CIW Security

8/11/2019 CIW Security

1/148

Copyright 2010 Certification Partners, LLC -- All Rights Reserved

Web Security

Associate


2/148


Lesson 1:

What Is Security?


3/148

Web Security Associate


Lesson 1 Objectives

1. Define security2. Identify the importance of network security

3. Identify potential risk factors for data security,including improper authentication

4. Identify security-related organizations, warning

services and certifications

5. Identify key resources that need specializedsecurity measures

6. Identify the general types of securitythreat/attacker

7. Select security equipment and software based onease of use


4/148



Network Security Background

Internet-related security threats: Security problems with browsers

Attacks by hackers

Threats from viruses

Internet inherently insecure


5/148



Network Security Background

Sophistication of Tools vs. Technical Knowledge


6/148



What Is Security

Local area networks (LANs)

Wide area networks (WANs)

Virtual private networks (VPNs)

Network perimeters Illicit servers (service or daemon installed on a host, allow unauthorized remote users)

Trojans (e.g. Netbus170 form https://packetstormsecurity.com)

Securityas a conditionis the degree of resistance to, or protection from, harm. It

applies to any vulnerable and valuable asset, such as a person, dwelling,community, nation, or organization. Establishing or maintaining a sufficient degreeof security is the aim of the work, structures, and processes called "security.

Securityin a networking environment is the ability to identify and eliminate threatsand vulnerabilities.

CIW:

Wikipedia:


7/148



Hacker Statistics(www.cert.org/stats)

Reported incidents have risen steadily: From 252 in 1990

To 9,859 in 1999

To 137,529 in 2003

Total vulnerabilities cataloged have also risen steadily:

From 417 in 1999

To 3,784 in 2003

To 7,236 in 2007

According to U.S. Federal Bureau of investigation (www.fbi.gov)

Losses due to security breaches are estimated at $67.2billion (2005)


8/148



The Myth of100-Percent Security

Balance in security Security policies


9/148



Attributes of anEffective Security Matrix

Allows access control Access given to legitimate users only

Max. the ability to communicate and Min. possibility of hacker access

Min. the possibility for damage in the event of hacker access

Easy to use

Appropriate cost of ownership Initial cost, upgrading cost and services

Cost of administration, no. of employees, skill level

Flexible and scalable Allows the company to do the business

The system can grow as the company grows

Superior alarming and reporting Logs and notifications

alerts to administrators


10/148



What You AreTrying to Protect

Assets to protect:

End-user resources Windows XP, 2003, Linux or Macintosh hosts used by employees.

Potential Threat: Viruses, Trojans, and java applets can damage localsystems. End users can also introduce problems through illicit activity

Network resources Routers, Switches, Wiring closets, telephony

Potential Threat: IP spoofing, system snooping and obtaining information

Server resources Potential Threat: Unauthorized entry, interrupted service and Trojans.

Server resources are the primary in most cases

Information-storage resources Human resources and e-commerce database

Potential Threat: Obtaining trade secrets, customer data and so forth.


11/148



Who Is the Threat?

Casual attackers thrill seeker (he/she hacking systems simply because it is there

They can be stopped with the proper application of security

Determined attackers The will gain access to your system, regardless of difficulty or

consequences

Get access via internet or by manipulating careless or uninformedemployee

Spies and industrial espionage Their aim is to gain information or disrupt service

Auditing is the most effective tool to stop such hackers

Using auditing result to contact the law enforcement agencies such aslocal authorities.

End users End users constitute the first line of defense in network security End users may cause network problem through ignorance, carelessness,

or luck of effective and continual awareness training

To solve: short training at the time of hire continual training Reminders

Explain common procedures Do not ignore end user


12/148



Security Standards

Security Services (ISO 7498-2)

Defines the security as minimizing the vulnerability of assets and resources

Authentication

Access control

Data confidentiality

Data integrity Non-repudiation

Security mechanisms

Other government and industry standards in

addition to ISO 7498-2


13/148



Lesson 1 Summary

Define security Identify the importance of network security

Identify potential risk factors for data security,including improper authentication

Identify security-related organizations, warning

services and certifications Identify key resources that need specialized

security measures

Identify the general types of securitythreat/attacker

Select security equipment and software based onease of use


14/148Copyright 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 2:

Elements of Security


15/148



Lesson 2 Objectives

1.1.7: Identify ways in which increased security mechanisms canresult in increased latency

1.1.8: Define the significance of a security policy

1.1.9: Identify and develop basic components of an effectivesecurity policy

1.1.10: Identify the key user authentication methods

1.1.11: Define the significance of access control methods

1.1.12: Define the functions of access control lists (ACLs) andexecution control lists (ECLs)

1.2.1: Identify the three main encryption methods used ininternetworking

1.2.5: Identify the importance of auditing

1.2.6: Select security equipment and software based on ease of

use 1.2.7: Identify security factors related to transmission of

unencrypted data across the network

1.2.9: Identify the significance of encryption in enterprise networks


16/148



Security Elementsand Mechanisms

Audit Administration

Encryption Access Control

User Authentication

Corporate Security Policy

Elements of effective security


17/148



The Security Policy

Allows you to build an effective securityinfrastructure

It must provide guidance for the entireorganization and is the first line of defense inestablishing secure systems use

It should not conflict with bussiness goal


18/148



The Security Policy

To reduce the risk, you should take the following steps:

Classify systems

Prioritize resources

Assign risk factors

Define acceptable and unacceptableactivities

Define security measures to apply toresources

Define education standards for employees

Determine who is responsible for

administering the policies


19/148

Web Security AssociateCopyright 2010 Certification Partners, LLC -- All Rights Reserved

The Security Policy

Classify systems

You must identify and then classify systems and Data

based on their importance to the organization Level 1:central to business operation e.g.

Web server, Employee Database, e-mailserver

Level 2:needed but are not critical to dailyoperation. Though they cannot be down forlong, a day or two of lost time would notcripples the company

Level 3:whose loss does not affect operations

e.g. A user PC desktop


20/148


The Security Policy


After classification, you should create a prioritized threat

list and an action list, prioritized by system, in your securityimplementation plan.


21/148


The Security Policy


After classification, you should create a prioritized threat

list and an action list, prioritized by system, in your securityimplementation plan.

Assign risk factors

A risk factor is the likelihood that a hacker would

attack a resource. Risk factors should be determined for each resource

you have defined

Rule: the more sensitive the resource, the higher the riskfactor.

PeopledrivePolicy

PolicyGuides

Technology

technologyservesPeople

Policy and Technology


22/148


The Security Policy

Define acceptable and unacceptable activities

The security implementation should specify both

acceptable (permitted) and unacceptable (forbidden)activity. It varies form one organization to another.

Define security measures to apply to resources

You must determine the appropriate security

techniques for each elements in your network E.g. Firewall and using encryption

List the measures that you will implement with eachresource, e.g. implement packet filtering


23/148


The Security Policy

Define education standards for employees

The best way to achieve effective security is to teach the

members of an organization about the key securityprinciples.

Determine who is responsible for administering thepolicies

The security policy should list the parties responsible forsecuring specific systems

Separating security management form systemadministration helps ensure that audits are properlyconducted and that goal are met.


24/148


Determining Backups

To recover data lost due to an attack:

Enable a backup device

e.g. Imaging server, Tape backup, external Hard

disk, etc. Enable a backup service

Backup data to a third party (online)


25/148


Encryption

It is the process of making somethingreadable only to the intended recipients.

It can be occur at both the network anddocument levels


26/148


Encryption

Encryption categories

Symmetric (private key cryptography)

Uses the same key for encryption and decryption

Asymmetric (public key cryptography) Encrypt data using a key pair (private & public key)

One used to encrypts, the other used to decrypt

Hash Encrypts data using a mathmatical equation calleda hash function

Creates a hash code, which is a fixed-lengthrepresentation of a message


27/148


Encryption

Unencrypted data can be sniffed by packet sniffers(e.g. wireshark)

Encryption services

Data confidentiality

To ensure that only the intended recipients ofinformation can view it.

Data integrity

Using hash to determine if the data has been modified

Authentication

Digital signature provide authentication (who are you)

Non-repudiation

Digital signatures allow users to prove that aninformation exchange actually occurred.


28/148


Encryption

Encryption strength

It is based on three factors Algorithm strength

Use tested industry standard

Security of the keyNo algorithm will protect you form compromised key

Length of the key

The greater length of the key, the longer it will taketo break.

Adding a bit to the length of the key double thenumber of possible keys (2n)


29/148


Authentication

Authentication methods

What you knowPassword, pin code, etc.

What you have

Entry card, smart cad, token, etc.

Who you are

The science of mapping physical, biologicalcharacteristics to individual identity.

e.g. fingerprint, hand geometry, voicerecognition, retinal scans, Iris scans, face

recognition and Vascular patterns. Where you are

The weakest authentication, based on yourlocation (e.g. your IP local or outside)

Specific


30/148


SpecificAuthentication Techniques

Kerberos Its a key management scheme that authenticatesunknown principals who want to communicate witheach other securely (e.g. people, servers,

One-time passwords (OTP)


31/148


32/148


Auditing

Passive auditing Active auditing


33/148


Security Tradeoffsand Drawbacks

Increased complexity

Slower system response time

Consider:

Ease of installation An intuitive interface

Effective customer support


34/148


Lesson 2 Summary

1.1.7: Identify ways in which increased security mechanisms canresult in increased latency

1.1.8: Define the significance of a security policy

1.1.9: Identify and develop basic components of an effectivesecurity policy

1.1.10: Identify the key user authentication methods

1.1.11: Define the significance of access control methods

1.1.12: Define the functions of access control lists (ACLs) andexecution control lists (ECLs)

1.2.1: Identify the three main encryption methods used ininternetworking


1.2.6: Select security equipment and software based on ease ofuse

1.2.7: Identify security factors related to transmission ofunencrypted data across the network

1.2.9: Identify the significance of encryption in enterprise networks


35/148


Lesson 3:

Applied Encryption


36/148


Lesson 3 Objectives

1.2.2: Define symmetric (private-key) encryption 1.2.3: Define asymmetric (public-key) encryption, including

distribution schemes, Public Key Infrastructure (PKI)

1.2.4: Define one-way (hash) encryption

1.2.8: Identify the function of parallel processing in relationto cryptography

1.2.10: Identify the impact of encryption protocols andprocedures on system performance

1.2.11: Create a trust relationship using public-keycryptography

1.2.12: Identify specific forms of symmetric, asymmetric and

hash encryption, including Advanced EncryptionStandard (AES)

1.4.1: Deploy Pretty Good Privacy (PGP) / Gnu PrivacyGuard (GPG) in Windows and Linux/UNIX systems


37/148


Reasons to Use Encryption

Make data confidential

Help authenticate users

Ensure data integrity


38/148


39/148


Symmetric-KeyEncryption

One key is used to encrypt and decryptmessages

Benefits

Fast and strong

Difficult to change the key regularly

Drawbacks

Key distribution


40/148


Symmetric-Key Algorithms

Data EncryptionStandard (DES)

Triple DES

Symmetric

algorithms createdby RSA SecurityCorporation

International Data

EncryptionAlgorithm (IDEA)

Blowfish Twofish

Skipjack

MARS

Rijndael

Serpent

AdvancedEncryption

Standard (AES)

Asymmetric-Key


41/148


Asymmetric KeyEncryption

Uses a key pair in the encryption process. A key

pair is a mathematically matched key set inwhich one half of the pair encrypts, and theother half decrypts (what Aencrypts, Bdecryptsand what Bencrypts, Adecrypts)

Benefits So difficult/time consuming to get private key form public key

Public key can be distributed via the Internet

Drawbacks Slow (intensive Mathematical equitation required)

Asymmetric-Key


42/148



How do browsers use public-key encryption?

After your Web browser recognizes that aWeb servers certificate has been assignedby trusted authority, the SSL sessionautomatically, as long as the browser verifies

that:

The certificate has been signed by a trusted authority

The Web server has the same name as given un the certificate

The certificate is still valid and has not expired

If any of these checks fails, most of Web browsers will warn you andask if you want to proceed

Asymmetric-Key


43/148



Asymmetric-key encryption elements

RSA DSA

Diffie-Hellman


44/148


45/148


AppliedEncryption Processes

E-mail

PGP and GPG

Secure MIME

Proprietary asymmetric encryption Encrypting drives

Secure Sockets Layer (SSL) and SecureHTTP

Transport Layer Security / Secure SocketsLayer (TLS/SSL)


46/148


Encryption Review

Encryption Authentication

Key

Symmetric-key (private-key) encryption

Asymmetric-key (public-key) encryption

Message integrity by hash mark and signature


47/148


Lesson 3 Summary

1.2.2: Define symmetric (private-key) encryption

1.2.3: Define asymmetric (public-key) encryption,including distribution schemes, Public KeyInfrastructure (PKI)

1.2.4: Define one-way (hash) encryption

1.2.8: Identify the function of parallel processing in relation

to cryptography 1.2.10: Identify the impact of encryption protocols andprocedures on system performance

1.2.11: Create a trust relationship using public-keycryptography

1.2.12: Identify specific forms of symmetric, asymmetric

and hash encryption, including AdvancedEncryption Standard (AES)

1.4.1: Deploy Pretty Good Privacy (PGP) / Gnu PrivacyGuard (GPG) in Windows and Linux/UNIX systems


48/148


Lesson 4:Types of Attacks


49/148


Lesson 4 Objectives

1.2.5: Identify the importance of auditing 1.4.3: Identify specific types of security

attacks

1.4.4: Identify a brute-force attack

1.4.5: Identify a dictionary attack 1.4.6: Identify routing issues and security

1.4.7: Determine the causes and results ofa denial-of-service (DOS) attack

1.4.8: Recognize attack incidents

1.4.9: Distinguish between illicit serversand trojans


50/148


Network Attack Categories

Brute force Dictionary

System bugs

Back doors

Malware

Social engineering

Denial of service (DOS)

Distributed denial ofservice (DDOS)

Spoofing

Scanning

Man in the middle

Bots and botnets SQL injection


51/148


Brute-Force andDictionary Attacks

Brute-force attack

Repeated access attempts

Dictionary attack

Customized version of brute-force attack


52/148


System Bugsand Back Doors

Bug

Unintentional flaw in a program

Back door

Deliberately-placed opening in anoperating system

Buffer overflow


53/148


Malware(Malicious Software)

Viruses

Worms

Trojans and root kits

Illicit servers Logic bombs

Zero-day attacks

Managing viruses, worms and illicit programs

Avoiding viruses, worms and trojans


54/148


Social Engineering Attacks

Call and ask for password Fake e-mail

Phishing

Pharming

Securing desktops


55/148


Denial-of-Service (DOS) Attacks

Flooding Malformed packets

Teardrop/Teardrop2

Ping of Death

Land attack Miscellaneous attacks

Physical denial-of-service attacks


56/148


Distributed Denial-of-Service (DDOS) Attacks

Components: Controlling application

Illicit service

Zombie

Target Smurf and Fraggle attacks

Ways to diagnose DOS and DDOS attacks

Mitigating vulnerability and risk

Unintentional DOS


57/148


Spoofing Attacks

IP spoofing ARP spoofing

DNS spoofing

Spoofing and traceback

Protecting against spoofing attacks


58/148


Scanning Attacks

Stack fingerprinting and operating systemdetection

Sequence prediction

Network Mapper (Nmap)


59/148


Man-in-the-Middle Attacks

Packet sniffing and network switches Connection hijacking

Registration hijacking

Voicemail compromises

Impersonated calls DNS and ARP cache poisoning

Avoiding man-in-the-middle attacks


60/148


Bots and Botnets

Bot Software application that runs automated,

repetitive tasks over the Internet

Botnet

Group of computers infected with a bot Avoiding bot attacks


61/148


SQL Injection

SQL injection Hacking technique in which malicious

code is inserted into SQL command strings

Preventing SQL injection attacks


62/148


Auditing

Checking password databases regularly Checking log files

Scanning systems

Identifying information leakage

Necessary information Unnecessary information


63/148


Lesson 4 Summary


1.4.3: Identify specific types of securityattacks

1.4.4: Identify a brute-force attack

1.4.5: Identify a dictionary attack 1.4.6: Identify routing issues and security

1.4.7: Determine the causes and results ofa denial-of-service (DOS) attack

1.4.8: Recognize attack incidents 1.4.9: Distinguish between illicit servers

and trojans


64/148


Lesson 5:Recent Networking

Vulnerability Considerations


65/148


Lesson 5 Objectives

1.1.3: Identify potential risk factors for data security,including improper authentication


1.4.3: Identify specific types of security attacks


Additional topics:

Security issues associated with wireless networktechnologies

Security issues associated with convergence networkingtechnologies

Security issues associated with Web 2.0 technologies

Additional security issues, including greynet applications,data at rest, trusted users within an organization,anonymous downloads and indiscriminate link-clicking


66/148


Wireless NetworkTechnologies and Security

Wireless Ethernet elements

Wireless signals

FHSS

DSSS

OFDM


67/148


IEEE 802.11Wireless Standards

802.11 (WiFi)

802.11a

802.11b

802.11e

802.11g

802.11h

802.11i

802.11n (most current)


68/148


Wireless Networking Modes

Ad-hoc mode Infrastructure mode

Wireless access points (APs)

Wireless cells

Authentication types in wireless networks BSSID

SSID

Wireless AP beacon

Host association


69/148


WirelessApplication Protocol (WAP)

WAP services:

Uniform scripting standards for wirelessdevices

A method of encrypting devices from

WAP-enabled phones

Wireless Transport Layer Security (WTLS):

WTLS benefits

Problems with WTLS

Languages used in WAP


70/148


WirelessNetwork Security Problems

Cleartext transmission

Access control

Unauthorized APs and wireless systems

Corporate users participating in ad hocnetworks

Weak and/or flawed encryption

Encryption and network traffic

War driving


71/148


WirelessNetwork Security Solutions

WEP

MAC address filtering

WPA2 (802.11i)

IEEE 802.1x

RADIUS

Physical and configuration solutions


72/148


73/148


ConvergenceNetworking and Security

Convergence technologies and equipment:

Private Branch Exchange (PBX)

Voice over IP (VoIP) devices

End-user telephone connections

Virtual LANs (VLANs)

VLAN hopping

Firewall conflicts

DNS loops


74/148


75/148


Greynet Applications

Instant messaging (IM) Peer-to-peer (P2P) applications

File transfer and the 8.3 naming convention

Securing IM and P2P


76/148


Vulnerabilitieswith Data at Rest

Data on network drives and in network shares

Data on vulnerable systems

Database data and SQL injection

i


77/148


Security Threatsfrom Trusted Users

Security breaches due to:

Carelessness

Noncompliance with established securitymeasures

Following inadequate security policies

l d


78/148


Anonymous Downloadsand Indiscriminate Link-Clicking

Poisoned Web sites

Drive-by downloads

Guidelines to help avoid contact withpoisoned Web sites


79/148


Lesson 5 Summary 1.1.3: Identify potential risk factors for data security,

including improper authentication


1.4.3: Identify specific types of security attacks


Additional topics: Security issues associated with wireless network

technologies

Security issues associated with convergence networkingtechnologies

Security issues associated with Web 2.0 technologies

Additional security issues, including greynet applications,data at rest, trusted users within an organization,anonymous downloads and indiscriminate link-clicking


80/148


Lesson 6:General Security Principles


81/148


Lesson 6 Objectives

1.3.1: Identify the universal guidelines andprinciples of effective network security

1.3.2: Define amortization and chargebackissues related to network securityarchitectures

1.3.3: Use universal guidelines to createeffective specific solutions

C


82/148


CommonSecurity Principles

Be paranoid

Have a securitypolicy

No system or

technique standsalone

Minimize damage

Deploy company-

wide enforcement

Provide training

Integrate securitystrategies

Place equipment

according to needs

Identify securitybusiness issues

Consider physical

security


83/148


Lesson 6 Summary

1.3.1: Identify the universal guidelines andprinciples of effective network security

1.3.2: Define amortization and chargebackissues related to network securityarchitectures

1.3.3: Use universal guidelines to createeffective specific solutions


84/148


Lesson 7:Protocol Layers

and Security


85/148


Lesson 7 Objectives

1.3.4: Identify potential threats at differentlayers of the TCP/IP stack

1.3.7: Secure TCP/IP services, includingHTTP, FTP

1.4.6: Identify routing issues and security 1.4.7: Determine the causes and results of a

denial-of-service (DOS) attack


86/148


TCP/IP Security Introduction

TCP/IP protocol stack TCP/IP and network security


87/148


OSI Reference Model Review

Application layer Presentation layer

Session layer

Transport layer

Network layer Data link layer

Physical layer


88/148


Data Encapsulation

The TCP/IP Stack


89/148


The TCP/IP Stackand the OSI Reference Model


90/148


Link/Network Access Layer

Media that defines this layer:

Fiber

Coaxial cable

Twisted pair

Free space (infrared, short-range wireless,microwave, satellite)

Network topologies


91/148


Network/Internet Layer

Internet Protocol (IP)

Packets are not signed

Packets are not encrypted

Packets can be manipulated easily

Internet Control Message Protocol (ICMP) ICMP message types

Why block ICMP?


92/148


Transport Layer

Transmission Control Protocol (TCP)

The TCP handshake

The TCP header

Establishing a TCP connection:

SYN and ACK Terminating a TCP connection:

FIN and ACK

User Datagram Protocol (UDP)

Ports


93/148


Application Layer

File Transfer Protocol (FTP)

Active FTP

Passive FTP

Hypertext Transfer Protocol (HTTP)

Telnet Simple Network Management Protocol

(SNMP)

Domain Name System (DNS)

Additional application layer protocols


94/148


Protocol Analyzers

Monitor network traffic to identify networktrends

Identify network problems and send alertmessages

Identify specific problems

Test network connections, devices andcables


95/148


Lesson 7 Summary

1.3.4: Identify potential threats at differentlayers of the TCP/IP stack

1.3.7: Secure TCP/IP services, includingHTTP, FTP

1.4.6: Identify routing issues and security

1.4.7: Determine the causes and results of adenial-of-service (DOS) attack


96/148


Lesson 8:Securing Resources


97/148


Lesson 8 Objectives

1.3.5: Consistently apply security principles

1.3.6: Identify ways to protect operating systems,routers and equipment against physical attacks

1.3.7: Secure TCP/IP services, including HTTP, FTP

1.3.8: Identify the significance of testing and

evaluating systems and services 1.3.9: Identify network security management

applications, including network scanners,operating system add-ons, log analysis tools

1.4.7: Determine the causes and results of a denial-of-

service (DOS) attack

TCP/IP


98/148


TCP/IPSecurity Vulnerabilities

Internet Protocol version 4 (IPv4) Internet Protocol version 6 (IPv6)

Determining which IP version to implement


99/148


Implementing Security

Publish the security policy

Categorize resources and needs

Secure each resource and service

Log, test and evaluate

Repeat the process and keep current


100/148


Resources and Services

Protecting services

Protect against profiling

Coordinate methods and techniques

Protect services by changing default

settings Remove unnecessary services


101/148



Protecting TCP/IP Services

Specialized accounts

The Web Server

CGI scripts

CGI and programming

Securing Apache2 FTP servers

Access control

Simple Mail


102/148



Simple MailTransfer Protocol (SMTP)

The Internet Worm Buffer overflows

The Melissa virus

Access control for e-mail

E-mail and virus scanning

h i l S it


103/148



Physical Security

Protecting the network against commonphysical attacks

Ensuring access control

Securing wireless cells

Shielding network equipment Securing removable media

Controlling the environment

Fire detection and suppression

T ti S t


104/148



Testing Systems

Testing existing systems

Implementing a new system or testing a newsecurity setting

Security


105/148



SecurityTesting Software

Specific tools Network scanners

Operating system add-ons

Logging and log analysis tools

S it d R titi


106/148



Security and Repetition

Understanding the latest exploits

Continually improve and test your securitysystem

L 8 S


107/148



Lesson 8 Summary

1.3.5: Consistently apply security principles

1.3.6: Identify ways to protect operating systems,routers and equipment against physical attacks

1.3.7: Secure TCP/IP services, including HTTP, FTP

1.3.8: Identify the significance of testing and evaluating

systems and services 1.3.9: Identify network security management

applications, including network scanners,operating system add-ons, log analysis tools

1.4.7: Determine the causes and results of a denial-of-

service (DOS) attack


108/148


Lesson 9:Firewalls and

Virtual Private Networks

L 9 Obj ti


109/148



Lesson 9 Objectives

1.1.3: Identify potential risk factors for data security,

including improper authentication 1.2.3: Define asymmetric (public-key) encryption,

including distribution schemes, Public KeyInfrastructure (PKI)

1.4.2: Define IPSec concepts

1.4.6: Identify routing issues and security 1.5.1: Define the purpose and function of various firewall

types

1.5.2: Define the role a firewall plays in a company'ssecurity policy

1.5.3: Define common firewall terms 1.5.4: Identify packet filters and their features

1.5.5: Identify circuit-level gateways and their features

L 9 Obj ti


110/148



Lesson 9 Objectives (contd)

1.5.6: Identify application-level gateways and their

features

1.5.7: Identify features of a packet-filtering firewall,including rules, stateful multi-layer inspection

1.5.8: Identify fundamental features of a proxy-basedfirewall (e.g., service redirection, service passing,

gateway daemons), and implement proxy-levelfirewall security

1.5.9: Define the importance of proxy caching relatedto performance

1.6.1: Implement a packet-filtering firewall

1.6.2: Customize your network to manage hackeractivity

Definition and


111/148



Description of a Firewall

Firewall Demilitarized zone (DMZ)

Daemon


112/148

Firewall Terminology


113/148



Firewall Terminology

Packet filter

Proxy server

Application-layer proxy

Circuit-level proxy

Network Address Translation (NAT) Bastion host

Operating system hardening

Screening and choke routers

Demilitarized zone (DMZ)

Web security gateway

Firewall Configuration Defaults


114/148



Firewall Configuration Defaults

By default, a firewall can be configured toeither:

Deny all traffic, in which case you wouldspecify certain types of traffic to allow inand out of your network

Allow all traffic, in which case you wouldspecify certain types of traffic to deny

Creating


115/148



gPacket Filter Rules

Process Rules and fields

Standard FTP clients and creating packet filterrules

Passive FTP clients and packet filter rules

Packet Filter


116/148



Advantages and Disadvantages

Drawbacks Stateful multi-layer inspection

Popular packet-filtering products

Using the ipchainsand iptablescommands in

Linux

Configuring


117/148



Proxy Servers

Recommending a proxy-oriented firewall Proxy server advantages and features

Authentication

Logging and alarming

Caching

Fewer rules

Reverse proxies and proxy arrays

Proxy server drawbacks Client configuration

Speed

URL Filtering


118/148



URL Filtering

Techniques to filter outbound URLs

Techniques to filter inbound URLs

Remote Access and


119/148



Virtual Private Networks (VPNs)

Three types of VPNs: Workstation-to-server

Firewall-to-firewall

Workstation-to-workstation

Tunneling protocols

Internet Protocol Security (IPsec)

Point-to-Point Tunneling Protocol (PPTP)

Layer 2 Tunneling Protocol (L2TP) VPN vulnerabilities


120/148

Lesson 9 Summary


121/148



Lesson 9 Summary

1.1.3: Identify potential risk factors for data security,

including improper authentication 1.2.3: Define asymmetric (public-key) encryption,

including distribution schemes, Public KeyInfrastructure (PKI)

1.4.2: Define IPSec concepts


1.5.1: Define the purpose and function of variousfirewall types

1.5.2: Define the role a firewall plays in a company'ssecurity policy

1.5.3: Define common firewall terms

1.5.4: Identify packet filters and their features

1.5.5: Identify circuit-level gateways and their features

Lesson 9 Summary (contd)


122/148



Lesson 9 Summary (cont d)

1.5.6: Identify application-level gateways and their

features 1.5.7: Identify features of a packet-filtering firewall,

including rules, stateful multi-layer inspection

1.5.8: Identify fundamental features of a proxy-basedfirewall (e.g.; service redirection, service passing,

gateway daemons), and implement proxy-levelfirewall security

1.5.9: Define the importance of proxy caching relatedto performance


1.6.2: Customize your network to manage hackeractivity


123/148


Lesson 10:Levels of

Firewall Protection


124/148

Designing a Firewall


125/148



Designing a Firewall

Firewall design principles

Keep design simple

Make contingency plans


126/148

Hardware Issues


127/148



Hardware Issues

Choosing the operating system

Firewall appliances

Services

Daemons

Proxy servers

CommonFi ll D i


128/148



Firewall Designs

Screening routers Screened host firewall (single-homed bastion)

Screened host firewall (dual-homed bastion)

Screened subnet firewall (demilitarized zone)

CommonFi ll D i


129/148



Firewall Designs

Screening routers

CommonFi ll D i
http://www.google.com.bh/url?sa=i&rct=j&q=screening+routers&source=images&cd=&cad=rja&docid=g4m-H4Z2OZqDeM&tbnid=pF-d0vaEsNN-2M:&ved=0CAUQjRw&url=http://www.textoscientificos.com/redes/firewalls-distribuidos/firewalls/convencionales&ei=7JCIUfOGJ7SZ0AX39IGIBA&bvm=bv.45960087,d.bGE&psig=AFQjCNHE73jIcEv7GecbXieuwwaLQNf1IQ&ust=1367990787935109


130/148



Firewall Designs

Screened host firewall (single-homed bastion)
http://www.google.com.bh/url?sa=i&rct=j&q=single-homed+bastion+host&source=images&cd=&cad=rja&docid=49SF2XFkO0ItKM&tbnid=92eSmftr-7lkLM:&ved=0CAUQjRw&url=http://clchnd.blogspot.com/2011/04/introduction-to-firewalls-hnd-and-bsc.html&ei=T5GIUbnuJeeq0QW64YHABg&bvm=bv.45960087,d.bGE&psig=AFQjCNEUqa_07SEyOmLD1OjfWegEINxT6w&ust=1367990976062145


131/148

CommonFi ll D i


132/148



Firewall Designs

Screened subnet firewall (demilitarized zone)

Modern Firewall Design
http://www.google.com.bh/url?sa=i&rct=j&q=demilitarized+zone+firewall&source=images&cd=&cad=rja&docid=p5q-GpjL6TBpeM&tbnid=lb8uETB_nn0UrM:&ved=0CAUQjRw&url=http://www.bluechaos.be/blogs/index.php/2009/03/firewall-architecture&ei=NpKIUb3yOqi70QXbsoDQAg&bvm=bv.45960087,d.bGE&psig=AFQjCNHq24EK6F6CxmeLnX4DTMxPOHYoCw&ust=1367991123612736


133/148



Lesson 10 Summary


134/148



y


1.5.1: Define the purpose and function ofvarious firewall types

1.5.3: Define common firewall terms


1.6.2: Customize your network to managehacker activity


135/148


Lesson 11:Detecting and

Distracting Hackers

Lesson 11 Objectives


136/148



j

1.6.2: Customize your network to manage

hacker activity

1.6.3: Implement proactive detection

1.6.4: Distract hackers and contain theiractivity

1.6.5: Deploy tripwires and other traps on anetwork host

ProactiveDetection


137/148



Detection

Automated security scans Login scripts

Automated auditing

Distracting the Hacker


138/148



g

Dummy accounts

Dummy files

Dummy password files

Tripwire scripts

Automated checksums Jails

Deterring the Hacker


139/148



g

Methods for deterring hackers

Log traffic and send e-mail messages

Conduct reverse scans

Drop the connection

Contact the ISP Tools for responding to hackers

Problems with retaliation

Lesson 11 Summary


140/148



y

1.6.2: Customize your network to manage

hacker activity

1.6.3: Implement proactive detection

1.6.4: Distract hackers and contain theiractivity

1.6.5: Deploy tripwires and other traps on anetwork host


141/148


Lesson 12:Incident Response

Lesson 12 Objectives


142/148



1.6.6: Respond appropriately to a security

breach

1.6.7: Identify security organizations that canhelp in case of system attack

1.6.8: Subscribe to respected security alerting

organizations

1.6.9: Identify appropriate authorities tocontact regarding data theft and otherattacks

Creating anIncident Response Policy


143/148



Incident Response Policy

Decide ahead of time Do not panic

Document everything

Determining ifan Attack Has Occurred


144/148



an Attack Has Occurred

Determine the scope of the breachFind out if the hacker at

Stage 1 (discovery)

Stage 2 (penetration)

Stage 3 (control, and spreading to other system)

Stop or contain activity

Executingthe Response Plan


145/148



the Response Plan

Notifying affected individuals Breaking the link or creating a jail

Notifying appropriate authorities

Contacting the hackers

Tracing connections and conducting otherchecks to future map the hackers activity

Reconfiguring the firewall

Notifying Internet agencies

Analyzing and Learning


146/148



Ask questions of everyone involved

Record specific lessons you have learned

Update your security policy

Lesson 12 Summary


147/148



1.6.6: Respond appropriately to a security

breach

1.6.7: Identify security organizations that canhelp in case of system attack

1.6.8: Subscribe to respected security alerting

organizations

1.6.9: Identify appropriate authorities tocontact regarding data theft and otherattacks



148/148

What Is Security?

Elements of Security Applied Encryption

Types of Attacks

Recent Networking Vulnerability Considerations

General Security Principles

Protocol Layers and Security

Securing Resources

Firewalls and Virtual Private Networks

Levels of Firewall Protection

Detecting and Distracting Hackers

Incident Response

CIW Security

Documents

Transcript of CIW Security