501 ch 4 securing your network

Proprietary & Confidential
@GoCyberSec | January 2020
Chapter 4
Securing Your Network
CompTIA Security +

Introduction
• Exploring advanced security devices
• Securing wireless networks
• Understanding wireless attacks
• Using VPNs for remote access

Understanding IDSs and IPSs
• Intrusion Detection System (IDS)
–Detective control
–Attempts to detect attacks after they occur
• Firewall is a preventive control
–Attempts to prevent the attacks before they occur
• Intrusion Prevent System (IPS)
–A preventive control
–Will stop an attack in progress.

Packet Sniffing
• Also called protocol analyzer
• Captures and analyzes network traffic
• Wireshark – free packet sniffer
• IDSs and IPSs include packet sniffing capabilities

Host- and Network-Based IDS
HIDS
• Additional software on a workstation or server
• Can detect attacks on the local system
• Protects local resources on the host such as operating system
files
• Cannot monitor network traffic

Host- and Network-Based IDS
NIDS
• Installed on network devices, such as routers or firewalls
• Monitors network traffic
• Can detect network-based attacks such as smurf attacks
• Cannot monitor encrypted traffic and cannot monitor traffic on
individual hosts.

Sensor and Collector Placement

IDS Detection Methods
Signature-Based
• Also called definition-based
• Use a database of predefined traffic patterns (such as CVE list)
• Keep signature files up-to-date
• Most basic form of detection
• Easiest to implement

IDS Detection Methods
Heuristic-, behavior-based
• Also called anomaly-based
• Starts with a performance baseline of normal behavior
• IDS compares activity against this baseline
• Alerts on traffic anomalies
• Update the baseline if the environment changes
https://www.youtube.com/watch?v=RwWM0srLSg0

IDS Considerations
• Data sources and trends
• Reporting
• IDS thresholds
• False positives
• Increase administrator’s workload
• False negatives
• No report during an incident

IDS Considerations
Passive
• Notifies
• Pop-up window
• Central monitor
• E-mail
• Page
• Text message
Active
• Notifies
• Modifies environment
–Modify ACLs
–Close processes
–Divert the attack
Counterattacks
• Don’t do it
–Attackers are dedicated
–Attackers have unlimited time

IDS vs IPS
• IPS is a preventive control
–Can actively monitor data streams
–Can detect malicious content
–Can stop attacks in progress
• IPS is placed in line with traffic
–IDS is out-of-band

SSL / TLS Tools
• SSL decryptors
–Placed in DMZ between users and Internet
–Allows inspection of content

Other Tools
• Honeypots and Honeynets
–Used to divert an attacker
–Allow IT administrators an opportunity to observe
methodologies
–Can be useful to observe zero day exploits
• 802.1x port security
–Provides port-based authentication
–Prevents rogue devices from connecting

Honey Pot

Securing Wireless Networks
• WAPS and wireless routers
• All wireless routers are WAPs
• Not all WAPs are wireless routers

Wireless Routers

Access Point SSID
• Network name
• Change default SSID
• Disabling SSID broadcast
– Hides from some devices
– Does not hide from attackers

MAC Filtering

Network Architecture and Zones
• Wireless
–Provides wireless devices access to wired networks
• Guest
–Typically provides Internet access to guests
–Rarely gives access to network resources
• Ad hoc
–Network between two or more wireless networks
–As needed

Wireless Cryptographic Protocols
• WPA – Interim replacement for WEP
–Deprecated
• WPA2 – Current standard
–Provides best security when used with CCMP
• TKIP
–Older encryption protocol used with WPA
• CCMP
–Based on AES
–Recommended to be used with WPA2

Enterprise Mode
• Adds strong authentication
• Uses an 802.1X server (implemented as a RADIUS server) to add
authentication
• RADIUS server
– RADIUS port
– Shared secret
– Similar to a password

Enterprise Mode

Wireless Attacks
• Disassociation attack
– Removes a wireless client from a wireless network
• WPS
– Streamlines process of configuring wireless clients
• WPS attack
– Brute force method to discover WPS PIN
– Reaver

Wireless Attacks
• Rogue access points
– Unauthorized AP
• Evil twins
– Rogue AP with same SSID as legitimate AP

Bluetooth Wireless
• Bluejacking
– Unauthorized sending of text messages from a Bluetooth device
• Bluesnarfing
– Unauthorized access to or theft of information from a Bluetooth
device
• Bluebugging
– Allows an attacker to take over a mobile phone

Wireless Attacks
• Wireless replay attacks
– Captures data
– Attempts to use to impersonate client
• RFID attacks
– Sniffing or eavesdropping
– Replay
– DoS
• Misconfigured Access Points
– Use WPA2 with CCMP
– Disable WPS

Exploring Remote Access
• VPNs and VPN concentrators

VPN Tunnel Comparisons
• Split tunnel
– Encrypts only some traffic (such as traffic going to private network)
• Full tunnel
– Encrypts all traffic from client
– Can route client traffic through UTM in private network for
monitoring and protection

Site-to-Site VPNs
• Gateways as VPN servers

Always-On VPNs
• Site-to-site VPNs
• Regular VPNs for users
• Mobile devices

Identity and Access Services
RADIUS

Network Access Control
• Health agents
– Inspects clients for predefined conditions
– Restricts access of unhealthy clients to a remediation network
– Used for VPN clients and internal clients

AAA Protocols
• Provide authentication, authorization, and accounting
– Authentication verifies a user’s identification
– Authorization provides access
– Accounting tracks user access with logs

Chapter 4 Summary
• Exploring advanced security devices
• Securing wireless networks
• Understanding wireless attacks
• Using VPNs for remote access

501 ch 4 securing your network

More Related Content

What's hot

Similar to 501 ch 4 securing your network

More from gocybersec

Recently uploaded

501 ch 4 securing your network