Successfully reported this slideshow.

IT103Microsoft Windows XP/OS Chap11

358 views

Published on

  • Be the first to comment

  • Be the first to like this

IT103Microsoft Windows XP/OS Chap11

  1. 1. CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11
  2. 2. OVERVIEW <ul><li>Understand IP addressing </li></ul><ul><li>Manage IP subnetting and subnet masks </li></ul><ul><li>Understand IP security terminology </li></ul><ul><li>Manage Internet security features of Windows XP </li></ul><ul><li>Configure and troubleshoot Windows Firewall </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  3. 3. Overview - 2 <ul><li>This chapter addresses advanced TCP/IP addressing and Internet security. It introduces students to classless interdomain routing (CIDR) subnetting and subnet masks, and it explores the binary nature of IP addresses and the knowledge necessary to troubleshoot addressing issues. </li></ul><ul><li>We will also introduce Windows XP Internet security features such as Windows Firewall. Proper configuration and operation of Windows Firewall can protect systems inexpensively. </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  4. 4. UNDERSTANDING BINARY NUMBERS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  5. 5. CONVERTING DECIMAL ADDRESSES TO BINARY Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  6. 6. CONVERTING BINARY ADDRESSES TO DECIMAL Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  7. 7. USING CALCULATOR TO CONVERT NUMBERS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  8. 8. SUBNET MASKS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  9. 9. PROBLEMS WITH CLASSFUL ADDRESSES <ul><li>Wasted addresses </li></ul><ul><li>Shortage of address blocks </li></ul><ul><li>Excessive routing table entries </li></ul><ul><li>Netblock - a range of consecutive IP addresses </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  10. 10. … More detail… <ul><ul><li>Netblocks were rigid, so organizations needing a contiguous address space were assigned an address block that, in some cases, was vastly larger than they needed. One example was any organization assigned a Class A netblock. Who has 1.7 million public systems? </li></ul></ul><ul><ul><li>The supply of netblocks was limited. The Class A networks were all taken, and Class B networks were getting scarce. </li></ul></ul><ul><ul><li>To deal with the scarcity of Class B blocks, some organizations obtained multiple Class C blocks to support their requirements. This resulted in a proliferation of routing table entries because several entries would be required to support several Class C networks for a single organization. </li></ul></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  11. 11. SUBNETTING A LARGE NETWORK Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  12. 12. Previous Slide… <ul><li>This slide shows a Class A network being subnetted first into Class B networks and then into Class C networks. </li></ul><ul><li>This is one solution to the scarcity of Class B networks. It creates 256 Class B subnetworks for each Class A network divided in this way. </li></ul><ul><li>Each Class B network can then be divided into 256 Class C networks. </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  13. 13. CLASSLESS INTERDOMAIN ROUTING (CIDR) Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  14. 14. SUPERNETS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  15. 15. SECURING IP COMMUNICATIONS <ul><li>Internet threats </li></ul><ul><li>Protective technologies </li></ul><ul><li>Configuring and managing Windows Firewall </li></ul><ul><li>Monitoring Internet communications security </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  16. 16. INTERNET THREATS <ul><li>Viruses (the oldest threat) </li></ul><ul><li>Worms (the most persistent threat) </li></ul><ul><li>Trojan horses </li></ul><ul><li>Spyware </li></ul><ul><li>Zombies </li></ul><ul><li>Direct hacking </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  17. 17. VIRUSES <ul><li>Take advantage of gullible users </li></ul><ul><li>Infect document, graphics, and executable files </li></ul><ul><li>Often include mass-mailing components </li></ul><ul><li>Can carry destructive payloads </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  18. 18. Viruses (continued…) <ul><li>Computer viruses have been around since 1975, when John Walker released a program called Pervade to distribute a game he had invented. The game replicated itself to UNIVAC systems everywhere and, according to some accounts, eventually ended up on UNIVAC system distribution tapes. </li></ul><ul><li>Since that time, many more virulent viruses have been written, and the damage they have caused in terms of time and money has been enormous. Corporations spend billions of dollars each year to protect themselves against viruses, and billions of dollars more when their protections fail. </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  19. 19. WORMS <ul><li>Self-replicating </li></ul><ul><li>Network-aware </li></ul><ul><li>Use bugs in programs or systems to spread </li></ul><ul><li>Can carry viruses or other payloads </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  20. 20. Worms (continued…) <ul><li>Worms scan networks looking for systems that are running operating systems or applications with certain known vulnerabilities. When they find a vulnerability, they insert themselves into the vulnerable system and begin using it to scan for more victims. </li></ul><ul><li>If a system is infected, any unpatched system connected to the network will be infected, repeating the cycle. </li></ul><ul><li>Discuss any recent news-making worms. Describe their attack vector and their payload. Discuss how infections from that particular worm might be prevented. </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  21. 21. TROJAN HORSES <ul><li>Usually e-mailed or downloaded </li></ul><ul><li>Appear to be a useful program or game </li></ul><ul><li>Carry payload or back door application </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  22. 22. Trojan Horses (continued…) <ul><li>Trojan horses rely on credulous victims. They appear on the Internet as useful programs or fun games. </li></ul><ul><li>When they are executed on the victim’s system, they install a back door application to let hackers control the system or they launch a viral payload on the victim. </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  23. 23. SPYWARE <ul><li>Has attributes of Trojan horses or worms </li></ul><ul><li>Spies on its victim </li></ul><ul><li>Might transmit marketing data or transmit personal data to the spyware author </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  24. 24. Spyware (continued…) <ul><li>Some spyware is voluntarily installed by users as part of a marketing agreement. </li></ul><ul><li>Other versions use viral or worm vectors to spread to target systems. Once installed, some versions simply collect demographic data. </li></ul><ul><li>Others log keystrokes or redirect browsers to sites that pay a royalty to the author. </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  25. 25. ZOMBIES <ul><li>Payload of worm or Trojan horse </li></ul><ul><li>Remotely controlled to attack network targets </li></ul><ul><li>Participate in large-scale assaults on public Web sites </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  26. 26. Zombies (continued…) <ul><li>Zombies are planted and controlled by hackers to attack large sites. </li></ul><ul><li>Fleets of zombies can be coordinated by one “zombie master” to direct large-scale attacks against targets. </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  27. 27. DIRECT HACKING <ul><li>Relatively low incidence </li></ul><ul><li>Hardest form of attack to defeat </li></ul><ul><li>Although well-publicized by the movie industry, direct interactive penetration by hackers is relatively rare because it takes time, patience, and skill to locate vulnerable components on the intended victim’s system. Many hackers prefer to use mass attacks such as worms, Trojan horses, and viruses to gain access to systems. </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  28. 28. PROTECTIVE TECHNOLOGIES <ul><li>Security Center </li></ul><ul><li>Windows Firewall </li></ul><ul><li>Internet Connection Sharing (ICS) </li></ul><ul><li>Third-party utilities </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  29. 29. SECURITY CENTER Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  30. 30. FIREWALL TERMINOLOGY <ul><li>Packet filtering </li></ul><ul><ul><li>The process of inspecting packet headers to determine whether they are allowed to enter the network. Those that do not conform with established rules for address, port, or protocol type are dropped. </li></ul></ul><ul><li>Stateful packet filtering </li></ul><ul><ul><li>A more advanced form of packet filtering where inbound packets must be received in response to an initial communication from the system. Outbound traffic is tracked in a “state table,” and inbound packets must conform to expected reply traffic to those communications. </li></ul></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  31. 31. FIREWALL TERMINOLOGY <ul><li>Exceptions (packet filter rules) </li></ul><ul><ul><li>Rules that allow some inbound traffic to enter your system. For example, to allow Remote Desktop to enter your system if you want to access your system from work or school, you would enable an exception. </li></ul></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  32. 32. FIREWALL TERMINOLOGY <ul><li>Allowed traffic </li></ul><ul><ul><li>Packet traffic that is allowed to pass the firewall. </li></ul></ul><ul><li>Rejected traffic </li></ul><ul><ul><li>Packet traffic that has not met acceptance rules and is dropped. </li></ul></ul><ul><li>Logging </li></ul><ul><ul><li>The process by which firewalls maintain a history of acceptance and rejection events. Logging is often used to discover penetration attempts or troubleshoot connectivity issues. </li></ul></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  33. 33. ENABLING WINDOWS FIREWALL Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  34. 34. FIREWALL EXCEPTIONS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  35. 35. ADVANCED WINDOWS FIREWALL SETTINGS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY ICMP - Internet Control Message Protocol
  36. 36. MONITORING INTERNET SECURITY <ul><li>Windows Firewall monitoring </li></ul><ul><li>Service logs </li></ul><ul><li>Event logs </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  37. 37. WINDOWS FIREWALL ALERTS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  38. 38. WINDOWS FIREWALL LOGS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  39. 39. SERVER LOGS Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY
  40. 40. SUMMARY <ul><li>IP addresses are 32-bit binary addresses. </li></ul><ul><li>The network portion of IP addresses determines location. </li></ul><ul><li>CIDR allows creation of custom netblocks. </li></ul><ul><li>CIDR permits use of variable-length subnet masks. </li></ul><ul><li>Windows Firewall blocks unauthorized packets. </li></ul><ul><li>Windows Firewall exceptions allow specified traffic to pass through the firewall. </li></ul><ul><li>Alerts and logs warn of attempted attacks. </li></ul>Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY

×