Presentation is loading. Please wait.

Presentation is loading. Please wait.

Click to edit Master subtitle style

Published byAmos George Modified over 6 years ago

Similar presentations

Presentation on theme: "Click to edit Master subtitle style"— Presentation transcript:

1 Click to edit Master subtitle style
Chapter 15: Physical Security and Risk Click to edit Master subtitle style

2 Chapter 15 Objectives The Following CompTIA Network+ Exam Objectives Are Covered in This Chapter: 1.1 Explain the functions and applications of various network devices • IDS/IPS 2.4 Explain the importance of implementing network segmentation • Honeypot/honeynet 3.1 Compare and contrast risk related concepts • Disaster recovery • Business continuity • Battery backups/UPS • First responders • Data breach • End user awareness and training • Single point of failure o Critical nodes o Critical assets o Redundancy • Adherence to standards and policies • Vulnerability scanning • Penetration testing 2

3 Chapter 15 Objectives (Cont)
3.4 Compare and contrast physical security controls • Mantraps • Network closets • Video monitoring o IP cameras/CCTVs • Door access controls • Proximity readers/key fob • Biometrics • Keypad/cypher locks • Security guard 3

4 Chapter 15 Objectives (Cont)
3.5 Given a scenario, install and configure a basic firewall • Types of firewalls o Host-based o Network-based o Software vs hardware o Application aware/context aware o Small office/home office firewall o Stateful vs stateless inspection o UTM • Settings/techniques o ACL o Virtual wire vs routed o DMZ o Implicit deny o Block/allow - Outbound traffic - Inbound traffic o Firewall placement - Internal/external 4

5 Using Hardware and Software Security Devices
In medium to large enterprise networks, strategies for security usually include some combination of internal and perimeter routers plus firewall devices. Internal routers provide added security by screening traffic to the more vulnerable parts of a corporate network though a wide array of strategic access lists. Corporate (Trusted) Network Untrusted Network Perimeter (Premises) Router Firewall Internal (Local Network) Router Internet In medium to large enterprise networks, strategies for security usually include some combination of internal and perimeter routers plus firewall devices. Internal routers provide added security by screening traffic to the more vulnerable parts of a corporate network though a wide array of strategic access lists. Web Server DMZ Server 5

6 Firewalls Firewalls are usually a combination of hardware and software. The hardware part is usually a router, but it can also be computer or a dedicated piece of hardware called a black box that has two Network Interface Cards (NICs) in it. One of the NICs connects to the public side, and the other one connects to the private side. The software part is configured to control how the firewall actually works to protect your network by scrutinizing each incoming and outgoing packet and rejecting any suspicious ones. 6

7 Firewalls Network-Based Firewalls
A network-based firewall is used to protect private network from public networks. This type of firewall is designed to protect an entire network of computers instead of just one system. Usually a combination of hardware and software. Host-Based Firewalls A host-based firewall is implemented on a single machine so it only protects that one machine. Usually a software implementation. 7

8 Firewall Technologies
Access Control Lists (ACLs) The first line of defense for any network that’s connected to the Internet are access control lists. These reside on your routers and determine by IP addresses and/or ports which machines are allowed to use those routers and in what direction. A can access B, B can access if a secure authenticated connection is detected. Network B “Private” Network Network A “Public” Network Router 8

9 Port Security Use port security to define a set of MAC addresses that are allowed to access a port where a sensitive device is located. Use is to set unused ports to only be available to a preconfigured set of MAC addresses. 9

10 Firewall Technologies
Demilitarized Zone (DMZ) A demilitarized zone (DMZ) is a network segment that isn’t public or private but halfway between the two. Internet DMZ Server Router Web Server Firewall Switch FTP Server Switch Protected Intranet Server File & Print Server Internal Database & Web Server 10

11 Firewall Technologies
Protocol Switching Protocol switching protects data on the inside of a firewall TCP/IP Internet TCP/IP Only TCP/IP Only Protocol switching occurs Inside the firewall. The first NIC understands TCP/IP only. The second NIC understands IPX/SPX only. Router Router TCP/IP Only IPX/SPX Only Deadzone Firewall IPX/SPX Only Router Switch IPX/SPX Only TCP/IP Only Protected Intranet Server IPX/SPX TCP/IP Both File & Print Server Internal Database & Web Server 11

12 Firewall Technologies
Dynamic Packet Filtering Packet filtering refers to the ability of a router or a firewall to discard packets that don’t meet the right criteria. State List Session between A & B: Last packet #1238 Next packet #1239 Server sending packet #1239 X Client expecting Packet #1239 Firewall Hacker is denied access because the state list says the firewall should expect packet #1239 next, but instead It is receiving #1211, so it rejects the packet. Hacker attempts to get in using packet #1211 12

13 Firewall Technologies
Proxy Services Proxies act on behalf of the whole network to completely separate packets from internal hosts and external hosts. Discarded Web Server From A From Proxy Data HTTP Proxy Server From Proxy From A Data Data A From Server From Proxy Internet Data Data A proxy receives a request from a client and makes the request on behalf of the client. This example shows an HTTP proxy server. 13

14 Firewall Technologies
Firewalls at the Application Layer vs. the Network Layer Stateful vs Stateless Network-Layer Firewalls Application-Layer Firewalls Scanning Services and Other Firewall Features Key Default Scanning Settings 14

15 Firewall Technologies
Content Filtering Content filtering means blocking data based on the content of the data rather than the source of the data Signature Identification Firewalls can also stop attacks and problems through a process called signature identification. Viruses that are known will have a signature, which is a particular pattern of data, within them. 15

16 Figure 15.7

17 Chapter 15 Internet Options Security tab Figure 15.8

18 Chapter 15 Adding a trusted site Figure 15.9

19 Chapter 15 Custom security settings Figure 15.10

20 Intrusion-Detection and Intrusion-Prevention Systems
Firewalls are designed to block nasty traffic from entering your network, but IDS is more of an auditing tool: It keeps track of all activity on your network so you can see if someone has been trespassing. Firewall 3 Network 1 Attack underway 1 2 IDS analysis Looks for misuse or known attack signatures IDS Attack Signature & Misuse Database 3 Response 2 20

21 Intrusion-Detection and Intrusion-Prevention Systems
Network-Based IDS The most common implementation of a detection system is a network-based IDS (NIDS). The IDS system is a separate device attached to the network via a machine like a switch or directly via a tap. Hub or Tap Connection Internet Passive response: Logging Notification Shunning Active responses: Changing Network configuration Terminating Sessions Deceiving the Attacker - Honeypot Firewall Secured Management Channel IDS 21

22 Intrusion-Detection and Intrusion-Prevention Systems
Changing network configuration An IDS can close the port either temporarily or permanently. If the IDS closes ports, legitimate traffic may not be able to get through either, but it will definitely stop the attack. IDS Closing Port 80 for 60 Seconds Internet Port 80 attack 1 Firewall Sensor Attack occurs IDS analysis/responses Port 80 closed 1 3 Alert Detected 2 3 2 Client 22 IDS Command (Close 80, 60 Seconds)

23 Intrusion-Detection and Intrusion-Prevention Systems
Deceiving the attacker Trick the attacker into thinking their attack is really working when it’s not. The system logs information, trying to pinpoint who’s behind the attack and which methods they’re using. A honeypot is a device or sever which the hacker is directed to; it’s intended keep their interest long enough to gather enough information to identify them and their attack method. Firewall Honeypot 1 Network Attack 3 X Client 2 Alert Detected IDS 3 1 2 Attack occurs Analysis/response Reroute network traffic 23

24 Vulnerability Scanners
NESSUS Propriety vulnerability scanning program that requires a license to use commercially yet is the single most popular scanning program in use NMAP Originally intended to simply identify devices on the network for the purpose of creating a network diagram, its functionality has evolved 24

25 VPN Concentrators A VPN concentrator is a device that creates remote access for virtual private networks (VPNs) either for users logging in remotely or for a large site-to-site VPN. In contrast to standard remote-access connections, remote-access VPNs often allow higher data throughput and provide encryption. Cisco produces VPN concentrators that support anywhere from 100 users up to 10,000 simultaneous remote-access connections. 25

26 Understanding Problems Affecting Device Security
Physical Security Physical Barriers Security Zones 26

27 Figure 15.17

28 Understanding Problems Affecting Device Security
Logical Security Configurations Ensure your network has an outside barrier and/or a perimeter defense. Have a solid firewall, and it’s best to have an IDS or IPS of some sort as well. 28

29 Chapter 15 Network perimeter defense Figure 15.18 Internet Router
Firewall IDS Local Network

30 Administration Network
Chapter 15 Network divided into security zones Figure 15.19 Administration Network Zone 1 Accounting Network Internet Router Production Network Zone 2 Private Network Sales Network Zone 3

31 Understanding Problems Affecting Device Security
Maybe traffic is heavy, and you need to break up physical segments. Perhaps different groups are in different buildings or on different floors of a building, and you want to effectively segment them. Zone 3 Router IDS Border Router Firewall IDS Zone 2 Router Zone 1 Router IDS 31 PCs

32 Figure 15.21 Redundant Array of Independent Disks RAID-0 “Stripping”

33 Figure 15.22 Disk Mirroring

34 Figure 15.23

35 Figure 15.24 NESSUS – Vulnerability Scanner

36 Summary Summary Exam Essentials Section Written Labs Review Questions
36

Download ppt "Click to edit Master subtitle style"

Similar presentations

CCENT Study Guide Chapter 12 Security.

CCENT Study Guide Chapter 12 Security.
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Firewall Configuration Strategies

Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Chapter 12 Network Security.

Chapter 12 Network Security.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013.

Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Similar presentations

Ads by Google