5-Network Defenses - UTPA Faculty Web

homuskratNetworking and Communications

Nov 20, 2013 (3 years and 8 months ago)

82 views

5
-
Network Defenses

Dr. John P. Abraham

Professor

UTPA

Introduction


A common mistake in network security


Attempt to patch vulnerabilities in a weak network
that was poorly conceived and implemented from
the start


Securing a network begins with the design of
the network and includes secure network
technologies


Crafting a Secure Network


Security through design


Subnetting, VLAN, DMZ, etc.


Security through network technologies


NAT, NAC, etc.


Network Security Devices


Firewall, proxy server, honeypot, NIDS, etc.


Intrusion Prevention Systems

Security+ Guide to Network Security Fundamentals, Third Edition

Security through Network Design


Subnetting


IP addresses are actually two addresses: one part
is a network address and one part is a host address


Classful addressing


The split between the network and host portions
of the IP address originally was set on the
boundaries between the bytes


Subnetting
or

subnet addressing


Allows an IP address to be split anywhere


Networks can essentially be divided into three
parts: network, subnet, and host

4

Subnetting


Isolates organizational groups


Decreased network traffic


Improved troubleshooting


Improved utilization of addresses


Minimal impact on external routers


Better organization


VLAN (virtual LAN)

Scattered individual units under same
organizational unit can be grouped together
(logical grouping rather than physical
grouping)


In most network environments, networks are
divided or segmented by using switches


A VLAN allows scattered users to be logically
grouped together even though they may be
attached to different switches


Can reduce network traffic and provide a degree
of security similar to subnetting:


VLANs can be isolated so that sensitive data is
transmitted only to members of the VLAN


Convergence technologies (VOIP,
video, etc) vulnerability


Phones affected as OS is attacked


VOIP protocols have very little security


Lack of encryption for voip packages


Spam calls

Demilitarized Zone (DMZ)


Devices that provides service to outside users
are isolated, such as email and web servers.


If penetrated, confined to that server rather
than the LAN itself.

DMZ example


Network Address Translation (NAT)


NAT hides the private IP addresses assigned to
individual machines. A single or pool of public IPs are
used for public visibility.


Available private IP 10.0.0.0, 172.16.0.0 and
192.168.0.0


The NAT device removes the senders private IP from
the packet and replaces it with an alias. The NAT
device then keeps a table of it and the process is
reversed when a packet arrives.


A variation is port address translation. Each packet is
given the same IP address but a different port number.

Security+ Guide to Network Security Fundamentals, Third Edition

Security through Network
Technologies


Network Address Translation (NAT)


Hides the IP addresses of network devices from
attackers


Private addresses


IP addresses not assigned to any specific user or
organization


Function as regular IP addresses on an internal
network


Non
-
routable addresses

12

Security+ Guide to Network Security Fundamentals, Third Edition

Security through Network
Technologies (continued)


NAT removes the private IP address from the
sender’s packet


And replaces it with an alias IP address


When a packet is returned to NAT, the process
is reversed


An attacker who captures the packet on the
Internet cannot determine the actual IP
address of the sender

13

Security+ Guide to Network Security Fundamentals, Third Edition

Security through Network
Technologies (continued)

14

Network Access Control (NAC)


A special quarantined network area where
new devices or guests are allowed to connect
to. Only after passing required security checks
they are allowed to connect to the LAN.


CISCO


network admission control


Microsoft


Network Access protection


Juniper


Unified access control


Trusted computing group


trusted network
connect

Security+ Guide to Network Security Fundamentals, Third Edition

Applying Network Security Devices


Devices include:


Firewalls


Proxy servers


Honeypots


Network intrusion detection systems


Host and network intrusion prevention systems


Protocol analyzers


Internet content filters


Integrated network security hardware

16

Firewall


Filtering data packets


a gatekeeper to the
network.


Rule based


Allow, block, prompt.


Stateful packet filtering


Packet is not allowed to pass to a client, unless the
client requested it from the server.

Example packet filtering rules


See table 5
-
6 p 167


Source address = any


Destitation address = internal ip


Port =80

Proxy Server



Intercepts internal user requests and
processes that request on behalf of the user.
It hides the IP address of the client system
inside the secure network


When a request for webpage is made the
client actually contacts the proxy server, which
checks to see if that page exists in the cache


Honeypot



Intended to trap attackers.


A honeypot is a computer located in a DMZ
that is loaded with software and data files that
appear to be the real thing.


Deflect attention


Early warnings of new attacks


Examine attacker techniques

Network Intrusion Detection Systems
(NIDS)


Watches for attempts to penetrate a network.


Table 5
-
9 p.171


NIDs looks for suspicious patterns.