© itt educational services, inc. all rights reserved. is3220 information technology...
DESCRIPTION
© ITT Educational Services, Inc. All rights reserved.Page 3 IS3220 Information Technology Infrastructure Security Class Agenda 2 Theory: 6:00pm -8:00pm Lab: 8:15pm to 11:00pmTRANSCRIPT
© ITT Educational Services, Inc. All rights reserved.
IS3220 Information Technology Infrastructure Security
Unit 4Network Security Tools and Techniques
© ITT Educational Services, Inc. All rights reserved.Page 2IS3220 Information Technology Infrastructure Security
Class Agenda 1
Learning Objectives Discussion of Project Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times. 10 Minutes break in every 1 Hour. Note: Submit all Assignment and labs due today.
© ITT Educational Services, Inc. All rights reserved.Page 3IS3220 Information Technology Infrastructure Security
Class Agenda 2
Theory: 6:00pm -8:00pm Lab: 8:15pm to 11:00pm
© ITT Educational Services, Inc. All rights reserved.Page 4IS3220 Information Technology Infrastructure Security
Reading Assignment
Chapter 5: Network Security Implementation
Chapter 7: Exploring the Depths of Firewalls
Chapter 15: Perspectives, Resources, and the Future
© ITT Educational Services, Inc. All rights reserved.Page 5IS3220 Information Technology Infrastructure Security
Learning Objective and Key ConceptsLearning Objective Identify network security tools and discuss techniques for
network protection
Key Concepts Securing the LAN-to-WAN Domain – Internet
ingress/egress point Mitigating risk with IDSs and IPSs Intrusion detection and intrusion prevention strategies Automated network scanning and vulnerability
assessment tools Data protection strategies
© ITT Educational Services, Inc. All rights reserved.Page 6IS3220 Information Technology Infrastructure Security
Network Security Implementation
Seven domains are commonly found in the typical IT infrastructure
Hackers look for every opportunity to exploit a target.
No aspect of an IT infrastructure is without risk or immune to the scrutiny of hackers.
Each of the seven domains of a typical IT infrastructure has unique aspects that need security improvements
© ITT Educational Services, Inc. All rights reserved.Page 7IS3220 Information Technology Infrastructure Security
Seven Domains of IT Infrastructure
Risk associated to the every Seven Domains of IT Infrastructure
User Domain- training, strong authentication, granular authorization, and detailed accounting.
Workstation Domain- require security countermeasures such as antivirus, anti-spyware, and vulnerability software patch management
Local Area Network (LAN) Domain-Protocols, addressing, topology, and communication encryption provide security for this domain.
© ITT Educational Services, Inc. All rights reserved.Page 8IS3220 Information Technology Infrastructure Security
LAN-to-Wide Area Network (WAN) Domain- Switches, routers, firewalls, proxies, and communication encryption are important aspects of security for this domain.
Remote Access Domain- involve SSL 128-bit encrypted remote browser access or encrypted VPN tunnels for secure remote communications.
WAN Domain- Protocol selection, addressing schemes, and communication encryption are elements of securing this domain.
Systems/Applications Domain -Network design, authentication, authorization, accounting, and node security are important security concerns for this domain.
© ITT Educational Services, Inc. All rights reserved.Page 9IS3220 Information Technology Infrastructure Security
EXPLORE: CONCEPTS
© ITT Educational Services, Inc. All rights reserved.Page 10IS3220 Information Technology Infrastructure Security
Vulnerability Assessment Scanners
Network Scanners Web Application Scanners
© ITT Educational Services, Inc. All rights reserved.Page 11IS3220 Information Technology Infrastructure Security
Nmap and Zenmap Network mapper (Nmap) runs at command line
Zenmap is the graphical user interface to Nmap
Originally intended as a network mapping utility
Port scanning and host detection features• Identify access points to a network • Identify holes in access controls
Highly configurable
Open source
© ITT Educational Services, Inc. All rights reserved.Page 12IS3220 Information Technology Infrastructure Security
Zenmap: Nmap Output Tab
© ITT Educational Services, Inc. All rights reserved.Page 13IS3220 Information Technology Infrastructure Security
Nessus Commercial security scanner developed by
Tenable Network Security UNIX based Network-centric with Web-based consoles and a
central server Offers a comprehensive set of tools Useful tool for larger networks Reports indicate which ports are open on which
hosts and any security threats to those ports
© ITT Educational Services, Inc. All rights reserved.Page 14IS3220 Information Technology Infrastructure Security
Retina Proprietary vulnerability scanner
Deep-scan a network looking for known issues that have not been patched in existing applications
Also scans for open ports
Output report indicates network vulnerabilities and the state of the environment
Easy-to-understand graphically intensive format
© ITT Educational Services, Inc. All rights reserved.Page 15IS3220 Information Technology Infrastructure Security
SAINT SAINT = System Administrator’s Integrated
Network Tool Commercial vulnerability assessment tool UNIX based Full suite of tools like Nessus Saint Corporation sells SAINT and other
security tools
© ITT Educational Services, Inc. All rights reserved.Page 16IS3220 Information Technology Infrastructure Security
EXPLORE: PROCESS
© ITT Educational Services, Inc. All rights reserved.Page 17IS3220 Information Technology Infrastructure Security
Network Analysis Also referred to as “network forensic analysis” Analysis of network data to reconstruct network
activity over a specific period of time Common uses
• Detect vulnerabilities and threats
• Reconstruct the sequence of events that took place during a network-based security incident
• Discover the source of security policy violations or information assurance breaches
© ITT Educational Services, Inc. All rights reserved.Page 18IS3220 Information Technology Infrastructure Security
Network Analysis (Continued) Able to Reveal• Vulnerabilities
• Probing
• Denial of service (DoS) attacks
• User-to-root attacks
• Remote-to-local attacks
© ITT Educational Services, Inc. All rights reserved.Page 19IS3220 Information Technology Infrastructure Security
Overview of Network Analysis Tools Packet Capture Tools Intrusion Detection Systems (IDSs) Data Collector
© ITT Educational Services, Inc. All rights reserved.Page 20IS3220 Information Technology Infrastructure Security
EXPLORE: ROLES
© ITT Educational Services, Inc. All rights reserved.Page 21IS3220 Information Technology Infrastructure Security
Data Loss/Data Leak Prevention Tools Detect and block sensitive data from
exiting a network Enforce policies across file shares,
databases, e-mail systems and on stored data
Two basic types• Perimeter-based and client-based• Some product combine the types
Cloud products are coming
© ITT Educational Services, Inc. All rights reserved.Page 22IS3220 Information Technology Infrastructure Security
EXPLORE: CONTEXT
© ITT Educational Services, Inc. All rights reserved.Page 23IS3220 Information Technology Infrastructure Security
The LAN-to-WAN Domain
© ITT Educational Services, Inc. All rights reserved.Page 24IS3220 Information Technology Infrastructure Security
Ingress and Egress
Ingress = Inbound traffic Egress = Outbound traffic
© ITT Educational Services, Inc. All rights reserved.Page 25IS3220 Information Technology Infrastructure Security
The Boundary Router Functions at the network perimeter in the
DMZ Accepts traffic from the Internet Filters unapproved traffic and passes
approved traffic to firewall Protects the internal network against IP
address spoofing and directed IP broadcasts
© ITT Educational Services, Inc. All rights reserved.Page 26IS3220 Information Technology Infrastructure Security
Ingress Filtering Excludes or rejects all data packets that
have an internal host address
Drops non-routable IP addresses
Note: Non-routable IP addresses are specified in RFC 1918 (Private Network Addresses)
© ITT Educational Services, Inc. All rights reserved.Page 27IS3220 Information Technology Infrastructure Security
Egress Filtering Stops packets from leaving the internal
(company) network that have non-company addresses as their source address
© ITT Educational Services, Inc. All rights reserved.Page 28IS3220 Information Technology Infrastructure Security
Intrusion Detection System (IDS) Monitors internal hosts or networks Seeks symptoms of compromise or intrusion Upon detection of an intruder, an IDS can:
• Send commands or requests to the firewall to break a connection
• Block an IP address• Block a port/protocol
Some IPSs provide basic data loss/leak prevention capabilities
© ITT Educational Services, Inc. All rights reserved.Page 29IS3220 Information Technology Infrastructure Security
Intrusion Prevention System (IPS)Monitors internal hosts or networks
watching for symptoms of compromise or intrusion
Detects attempts to attack or intrude before they are successful
Upon detection of an intruder, an IPS can respond by preventing the success of the attempt
© ITT Educational Services, Inc. All rights reserved.Page 30IS3220 Information Technology Infrastructure Security
IDS vs. IPS
IDS IPS
Detects and Acts Prevents
Reacts to events that IPS misses
First layer of proactive defense
© ITT Educational Services, Inc. All rights reserved.Page 31IS3220 Information Technology Infrastructure Security
Host-Based vs. Network-Based IDSs/IPSs IDSs and IPSs
• IDSs and IPSs look for attack signatures—specific patterns that usually indicate malicious or suspicious intent
• Can be anomaly-based or behavioral-based Host-based and Network-based IDSs/IPSs
• Network-based IDSs/IPSs look for patterns in network traffic
• Host-based IDSs/IPSs look for attack signatures in log files
© ITT Educational Services, Inc. All rights reserved.Page 32IS3220 Information Technology Infrastructure Security
Summary Securing the LAN-to-WAN Domain ~
• Internet ingress and egress point Mitigating risk with IDSs and IPSs Intrusion detection and intrusion
prevention strategies Automated network scanning and
vulnerability assessment tools Data protection strategies
© ITT Educational Services, Inc. All rights reserved.Page 33IS3220 Information Technology Infrastructure Security
Unit 4 Assignments Discussion 4.1 Host-Based vs. Network-Based IDSs/IPSs
Lab 4.2 Configuring a pfSense Firewall on the Server
Assignment 4.3 Identify Unnecessary Services From a Saved Vulnerability Scan
Project 4.4 Network Survey