Network security

533 views
458 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
533
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
30
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Network security

  1. 1.  ACLs typically reside on routers to determine which devices are allowed to access them based on the requesting device’s Internet Protocol (IP) address.
  2. 2.  Basicly ACL use IP address for filtering packet but now also use port number.
  3. 3.  ACLs are configured either to apply to inbound traffic or to apply to outbound traffic.
  4. 4.  ACLs are configured either to apply to inbound traffic or to apply to outbound traffic.
  5. 5.  There are two types of Cisco ACLs, standard and extended.  Standard ACLs allow you to permit or deny traffic from source IP addresses.  Extended ACLs filter IP packets based on several attributes, for example, protocol type, source and IP address, destination IP address, source TCP or UDP ports, destination TCP or UDP ports, and optional protocol type information for finer granularity of control.
  6. 6.  The first is a concept called tunneling, which basically means encapsulating one protocol within another to ensure that a transmission is secure.
  7. 7.  Virtual Private Network (VPN)  Remote access VPNs  Site-to-site VPNs  Extranet VPNs
  8. 8.  This security protocol was developed by Netscape to work with its browser. It’s based on Rivest, Shamir, and Adleman (RSA) public-key encryption and used to enable secure Session-layer connections over the Internet between a web browser and a web server
  9. 9.  Layer 2 Tunneling Protocol (L2TP), which was created by the Internet Engineering Task Force (IETF). It comes in handy for supporting non-TCP IP protocols in VPNs over the Internet.
  10. 10.  just mentioned Point to Point Tunneling Protocol (PPTP). PPTP acts by combining an unsecured Point to Point Protocol (PPP) session with a secured session using the Generic Routing Encapsulation (GRE) protocol.
  11. 11.  The two major protocols you’ll find working in IPSec are the Authentication Header (AH) and Encapsulating Security Payload (ESP). AH serves up authentication services only—no encryption but ESP provides both authentication and encryption abilities.
  12. 12.  Encryption works by running the data (which when encoded is represented as numbers) through a special encryption formula called a key that the designated sending and receiving devices both ―know.‖
  13. 13.  Private Encryption Keys Private keys are commonly referred to as symmetrical keys. Using private-key encryption, both the sender and receiver have the same key and use it to encrypt and decrypt all messages  DES  56-bit key  3DES  168 – bit key  The Advanced Encryption Standard (AES)  128, 192, or 256 bits
  14. 14.  Public Key Encryption Public key encryption uses the Diffie-Hellman algorithm, which employs a public key and a private key to encrypt and decrypt data. The sending machine’s public key is used to encrypt a message to the receiving machine that it uses to decrypt the message with a private key.
  15. 15.  Disabling Accounts Managing Account Password-Management Features
  16. 16.  Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) is a system that links users to public key that verifies the user’s identity by using a certificate authority (CA).
  17. 17.  Public Key Infrastructure (PKI)
  18. 18.  Kerberos, created at MIT, isn’t just a protocol, it’s an entire security system that establishes a user’s identity when they first log on to a system that’s running it.
  19. 19.  RADIUS RADIUS is an authentication and accounting service that’s used for verifying users over various types of links, including dial-up. Many ISPs use a RADIUS server to store the usernames and passwords of their clients in a central spot through which connections are configured to pass authentication requests
  20. 20.  The Terminal Access Controller Access-Control System Plus (TACACS+) protocol is an alternative AAA method to RADIUS. Here are two major differences between TACACS+ and RADIUS:  RADIUS combines user authentication and authorization i NN nto one profile, but TACACS+ separates the two.  TACACS+ utilizes the connection-based TCP protocol, but RADIUS uses UDP instead.
  21. 21.  Denial of Service (DoS) A denial of service (DoS) attack does exactly what it sounds like it would do—it prevents users from accessing the network and/or its resources. Example of DoS: The Ping of Death Ping 192.168.131.67 -l 65000
  22. 22.  It’s a version of a DoS attack that floods its victim with spoofed broadcast ping messages
  23. 23.  They’re called distributed denial of service (DDos) attacks and also make use of IP spoofing
  24. 24.  File Viruses Macro Viruses Boot-Sector Viruses Multipartite Viruses
  25. 25.  Functionally, or not so much if your computer happens to have been infected with one, worms are a lot like viruses—only worse because they’re much harder to stop. Worms can actively replicate without requiring you to do anything like open an infected file.
  26. 26.  IP Spoofing IP spoofing is the process of sending packets with a fake source address that makes it look like those packets actually originate from within the network that the hacker is trying to attack.
  27. 27.  Backdoors Backdoors are simply paths leading into a computer or network. From simple invasions to elaborate Trojan Horses, villains can use their previously placed inroads into a specific host or a network whenever they want to.
  28. 28.  Packet Sniffers A packet sniffer is a software tool that can be incredibly effective in troubleshooting a problematic network but that can also be a hacker’s friend.
  29. 29.  A man-in-the-middle attack happens when someone intercepts packets intended for one computer and reads the data.
  30. 30.  rogue access point is one that’s been installed on a network without the administrator’s knowledge.
  31. 31.  Social engineering, or phishing, refers to the act of attempting to illegally obtain sensitive information by pretending to be a credible source.
  32. 32.  Active Detection Passive Detection Proactive Defense
  33. 33.  Security Policies It should precisely define how security is to be implemented within an organization and include physical security, document security, and network security. Security Audit A security audit is a thorough examination of your network that includes testing all its components to make sure everything is secure.
  34. 34.  Security Policies It should precisely define how security is to be implemented within an organization and include physical security, document security, and network security. Security Audit A security audit is a thorough examination of your network that includes testing all its components to make sure everything is secure.
  35. 35.  Firewalls are usually a combination of hardware and software. The hardware part is usually a router, but it can also be a computer or a dedicated piece of hardware called a black box that has two Network Interface Cards (NICs) in it. One of the NICs connects to the public side, and the other one connects to the private side. The software part is configured to control how the firewall actually works to protect your network by scrutinizing each incoming and outgoing packet and rejecting any suspicious ones.
  36. 36.  A network-based firewall is what companies use to protect their private network from public networks. The defining characteristic of this type of firewall is that it’s designed to protect an entire network of computers instead of just one system, and it’s usually a combination of hardware and software
  37. 37.  host-based firewall is implemented on a single machine so it only protects that one machine. This type of firewall is usually a software implementation, because you don’t need any additional hardware in your personal computer to run it. All current Windows client operating systems come with Windows Firewall, which is a great example of a host-based solution
  38. 38.  Demilitarized Zone (DMZ) Most firewalls in use today implement something called a demilitarized zone (DMZ), which, as its name implies, is a network segment that isn’t public or local but halfway between the two. A standard DMZ setup typically (but not always) has two or three network cards in the firewall computer.  The first goes to the Internet  Second one goes to the network segment where the commonly targeted servers exist that I recommended be placed in the DMZ  Third connects to your intranet.
  39. 39.  Proxy Services Firewalls can also implement something called proxy services, which actually makes them proxy servers, or proxies for short. Let’s say an internal client sends a request to an external host on the Internet. That request will get to the proxy server first, where it will be examined, broken down, and handled by an application that will create a new packet requesting Information from the external server.
  40. 40.  Proxy Services
  41. 41.  The first firewalls that were developed functioned solely at the Network layer, and the earliest of these were known as packet-filter firewalls. I covered packet filtering a bit earlier in this chapter; as a refresher, all it means is that the firewall looks at an incoming packet and applies it against the set of rules in the ACL(s).
  42. 42.  Basic packet filter doesn’t care about whether the packet it is examining is stand-alone or part of a bigger message stream. That type of packet filter is said to be stateless, in that it does not monitor the status of the connections passing through it. Stateful firewall is one that keeps track of the various data streams passing through it. If a packet that is a part of an established connection hits the firewall, it’s passed through.
  43. 43.  There are two ways IDS systems can detect attacks or intrusions. The first is based on the signature of an intrusion that’s often referred to as a misuse-detection IDS (MD-IDS). There are two ways IDS systems can detect attacks or intrusions. The first is based on the signature of an intrusion that’s often referred to as a misuse-detection IDS (MD-IDS),
  44. 44.  network-based IDS (NIDS), where the IDS system is a separate device attached to the network via a machine like a switch or directly via a tap.
  45. 45.  In a host-based IDS (HIDS), software runs on one computer to detect abnormalities on that system alone by monitoring applications, system logs, and event logs—not by directly monitoring network traffic.
  46. 46.  A VPN concentrator is a device that creates remote access for virtual private networks (VPNs) either for users logging in remotely or for a large site-to-site VPN. VPNs often allow higher data throughput and provide encryption VPN through a concentrator is usually handled by Internet Protocol Security (IPSec) or by Secure Sockets Layer (SSL), and user authentication can be achieved via Microsoft’s Active Directory, Kerberos, Remote Authentication Dial In User Service (RADIUS), Rivest, Shamir, and Adleman (RSA), and digital certificates.

×