Telecommuncation
DrunkenCheetha
week4slides.pptxNetwork Security, Firewalls,
and VPNs
Lesson 4
Network Security Implementation and Management
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
1
Previous Assigned Homework
Read all assigned chapters and complete all assigned labs.
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Learning Objective
Describe network security implementation strategies and the roles each can play within the security life cycle
Identify network security management best practices and strategies for responding when security measures fail
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Key Concepts
Why layered security strategies help mitigate risks, threats, and vulnerabilities
Layering security to provide enhanced security for enterprise network resources
Practices for hardening systems and networks against an attack
Security is a process or life cycle that requires constant attention
Identifying security concerns of local, remote, and mobile employees
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Layered Security
Security Policy
Firewall
IDS/IPS
Vulnerability Assessments
Antivirus
Network
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
5
Layered Security in Action
Known Exploit Targets Your Web Server
Firewall—configured to allow Web traffic
IDS—detects the exploit
Vulnerability assessment—informs no action is needed because server is not vulnerable
A Zero-Day Virus E-mailed to a User
Firewall—configured to allow E-mail
IDS—does not have signature for new virus
Antivirus—Heuristic engine identifies possible virus-like activity
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Concentric Castles
Superior defense
Two or more perimeter walls
Outer wall
Inner wall
Collapsible defense
Secure the keep
Focus on perimeter security
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
7
Network Security Application
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Similar to a DMZ
Two or more firewalls
External firewall
Internal firewall
Secure the internal network
Layers of perimeter defense
5/26/16
8
Network Security Application
Similar to a DMZ
Two or more firewalls
External firewall
Internal firewall
Secure the internal network
Layers of perimeter defense
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Similar to a DMZ
Two or more firewalls
External firewall
Internal firewall
Secure the internal network
Layers of perimeter defense
5/26/16
9
Improving Concentric Castles
Relied upon walls as barriers to entry
Add additional barriers
Moats
Add additional defenses
Ranged defense
Archers
Vats of hot oil
Melee defense
Knights
Swordsmen
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
10
Building Upon Layered Security
Layered only provides breadth
Depth=overlapping countermeasures at each layer
Can be from multiple vendors
If one is good two must be better
Different AV patterns=higher chance for detection
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
11
Desktop Antivirus from Vendor A
E-mail Antivirus
from Vendor B
Antivirus Defense in Depth
The Bigger Picture
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
12
Firewall
External Firewall from Vendor A
Internal Firewall from Vendor B
Antivirus
Server AV
Desktop AV
IDS/IPS
Network IDS
Host IPS
Public Addresses
Finite number of addresses available
Issued by Internet Assigned Numbers Authority (IANA)
Controlled at the regional level by Regional Registry Entry
Direct communication with the Internet
Required for Internet-facing applications
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
13
Private Addresses
Reserved IP space
Class A: 10.0.0.1-10.255.255.255
Class B: 172.16.0.0-172.31.255.255
Class C: 192.168.0.0-192.168.255.255
Can be reused on internal networks
Isolated from Internet
Need to use network address translation (NAT) to communicate with Internet
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
14
Static Addressing
Each system is configured with an address
IP addresses managed at the device level
Each system is guaranteed the same address
Making changes can be cumbersome
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Static addresses are assigned at the device level. Systems are manually configured with an IP address. A central authority does not exist
5/26/16
15
Dynamic Addressing
Dynamic Host Control Protocol (DHCP)
Requests IP address from centralized system
Addresses leased for a set period of time
Systems may acquire different address.
Reservations for the same address can be made
Addressing centrally controlled
An attacker may be able to “borrow” an address
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Dynamic addresses are assigned dynamically from a central system.
5/26/16
16
Best Practices: Strategy
Create written plans
Security policy
Incident response plan
Business continuity plan (BCP)
Disaster recovery plan (DRP)
Security checklists
Perform regular maintenance
Back up regularly and test restores frequently
Monitor and review collected log files frequently
Constantly identify the weakest architectural link
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Best Practices: Strategy (cont.)
Perform diligent testing of new systems before deploying in production
Implement the principle of least privilege
Deploy layered defenses
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Best Practices: Devices
Maintain physical security over users and equipment
Install and maintain virus and malware protection at all layers in the environment
Harden both internal and perimeter devices
Develop and follow a patch management strategy
Enforce hard drive or file encryption
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Best Practices: Connectivity
Restrict Internet connections to required activity
Limit remote access to required connectivity
Encrypt all internal network traffic
Require multi-factor authentication
Use default-deny over default-permit whenever possible
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
User Training
Q: What is user training?
A: Educational information presented through various mechanisms that clearly defines security policies, their boundaries and imposed limitations
Q: Why is user training important?
A: Training drives user accountability, understanding, and acceptance of obligatory security policies
It is imperative that regular renewal of security awareness training occurs
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Security Awareness
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Security awareness defines, informs, explains, and teaches users the principles of security and why they are important.
Every user in an organization has a part to play in upholding company security.
Awareness and education may be tailored to job specific or role specific content.
Policies and procedures are driven by people
-Without mechanisms that can be used to aid users in secure network use, much of the administrative work put into implementing best practices for network security may become disreputable.
5/26/16
22
Security Awareness
Defines
Informs
Explains
Teaches
Network Security Assessments
Q: What is a network security assessment?
A: The process of judging, testing, and evaluating a deployed security solution
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Conducting Network Security Assessments
Perform a risk assessment
Execute the security assessment:
Perform configuration scanning
Perform vulnerability scanning
Execute penetration testing
Perform a post-mortem assessment review
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Security Information and Event Monitoring (SIEM)
A SIEM is a tool that allows for automation of log and event centralization and analysis
Functions of a SIEM
Log centralization
Log management
Log monitoring
Purposes of a SIEM
Incident detection
Incident response and alerting
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Commonly Available SIEM Tools
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
enVision
Qradar
Eventia
Security Manager
nDepth
Endpoint/Node Security
Node is any device on the network; Endpoint is a device with an IP address
Different types of nodes require different types of security
Security of individual devices creates greater network security
Roles involved in node security
End-Users: acceptable use, security awareness
System Admin: responsible for implementation
Network Admin: responsible for networking devices
Physical Security Staff: responsible for physical controls
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Endpoint/Node Security Concerns
Clients
Antivirus scanner
Firewall
Screen lockout
Physical lock
Server
Redundancy
Strong authentication
Physical isolation
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Endpoint/Node Security Concerns (cont.)
Networking devices (routers and switches)
Strong authentication
Accounting
Physical isolation
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Network Security
Addressing
Private/Public
Static/Dynamic
Topology
Ring, Bus, Star, Line, Tree, Full Mesh, Partial Mesh
Protocols
Communication
Outbound
Inbound
Redundancy
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Physical Security
Physical access bypasses many other controls.
Critical devices should de stored is an isolated data center.
Multifactor physical authentication
Limit staff with access
Fire suppression
CCTV cameras where appropriate
Compensating controls for mobile devices
Encryption
Anti-theft tracking software
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Administrative Controls
Corporate objectives
Policies
Procedures
Standards
Guidelines
Training
Awareness
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Network Security: Key Components
Primary objectives: confidentiality, integrity, availability
Security policy
Layered security + defense-in-depth
Network design: protocols, topologies, addressing, and communication
Equipment selection
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Network Security: Key Components
System hardening
Authentication, authorization, and accounting
Encryption
Redundancy
Endpoint security
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Incident Response Team (IRT)
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Team leader
Information security members
Network administrators
Physical security personnel
Legal
Human resources (HR)
Communications/public relations (PR)
5/26/16
35
Team Leader
IS Members
Network Admins
Physical Sec Personnel
Legal
HR
PR
Incident Response
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Preparation
Detection
Containment
Eradication
Recovery
Follow-up
Authentication
Verification of identity
Drivers license
User name/password
Most common
Weakness of passwords
Multifactor
Something you know (password/pin)
Something you have (security token/ATM card)
Something you are/do (biometrics/behavioral based)
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Verification of identity
Drivers license
User name/password
Most common
Weakness of passwords
Multifactor
Something you know (password/pin)
Something you have (security token/ATM card)
Something you are/do (biometrics/behavioral based)
Used if strong authentication is needed (remote access)
Common for physical access (HID + PIN)
5/26/16
37
Authorization
Concerned with what one has access to do
Least privileges
Access to what one needs to complete job
Typically occurs after authentication
Example: purchasing beer
Clerk checks ID verifies picture match (authentication)
Checks DOB to see if > 21 (authorization)
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Accounting
Logging
All attempts failed and successful
Who, what, when
Auditing
Checking for compliance to ensure appropriate access
Monitoring
Looking for violations
Checking for unauthorized access
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Encryption
Data at rest
File encryption
Database encryption
Disk encryption
Data in transit
Ensures integrity, confidentiality, and privacy
Nonrepudiation
Encrypted tunnel: IPSec and SSL/TLS
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Highlight that encryption is only concerned with Confidentiality and Integrity. Unlike other areas there are not availability implications.
Compartmentalization and Containment
Compartmentalization is an element of infrastructure design
Creates small collectives of systems that support work tasks while minimizing risk
Containment should interrupt or interfere with the continued spread or operation of the unwanted event
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
41
Honeypots, Honeynets, and Padded Cells
Honeypot traps intruders, detects new attacks, serves as a decoy
Honeynet is a network of honeypots
Padded cell is a form of a honeypot, turned on when an intruder is detected, acts as a lure
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
42
Summary
Why layered security strategies help mitigate risks, threats, and vulnerabilities
Layering security to provide enhanced security for enterprise network resources
Practices for hardening systems and networks against an attack
Security as a process rather than as a goal
Security is a process or life cycle that requires constant attention
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Summary
Best practices for network security management
Strategies for integrating network security strategies with firewall defenses and VPN remote access
Value of incident response planning, testing and practice
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
44
Virtual Lab
Configuring a Virtual Private Network Server
Read Chapters 5 and 6
MUST BE completed by DUE DATE!
Required Text
Midterm Exam
Page ‹#›
Network Security, Firewalls, and VPNs
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Use the following script to introduce the lab:
“In this lesson, you identified network security management best practices, such as layered security, strategies for managing devices and connectivity, and encryption. You also learned the purpose of an incident response team and tips for responding when security measures fail.
VPNs are part of a layered approach to security. In the lab for this lesson, Configuring a Virtual Private Network Server, you’ll configure the server side of a Linux Debian Openswan virtual private network.”
