
How Clients and Servers Work Together
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
IIS and PWS. What is IIS and PWS? Microsoft Internet Information Server (IIS) and Peer Web Services (PWS) enable Windows NT servers with the ability to.
Chapter Overview TCP/IP Protocols IP Addressing.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
CS 350 Chapter-6. A brief history of TCP/IP 1983 TCP/IP came to ARPAnet ARPAnet and MILNET dissolved in 1990 BSD UNIX.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
Workshop 1: Introduction to TCP/IP
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Chapter 7: Using Windows Servers to Share Information.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Module 3: Configuring Basic TCP/IPv4 Settings. Overview of the TCP/IP Protocol Suite Overview of TCP/IP Addressing Name Resolution Dynamic IP Addressing.
PRACTICAL STEPS IN SECURING WINDOWS NT Copyright, 1996 © Dale Carnegie & Associates, Inc. TIP For additional advice see Dale Carnegie Training® Presentation.
Web Server Administration Chapter 10 Securing the Web Environment.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
Chapter 9.
Chapter 6: Packet Filtering
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Network Communications Technology Chapter 19 Internet Architecture and TCP/IP.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
Microsoft Internet Information Services 5.0 (IIS) By: Edik Magardomyan Fozi Abdurhman Bassem Albaiady Vince Serobyan.
Internet Information Server © N. Ganesan, Ph.D. All Rights Reserved.
Linux+ Guide to Linux Certification Chapter Fifteen Linux Networking.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Internet Information Server Name : Yao Gu Date : 10-June-2000 COSC : 573.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
1 Chapter 8 – TCP/IP Fundamentals TCP/IP Protocols IP Addressing.
Data Communications and Networks
TCP/IP (Transmission Control Protocol / Internet Protocol)
CCNA4 v3 Module 6 v3 CCNA 4 Module 6 JEOPARDY K. Martin.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
Department of Computer Science Southern Illinois University Edwardsville Spring, 2008 Dr. Hiroshi Fujinoki FTP Protocol Programming.
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
TCP/IP Protocol Suite ©Richard L. Goldman September 25, 2002.
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Application Layer Functionality and Protocols Abdul Hadi Alaidi
Chapter 7: Using Windows Servers
CompTIA Security+ Study Guide (SY0-401)
Securing the Network Perimeter with ISA 2004
CompTIA Security+ Study Guide (SY0-401)
Chapter 4 Core TCP/IP Protocols
IIS.
IS 4506 Server Configuration (HTTP Server)
APACHE WEB SERVER.
Designing IIS Security (IIS – Internet Information Service)
Computer Networks Protocols
Presentation transcript:

Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify specific Exchange/SMTP/POP service concerns Identify specific RAS/dial-in/dial-out concerns Module 9

TCP/IP Architecture

l FTP l Telnet (Add-on) l NFS (Add-on) l SMTP (Exchange, Lotus MTA, NTMail…) l SNMP l Increasingly more TCP/IP services are becoming available in the NT environment l Result: substantial increased in the threat of unauthorized remote access TCP/IP Services

l RFC , ,1035 SUBJECT User Datagram Protocal (UDP) Trivial File Transfer Protocol (TFTP) Internet Protocol (IP) Internet Control Message Protocol (ICMP) Transmission Control Protocol (TCP) Address Resolution Protocol (ARP) Telnet Protocol (TELNET) IP over Ethernet IP Broadcast Datagrams Internet Standard Subnetting Procedure File Transfer Protocol Requirements for Internet Gateways Domain Name Service (DNS) RFCs & Open Standards

l Service Echo Chargen FTP Telnet SMTP HTTP nbname nbdatagram nbsession Port , TCP/IP Services Deserving Special Focus

l Built on TCP/IPv4 suite (Basic Clear Text) l Data storage locations are left on vulnerable drives l Data files that grow are left on system drive l Services that use weak authentication l Services are run on PDC –Reward from compromise is infinitely great –SAM database is used for authentication l Source IP filtering is not used when appropriate Common Application- Vulnerabilities

l Use TCP/IPv6 when available (full encryption) l Move data and logs to non- system disk and delete default share l Chose the strongest authentication possible l Run Internet Services on servers with no trust, not DCs l Disable inappropriate services on Servers providing Internet Services. l Use source IP filtering for all, local only, services Common Application- Counter Measures

l Internet Information Server (IIS) WWW Server l IIS FTP Server l IIS Gopher Server l Exchange SMTP, POP, LDAP, l Remote Access Server (RAS) PPP & PPTP l Certificate Server Applications for Internet Services

l IIS V2, V3, V4 l Provides Internet Service Daemons; www, ftp, gopher –V4 does not provide gopher l Can be managed from a central location –V2 & V3 Use Internet Service Manager –V4 Uses Microsoft Management Console(MMC) as snap-in l Uses NT Security Model l WWW Security features include: –NT Challenge Authentication –SSL ( Internet Information Server (IIS)

l Provides for Strong Authentication l Provides for HTTPS (Secure) Pages l Allows IP source filtering IIS

With Property Sheets You Can Establish Logon Requirements Configure Access Permissions Specify Home Directories Create Multiple Virtual Servers On One Computer Setting Encryption Options Configure Event Logging Options View Current Sessions Enable or Disable Server Access By IP Address

FTP makes all objects in the file structure accessible! Access permission = permissions assigned to account used to gain FTP access and file/directory permission (conjunctive rule) A Special Concern: FTP

l Account to be used for FTP access can be misused similarly to the Guest account FTP users are members of Everyone group Inbound FTP authentication can be performed by the source host if not configured otherwise Passwords for outbound FTP are transmitted in clear text A Special Concern: FTP

l HTTP input overflow can allow unauthorized users to execute commands CGI scripts can allow commands to be written to.BAT files, resulting in execution of commands not intended for execution on web servers Some types of HTTP access are to a user ID (as in FTP ) Problems with NT-Based Web Servers

l Serious concern: NT web servers or firewalls running within an NT domain (and, thus, effectively within NT’s security perimeter) Recommendations: - Run each firewall as a standalone NT platform - Run Web servers as standalone NT platforms or as part of a Web server domain - Do not mix internal and external Web servers in the same domain TCP/IP Services and NT Domains

l Recommendations for Controlling TCP/IP Services IIS

l Security Approach

IIS

NT Security for System Administrators

IIS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.