Presentation is loading. Please wait.

Presentation is loading. Please wait.

OV 4 - 1 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.

Published byGordon Baldwin Modified over 8 years ago

Similar presentations

Presentation on theme: "OV 4 - 1 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices."— Presentation transcript:

1 OV 4 - 1 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices  Harden DNS and BIND Servers  Harden Web Servers  Harden File Transfer Protocol (FTP) Servers  Harden Network News Transfer Protocol (NNTP) Servers  Harden Email Servers  Harden Conferencing and Messaging Servers

2 OV 4 - 2 Copyright © 2005 Element K Content LLC. All rights reserved. Internetwork Devices SwitchesRoutersFirewalls

3 OV 4 - 3 Copyright © 2005 Element K Content LLC. All rights reserved. Unnecessary Network Protocols  Transport protocols  NetBEUI  NWLink  AppleTalk  Service protocols  NNTP  FTP  Others

4 OV 4 - 4 Copyright © 2005 Element K Content LLC. All rights reserved. Firmware Updates

5 OV 4 - 5 Copyright © 2005 Element K Content LLC. All rights reserved. Internetwork Device Vulnerabilities  SNMP  Telnet  Router configuration  Finger  Small server  IP filter  Default ports  IP source routing  ICMP redirect  RIP v1

6 OV 4 - 6 Copyright © 2005 Element K Content LLC. All rights reserved. A DMZ DMZ Web server

7 OV 4 - 7 Copyright © 2005 Element K Content LLC. All rights reserved. An Intranet Employee handbook

8 OV 4 - 8 Copyright © 2005 Element K Content LLC. All rights reserved. An Extranet Company A Company C Company B

9 OV 4 - 9 Copyright © 2005 Element K Content LLC. All rights reserved. A VLAN Point-to-point connection Point-to-point connection Point-to-point connection Point-to-point connection VLAN switch

10 OV 4 - 10 Copyright © 2005 Element K Content LLC. All rights reserved. NAT 192.168.12.100 NAT Server 192.168.12.20 192.168.12.30 24.96.83.120

11 OV 4 - 11 Copyright © 2005 Element K Content LLC. All rights reserved. Network Media Types Coax Twisted pair Fiber-optic

12 OV 4 - 12 Copyright © 2005 Element K Content LLC. All rights reserved. Network Media Vulnerabilities  Coax vulnerabilities  Twisted-pair vulnerabilities  Fiber-optic vulnerabilities  General vulnerabilities

13 OV 4 - 13 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices  Protect the devices while maintaining connectivity  Follow hardening guidelines  Requirements will vary

14 OV 4 - 14 Copyright © 2005 Element K Content LLC. All rights reserved. DNS everythingforcoffee.com www.everythingforcoffee.com 192.168.1.2 www.everythingforcoffee.com 192.168.1.2.com.org

15 OV 4 - 15 Copyright © 2005 Element K Content LLC. All rights reserved. DNS and BIND Vulnerabilities  Spoofing  Hijacking  Cache corruption  Input validation  Environment variables  Zone transfers  Rogue client registrations

16 OV 4 - 16 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening DNS and BIND  Protect the zone information while maintaining service availability  Follow hardening guidelines  Requirements will vary

17 OV 4 - 17 Copyright © 2005 Element K Content LLC. All rights reserved. HTTP Web client Web server

18 OV 4 - 18 Copyright © 2005 Element K Content LLC. All rights reserved. Web Server Authentication Web client Web server

19 OV 4 - 19 Copyright © 2005 Element K Content LLC. All rights reserved. Web Server Authentication Methods  Address-based  Anonymous  Basic  Digest  Integrated  Certificates

20 OV 4 - 20 Copyright © 2005 Element K Content LLC. All rights reserved. Web Server Vulnerabilities  Format string  Improper input validation  CGI scripts  Code outside web root  Web server applications  Weak authentication  Clear text transmissions  HTML source code  Buffer overflows

21 OV 4 - 21 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Web Servers  Protect data and server while maintaining website access  Follow hardening guidelines  Requirements will vary

22 OV 4 - 22 Copyright © 2005 Element K Content LLC. All rights reserved. FTP FTP client

23 OV 4 - 23 Copyright © 2005 Element K Content LLC. All rights reserved. FTP Vulnerabilities  Basic authentication  Anonymous and blind FTP  Unnecessary services  Clear text transmissions  Firewall configuration  “Glob”  “Bounce”  File sharing exploitation

24 OV 4 - 24 Copyright © 2005 Element K Content LLC. All rights reserved. SSH Password Password is encrypted Session is secured 011001 slogin

25 OV 4 - 25 Copyright © 2005 Element K Content LLC. All rights reserved. SFTP SSH encryption FTP client

26 OV 4 - 26 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening FTP Servers  Protect the server and data while maintaining service  Follow hardening guidelines  Requirements will vary

27 OV 4 - 27 Copyright © 2005 Element K Content LLC. All rights reserved. NNTP Subscriber

28 OV 4 - 28 Copyright © 2005 Element K Content LLC. All rights reserved. NNTP Vulnerabilities NNTP  Anonymous access  Password privacy  Data privacy  Email integration

29 OV 4 - 29 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening an NNTP Server  Prevent unauthorized postings and data loss while maintaining service  Follow hardening guidelines  Requirements will vary NNTP

30 OV 4 - 30 Copyright © 2005 Element K Content LLC. All rights reserved. SMTP Email clientEmail server

31 OV 4 - 31 Copyright © 2005 Element K Content LLC. All rights reserved. Email Vulnerabilities  Email worms  Malicious code  8.3 file names  Data buffers  Spam  Hoaxes  SMTP relays

32 OV 4 - 32 Copyright © 2005 Element K Content LLC. All rights reserved. PGP  Public email security  Encrypt message contents and encrypt key  Digital signing

33 OV 4 - 33 Copyright © 2005 Element K Content LLC. All rights reserved. S/MIME  Security for email attachments  Various attachment file formats  Encryption and digital signing

34 OV 4 - 34 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Email Servers  Protect server and mail data while supporting email users  Follow hardening guidelines  Requirements will vary

35 OV 4 - 35 Copyright © 2005 Element K Content LLC. All rights reserved. Conferencing and Messaging Vulnerabilities  Sniffing  Eavesdropping  Privacy  Social engineering

36 OV 4 - 36 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Conferencing and Messaging Servers  Protect server and data, prevent spoofing, maintain service availability  Follow hardening guidelines  Requirements will vary

37 OV 4 - 37 Copyright © 2005 Element K Content LLC. All rights reserved. Reflective Questions 1.Which internetwork connection device do you think is most important to secure? 2.Which provides a greater security threat to your organization: your border router or your email infrastructure?

Download ppt "OV 4 - 1 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices."

Similar presentations

Vocabulary words By: Toyre Jones. Email: Electronic mail which allows individuals with an account to send messages to another person with an e-mail account.

Vocabulary words By: Toyre Jones. Electronic mail which allows individuals with an account to send messages to another person with an account.
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.

NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Similar presentations

Ads by Google