Chapter 3: Securing Network PDF

Summary

This document covers Chapter 3 on securing networks. Topics explored include intrusion detection systems (IDS), firewalls, intrusion prevention systems (IPS), packet sniffing, and network access control. It also discusses VPNs and VPN concentrators.

Full Transcript

Chapter 3: Securing Network Introduction  Understanding IDS and IPS.  Remote Access.  Network Access Control. IDSs and IPS  Intrusion Detection System (IDS) Detects attacks but does not stop them Detective control Passive IDS merely logs attacks,...

Chapter 3: Securing Network Introduction  Understanding IDS and IPS.  Remote Access.  Network Access Control. IDSs and IPS  Intrusion Detection System (IDS) Detects attacks but does not stop them Detective control Passive IDS merely logs attacks, and/or sends alerts Active IDS may send alerts and change environment Firewall Preventive control Attempts to prevent attacks before they occur  Intrusion Prevention System (IPS) Stops attack in progress Preventive control Similar to Active IDS Packet Sniffing Host-based and Network-based IDS Host and Network-based IDS Sensor and Collector Placement IDS Detection Methods IDS Detection Methods IDS considerations IDS collects data from various sources Firewall logs System logs Application logs May monitor logs in real time IDS considerations Passive (Alerts personnel) Pop-up window Central monitor E-mail Page or text message Active Alerts personnel Modify ACL on Firewall  Close process Divert attack to a honeypot or other safe environment IDS considerations Alarms Also called Alerts Indicates that an interesting event was detected Does not always indicate a real attack Configuration Set threshold low enough to detect all real attacks, but High enough to avoid too may false positives False positive: Alert on nonthreatening events False negative: Real attack, but no alert IDS considerations IDS Threshold Number of events required to cause an alert Example: 50 incomplete TCP handshakes per minute from the same IP There are no established rules for thresholds Must be "tuned" by administrators Untuned security devices tend to produce many false positives IDS considerations Counterattacks Some active IDS systems attack the attacker back Legal problems Likely that you are attacking another innocent victim Other tools Honeypot Appears to be a server worth hacking into Has no valuable data Often used to collect knowledge about attackers  Can be useful to observe zero day exploits Other tools SSL / TLS decryptors Placed in DMZ between user and Internet Allow inspection of content 802.1x port security Provides port-based authentication Prevents rogue devices. Honey Pot Exploring Remote Access Remote Access Through dial-up or VPN (Virtual Private Network) VPN Uses the Internet Faster and cheaper than Dial-up Uses tunneling to move LAN packets over the Internet VPN Concentrator Used at large companies Includes Strong encryption and authentication Handles many clients Network Access Control Checks health of client Health agent runs on client Deny access if clients don't provide valid credentials

Use Quizgecko on...
Browser
Browser