Slideshow 1

CWSP Guide to Wireless Security

Guide to Tactical Perimeter Defense

Chapter 1Network Defense Fundamentals

CWSP Guide to Wireless SecurityTactical Perimeter Defense 1

Objectives

• Describe the threats to network security

• Explain the goals of network security

• Describe a layered approach to network defense

• Explain how network security defenses affect your organization


Overview of Threats to Network Security

• Motivation of attackers– Status

– Revenge

– Financial gain

– Industrial espionage

– Principle


Overview of Threats to Network Security (con’t.)

• Types of attackers– Crackers

• Try to gain access to unauthorized network resources

• Motivations: knowledge/improvement of Internet; destruction; thrill

– Disgruntled employees• Motivation: revenge over perceived injustice

– Criminal and industrial spies• Motivation: profit; competition; potential victims



• Types of attackers (con’t.)– Script kiddies

• Find viruses/scripts online and spread though weaknessesin computer systems

– Packet monkeys• Block Web-site activities through a distributed denial-of-

service (DDoS) attack

– Terrorists• Motivations: political goals, psychological effect



• Malicious code– Malware: software designed to cause harm to networks

or steal information from networks

– Examples:• Code Red worm

• MSBlast worm

• Slammer worm



• Types of malware– Virus

• Replicates and performs benign or harmful action throughexecutable code, attachments, Web pages

– Worm• Replicates repeatedly

• Self-propagating

• Can install backdoor or destroy data on disk

– Trojan program• Installs malware under guise of performing useful task



• Types of malware (con’t.)– Macro virus

• Script that automates repetitive task in an application

– Spyware• Can decrease productivity, carry additional malware, use

system resources, or steal information

• Includes adware, tracking cookies, dialers, and spam



• Activity 1-1: Scanning for Spyware– Objective: Download and run Spy Sweeper to scan your

computer for spyware

Figure 1-1 The Spy Sweeper user interface



• Other threats to network security– Infection of new malware

– Exploitation of recently discovered vulnerability

– Natural disaster such as earthquake

– Solution: cyber-risk insurance



• Social engineering– Attackers obtain passwords or access codes from

gullible employees

– Employees abuse accepted security practices

– Solution: strong, enforced security policy and security awareness training


Table 1-1 Attacks and defenses


Table 1-1 Attacks and defenses (con’t.)



• Internet security concerns– Sockets

• Attackers attempt to identify and exploit sockets that respond to connection requests

– E-mail and communications• Attachments or files may contain malware

• Use personal firewall system for protection

– Scripting

– Always-on connectivity



• Internet security concerns (con’t.)– Scripting

• Executable code attached to e-mail or downloaded files

• May only be filtered through specialty firewall software

– Always-on connectivity• Computers are easier to attack because IP address

remains the same while connected

• Remote users connecting to internal network may cause vulnerability



• Activity 1-2: Examining E-mail Content Filters and Security Suites – Objective: Evaluate e-mail security software

– Read about features of MailMarshal

– Find three other vendors and create a comparison chartof features and cost



• Activity 1-3: Identifying Open Ports– Objective: use the Netstat command to look for open

ports on your computer

– A secure computer should have minimal set of resources and open ports on it

– Netstat command utility available in Windows and UNIX• In Windows XP: type netstat –a

• Displays protocol and state of TCP/UDP ports


Goals of Network Security

• Providing network connectivity– Priority: secure connectivity with trusted users and

networks

– Vulnerable online activities• Placing and purchasing orders

• Paying bills

• Accessing account information

• Looking up personnel records

• Creating authentication information

– Use layered security scheme


Goals of Network Security (con’t.)

• Securing remote access– For contractors and employees

– Use a virtual private network (VPN)• Combination of encryption and authentication

• Cost-effective



Figure 1-2 Providing secure connectivity with VPNs



• Ensuring privacy– Maintain customer confidentiality in organizational

databases

– Be aware of laws that protect private information• Sarbanes-Oxley

• Health Insurance Portability and Accountability Act (HIPAA)

• Gramm-Leach-Bliley Act

– Educate employees about security dangers and policies



• Providing nonrepudiation– Capability of prevent a participant of an electronic

transaction from denying that it performed an action

– Ensures that sender can’t deny sending a message andreceiver can’t deny receiving a message

– Provided through encryption• Protects integrity, confidentiality, and authentication of

digital information



• Confidentiality, integrity, and availability: the CIA triad– Confidentiality: prevent intentional or unintentional

disclosure of communications between a sender and recipient

– Integrity: ensure the accuracy and consistency of information during all processing

– Availability: ensure that those authorized to access resources can do so in a reliable and timely manner



Figure 1-3 The CIA Triad


Using Network Defense Technologies in Layers (con’t.)

• Physical security– Measures taken to physically protect a computer or

network device from theft, fire, or environmental disaster• Computer locks or specialized locks

• Critical servers in room with lock and/or alarm

• Engraving tools to identify laptops

• Uninterruptible power supply (UPS)

• Fire suppression system with gaseous agent



• Password security– Choose strong passwords

– Keep passwords secure

– Change passwords regularly

– Use multiple passwords to protect critical applications



• Authentication methods– Something the user knows

• Example: username/password combination

– Something the user possesses• Example: smart card

– Something the user is• Example: retinal scans, fingerprints (biometrics)



• Operating system security– Install OS patches that have been issued to address

security flaws

– Keep up with hot fixes and service packs for your system

– Stop any unneeded services

– Disable guest accounts



• Antivirus protection– Antivirus software is a necessity

• Examines files and e-mail messages for file extensions that typically contain malware (.exe, .zip)

• Compare with current signature files

• Quarantines malware

– Keeping software updated is critical



• Packet filtering– Block or allow transmission of packets based on port, IP

address, protocol, etc.

– Evaluates information in packet header and compares itto rule base

– Can be hardware or software• Routers: use access control list (ACL)

• Operating system utilities: Iptables, TCP/IP Filtering

• Software firewalls: Check Point, ZoneAlarm



• Firewalls– Use organization’s security policy as guide

– Enforces policy set by network administrator

– Permissive policies• Allows all traffic by default

• Blocks services on a case-by-case basis

– Restrictive policies• Denies all traffic by default

• To allow a specific type of traffic, a new rule must be placed before the “deny all” rule



• Demilitarized zones (DMZs)– Subnet that sits outside the internal network but is

connected to the firewall

– Makes service publicly available while protecting internal LAN

– May contain domain name server (DNS) to resolve domain names to IP addresses



• Intrusion detection systems (IDSs)– Offers additional layer of protection for network

– Recognizes signs or possible attack• Signatures: combination of IP addresses, port number, and

frequency of access attempts

– Sends notification to administrator



• Virtual private networks (VPNs)– Secure connection that uses public Internet

– Lower cost than leased lines from telecommunication companies



• Network auditing and log files– Process of monitoring computers accessing a network

and recording that information in a log file

– Analyzing log files:• Sort logs by time of day and per hour

• Learn peak times of traffic and most used services

• Use GUIs and log analyzers to spot trends and create easy-to read log files and trends

– Configuring log files



• Network auditing and log files (con’t.)– Configuring log files: view information in various ways

• System events: track operations of IDS or firewall

• Security events: records alerts that firewall/IDS has issued

• Traffic

• Packets

– Some programs customize log files and allow searchingfor items/events



• Using GUI log viewers: organizes logged information and enables sorting

Figure 1-5 ZoneAlarm’s log viewer



• Routers and access control methods– Typical access points of entry: vulnerable services; e-

mail gateways; porous borders

– Access control methods• Mandatory Access Control (MAC): defines access

capabilities rigorously in advance

• Discretionary Access Control (DAC): users are allowed toshare information with other users

• Role Based Access Control (RBAC): establishes organizational roles to limit information access by job function/responsibility


The Impact of Defense

• Cost of security breach can be very high in terms of return on investment (ROI)

• Gain management support to ensure sound security scheme– Discuss funding, staff, downtime, and resources for

entire span of project

• Security systems must be continuously maintained and updated


Summary

• Network intruders are motivated by various desires– Data; revenge; financial gain; proprietary information for

resale

• Understanding network security concerns regarding online communication is essential– Vulnerability of e-mail attachments

– Use of firewalls and VPNs

• Goals for a network security program– Privacy; data integrity; authentication; remote users


Summary (con’t.)

• Network security has many several layers of defense

• Auditing and log files help detect vulnerable points in a system

• Routers at network perimeter need access control for security

• Defense affects the entire organization

Slideshow 1

Documents

Transcript of Slideshow 1