Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense

Published byChristina Cummings Modified over 9 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense"— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense
Chapter 13 Protecting Networks with Security Devices

2 Hands-On Ethical Hacking and Network Defense
Objectives Describe network security devices Describe firewall technology Describe intrusion detection systems Describe honeypots Hands-On Ethical Hacking and Network Defense

3 Understanding Network Security Devices
Routers Firewalls Intrusion detection systems Honeypots Hands-On Ethical Hacking and Network Defense

4 Understanding Routers
Routers are hardware devices used on a network to send packets to different network segments Operate at the network layer of the OSI model Routing protocols used by routers Link-state routing protocol Router advertises link-state to identify network topology and any changes on paths Distance-vector routing protocol Router passes its routing table to all routers participating on the network Hands-On Ethical Hacking and Network Defense

5 Understanding Basic Hardware Routers
Cisco routers are widely used in the networking community More than one million Cisco 2500 series routers are currently being used by companies around the world Vulnerabilities exist in Cisco as they do in any operating system Security professionals must consider these vulnerabilities when conducting a security test Hands-On Ethical Hacking and Network Defense

6 Cisco Router Components
A Cisco router uses the Cisco Internetwork Operating System (IOS) to function Components Random access memory (RAM) Holds the router’s running configuration, routing tables, and buffers If you turn off the router, the contents stored in RAM are wiped out Nonvolatile RAM (NVRAM) Holds the router’s configuration file, but the information is not lost if the router is turned off Hands-On Ethical Hacking and Network Defense

7 Cisco Router Components (continued)
Flash memory Holds the IOS the router is using Is rewritable memory, so you can upgrade the IOS Read-only memory (ROM) Contains a minimal version of the IOS used to boot the router if flash memory gets corrupted Interfaces Hardware connectivity points Example: an Ethernet port is an interface that connects to a LAN Hands-On Ethical Hacking and Network Defense

8 Hands-On Ethical Hacking and Network Defense

9 Cisco Router Configuration
Configuration modes: User mode Administrator can perform basic troubleshooting tests and list information stored on the router Router-name>, indicates that you are in user mode Privileged mode Administrator can perform full router configuration tasks Router-name#, indicates that you are in privileged mode By default, you are in user mode Type “enable” or “en” to change to privileged mode Hands-On Ethical Hacking and Network Defense

10 Cisco Router Configuration (continued)
Once in privileged mode, you can change to two more configuration modes Global configuration mode Administrator can configure router settings that affect overall router operation To use this mode, you enter the command config t at the Router-name# prompt Router-name (config)# tells the user she is in global configuration mode Hands-On Ethical Hacking and Network Defense

11 Cisco Router Configuration (continued)
Once in privileged mode, you can change to two more configuration modes (continued) Interface configuration mode Administrator can configure an interface on the router To use this mode, you enter global configuration mode first Next, you enter the command for interface configuration mode and the interface name you want to configure Router-name(config-if)# indicates you are in interface configuration mode Hands-On Ethical Hacking and Network Defense

12 Hands-On Ethical Hacking and Network Defense

13 Understanding Access Control Lists
There are several types of access control lists We will focus on IP access lists IP access lists Lists of IP addresses, subnets, or networks that are allowed or denied access through a router’s interface Two different types of access lists on Cisco router Standard IP access lists Extended IP access lists Hands-On Ethical Hacking and Network Defense

14 Standard IP Access Lists
Can restrict IP traffic entering or leaving a router’s interface based on source IP address The syntax of a standard access list is as follows: access-list [list #] [permit|deny] [source address] [source wildcard mask] [list #] is a number in the range of 1 to 99 permit | deny] are keywords to permit or deny traffic [source address] specifies the IP address of the source host [source wildcard mask] signifies which bits of the source address are significant Hands-On Ethical Hacking and Network Defense

15 Hands-On Ethical Hacking and Network Defense

16 Standard IP Access Lists (continued)
Example: access-list 1 deny access-list permit any A wildcard mask is similar to a subnet mask Example: access-list 1 deny The 0s used after the IP address signify that every octet in the IP address must match the IP address being filtered Another example: access-list 1 deny access-list 1 permit any Hands-On Ethical Hacking and Network Defense

17 Standard IP Access Lists (continued)
Cisco allows a shortcut for the mask access-list 1 deny host Access lists always end with an implicit deny rule To avoid this, you must add the “permit any” statement access-list 1 permit any Steps for applying the access list to an interface Enter global configuration mode Create the access list Enter interface configuration mode Use the ip access-group command Hands-On Ethical Hacking and Network Defense

18 Standard IP Access Lists (continued)
Example Router> en Password ****** Router# config t Router(config)# access-list 1 deny Router(config)# access-list 1 permit any Router(config)# int e0 Router(config-if)# ip access-group 1 out Router(config-if) Ctrl+z [to save and exit global configuration mode] Router# Hands-On Ethical Hacking and Network Defense

19 Extended IP Access Lists
Allow packet filtering based on Source IP address Destination IP address Protocol type Application port number Syntax for extended IP access lists access-list [list #] [permit|deny] [protocol] [source IP address] [source wildcard mask] [destination IP address] [destination wildcard mask] [operator] [port] [log] [list #] is a number in the range of 100 to 199 [permit | deny] are keywords to permit or deny traffic Hands-On Ethical Hacking and Network Defense

20 Extended IP Access Lists (continued)
Syntax for extended IP access lists (continued) [protocol] can be IP, TCP, UDP, ICMP, and so on [source IP address] is the IP address of the source [source wildcard mask] determines significant bits of source IP address [destination IP address] is the IP address of the destination [destination wildcard mask] determines significant bits of destination IP address [operator] can be lt, gt, eq, or neq Hands-On Ethical Hacking and Network Defense

21 Extended IP Access Lists (continued)
Syntax for extended IP access lists (continued) [port] port number of the protocol to be filtered [log] logs all activity of the access list for the administrator Example: access-list 100 deny tcp host host eq www Hands-On Ethical Hacking and Network Defense

22 Extended IP Access Lists (continued)
Applying an access list to an interface Router> en Password ****** Router# config t Router(config)# access-list 100 deny tcp host host Router(config)# access-list 100 permit any Router(config)# int e0 Router(config-if)# ip access-group 100 in Router(config-if) Ctrl+z Router# Hands-On Ethical Hacking and Network Defense

23 Understanding Firewalls
Firewalls are hardware devices or software installed on a system and have two purposes Controlling access to all traffic that enters an internal network Controlling all traffic that leaves an internal network Advantages of hardware firewalls They are usually faster than software firewalls They can handle a larger throughput than software firewalls Hands-On Ethical Hacking and Network Defense

24 Understanding Firewalls (continued)
Disadvantage of hardware firewalls You are locked into the firewall’s hardware Advantage of software firewalls You can easily add NICs to the server running the firewall software Disadvantage of software firewalls You might have to worry about configuration problems They rely on the OS on which they are running Hands-On Ethical Hacking and Network Defense

25 Understanding Firewall Technology
Firewall technologies Network address translation (NAT) Access control lists Packet filtering Stateful packet inspection (SPI) Hands-On Ethical Hacking and Network Defense

26 Network Address Translation (NAT)
The most basic security feature of a firewall With NAT, internal private IP addresses are mapped to public external IP addresses Hiding the internal infrastructure Port Address Translation (PAT) Technology derived from NAT This allows thousands of internal IP addresses to be mapped to one external IP address Hands-On Ethical Hacking and Network Defense

27 Hands-On Ethical Hacking and Network Defense
Access Control Lists Access lists are used to filter traffic based on source IP address, destination IP address, and ports or services Firewalls also use this technology Creating access control lists in a firewall is a similar process to creating them in a router Hands-On Ethical Hacking and Network Defense

28 Hands-On Ethical Hacking and Network Defense
Packet Filtering Packet filters screen packets based on information contained in the packet header Protocol type IP address TCP/UDP port Hands-On Ethical Hacking and Network Defense

29 Stateful Packet Inspection (SPI)
Stateful packet filters record session-specific information about a network connection Create a state table Can help reduce port scans that rely on spoofing or sending packets after a three-way handshake Stateful packet filters recognize types of anomalies that most routers ignore Stateless packet filters handle each packet on an individual basis Spoofing or DoS attacks are more prevalent Hands-On Ethical Hacking and Network Defense

30 Hands-On Ethical Hacking and Network Defense

31 Implementing a Firewall
Placing a firewall between a company’s internal network and the Internet is dangerous It leaves the company open to attack if a hacker compromises the firewall Use a demilitarized zone instead Hands-On Ethical Hacking and Network Defense

32 Demilitarized Zone (DMZ)
DMZ is a small network containing resources available to Internet users Helps maintain security on the company’s internal network Sits between the Internet and the internal network It is sometimes referred to as a “perimeter network” Hands-On Ethical Hacking and Network Defense

33 Hands-On Ethical Hacking and Network Defense

34 Hands-On Ethical Hacking and Network Defense

35 Understanding the Private Internet Exchange (PIX) Firewall
Cisco PIX firewall One of the most popular firewalls on the market Hands-On Ethical Hacking and Network Defense

36 Configuration of the PIX Firewall
Working with a PIX firewall is similar to working with any other Cisco router Login prompt If you are not authorized to be in this XYZ Hawaii network device, log out immediately! User Access Verification Password: This banner serves a legal purpose General prompt example: Type help or '?' for a list of available commands. xyz> Hands-On Ethical Hacking and Network Defense

37 Configuration of the PIX Firewall (continued)
You should enter privileged mode to configure the PIX firewall To enter configuration mode in PIX, you use the same command as on a Cisco router xyz# configure terminal xyz(config)# ? Nameif is a PIX command to name an interface PIX allows the administrator to assign values to an interface that designate its security level Values can be from 0 to 100 Hands-On Ethical Hacking and Network Defense

38 Configuration of the PIX Firewall (continued)
Access lists PIX enables an administrator to use descriptive names for the access list instead of numbers PIX also uses the implicit deny rule Hands-On Ethical Hacking and Network Defense

39 Understanding Microsoft ISA
Microsoft’s software approach to firewalls Microsoft Internet Security and Acceleration (ISA) Server Functions as a software router, firewall, and IDS ISA has the same functionality as any hardware router Packet filtering to control incoming traffic Application filtering through the examination of protocols Intrusion detection filters Access policies to control outgoing traffic Hands-On Ethical Hacking and Network Defense

40 Hands-On Ethical Hacking and Network Defense
IP Packet Filters ISA enables administrators to filter IP traffic based on the following: Source and destination IP address Network protocol, such as HTTP Source port or destination port ISA provides a GUI for these configurations A network segment can be denied or allowed HTTP access in the Remote Computer tab Hands-On Ethical Hacking and Network Defense

41 Hands-On Ethical Hacking and Network Defense

42 Hands-On Ethical Hacking and Network Defense

43 Hands-On Ethical Hacking and Network Defense
Application Filters Can accept or deny data from specific applications or data containing specific content SMTP filter can restrict with specific attachments from a specific user or domain containing specific keywords SMTP commands SMTP Filter Properties dialog box Administrator can filter a specific attachment based on a rule he or she configures Hands-On Ethical Hacking and Network Defense

44 Hands-On Ethical Hacking and Network Defense

45 Hands-On Ethical Hacking and Network Defense

46 Hands-On Ethical Hacking and Network Defense

47 Application Filters (continued)
Users/Domains tab in the SMTP Filter Properties dialog box Administrator can filter messages sent from a user or from specific domains As a security professional, you might be asked to restrict s containing certain keywords SMTP Commands tab Administrator can prevent a user from running SMTP commands Hands-On Ethical Hacking and Network Defense

48 Hands-On Ethical Hacking and Network Defense

49 Hands-On Ethical Hacking and Network Defense

50 Hands-On Ethical Hacking and Network Defense

51 Intrusion Detection Filters
Analyze all traffic for possible known intrusions DNS intrusion detection filter POP intrusion detection filter FTP Access filter H.323 filter HTTP Redirector filter RPC filter SMTP filter SOCKSV4 filter Streaming Media filter Hands-On Ethical Hacking and Network Defense

52 Hands-On Ethical Hacking and Network Defense

53 Hands-On Ethical Hacking and Network Defense

54 Hands-On Ethical Hacking and Network Defense
Access Policies Allow administrators to control outgoing traffic An access policy consists of the following Policy rules Site and content rules IP filter rules Hands-On Ethical Hacking and Network Defense

55 Hands-On Ethical Hacking and Network Defense

56 Understanding Intrusion Detection Systems (IDSs)
Monitor network devices so that security administrators can identify attacks in progress and stop them An IDS look at the traffic and compare it with known exploits Similar to virus software using a signature file to identify viruses Types Network-based IDSs Host-based IDSs Hands-On Ethical Hacking and Network Defense

57 Network-Based and Host-Based IDSs
Network-based IDSs Monitor activity on network segments They sniff traffic and alert a security administrator when something suspicious occurs Host-based IDSs Used to protect a critical network server or database server The software is installed on the server you’re attempting to protect Hands-On Ethical Hacking and Network Defense

58 Network-Based and Host-Based IDSs (continued)
IDSs are categorized by how they react when they detect suspicious behavior Passive systems Send out an alert and log the activity Active systems Log events and send out alerts Can also interoperate with routers and firewalls Hands-On Ethical Hacking and Network Defense

59 Hands-On Ethical Hacking and Network Defense

60 Understanding Honeypots
Computer placed on the perimeter of a network Contains information intended to lure and then trap hackers Computer is configured to have vulnerabilities Goal Keep hackers connected long enough so they can be traced back Hands-On Ethical Hacking and Network Defense

61 Hands-On Ethical Hacking and Network Defense
How They Work A honeypot appears to have important data or sensitive information stored on it Could store fake financial data that tempts hackers to attempt browsing through the data Hackers will spend time attacking the honeypot And stop looking for real vulnerabilities in the company’s network Honeypots also enable security professionals to collect data on attackers Honeypots are available commercially and through open-source avenues Hands-On Ethical Hacking and Network Defense

62 Hands-On Ethical Hacking and Network Defense

63 Hands-On Ethical Hacking and Network Defense

64 How They Work (continued)
Virtual honeypots Honeypots created using software solutions instead of hardware devices Example: Honeyd Hands-On Ethical Hacking and Network Defense

65 Hands-On Ethical Hacking and Network Defense
Summary Security devices Routers Firewalls IDSs Routers use access lists to accept or deny traffic through their interfaces Firewalls can be hardware devices or software installed on computer systems Firewalls use NAT, IP filtering, and access control lists to filter incoming and outgoing network traffic Hands-On Ethical Hacking and Network Defense

66 Hands-On Ethical Hacking and Network Defense
Summary (continued) Firewall examples Cisco PIX (hardware) Microsoft ISA (software) Stateful packet filters vs. stateless packet filters PGP is a free public key encryption program to encrypt messages Demilitarized zones (DMZs) Add a layer of defense between the Internet and a company’s internal network Hands-On Ethical Hacking and Network Defense

67 Hands-On Ethical Hacking and Network Defense
Summary (continued) Intrusion detection systems (IDSs) Network-based IDSs Host-based IDSs Passive IDSs vs. active IDSs Honeypots Hands-On Ethical Hacking and Network Defense

Download ppt "Hands-On Ethical Hacking and Network Defense"

Similar presentations

DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition

CCNA Guide to Cisco Networking Fundamentals Fourth Edition
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.

Similar presentations

Ads by Google