Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Defending Networks - Recording from cyber security webinar 4

560 views

Published on

Network security is not rocket science – it just needs a bit of dedication and discipline. Network protection creates a secure platform for your other assets – servers, computers, and software – so that users can safely get on with their daily work. Learn more about how to defend networks from the video recording from the following link and presentation slides on this page.
https://business.f-secure.com/defending-networks-recording-from-cyber-security-webinar-4/

Published in: Technology
  • Be the first to comment

Defending Networks - Recording from cyber security webinar 4

  1. 1. 1 DEFENDING NETWORKS CYBERSECURITY WEBINARPART4 JARNONIEMELÄ F-SECURE 15th ofOctober2015
  2. 2. CYBERSECURITY WEBINAR SERIES-PART4 © F-Secure2 • INTRODUCTION TO CYBERSECURITY • DEFENDING WORKSTATIONS • DEFENDING SERVERS • DEFENDING NETWORKS - NOW • RESPONDING TO AN INCIDENT 9TH NOVEMBER 2015 • BUILDING SECURE SYSTEMS 3RD DECEMBER 2015 RECORDINGS: HTTPS://BUSINESS.F-SECURE.COM
  3. 3. 3 DEFENDING NETWORKSJARNONIEMELÄ SENIORRESEARCHER F-SECURE
  4. 4. WHATDOESHACKING LOOK LIKE? Let’s hack like in the movies  Kali 2.0  Armitage graphical hacking environment  https://www.kali.org/ In real life hacking is not mostly this easy  But it is, if attacker has a working exploit or system is totally out of date  Most commonly the attacked service is some web application  Or company in house application © F-Secure4
  5. 5. BASICS OFNETWORK DEFENCE  Limit access also inside the local network  Update all hosts, servers and network equipment  Have only the services visible that are needed  Monitor the network  Perform regular audits © F-Secure5
  6. 6. ATYPICAL NETWORK © F-Secure6 DC Email and File server Office DMZ Internal Servers Web server
  7. 7. ATYPICAL INFECTED NET © F-Secure7 DC Email and File server Office DMZ Internal Servers Web server
  8. 8. ATYPICAL INFECTED NET © F-Secure8 DC Email and File server Office DMZ Internal Servers Web server
  9. 9. ATYPICAL INFECTED NET © F-Secure9 Web server DC Email and File server Office DMZ Internal Servers
  10. 10. WELL BUILT NETWORK © F-Secure10 Web server Rabbit(DC) Turtle(Email and File server) VPN DMZ Internal Servers Office Use port isolating switches  All routing with firewalls  Except some server to server connections Do not have servers with obvious names  Have honeypots with obvious names Control all traffic with firewalls  Workstations can only access the servers they need  Allow outside access only over proxies  Servers cannot connect to clients or other servers they don’t need DC (honeypot)
  11. 11. TAKECAREOFNETWORK EQUIPMENT Nowadays network equipment are just custom Linux servers  Make sure you keep them up to date Don’t have any open services that are not needed  Firewall should have no open ports visible to the internet  Use separate VPN server and route over firewall Monitor firewall for abnormalities  Any traffic coming from firewall without corresponding external source is rather suspicious  Monitor that your DNS server is giving correct answers © F-Secure11
  12. 12. MOVEPUBLICTHINGS TO PUBLICCLOUDS Your public web server is a visible target  Almost every DOS attack hits the easy target Do not run public services in same network as rest of company systems  Either have a separate network, or move things to cloud This way a DOS attack against your website does not kill the rest of the systems  Mask the identify of your office/production network  Attacker is not supposed to see your vital connections with Whois Make sure your ISP contact includes a DOS mitigation service © F-Secure12
  13. 13. AUDIT TOMAKESURE  Configuration is not secure until it has been tested  Make sure that all security controls are always tested after modifications  At minimum use Nmap or another scanner to check for open ports  Network audit by a consultant is also an option to consider  Although consultant should be involved in planning stage © F-Secure13
  14. 14. LOGSANDIDSAREYOUR EYES ANDEARS Logs are invaluable in investigation  So make sure you log long enough also on network traffic Use IDS to detect anomalies Install honeypots to your network Look for things out of place  Workstation using RDP to another workstation  Workstation doing anything but DC queries to domain controller  Server accessing another server that it is not supposed to © F-Secure14
  15. 15. IDSISNOTMAGIC Signature IDS detects only incompetent attackers  Scanners are relatively useless in AV  They are even more useless in network traffic Anomaly IDS are mostly false alarm generators Thus for IDS to be useful, you need a well configured network When normal traffic is restricted anomalies are interesting If a workstation is breaking rules  It means someone has disabled the local firewall © F-Secure15
  16. 16. CONCLUSIONS  Network security is all about limiting and monitoring  Limit what connections servers and workstations can do  Monitor for anything that breaks those limitations © F-Secure16
  17. 17. THANK YOUFORYOUR PARTICIPATION! 17 STAY TUNED FOR THE FUTURE CYBER SECURITY WEBINAR SERIES: 9 November 2015 at 11.00 EET: “Responding to an incident” 3 December 2015 at 11.00 EET: “Building secure systems” The Recording will be available at the BUSINESS SECURITY INSIDER https://business.f-secure.com

×