© itt educational services, inc. all rights reserved. is3220 information technology...

© ITT Educational Services, Inc. All rights reserved.

IS3220 Information Technology Infrastructure Security

Unit 4Network Security Tools and Techniques

© ITT Educational Services, Inc. All rights reserved.IS3220 Information Technology Infrastructure Security

Class Agenda 1

Learning Objectives Discussion of Project Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times. 10 Minutes break in every 1 Hour. Note: Submit all Assignment and labs due today.


Class Agenda 2

Theory: 6:00pm -8:00pm Lab: 8:15pm to 11:00pm


Reading Assignment

Chapter 5: Network Security Implementation

Chapter 7: Exploring the Depths of Firewalls

Chapter 15: Perspectives, Resources, and the Future


Learning Objective and Key ConceptsLearning Objective Identify network security tools and discuss techniques for

network protection

Key Concepts Securing the LAN-to-WAN Domain – Internet

ingress/egress point Mitigating risk with IDSs and IPSs Intrusion detection and intrusion prevention strategies Automated network scanning and vulnerability

assessment tools Data protection strategies


Network Security Implementation

Seven domains are commonly found in the typical IT infrastructure

Hackers look for every opportunity to exploit a target.

No aspect of an IT infrastructure is without risk or immune to the scrutiny of hackers.

Each of the seven domains of a typical IT infrastructure has unique aspects that need security improvements


Seven Domains of IT Infrastructure

Risk associated to the every Seven Domains of IT Infrastructure

User Domain- training, strong authentication, granular authorization, and detailed accounting.

Workstation Domain- require security countermeasures such as antivirus, anti-spyware, and vulnerability software patch management

Local Area Network (LAN) Domain-Protocols, addressing, topology, and communication encryption provide security for this domain.


LAN-to-Wide Area Network (WAN) Domain- Switches, routers, firewalls, proxies, and communication encryption are important aspects of security for this domain.

Remote Access Domain- involve SSL 128-bit encrypted remote browser access or encrypted VPN tunnels for secure remote communications.

WAN Domain- Protocol selection, addressing schemes, and communication encryption are elements of securing this domain.

Systems/Applications Domain -Network design, authentication, authorization, accounting, and node security are important security concerns for this domain.


EXPLORE: CONCEPTS


Vulnerability Assessment Scanners

Network Scanners Web Application Scanners


Nmap and Zenmap Network mapper (Nmap) runs at command line

Zenmap is the graphical user interface to Nmap

Originally intended as a network mapping utility

Port scanning and host detection features• Identify access points to a network • Identify holes in access controls

Highly configurable

Open source


Zenmap: Nmap Output Tab


Nessus Commercial security scanner developed by

Tenable Network Security UNIX based Network-centric with Web-based consoles and a

central server Offers a comprehensive set of tools Useful tool for larger networks Reports indicate which ports are open on which

hosts and any security threats to those ports


Retina Proprietary vulnerability scanner

Deep-scan a network looking for known issues that have not been patched in existing applications

Also scans for open ports

Output report indicates network vulnerabilities and the state of the environment

Easy-to-understand graphically intensive format


SAINT SAINT = System Administrator’s Integrated

Network Tool Commercial vulnerability assessment tool UNIX based Full suite of tools like Nessus Saint Corporation sells SAINT and other

security tools


EXPLORE: PROCESS


Network Analysis Also referred to as “network forensic analysis” Analysis of network data to reconstruct network

activity over a specific period of time Common uses

• Detect vulnerabilities and threats

• Reconstruct the sequence of events that took place during a network-based security incident

• Discover the source of security policy violations or information assurance breaches


Network Analysis (Continued) Able to Reveal• Vulnerabilities

• Probing

• Denial of service (DoS) attacks

• User-to-root attacks

• Remote-to-local attacks


Overview of Network Analysis Tools Packet Capture Tools Intrusion Detection Systems (IDSs) Data Collector


EXPLORE: ROLES


Data Loss/Data Leak Prevention Tools Detect and block sensitive data from

exiting a network Enforce policies across file shares,

databases, e-mail systems and on stored data

Two basic types• Perimeter-based and client-based• Some product combine the types

Cloud products are coming


EXPLORE: CONTEXT


The LAN-to-WAN Domain


Ingress and Egress

Ingress = Inbound traffic Egress = Outbound traffic


The Boundary Router Functions at the network perimeter in the

DMZ Accepts traffic from the Internet Filters unapproved traffic and passes

approved traffic to firewall Protects the internal network against IP

address spoofing and directed IP broadcasts


Ingress Filtering Excludes or rejects all data packets that

have an internal host address

Drops non-routable IP addresses

Note: Non-routable IP addresses are specified in RFC 1918 (Private Network Addresses)


Egress Filtering Stops packets from leaving the internal

(company) network that have non-company addresses as their source address


Intrusion Detection System (IDS) Monitors internal hosts or networks Seeks symptoms of compromise or intrusion Upon detection of an intruder, an IDS can:

• Send commands or requests to the firewall to break a connection

• Block an IP address• Block a port/protocol

Some IPSs provide basic data loss/leak prevention capabilities


Intrusion Prevention System (IPS)Monitors internal hosts or networks

watching for symptoms of compromise or intrusion

Detects attempts to attack or intrude before they are successful

Upon detection of an intruder, an IPS can respond by preventing the success of the attempt


IDS vs. IPS

IDS IPS

Detects and Acts Prevents

Reacts to events that IPS misses

First layer of proactive defense


Host-Based vs. Network-Based IDSs/IPSs IDSs and IPSs

• IDSs and IPSs look for attack signatures—specific patterns that usually indicate malicious or suspicious intent

• Can be anomaly-based or behavioral-based Host-based and Network-based IDSs/IPSs

• Network-based IDSs/IPSs look for patterns in network traffic

• Host-based IDSs/IPSs look for attack signatures in log files


Summary Securing the LAN-to-WAN Domain ~

• Internet ingress and egress point Mitigating risk with IDSs and IPSs Intrusion detection and intrusion

prevention strategies Automated network scanning and

vulnerability assessment tools Data protection strategies


Unit 4 Assignments Discussion 4.1 Host-Based vs. Network-Based IDSs/IPSs

Lab 4.2 Configuring a pfSense Firewall on the Server

Assignment 4.3 Identify Unnecessary Services From a Saved Vulnerability Scan

Project 4.4 Network Survey

© itt educational services, inc. all rights reserved. is3220 information technology...

Documents