Network Security - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Network Security

Description:

Network Security A General Introduction Outline Network Gatekeepers Identifying network threats and countermeasures Using secure router, firewall, and switch ... – PowerPoint PPT presentation

Number of Views:107
Avg rating:3.0/5.0
Slides: 23
Provided by: acuk
Category:

less

Transcript and Presenter's Notes

Title: Network Security


1
Network Security
  • A General Introduction

2
Outline
  • Network Gatekeepers
  • Identifying network threats and countermeasures
  • Using secure router, firewall, and switch
    configurations

3
Network Gatekeepers
  • Network is the entry point to application and
    control access to the various servers in the
    enterprise environment
  • The basic components of a network, which act as
    the front-line gatekeepers, are the
  • router,
  • firewall, and
  • switch.

4
Threats and Countermeasures
  • An attacker looks for poorly configured network
    devices to exploit.
  • The following are high-level network threats
  • Information gathering
  • Sniffing
  • Spoofing
  • Session hijacking
  • Denial of service

5
Information Gathering
  • Information gathering can reveal detailed
    information about network topology, system
    configuration, and network devices.
  • Attacks
  • Using Tracert (Traceroute) to detect network
    topology
  • Using Telnet to open ports for banner grabbing
  • Using port scans to detect open ports
  • Using broadcast requests to enumerate hosts on a
    subnet

6
Countermeasures- Information gathering
  • Use generic service banners that do not give
    away configuration information such as software
    versions or names.
  • Use firewalls to mask services that should not be
    publicly exposed

7
Sniffing
  • Sniffing, also called eavesdropping, is the act
    of monitoring network traffic for data, such as
    clear-text passwords or configuration
    information.
  • Vulnerabilities
  • Weak physical security
  • Lack of encryption when sending sensitive data
  • With a simple packet sniffer, all plaintext
    traffic can be read easily

8
Countermeasures
  • Some of the countermeasures
  • Strong physical security that prevents rogue
    devices from being placed on the network
  • Encrypted credentials and application traffic
    over the network

9
Spoofing
  • Spoofing, is a means to hide one's true identity
    on the network.
  • A fake source address is used that does not
    represent the actual packet originator's address
  • Vulnerabilities
  • Lack of ingress and egress filtering.
  • Ingress filtering is the filtering of any IP
    packets with un-trusted source addresses before
    they have a chance to enter and affect your
    system or network.
  • Egress filtering is the process of filtering
    outbound traffic from your network.

10
Countermeasures
  • Countermeasures
  • Use of ingress and egress filtering on perimeter
    routers using Access Control Lists (ACLs)

11
Denial of Service
  • Network-layer denial of service attacks usually
    try to deny service by flooding the network with
    traffic, which consumes the available bandwidth
    and resources.
  • Vulnerabilities
  • Weak router and switch configuration
  • Unencrypted communication

12
Countermeasures denial of service
  • Filtering broadcast requests
  • Filtering Internet Control Message Protocol
    (ICMP) requests
  • Patching and updating of service software

13
Router Considerations
  • The router is the very first line of defense.
  • It provides packet routing,
  • It can also be configured to block or filter the
    forwarding of packet types that are known to be
    vulnerable or used maliciously, such as ICMP

14
Router Considerations - Protocol
  • Protocols
  • Denial of service attacks take advantage of
    protocol-level vulnerabilities, for example, by
    flooding the network
  • Prevent attack
  • Use ingress and egress filtering.
  • Incoming packets with an internal address can
    indicate an intrusion attempt or probe and should
    be denied entry to the perimeter network
  • set up router to route outgoing packets only if
    they have a valid internal IP address
  • Screen ICMP traffic from the internal network
  • Blocking ICMP traffic at the outer perimeter
    router protects you from attacks such as
    cascading ping floods
  • ICMP can be used for troubleshooting, it can
    also be used for network discovery and mapping
  • Enable ICMP in echo-reply mode only

15
Router Considerations - Protocol
  • Protocols
  • Do Not Receive or Forward Directed Broadcast
    Traffic
  • Directed broadcast traffic can be used as a
    vehicle for a denial of service attack
  • Example
  • 10.0.0.0/8
  • 127.0.0.0/8
  • 169.254.0.0/16 link local network
  • Prevent Traceroute packets
  • Trace routing is a means to collect network
    topology information. By blocking packets of this
    type, you prevent an attacker from learning
    details about your network from trace routes.

16
Router Considerations
  • Patches and updates
  • stay current with both security issues and
    service patch
  • Disable unused interfaces.
  • Apply strong password policies.
  • Use static routing.
  • An attacker might try to change routes to cause
    denial of service or to forward requests to a
    rogue server
  • Audit Web facing administration interfaces

17
Router Considerations- Services
  • Services
  • To reduce the attack surface area, default
    services that are not required should be shut
    down.
  • Examples include bootps and Finger, which are
    rarely required. You should also scan your router
    to detect which ports are open.

18
Firewall - 1
  • The role of the firewall is to block all
    unnecessary ports and to allow traffic only from
    known ports.
  • A firewall should exist anywhere you interact
    with an untrusted network, especially the
    Internet.
  • Separate your Web servers from downstream
    application and database servers with an internal
    firewall
  • The firewall should be configured to monitor and
    prevent attacks and detecting intrusion attempts.
  • Firewall may runs on an operating system , hosted
    by a router or on a specialist hardware.

19
Firewall -2
  • The configuration categories for the firewall
    include
  • Patches and updates
  • Filters
  • Auditing and logging
  • Perimeter networks
  • Intrusion detection

20
Switch
  • Switches are designed to improve network
    performance to ease administration
  • Traffic is not shared between switched segments.
    T
  • This is a preventive measure against packet
    sniffing between networks.
  • An attacker can circumvent this security by
  • reconfiguring switching rules
  • using easily accessed administrative interfaces,
    I
  • known account names and passwords

21
Considerations - Secure switching
  • Install latest patches and updates
  • Virtual Local Area Networks (VLANs)
  • Virtual LANs separate network segments and allow
    application of access control lists based on
    security rules.
  • Insecure defaults
  • change all factory default passwords and to
    prevent network enumeration or total control of
    the switch
  • Services
  • all unused services are disabled.

22
Configure router passwords and banners
  • Complete the task given in the lab sheet
Write a Comment
User Comments (0)
About PowerShow.com