Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses."— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses

2 Security+ Guide to Network Security Fundamentals, Third Edition Objectives Explain how to enhance security through network design Define network address translation and network access control List the different types of network security devices and explain how they can be used 2

3 Security+ Guide to Network Security Fundamentals, Third Edition Crafting a Secure Network A common mistake in network security  Attempt to _____________________________ that was poorly conceived and implemented __________________________ Securing a network begins with the ___________ of the network and includes _____________________ technologies 3

4 Security through Network Design Network Design elements include:  __________________  ___________________  Planning for __________________  Creating ______________________ More to come on each of these…

5 Security+ Guide to Network Security Fundamentals, Third Edition Subnetting- Review of CSN120 What does the IP address identify and what comprises an IP address? Subnetting or subnet addressing  Allows an IP address to be subdivided  Networks can essentially be divided into three parts: ______________________________ 5

6 Security+ Guide to Network Security Fundamentals, Third Edition Subnetting-(continued) Security is ______________________ a single network into multiple ______________  isolates groups of hosts Makes it ________________ who has access in and out of a particular subnetwork  Properly subnetted networks include addresses which are ________________________________ Subnets also allow network administrators to __________________________________ 6

7 Security+ Guide to Network Security Fundamentals, Third Edition Virtual LAN (VLAN) Networks are generally segmented by using ______________________ A __________ allows scattered users to be ________________ together even though they may be attached to different switches Can _______________________ and provide a degree of __________ similar to subnetting:  VLANs can be isolated so that sensitive data is transmitted only to _______________________ 7

8 Security+ Guide to Network Security Fundamentals, Third Edition8 On 3 different floors connected to 3 different switches but only to 1 VLAN More powerful switch which carries traffic between switches Connected directly to the devices on the network

9 Security+ Guide to Network Security Fundamentals, Third Edition Virtual LAN (continued) VLAN communication can take place in _____ ways:  All devices are connected to the _______________ Traffic is handled by the switch itself  Devices are connected to different switches A special “tagging” ___________ must be used, such as the IEEE __________________________ A VLAN is heavily dependent upon the switch for _________________________________  ________________________ (and also possibly VLANs) that attempt to exploit vulnerabilities such as weak passwords or default accounts are __________________ 9

10 Security+ Guide to Network Security Fundamentals, Third Edition Convergence ___________________________ of communication and technology over a ______________________  Example: voice, video and data traffic combined over a single IP network such as Voice over IP (VoIP) Advantages of convergence:  __________________________  Management of a __________________ for all applications  Applications ____________________ and at a lower cost  Infrastructure requirements _________________  Reduced __________________________ the Internet is basically unregulated  Increased ______________________  ___________________________ since only one network must be managed and defended 10

11 Security+ Guide to Network Security Fundamentals, Third Edition11 Convergence (continued)  Vulnerabilities still exist  Defenses include ________________________, installing __________ and _______________________ VoIP applications

12 Security+ Guide to Network Security Fundamentals, Third Edition Demilitarized Zone (___________) A __________________ that sits _________ the secure network perimeter __________________ can access the DMZ but cannot enter the secure network Devices within the DMZ are often most ___________________________  These devices- ex: Web and e-mail servers- must be isolated in there own network and separate from the internal network 12

13 Security+ Guide to Network Security Fundamentals, Third Edition13 DMZ (continued) First design approach consists of one firewall… Single point of failure and responsible for all traffic flow

14 Security+ Guide to Network Security Fundamentals, Third Edition14 Security through Network Design (continued) Second design approach consists of two firewalls… More secure- two separate firewalls would have to be breached to reach the internal network

15 Security through Network Technologies Two technologies that help secure a network are: 1.Network Address Translation (_____) 2.Network Access Control (________) More to come on each of these…

16 Security+ Guide to Network Security Fundamentals, Third Edition Network Address Translation (_____) ____________________________ of network devices from attackers Uses _______________________ What are Private Addresses? NAT ___________________________ from the sender’s packet  And replaces it with an _____________________  NAT software maintains a table with address mappings When a packet is returned, the process is ________ An attacker who captures the packet on the Internet cannot determine the actual IP address of the sender 16

17 Security+ Guide to Network Security Fundamentals, Third Edition NAT (continued) 17

18 Security+ Guide to Network Security Fundamentals, Third Edition Security through Network Technologies (continued) Port address translation (__________)  A variation of NAT  Each packet is ___________________________ but a __________________________________ Network Access Control (__________)  Examines the ____________________________________ _________________ it is _________________ to the network  Any device that does not meet a specified set of criteria is only allowed to connect to a ____________________ where the security deficiencies are corrected Once issues are resolved, the device is connected to the network 18

19 Security+ Guide to Network Security Fundamentals, Third Edition NAC (continued) ___________ of NAC  ____________________________ with sub-optimal security from potentially ______________________ through the network Methods for directing the client to a quarantined VLAN 1.Using a _____________________________ Client first leased an IP address from the quarantined VLAN pool, then later reassigned an IP from the “secure” pool 2.Using ______________________________ Client’s ARP pool is modified so that that client connects to the quarantined VLAN 19

20 Security+ Guide to Network Security Fundamentals, Third Edition20 Different Approaches to NAC

21 Security+ Guide to Network Security Fundamentals, Third Edition Applying Network Security Devices Devices which help protect the network from attack include:  Firewalls  Proxy servers  Honeypots  Network intrusion detection systems  Host and network intrusion prevention systems  Protocol analyzers  Internet content filters  Integrated network security hardware 21

22 Firewall Used to _______________ ______________ at the perimeter of the network  Packets that ________________ are allowed to pass through Sometimes called a _____________________ Designed to __________________________ from entering the network A firewall can be _______________-based or ____________________-based __________ firewalls usually are located _________ the network security _____________  First line of defense- see next slide… Security+ Guide to Network Security Fundamentals22

23 Security+ Guide to Network Security Fundamentals, Third Edition23 Firewall (continued)

24 Security+ Guide to Network Security Fundamentals, Third Edition Firewall (continued) The basis of a firewall is a _____________  Establishes ___________ the firewall should take when it receives a packet (_____, _________, and _________) ____________ packet filtering- see next slide  Looks at the incoming packet and permits or denies it __________________________________  Provides some degree of protection but not as secure as… ____________ packet filtering- see two slides down  Keeps a ________________________ between an internal computer and an external server  Then ________________________________ as well as the ______________________ 24

25 Security+ Guide to Network Security Fundamentals, Third Edition25 Firewall (continued) Allows traffic in from any web server this table is from the perspective of traffic coming into the network if an attacker can discover a valid internal IP address, they can send any traffic through port 80 mimicking an HTML packet

26 Security+ Guide to Network Security Fundamentals, Third Edition26 Firewall (continued)

27 Security+ Guide to Network Security Fundamentals, Third Edition Firewall (continued) _______________________ have gradually improved their functionality  Runs as a _______ on a personal computer  Most personal software firewalls today also ___________________ as well as _______ traffic Protects users by preventing malware from connecting to other computers and spreading  Disadvantage Only as strong as the OS of the computer OS weakness can be exploited 27

28 Security+ Guide to Network Security Fundamentals, Third Edition Proxy Server A computer system (or an application program) that _________________________ and then _______________________ on behalf of the user Goal is to ____________________________ systems inside the secure network Can also make __________________________ as the proxy server will __________ recently requested Reverse proxy  Does not serve clients but instead __________________ ____________________________________ Reverse proxy forwards requests to server 28

29 Security+ Guide to Network Security Fundamentals, Third Edition29 Proxy Server (continued) IP address of proxy server

30 Security+ Guide to Network Security Fundamentals, Third Edition Honeypot Intended to ________________________ A computer typically located in a _______ that is loaded with software and data files that __________ ________________________________  Actually imitations of real data files ___________ configured with ________________ _________ primary purposes of a honeypot:  ____________________ away from legitimate servers  ____________________ of new attacks  Examine _________________________ 30

31 Security+ Guide to Network Security Fundamentals, Third Edition Honeypot (continued) Types of honeypots  ____________________ used mainly by _________________ to capture limited info  ___________________ used by _____________, ________________ etc More complex to deploy and capture extensive info Information gained from studies using honeypots can be helpful in __________ _______________ and crafting defenses 31

32 Security+ Guide to Network Security Fundamentals, Third Edition Network Intrusion Detection Systems (_____________) Watches for __________________ and ____________________________ NIDS work on the principle of _________ _____________ or acceptable behavior A NIDS looks for ________________ and will issue an alert Watches network traffic from a monitoring port 32

33 Security+ Guide to Network Security Fundamentals, Third Edition33 NIDS (continued)

34 Security+ Guide to Network Security Fundamentals, Third Edition Functions a NIDS can Perform: _____________________ to filter out the IP address of the intruder Launch a separate ___________________________ ________ the packets in a file for _____________ Send an __________________________ file __________, page, or a cell phone message to the network administrator stating an attack is taking place ________________ session by forging a TCP FIN packet to force a connection to terminate 34

35 Security+ Guide to Network Security Fundamentals, Third Edition Host and Network Intrusion Prevention Systems (HIPS/NIPS) Intrusion prevention system (_________)  Finds malicious traffic and ___________________  Takes a proactive approach to security (instead of reactive)  A typical IPS response may be to block all incoming traffic on a specific port Host intrusion prevention systems (______)  Installed on _____________ (server or desktop) that needs to be protected  Rely on _____________ installed directly on the system being protected Work closely with the ____________, monitoring and intercepting requests in order to prevent attacks 35

36 Security+ Guide to Network Security Fundamentals, Third Edition HIPS/NIPS (continued) Most HIPS monitor the following desktop functions:  _________ instruction that interrupts the program being executed and ________________________  ________________ is monitored to ensure file openings are based on _____________ needs  _________________ settings  _____________________ is monitored to watch for _______________ activity HIPS are designed to _____________ with existing antivirus, anti-spyware, and firewalls 36

37 Security+ Guide to Network Security Fundamentals, Third Edition HIPS/NIPS (continued) Network intrusion prevention systems (___________)  Works to protect the ____________________ ___________________ that are connected to it  By monitoring network traffic NIPS can ________________________________ NIPS are special-purpose _______________ that analyze, detect, and react to security- related events 37

38 Security+ Guide to Network Security Fundamentals, Third Edition Protocol Analyzers ______ ways for detecting a potential intrusion 1.Detecting ______________________ Significant deviation from established baseline raises an alarm 2.Examine network traffic and look for __________ ______________________ Reactive approach which uses a signature file for comparison 3.Use ___________________ to fully decode application-layer network protocols Different parts of the protocol can be analyzed for any suspicious behavior 38

39 Security+ Guide to Network Security Fundamentals, Third Edition Internet Content Filters Monitor ______________ and __________ to ______________ Web sites and files  A requested Web page is only displayed if it complies with the specified filters Unapproved Web sites can be _________ based on the Uniform Resource Locator (___________) or by matching ___________  Administrator can prevent entire files from being downloaded 39

40 Security+ Guide to Network Security Fundamentals, Third Edition Integrated Network Security Hardware Most organizations use _______ (as opposed to software) security appliances to protect the network _____ types of hardware security appliances:  _________ security appliances provide a ____________ ____________________  ________________ security appliances that provide ____________________________ ranging from antivirus to encryption and IM control etc _______________ network security hardware  Combines or __________________________________ _______________________ such as a switch or router 40

41 Security+ Guide to Network Security Fundamentals, Third Edition Summary Subnetting involves dividing a network into subnets that are connected through a series of routers Similar to subnetting, a virtual LAN (VLAN) allows users who may be scattered across different floors of a building or campuses to be logically grouped Convergence is the integration of voice and data traffic over a single IP network Network technologies can also help secure a network  Network address translation (NAT)  Network access control (NAC) 41

42 Security+ Guide to Network Security Fundamentals, Third Edition Summary (continued) Different network security devices can be installed to make a network more secure Network intrusion detection systems (NIDS) monitor the network for attacks and if one is detected will alert personnel or perform limited protection activities Internet content filters monitor Internet traffic and block attempts to visit restricted sites 42

Download ppt "Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Firewall Configuration Strategies

Firewall Configuration Strategies
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security.

Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security.
Chapter 12 Network Security.

Chapter 12 Network Security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Similar presentations

Ads by Google