Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network hardening Chapter 14.

Published byBernard Rochon Modified over 5 years ago

Similar presentations

Presentation on theme: "Network hardening Chapter 14."— Presentation transcript:

1 Network hardening Chapter 14

2 objectives Upon completion of this chapter, you should be able to:
Identify different types of Intrusion Detection Systems and Prevention Systems Describe how an IDS responds, detects threats and where it runs Describe how to perform a vulnerability assessment Harden a network and its devices Identify switch port security methods

3 Detection & prevention
14.1 Detection & prevention

4 Intrusion detection & prevention
After implementing security, you don’t wait for an attack Use an IDS (Intrusion Detection System) or IPS (Intrusion Prevention System) Two types of IDS’ Passive (IDS) Active (IPS) Classified by how they detect & respond to attacks

5 Classifying an ids: how it responds
Passive IDS Monitors network for threats Alert if threat is found ONLY DETECTS - DOES NOT TRY TO STOP THREAT Active IDS AKA Intrusion Prevention System (IPS) Detects attack – Takes action! Example: A port is attacked; it closes the port until the attack stops

6 Classifying an ids: How it detects
Signature Recognition Has a list of known attacks MATCH= take action Can only detect identified/listed attacks Anomaly Recognition Identifies typical network traffic Then looks for abnormal traffic Uses a measurement above normal values to determine if action should be taken Anomaly: If there is a sudden increase of ICMP traffic, it will take action.

7 Classifying an ids: where it runs
Host-based Runs on a single PC Monitors application activity & system files Anti-virus software Uses list of virus definitions to detect; SIGNATURE-BASED IDS Network-based Acts like a firewall Put AV on the device so it can scan all PCs Centralized admin point This is called a Detection Scope. Don’t let the equipment do all of the work. YOU still need to monitor the network.

8 More ways to prevent attacks
Create fake resources Honeypot Device or virtual machine that entices intruders by having an obvious vulnerability Distracts hackers from valuable resources You can observe them, gather info about them, prosecute them

9 Vulnerability assessment
Identifies vulnerabilities in a network Vulnerability scanner Scans open ports, software holes, missing patches, misconfigurations, default passwords Ping scanner Detects incoming ICMP requests Allows you to block them on each device’s firewall Port scanner Scans for open ports Password Cracker Identifies weak passwords by trying to crack them Can scan a device or the whole network.

10 activity TestOut 14.1.2- DEMO Configuring an IDS/IPS
TestOut LAB Configure Intrusion Prevention TestOut LAB Enable Wireless Intrusion Prevention TestOut Practice Questions (15Q)

11 Penetration testing Test that simulates an attack on a network
Hire someone to do it; shows any vulnerabilities Black Box Testing Testers have no knowledge of network “see what you can find” White Box Testing Testers have knowledge of network Simulates someone who has details of network Grey Box Testing Testers have some knowledge of network Simulates someone who has done some research

12 activity TestOut Explore Penetration Testing Video (DEMO)

13 14.3 Network hardening Process of securing devices

14 Hardening devices Switches, routers, firewalls Switches & routers
Installed in secure location; locked doors Change default admin username/complex password Limit admin user access Switches & routers Use VLANs to isolate traffic ACLs Port security/MAC address SSH (not Telnet)

15 More Hardening Servers User Accounts Passwords
Install only needed software (no extras) Install anti-malware software Apply patches & service packs Avoid using one server for everything User Accounts Multi-factor; username/password & smartcard Account lockout Time of day restrictions Passwords Aging- change password every so often Can’t reuse old passwords Un-needed software still installed can increase chance of an attack Remove old accounts; account expiration

16 Switch port security Switches have CAM table with MAC addresses learned & port they are on Two security methods: Restrict each port to a specific MAC address Set max # of MAC addresses a port can learn Switch learns the MAC on a port & puts it in the table. If a PC disconnects and a new PC connects, it will remove the old entry and put the new one in. You can lock down the switch so this does not happen. Specify which devices can connect to a switch & the maximum amount of devices that can connect.

17 Switch port security actions
Protect Discards frames; Disallows unknown MAC Restrict Discards frames; Disallow unknown MAC Creates a log message Shut down Port disabled & admin must reactivate it

18 Dhcp snooping On a switch Filters out untrusted DHCP messages
Prevents rogue DHCP servers (possibly from outside the network) from offering clients an IP address

19 activity PT Lab- Configure Port Security
TestOut LAB Configure Port Security

20 Review & study Complete the study guide handout Complete TestOut
Practice in Packet Tracer Jeopardy review

21 Network hardening Chapter 14

Download ppt "Network hardening Chapter 14."

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.

CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.
Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.

Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.

Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
– Chapter 5 – Secure LAN Switching

– Chapter 5 – Secure LAN Switching
1. 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and.

1. 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and.

Similar presentations

Ads by Google