OV 4 - 1 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.

Slides:



Advertisements
Similar presentations
Vocabulary words By: Toyre Jones. Electronic mail which allows individuals with an account to send messages to another person with an account.
Advertisements

DMZ (De-Militarized Zone)
DMZ (De-Militarized Zone)
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
System and Network Security Practices COEN 351 E-Commerce Security.
IS Network and Telecommunications Risks
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
1 Enabling Secure Internet Access with ISA Server.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
IT 210 The Internet & World Wide Web introduction.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
SECURITY BASELINES -Sangita Prabhu.
Chapter Three. Which of the following protocols is a file transfer protocol using SSH? A.SFTP B.TFTP C.SICMP D.CCMP.
CHAPTER Protocols and IEEE Standards. Chapter Objectives Discuss different protocols pertaining to communications and networking.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
COMP 6005 An Introduction To Computing Session Four: Internetworking and the World Wide Web.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Chapter 6: Packet Filtering
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Software Security Testing Vinay Srinivasan cell:
Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Directory and File transfer Services By Jothi. Two key resources Lightweight Directory Access Protocol (LDAP) File Transfer protocol Secure file transfer.
Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University
1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
UNIT 3 SEMINAR Unit 3 Chapter 3 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:
CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Discovery 2 Internetworking Module 8 JEOPARDY K. Martin.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
Security fundamentals Topic 8 Securing network applications.
Security fundamentals Topic 10 Securing the network perimeter.
Security fundamentals Topic 9 Securing internet messaging.
Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.
SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Defining Network Infrastructure and Network Security Lesson 8.
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Security fundamentals
CompTIA Security+ Study Guide (SY0-401)
Level 2 Diploma Unit 10 Setting up an IT Network
Secure Software Confidentiality Integrity Data Security Authentication
FTP - File Transfer Protocol
CompTIA Security+ Study Guide (SY0-401)
– Chapter 3 – Device Security (B)
– Chapter 3 – Device Security (B)
Chapter 7 Network Applications
Test 3 review FTP & Cybersecurity
Presentation transcript:

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices  Harden DNS and BIND Servers  Harden Web Servers  Harden File Transfer Protocol (FTP) Servers  Harden Network News Transfer Protocol (NNTP) Servers  Harden Servers  Harden Conferencing and Messaging Servers

OV Copyright © 2005 Element K Content LLC. All rights reserved. Internetwork Devices SwitchesRoutersFirewalls

OV Copyright © 2005 Element K Content LLC. All rights reserved. Unnecessary Network Protocols  Transport protocols  NetBEUI  NWLink  AppleTalk  Service protocols  NNTP  FTP  Others

OV Copyright © 2005 Element K Content LLC. All rights reserved. Firmware Updates

OV Copyright © 2005 Element K Content LLC. All rights reserved. Internetwork Device Vulnerabilities  SNMP  Telnet  Router configuration  Finger  Small server  IP filter  Default ports  IP source routing  ICMP redirect  RIP v1

OV Copyright © 2005 Element K Content LLC. All rights reserved. A DMZ DMZ Web server

OV Copyright © 2005 Element K Content LLC. All rights reserved. An Intranet Employee handbook

OV Copyright © 2005 Element K Content LLC. All rights reserved. An Extranet Company A Company C Company B

OV Copyright © 2005 Element K Content LLC. All rights reserved. A VLAN Point-to-point connection Point-to-point connection Point-to-point connection Point-to-point connection VLAN switch

OV Copyright © 2005 Element K Content LLC. All rights reserved. NAT NAT Server

OV Copyright © 2005 Element K Content LLC. All rights reserved. Network Media Types Coax Twisted pair Fiber-optic

OV Copyright © 2005 Element K Content LLC. All rights reserved. Network Media Vulnerabilities  Coax vulnerabilities  Twisted-pair vulnerabilities  Fiber-optic vulnerabilities  General vulnerabilities

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices  Protect the devices while maintaining connectivity  Follow hardening guidelines  Requirements will vary

OV Copyright © 2005 Element K Content LLC. All rights reserved. DNS everythingforcoffee.com com.org

OV Copyright © 2005 Element K Content LLC. All rights reserved. DNS and BIND Vulnerabilities  Spoofing  Hijacking  Cache corruption  Input validation  Environment variables  Zone transfers  Rogue client registrations

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening DNS and BIND  Protect the zone information while maintaining service availability  Follow hardening guidelines  Requirements will vary

OV Copyright © 2005 Element K Content LLC. All rights reserved. HTTP Web client Web server

OV Copyright © 2005 Element K Content LLC. All rights reserved. Web Server Authentication Web client Web server

OV Copyright © 2005 Element K Content LLC. All rights reserved. Web Server Authentication Methods  Address-based  Anonymous  Basic  Digest  Integrated  Certificates

OV Copyright © 2005 Element K Content LLC. All rights reserved. Web Server Vulnerabilities  Format string  Improper input validation  CGI scripts  Code outside web root  Web server applications  Weak authentication  Clear text transmissions  HTML source code  Buffer overflows

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Web Servers  Protect data and server while maintaining website access  Follow hardening guidelines  Requirements will vary

OV Copyright © 2005 Element K Content LLC. All rights reserved. FTP FTP client

OV Copyright © 2005 Element K Content LLC. All rights reserved. FTP Vulnerabilities  Basic authentication  Anonymous and blind FTP  Unnecessary services  Clear text transmissions  Firewall configuration  “Glob”  “Bounce”  File sharing exploitation

OV Copyright © 2005 Element K Content LLC. All rights reserved. SSH Password Password is encrypted Session is secured slogin

OV Copyright © 2005 Element K Content LLC. All rights reserved. SFTP SSH encryption FTP client

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening FTP Servers  Protect the server and data while maintaining service  Follow hardening guidelines  Requirements will vary

OV Copyright © 2005 Element K Content LLC. All rights reserved. NNTP Subscriber

OV Copyright © 2005 Element K Content LLC. All rights reserved. NNTP Vulnerabilities NNTP  Anonymous access  Password privacy  Data privacy  integration

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening an NNTP Server  Prevent unauthorized postings and data loss while maintaining service  Follow hardening guidelines  Requirements will vary NNTP

OV Copyright © 2005 Element K Content LLC. All rights reserved. SMTP client server

OV Copyright © 2005 Element K Content LLC. All rights reserved. Vulnerabilities  worms  Malicious code  8.3 file names  Data buffers  Spam  Hoaxes  SMTP relays

OV Copyright © 2005 Element K Content LLC. All rights reserved. PGP  Public security  Encrypt message contents and encrypt key  Digital signing

OV Copyright © 2005 Element K Content LLC. All rights reserved. S/MIME  Security for attachments  Various attachment file formats  Encryption and digital signing

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Servers  Protect server and mail data while supporting users  Follow hardening guidelines  Requirements will vary

OV Copyright © 2005 Element K Content LLC. All rights reserved. Conferencing and Messaging Vulnerabilities  Sniffing  Eavesdropping  Privacy  Social engineering

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Conferencing and Messaging Servers  Protect server and data, prevent spoofing, maintain service availability  Follow hardening guidelines  Requirements will vary

OV Copyright © 2005 Element K Content LLC. All rights reserved. Reflective Questions 1.Which internetwork connection device do you think is most important to secure? 2.Which provides a greater security threat to your organization: your border router or your infrastructure?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.