Presentation is loading. Please wait.

Presentation is loading. Please wait.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 4 Network Security Tools and Techniques.

Published byJack Johnson Modified over 8 years ago

Similar presentations

Presentation on theme: "© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 4 Network Security Tools and Techniques."— Presentation transcript:

1 © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 4 Network Security Tools and Techniques

2 © ITT Educational Services, Inc. All rights reserved.Page 2 IS3220 Information Technology Infrastructure Security Class Agenda 1  Learning Objectives  Discussion of Project  Lesson Presentation and Discussions.  Discussion on Assignments.  Discussion on Lab Activities.  Break Times. 10 Minutes break in every 1 Hour.  Note: Submit all Assignment and labs due today.

3 © ITT Educational Services, Inc. All rights reserved.Page 3 IS3220 Information Technology Infrastructure Security Class Agenda 2  Theory: 6:00pm -8:00pm  Lab: 8:15pm to 11:00pm

4 © ITT Educational Services, Inc. All rights reserved.Page 4 IS3220 Information Technology Infrastructure Security Reading Assignment  Chapter 5: Network Security Implementation  Chapter 7: Exploring the Depths of Firewalls  Chapter 15: Perspectives, Resources, and the Future

5 © ITT Educational Services, Inc. All rights reserved.Page 5 IS3220 Information Technology Infrastructure Security Learning Objective and Key Concepts Learning Objective  Identify network security tools and discuss techniques for network protection Key Concepts  Securing the LAN-to-WAN Domain – Internet ingress/egress point  Mitigating risk with IDSs and IPSs  Intrusion detection and intrusion prevention strategies  Automated network scanning and vulnerability assessment tools  Data protection strategies

6 © ITT Educational Services, Inc. All rights reserved.Page 6 IS3220 Information Technology Infrastructure Security Network Security Implementation  Seven domains are commonly found in the typical IT infrastructure  Hackers look for every opportunity to exploit a target.  No aspect of an IT infrastructure is without risk or immune to the scrutiny of hackers.  Each of the seven domains of a typical IT infrastructure has unique aspects that need security improvements

7 © ITT Educational Services, Inc. All rights reserved.Page 7 IS3220 Information Technology Infrastructure Security Seven Domains of IT Infrastructure  Risk associated to the every Seven Domains of IT Infrastructure  User Domain- training, strong authentication, granular authorization, and detailed accounting.  Workstation Domain- require security countermeasures such as antivirus, anti-spyware, and vulnerability software patch management  Local Area Network (LAN) Domain-Protocols, addressing, topology, and communication encryption provide security for this domain.

8 © ITT Educational Services, Inc. All rights reserved.Page 8 IS3220 Information Technology Infrastructure Security  LAN-to-Wide Area Network (WAN) Domain- Switches, routers, firewalls, proxies, and communication encryption are important aspects of security for this domain.  Remote Access Domain- involve SSL 128-bit encrypted remote browser access or encrypted VPN tunnels for secure remote communications.  WAN Domain- Protocol selection, addressing schemes, and communication encryption are elements of securing this domain.  Systems/Applications Domain -Network design, authentication, authorization, accounting, and node security are important security concerns for this domain.

9 © ITT Educational Services, Inc. All rights reserved.Page 9 IS3220 Information Technology Infrastructure Security EXPLORE: CONCEPTS

10 © ITT Educational Services, Inc. All rights reserved.Page 10 IS3220 Information Technology Infrastructure Security Vulnerability Assessment Scanners  Network Scanners  Web Application Scanners

11 © ITT Educational Services, Inc. All rights reserved.Page 11 IS3220 Information Technology Infrastructure Security Nmap and Zenmap  Network mapper (Nmap) runs at command line  Zenmap is the graphical user interface to Nmap  Originally intended as a network mapping utility  Port scanning and host detection features Identify access points to a network Identify holes in access controls  Highly configurable  Open source

12 © ITT Educational Services, Inc. All rights reserved.Page 12 IS3220 Information Technology Infrastructure Security Zenmap: Nmap Output Tab

13 © ITT Educational Services, Inc. All rights reserved.Page 13 IS3220 Information Technology Infrastructure Security Nessus  Commercial security scanner developed by Tenable Network Security  UNIX based  Network-centric with Web-based consoles and a central server  Offers a comprehensive set of tools  Useful tool for larger networks  Reports indicate which ports are open on which hosts and any security threats to those ports

14 © ITT Educational Services, Inc. All rights reserved.Page 14 IS3220 Information Technology Infrastructure Security Retina  Proprietary vulnerability scanner  Deep-scan a network looking for known issues that have not been patched in existing applications  Also scans for open ports  Output report indicates network vulnerabilities and the state of the environment  Easy-to-understand graphically intensive format

15 © ITT Educational Services, Inc. All rights reserved.Page 15 IS3220 Information Technology Infrastructure Security SAINT  SAINT = System Administrator’s Integrated Network Tool  Commercial vulnerability assessment tool  UNIX based  Full suite of tools like Nessus  Saint Corporation sells SAINT and other security tools

16 © ITT Educational Services, Inc. All rights reserved.Page 16 IS3220 Information Technology Infrastructure Security EXPLORE: PROCESS

17 © ITT Educational Services, Inc. All rights reserved.Page 17 IS3220 Information Technology Infrastructure Security Network Analysis  Also referred to as “network forensic analysis”  Analysis of network data to reconstruct network activity over a specific period of time  Common uses Detect vulnerabilities and threats Reconstruct the sequence of events that took place during a network-based security incident Discover the source of security policy violations or information assurance breaches

18 © ITT Educational Services, Inc. All rights reserved.Page 18 IS3220 Information Technology Infrastructure Security Network Analysis (Continued)  Able to Reveal Vulnerabilities Probing Denial of service (DoS) attacks User-to-root attacks Remote-to-local attacks

19 © ITT Educational Services, Inc. All rights reserved.Page 19 IS3220 Information Technology Infrastructure Security Overview of Network Analysis Tools  Packet Capture Tools  Intrusion Detection Systems (IDSs)  Data Collector

20 © ITT Educational Services, Inc. All rights reserved.Page 20 IS3220 Information Technology Infrastructure Security EXPLORE: ROLES

21 © ITT Educational Services, Inc. All rights reserved.Page 21 IS3220 Information Technology Infrastructure Security Data Loss/Data Leak Prevention Tools  Detect and block sensitive data from exiting a network  Enforce policies across file shares, databases, e-mail systems and on stored data  Two basic types Perimeter-based and client-based Some product combine the types  Cloud products are coming

22 © ITT Educational Services, Inc. All rights reserved.Page 22 IS3220 Information Technology Infrastructure Security EXPLORE: CONTEXT

23 © ITT Educational Services, Inc. All rights reserved.Page 23 IS3220 Information Technology Infrastructure Security The LAN-to-WAN Domain

24 © ITT Educational Services, Inc. All rights reserved.Page 24 IS3220 Information Technology Infrastructure Security Ingress and Egress  Ingress = Inbound traffic  Egress = Outbound traffic

25 © ITT Educational Services, Inc. All rights reserved.Page 25 IS3220 Information Technology Infrastructure Security The Boundary Router  Functions at the network perimeter in the DMZ  Accepts traffic from the Internet  Filters unapproved traffic and passes approved traffic to firewall  Protects the internal network against IP address spoofing and directed IP broadcasts

26 © ITT Educational Services, Inc. All rights reserved.Page 26 IS3220 Information Technology Infrastructure Security Ingress Filtering  Excludes or rejects all data packets that have an internal host address  Drops non-routable IP addresses Note: Non-routable IP addresses are specified in RFC 1918 (Private Network Addresses)

27 © ITT Educational Services, Inc. All rights reserved.Page 27 IS3220 Information Technology Infrastructure Security Egress Filtering  Stops packets from leaving the internal (company) network that have non-company addresses as their source address

28 © ITT Educational Services, Inc. All rights reserved.Page 28 IS3220 Information Technology Infrastructure Security Intrusion Detection System (IDS)  Monitors internal hosts or networks  Seeks symptoms of compromise or intrusion  Upon detection of an intruder, an IDS can: Send commands or requests to the firewall to break a connection Block an IP address Block a port/protocol  Some IPSs provide basic data loss/leak prevention capabilities

29 © ITT Educational Services, Inc. All rights reserved.Page 29 IS3220 Information Technology Infrastructure Security Intrusion Prevention System (IPS)  Monitors internal hosts or networks watching for symptoms of compromise or intrusion  Detects attempts to attack or intrude before they are successful  Upon detection of an intruder, an IPS can respond by preventing the success of the attempt

30 © ITT Educational Services, Inc. All rights reserved.Page 30 IS3220 Information Technology Infrastructure Security IDS vs. IPS IDS IPS Detects and ActsPrevents Reacts to events that IPS misses First layer of proactive defense

31 © ITT Educational Services, Inc. All rights reserved.Page 31 IS3220 Information Technology Infrastructure Security Host-Based vs. Network-Based IDSs/IPSs  IDSs and IPSs IDSs and IPSs look for attack signatures—specific patterns that usually indicate malicious or suspicious intent Can be anomaly-based or behavioral-based  Host-based and Network-based IDSs/IPSs Network-based IDSs/IPSs look for patterns in network traffic Host-based IDSs/IPSs look for attack signatures in log files

32 © ITT Educational Services, Inc. All rights reserved.Page 32 IS3220 Information Technology Infrastructure Security Summary  Securing the LAN-to-WAN Domain ~ Internet ingress and egress point  Mitigating risk with IDSs and IPSs  Intrusion detection and intrusion prevention strategies  Automated network scanning and vulnerability assessment tools  Data protection strategies

33 © ITT Educational Services, Inc. All rights reserved.Page 33 IS3220 Information Technology Infrastructure Security Unit 4 Assignments  Discussion 4.1 Host-Based vs. Network-Based IDSs/IPSs  Lab 4.2 Configuring a pfSense Firewall on the Server  Assignment 4.3 Identify Unnecessary Services From a Saved Vulnerability Scan  Project 4.4 Network Survey

Download ppt "© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 4 Network Security Tools and Techniques."

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.

Chapter 12 Network Security.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
NETWORK SECURITY.

NETWORK SECURITY.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)

Similar presentations

Ads by Google