Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 11: Designing Security for Network Perimeters.

Published byDerrick Hunt Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 11: Designing Security for Network Perimeters."— Presentation transcript:

1 Module 11: Designing Security for Network Perimeters

2 Overview Creating a Security Plan for the Perimeter of a Network Creating a Design for Security of Network Perimeters

3 Lesson 1: Creating a Security Plan for the Perimeter of a Network MSF and Security of Network Perimeters Defense in Depth and Security of Network Perimeters Resources to Protect with Network Perimeters Security STRIDE Threat Model and Security of Network Perimeters

4 MSF and Security of Network Perimeters The MSF envisioning and planning phases help you to: Decide which locations your plan will help to protect Ensure that appropriate countermeasures are applied Identify your perimeter points. These can include: Direct Internet connections Dedicated WAN links Perimeter Networks VPN client computers Applications Wireless connections Decide which locations your plan will help to protect Ensure that appropriate countermeasures are applied Identify your perimeter points. These can include: Direct Internet connections Dedicated WAN links Perimeter Networks VPN client computers Applications Wireless connections 3 3 4 4 5 5 Plan Envision

5 Defense in Depth and Security of Network Perimeters Policies, Procedures, and Awareness Physical Security Internal Network Application Host Data Perimeter

6 Resources to Protect with Network Perimeters Security AttackerThreatExample External Information disclosure An attacker runs a series of port scans on a network and creates a network diagram and vulnerability list. The attacker uses this information to systematically attack the network. Internal Denial of service An employee opens an e-mail from an external Web-based e-mail account that contains a new worm virus. The virus infects the internal network from inside the perimeter.

7 STRIDE Threat Model and Security of Network Perimeters Exposure of account information Spoofing Unauthorized access to data Tampering Unmanaged VPN client computers Repudiation Forgotten connections to the Internet Information disclosure E-mail worms Denial of service Unauthorized Web servers Elevation of privilege

8 Lesson 2: Creating a Design for Security of Network Perimeters Methods for Securing Network Perimeters Process for Designing Secure Perimeter Networks Methods for Securing Perimeter Networks Guidelines for Protecting Computers on the Perimeter

9 Methods for Securing Network Perimeters TypeDescription Bastion host Three-pronged configuration Back-to-back configuration

10 When designing secure screened subnets, determine: The services that you must provide How each service communicates with systems How each service authenticates users How you will manage each service How you will monitor and audit each service How you will configure firewall and router rules to secure the network The services that you must provide How each service communicates with systems How each service authenticates users How you will manage each service How you will monitor and audit each service How you will configure firewall and router rules to secure the network 1 1 3 3 4 4 5 5 6 6 2 2 Process for Designing Secure Perimeter Networks

11 Implement the following security mechanisms on routers and firewalls: Methods for Securing Perimeter Networks Packet filtering Routing rules Stateful packet inspection Application gateway Server publishing User-based authentication Intrusion detection Packet filtering Routing rules Stateful packet inspection Application gateway Server publishing User-based authentication Intrusion detection

12 For traveling computers or traveling users, follow these guidelines: Use and maintain antivirus software Use personal firewall applications Do not persistently store passwords Consider preventing third-party e-mail applications Educate users about security Use and maintain antivirus software Use personal firewall applications Do not persistently store passwords Consider preventing third-party e-mail applications Educate users about security Guidelines for Protecting Computers on the Perimeter

13 Lab: Designing Security for Network Perimeters Exercise 1 Identifying Potential Perimeter Network Vulnerabilities Exercise 2 Implementing Countermeasures

Download ppt "Module 11: Designing Security for Network Perimeters."

Similar presentations

Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Essentials of Security Steve Lamb Technical Security Advisor

Essentials of Security Steve Lamb Technical Security Advisor

Similar presentations

Ads by Google