Network security Product Group 2 McAfee Network Security Platform.
Network security
-
Upload
akhilesh-jain -
Category
Education
-
view
606 -
download
0
Transcript of Network security
![Page 1: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/1.jpg)
Network Security
AttacksTechnical Solutions
![Page 2: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/2.jpg)
AcknowledgmentsMaterial is sourced from: CISA® Review Manual 2011, © 2010, ISACA. All rights reserved. Used by
permission. CISM® Review Manual 2012, © 2011, ISACA. All rights reserved. Used by
permission. Many other Network Security sources http://www.csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf
Author: Susan J Lincke, PhDUniv. of Wisconsin-Parkside
Reviewers/Contributors: Todd Burri, Kahili Cheng
Funded by National Science Foundation (NSF) Course, Curriculum and Laboratory Improvement (CCLI) grant 0837574: Information Security: Audit, Case Study, and Service Learning.
Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and/or source(s) and do not necessarily reflect the views of the National Science Foundation.
![Page 3: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/3.jpg)
ObjectivesThe student should be able to:Define attacks: script kiddy, social engineering, logic bomb, Trojan horse, phishing, pharming, war driving, war dialing, man-in-the-middle attack, SQL injection, virus, worm, root kit, dictionary attack, brute force attack, DOS, DDOS, botnet, spoofing, packet reply.Describe defenses: defense in depth, bastion host, content filter, packet filter, stateful inspection, circuit-level firewall, application-level firewall, de-militarized zone, multi-homed firewall, IDS, IPS, NIDS, HIDS, signature-based IDS, statistical-based IDS, neural network, VPN, network access server (RADIUS/TACACS), honeypot, honeynet, hash, secret key encryption, public key encryption, digital signature, PKI, vulnerability assessmentIdentify techniques (what they do): SHA1/SHA2, MD2/MD4/MD5, DES, AES, RSA, ECC.Describe and define security goals: confidentiality, authenticity, integrity, non-repudiationDefine service’s & server’s data in the correct sensitivity class and roles with accessDefine services that can enter and leave a networkDraw network Diagram with proper zones and security equipment
![Page 4: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/4.jpg)
The Problem of Network Security
The Internet allows an attacker to attack from anywhere in the world from their home desk.
They just need to find one vulnerability: a security analyst need to close every vulnerability.
![Page 5: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/5.jpg)
Hacking NetworksPhase 1: Reconnaissance Physical Break-In Dumpster Diving Google, Newsgroups,
Web sites Social Engineering
Phishing: fake email Pharming: fake web pages
WhoIs Database & arin.net
Domain Name Server Interrogations
Registrant: Microsoft Corporation One Microsoft Way Redmond, WA 98052 US
Domain name: MICROSOFT.COM
Administrative Contact: Administrator, Domain [email protected] One Microsoft Way Redmond, WA 98052 US +1.4258828080 Technical Contact: Hostmaster, MSN [email protected] One Microsoft Way Redmond, WA 98052 US +1.4258828080
Registration Service Provider: DBMS VeriSign, [email protected] 800-579-2848 x4 Please contact DBMS VeriSign for domain updates,
DNS/Nameserver changes, and general domain support questions.
Registrar of Record: TUCOWS, INC. Record last updated on 27-Aug-2006. Record expires on 03-May-2014. Record created on 02-May-1991.
Domain servers in listed order: NS3.MSFT.NET 213.199.144.151 NS1.MSFT.NET 207.68.160.190 NS4.MSFT.NET 207.46.66.126 NS2.MSFT.NET 65.54.240.126 NS5.MSFT.NET 65.55.238.126
![Page 6: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/6.jpg)
Hacking NetworksPhase 2: ScanningWar Driving: Can I find a wireless network?War Dialing: Can I find a modem to connect to?Network Mapping: What IP addresses exist, and what
ports are open on them?Vulnerability-Scanning Tools: What versions of software
are implemented on devices?
![Page 7: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/7.jpg)
Passive Attacks
Eavesdropping: Listen to packets from other parties = Sniffing
Traffic Analysis: Learn about network from observing traffic patterns
Footprinting: Test to determine software installed on system = Network Mapping
B
Packet
A
C
Bob
JennieCarl
![Page 8: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/8.jpg)
Hacking Networks:Phase 3: Gaining Access
Network Attacks: Sniffing
(Eavesdropping) IP Address Spoofing Session Hijacking
System Attacks: Buffer Overflow Password Cracking SQL Injection Web Protocol Abuse Denial of Service Trap Door Virus, Worm, Trojan
horse,
Login: Ginger Password: Snap
![Page 9: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/9.jpg)
Some Active AttacksDenial of Service: Message
did not make it; or service could not run
Masquerading or Spoofing: The actual sender is not the claimed sender
Message Modification: The message was modified in transmission
Packet Replay: A past packet is transmitted again in order to gain access or otherwise cause damage
Denial of Service Joe
Ann
Bill SpoofingJoe (Actually Bill)
Ann
Bill
MessageModification Joe
Ann
Packet Replay Joe
Ann
Bill
Bill
![Page 10: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/10.jpg)
Man-in-the-Middle Attack
10.1.1.1
10.1.1.2
10.1.1.3(1) Login
(3) Password
(2) Login
(4) Password
![Page 11: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/11.jpg)
SQL Injection Java Original: “SELECT * FROM
users_table WHERE username=” + “’” + username + “’” + “ AND password = “ + “’” + password + “’”;
Inserted Password: Aa’ OR ‘’=’ Java Result: “SELECT * FROM
users_table WHERE username=’anyname’ AND password = ‘Aa’ OR ‘ ‘ = ‘ ‘;
Inserted Password: foo’;DELETE FROM users_table WHERE username LIKE ‘%
Java Result: “SELECT * FROM users_table WHERE username=’anyname’ AND password = ‘foo’; DELETE FROM users_table WHERE username LIKE ‘%’
Inserted entry: ‘|shell(“cmd /c echo “ & char(124) & “format c:”)|’
Login:
Password:
Welcome to My System
![Page 12: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/12.jpg)
NIST SP 800-118 Draft
Password Cracking:Dictionary Attack & Brute Force
Pattern Calculation
Result Time to Guess(2.6x1018/month)
Personal Info: interests, relatives 20 Manual 5 minutesSocial Engineering 1 Manual 2 minutes American Dictionary 80,000 < 1 second4 chars: lower case alpha 264 5x105
8 chars: lower case alpha 268 2x1011
8 chars: alpha 528 5x1013
8 chars: alphanumeric 628 2x1014 3.4 min.
8 chars alphanumeric +10 728 7x1014 12 min.
8 chars: all keyboard 958 7x1015 2 hours
12 chars: alphanumeric 6212 3x1021 96 years
12 chars: alphanumeric + 10 7212 2x1022 500 years
12 chars: all keyboard 9512 5x1023
16 chars: alphanumeric 6216 5x1028
![Page 13: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/13.jpg)
Hacking Networks:Phase 4: Exploit/Maintain Access
Backdoor
Trojan Horse
Spyware/AdwareBots
User-Level Rootkit
Kernel-Level Rootkit
Replaces systemexecutables: e.g. Login, ls, du
Replaces OS kernel:e.g. process or filecontrol to hide
Control system:system commands,log keystrokes, pswd
Useful utility actuallycreates a backdoor.
Slave forwards/performscommands; spreads,list email addrs, DOSattacks
Spyware: Collect info:keystroke logger,collect credit card #s,AdWare: insert ads,filter search results
![Page 14: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/14.jpg)
Botnets
AttackerHandler
Bots: Host illegal movies, music, pornography, criminal web sites, … Forward Spam for financial gain
China Hungary
Botnets: Bots
Zombies
![Page 15: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/15.jpg)
Distributed Denial of Service Zombies
VictimAttacker Handler
Can barrage a victimserver with requests,causing the networkto fail to respond to anyone
Russia Bulgaria UnitedStates
Zombies
![Page 16: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/16.jpg)
Question
An attack where multiple computers send connection packets to a server simultaneously to slow the firewall is known as:
1. Spoofing2. DDOS3. Worm4. Rootkit
![Page 17: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/17.jpg)
Question
A man in the middle attack is implementing which additional type of attack:
1. Spoofing2. DoS3. Phishing4. Pharming
![Page 18: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/18.jpg)
Network Security
Network DefenseEncryption
![Page 19: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/19.jpg)
Security: Defense in Depth
Border RouterPerimeter firewallInternal firewallIntrusion Detection SystemPolicies & Procedures & AuditsAuthenticationAccess Controls
![Page 20: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/20.jpg)
Bastion Host
Computer fortified against attackers
Applications turned off
Operating system patched
Security configuration tightened
![Page 21: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/21.jpg)
Attacking the NetworkWhat ways do you see of getting in?
The Internet
De-MilitarizedZone
Private Network
Border Router/Firewall
Commercial Network
Private NetworkWLAN
![Page 22: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/22.jpg)
Filters
Route Filter: Verifies sources and destination of IP addresses
Packet Filter: Scans headers of packets and discards if ruleset failed (e.g., Firewall or router)
Content Filter: Scans contents of packets and discards if ruleset failed (e.g., Intrusion Prevention System or firewall)
The good, the bad &the ugly…
Filter
The bad &the ugly
The Good
![Page 23: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/23.jpg)
Packet Filter Firewall
Web Request
Ping Request
FTP request
Email Connect Request
Web Response
Telnet Request
Email Response
SSH Connect Request
DNS Request
Email Response
WebResponse
Illegal Source IP Address
Illegal Dest IP Address
Microsoft NetBIOS Name Service
![Page 24: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/24.jpg)
FirewallConfigurations
A A
terminal
firewall
hostRouter Packet Filtering:Packet header is inspectedSingle packet attacks caughtVery little overhead in firewall: very quickHigh volume filter
A A
terminal
firewall
host
A
Stateful InspectionState retained in firewall memoryMost multi-packet attacks caughtMore fields in packet header inspectedLittle overhead in firewall: quick
![Page 25: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/25.jpg)
FirewallConfigurations
A B
terminal
firewall
hostCircuit-Level Firewall:Packet session terminated and recreated via a Proxy ServerAll multi-packet attacks caughtPacket header completely inspectedHigh overhead in firewall: slow
A B
terminal
firewall
host
A
Application-Level FirewallPacket session terminated and recreated via a Proxy ServerPacket header completely inspectedMost or all of application inspectedHighest overhead: slow & low volume
A B
B
![Page 26: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/26.jpg)
Router
External DNS
IDS Web Server
E-Commerce VPNServer
IDS
Protected Internal NetworkZone
IDSDatabase/File Servers
Internet
Multi-Homed Firewall:Separate Zones
Demilitarized ZoneWith ProxyInterface
ScreenedHost
The router serves as a screen for theFirewall, preventing Denial of Serviceattacks to the Firewall.
ScreeningDevice
Firewall
![Page 27: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/27.jpg)
Writing Rules
Policies Network Filter Capabilities
Write Rules
Protected Network
Audit Failures
Corrections
![Page 28: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/28.jpg)
Services and ServersWorkbook
Service Sensitivity Roles Server
Grades Confidential
For Graduates: TranscriptsFor Current Students: Advising, Students, Faculty
StudentScholastic
Billing Confidential,
For Current Students:Registration, Accounting, AdvisingPayment: Students
StudentBilling
Web Pages
Public Students, Employees, Public
Web services
![Page 29: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/29.jpg)
Path of Logical AccessHow would access control be improved?
The Internet
De-MilitarizedZone
Private Network
Border Router/Firewall
Router/FirewallWLAN
![Page 30: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/30.jpg)
Protecting the Network
The Internet
De-MilitarizedZone
Private Network
Border Router: Packet Filter
Bastion Hosts
Proxy server firewallWLAN
![Page 31: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/31.jpg)
Serviced ApplicationsWorkbook
Applications
Sources of Entry
Servers Required Controls (e.g., Encryption)
Grades - Graduates
University Registration
Graduate Scholastic
Confidentiality, Integrity, Authentication
Grades – Current Students
United States
Student Scholastic
Confidentiality, Integrity, Authentication
Billing Payment: InternationalReports: Univ.
Student Scholastic
Confidentiality, Authentication, Integrity, Non-repudiation
Web Pages
International DMZ: PublicFace
![Page 32: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/32.jpg)
Router
External DNS
Email PublicWeb Server
E-Commerce
Firewall
Zone 1:Student Labs & Files
Internet
Network DiagramWorkbook
Demilitarized Zone
Zone 2:Faculty Labs & Files
Student Records
Student Billing
Transcripts
StudentScholastic
StudentHistory
Zone 3:Student Data
StudentBilling
![Page 33: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/33.jpg)
Intrusion Detection Systems (IDS) Intrusion Prevention Systems (IPS)
Network IDS=NIDS Examines packets for attacks Can find worms, viruses, org-
defined attacks Warns administrator of attack IPS=Packets are routed
through IPS
Host IDS=HIDS Examines actions or resources
for attacks Recognize unusual or
inappropriate behavior E.g., Detect modification or
deletion of special files
Router
Firewall
IDS
![Page 34: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/34.jpg)
IDS Intelligence Systems
Signature-Based: Specific patterns are recognized
as attacks
Statistical-Based: The expected behavior of the
system is understood If variations occur, they may be
attacks (or maybe not)Neural Networks: Statistical-Based with self-learning
(or artificial intelligence) Recognizes patterns
Attacks:NastyVirusBlastWorm
NastyVirus NIDS:
ALARM!!!
0102030405060708090
Mon. Tues. Wed. Thurs.
SalesPersonnelFactory
Nor
mal
![Page 35: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/35.jpg)
Honeypot & HoneynetHoneypot: A system with a special software application
which appears easy to break intoHoneynet: A network which appears easy to break into Purpose: Catch attackers All traffic going to honeypot/net is suspicious If successfully penetrated, can launch further attacks Must be carefully monitored
External DNS
IDS Web Server
E-Commerce VPNServer
Firewall
HoneyPot
![Page 36: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/36.jpg)
Data Privacy Confidentiality: Unauthorized
parties cannot access information (->Secret Key Encryption
Authenticity: Ensuring that the actual sender is the claimed sender. (->Public Key Encryption)
Integrity: Ensuring that the message was not modified in transmission. (->Hashing)
Nonrepudiation: Ensuring that sender cannot deny sending a message at a later time. (->Digital Signature)
Confidentiality Joe
Ann
Bill AuthenticityJoe (Actually Bill)
Ann
Bill
Integrity Joe
Ann
Non-Repudiation Joe
Ann
Bill
![Page 37: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/37.jpg)
Encryption – Secret KeyExamples: DES, AES
EncryptKsecret
DecryptKsecret
plaintextciphertext
plaintext
P = D(Ksecret, E(Ksecret,P))
NIST Recommended: 3DES w. CBC AES 128 Bit
![Page 38: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/38.jpg)
Public Key EncryptionExamples: RSA, ECC, Quantum
EncryptKpublic
DecryptKprivate
Key ownerJoeEncryption(e.g., RCS)
DecryptKpublic
EncryptKprivate
Message, private key
Digital Signature
Key owner
Authentication,Non-repudiation
Joe
P = D(kPRIV, E(kPUB,P))
P = D(kPUB, E(kPRIV,P))NIST Recommended: RSA 1024 bit2011: RSA 2048 bit
![Page 39: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/39.jpg)
Remote Access Security
Virtual Private Network (VPN) often implemented with IPSec
Can authenticate and encrypt data through Internet (red line) Easy to use and inexpensive Difficult to troubleshoot, less reliable than dedicated lines Susceptible to malicious software and unauthorized actions Often router or firewall is the VPN endpoint
The Internet
Firewall
VPN Concentrator
![Page 40: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/40.jpg)
Secure Hash FunctionsExamples: SHA1, SHA2, MD2, MD4, MD5
Message
H H E
Message HMessage H
D
H H
H
Compare
Message Authentication Code
Message
H
Message Message
H
H H H
H
Compare
One Way Hash
K K
K K
Ensures the message was not modified during transmission
NIST Recommended: SHA-1, SHA-22011: SHA-2
![Page 41: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/41.jpg)
Encrypted K(Sender’s Private)
Digital Signature
Electronic Signature Uses public key
algorithm Verifies integrity of
data Verifies identity of
sender: non-repudiation
Message
Msg Digest
![Page 42: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/42.jpg)
Public Key Infrastructure (PKI)
DigitalCertificate User: Sue
Public Key:2456
1. Sue registers withCA through RA
Certificate Authority(CA)
Register(Owner, Public Key) 2. Registration Authority(RA) verifies owners
3. Send approvedDigital Certificates
5. Tom requests Sue’s DC 6. CA sends Sue’s DC
Sue
Tom
4. Sue sendsTom messagesigned withDigital Signature
7. Tom confirmsSue’s DS
![Page 43: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/43.jpg)
Network Access Server
NAS: Network Access Server Handles user authentication, access control and accounting Calls back to pre-stored number based on user ID Prone to hackers, DOS, misconfigured or insecure devices
RADIUS: Remote Access Dial-in User ServiceTACACS: Terminal Access Control Access
1. Dial up and authenticate
2. Call back
RADIUS orTACACS
3. Connect
![Page 44: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/44.jpg)
Web Page Security
SQL Filtering: Filtering of web input for SQL Injection
Encryption/Authentication: Ensuring Confidentiality, Integrity, Authenticity, Non-repudiation
Web Protocol Protection: Protection of State
![Page 45: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/45.jpg)
Vulnerability Assessment
Scan servers, work stations, and control devices for vulnerabilitiesOpen services, patching, configuration
weaknesses Testing controls for effectiveness
Adherence to policy & standards Penetration testing
![Page 46: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/46.jpg)
Serviced ApplicationsWorkbook
Applications
Sources of Entry
Servers Required Controls (e.g., Encryption)
Grades – Current Students
United States
Student Scholastic
Confidentiality: EncryptionIntegrity: Hashing, IDSAuthentication: VPN/IPsec, secure passwords
Billing Payment: InternationalReports: Univ.
Student Scholastic
Confidentiality: Encryption, HTTPsAuthentication: VPN/IPsecIntegrity, Hashing, IDSNon-repudiation: Digital Signature
![Page 47: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/47.jpg)
Summary of Network ControlsNetwork Security Techniques Encryption: Public and Private
key, Wireless WPA2 Virtual Private Network (VPN):
Secure communications tunnel Secure Hashing Digital Signature Bastion Host Configuration Certificate Authority: PKI
Network Protection Devices Firewall: Packet, Stateful,
Circuit, Application-Level Proxy server Demilitarized Zone (DMZ) Intrusion Detection System Intrusion Prevention System Network access server
(RADIUS or TACACS) Honeypot, honeynet
Secure Protocols SSL: Secure web SSH: Secure telnet/rlogin or
file transfer S/MIME: Secure email Secure Information Mgmt: Log
mgmt
![Page 48: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/48.jpg)
Question
A map of the network that shows where service requests enter and are processed
1. Is called the Path of Physical Access2. Is primarily used in developing security policies3. Can be used to determine whether sufficient
Defense in Depth is implemented4. Helps to determine where antivirus software
should be installed
![Page 49: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/49.jpg)
Question
The filter with the most extensive filtering capability is the
1. Packet filter2. Application-level firewall3. Circuit-level firewall4. State Inspection
![Page 50: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/50.jpg)
Question
The technique which implements non-repudiation is:
1. Hash2. Secret Key Encryption3. Digital Signature4. IDS
![Page 51: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/51.jpg)
Question
Anti-virus software typically implements which type of defensive software:
1. Neural Network2. Statistical-based3. Signature-based4. Packet filter
![Page 52: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/52.jpg)
Question
MD5 is an example of what type of software:
1. Public Key Encryption2. Secret Key Encryption3. Message Authentication4. PKI
![Page 53: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/53.jpg)
Question
A personal firewall implemented as part of the OS or antivirus software qualifies as a:
1. Dual-homed firewall2. Packet filter3. Screened host4. Bastion host
![Page 54: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/54.jpg)
HEALTH FIRST CASE STUDYDesigning Network Security
Jamie Ramon MDDoctor
Chris Ramon RDDietician
TerryLicensed Practicing Nurse
PatSoftware Consultant
![Page 55: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/55.jpg)
Define Services & Servers
Which data can be grouped together by role and sensitivity/criticality?
Service Name
Sensitivity Class.
Roles with Access
Server Name
Confidential –Management
Public – Web Pages
Privileged –Contracts
![Page 56: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/56.jpg)
Defining Services which can Enter and Leave the Network
Service Source(e.g., home, world, local computer)
Destination(local server, home, world,
etc.)
![Page 57: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/57.jpg)
Defining Zones and Controls
Compartmentalization:Zone = Region (E.g., DMZ, wireless, internet)Servers can be physical or virtual
Zone Service
Server Required Controls (Conf., Integrity, Auth., Nonrepud., with tools: e.g., Encryption/VPN)
![Page 58: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/58.jpg)
Router
External DNS
Email PublicWeb Server
E-Commerce
Firewall
Zone 1:Student Labs & Files
Internet
Draw the Network Diagram
Demilitarized Zone
Zone 2:Faculty Labs & Files
Student Records
Student Billing
Transcripts
StudentScholastic
StudentHistory
Zone 3:Student Data
StudentBilling
![Page 59: Network security](https://reader031.fdocuments.us/reader031/viewer/2022030304/5877a6401a28ab826e8b6227/html5/thumbnails/59.jpg)
ReferenceSlide # Slide Title Source of Information
7 Passive Attacks CISA: page 331,333, 3529 Some Active Attacks CISA: page 330, 332, 35210 Man-in-the –Middle Attack CISA: page 33112 Password Cracking: dictionary Attack & Brute Force CISA: page 330
14 Botnets CISA: page 33015 Distributed Denial of Service CISA: page 33023 Packet Filter Firewall CISA: page 353, 35424 Firewall Configurations CISA: page 353 – 35525 Firewall Configurations CISA: page 35426 Multi-Homed Firewall: Separate Zones CISA: page 35533 Intrusion Detection Systems (IDS)
Intrusion Prevention System (IPS)CISA: page 355, 356
34 IDS Intelligence Systems CISA: page 35635 Honeypot & Honeynet CISA: page 356, 35737 Encryption – Secret Key CISA: page 35738 Public Key Encryption CISA: page 357, 35839 Remote Access Security CISA: page 36140 Secure Hash Functions CISA: page 359, 361, 362
41 Digital Signature CISA: page 35942 Public Key Infrastructure (PKI) CISA: page 359, 360