3. Technical Network Security_e828335af0701d1b4091018c4a51d486.pdf
Document Details
Uploaded by Deleted User
Tags
Related
- Access Control Principles, Terminologies, and Models PDF
- Cybersecurity Technician Network Security Controls PDF
- CY 343 Network Security - Data Link Layer Security (DLS) PDF
- Chapter 7 Access Control Lists PDF
- Network Security Features, Defense Techniques & Solutions PDF
- 4.3 Network Security Features (PDF)
Full Transcript
Technical Network Security Access Control Access control is the selective restriction of access to an asset or a system. It protects the information assets by determining the accessibility of resources. Principles of Access Control Separat...
Technical Network Security Access Control Access control is the selective restriction of access to an asset or a system. It protects the information assets by determining the accessibility of resources. Principles of Access Control Separation of Duties (SoD) Prevention from conflicting responsibilities Need-to-know Under the need-to-know access control principle, access is provided only to the information that is required for performing a specific task. Principle of Least Privilege (POLP) Dictates users, applications, and systems should only have the minimum levels of access necessary to perform their tasks or functions. Access Control Terminologies Subject: This refers to a particular user or process that wants to access a resource. Object: This refers to a specific resource that user wants to access, such as a file or a hardware device. Reference Monitor: It checks the access control rule for specific restrictions. Operation: It represents an action taken by a subject on an object. Access Control Models Access control models are the standards that provide a predefined framework for implementing the necessary level of access control. Mandatory Access Control Determines the usage and access policies for the users. A user can access a resource only if they have access rights to that resource. Discretionary Access Control DAC is alternatively named as a need-to-know access model. End user has complete access to the information they own. Access Control Models Role-Based Access Control Permission is assigned based on user role. The access permissions are beyond the user’s control; users cannot amend the access policies created by the system. Rule-based Access Control (RB-RBAC) Permissions are assigned to a user role dynamically based on a set of rules defined by the administrator. Example: Allow access to a file server only during business hours (e.g., 9 AM to 6 PM). Example of MAC Model: Bell-LaPadula Model (BLM) The BLM model focuses on data confidentiality and controlled access to classified information. With this model, information flow can be controlled for confidentiality based on two security properties: No read-up: A subject at a given security level may not read an object at a higher security level. No write-down: A subject at a given security level may not write to any object at a lower security level. Example of the DAC Model: Access Control Matrix Access control matrix is a two-dimensional array in which subjects are placed against the objects. Tools for Access Control MAC Implementation: The User Account Control (UAC) tool of Windows OS RBAC Implementation: Just Enough Administration (JEA) RBAC Implementation: Windows Admin Center (WAC) Access Control in Today’s Distributed Computing World Castle-and-moat model (Used earlier) Focuses on restricting access to the network resources to users from outside the network. However, once inside, the network users are automatically trusted. This model has lost its effectiveness in today’s distributed world. Zero Trust Network Model: Never Trust, Always Verify No one is trusted by default The user must access the network resources in a secure manner regardless of their location. The access control must be implemented on a least-privileged access basis. The network traffic must be inspected and logged. User Access Management: Types of Authentication Password Authentication Smart Card Authentication Smart card and Personal Identification Number (PIN) Authentication Biometric Authentication Fingerprint Scanning Retinal Scanning Face Recognition Voice Recognition Two-factor Authentication Something you know, something you have, and something you are. Single Sign-on (SSO) Authentication Cryptographic Security Techniques Symmetric Encryption (DES/ AES/ RC4/ RC5/ RC6) Cryptographic Security Techniques Asymmetric Encryption (RSA/ Message digest algorithm 5) Cryptographic Security Techniques Hashing (SHA160 or SHA512) Transforms the information into a fixed-length value that represents the original information. Cryptographic Security Techniques Digital Signature: Hash-based Message Authentication Code (HMAC) Firewalls A firewall is a software or hardware used to separate a protected network from an unprotected public network. Allows traffic to pass through if the traffic meets certain criteria. It denies traffic if it does not match certain criteria. Intrusion Detection and Prevention System Inspects all inbound and outbound network traffic in real-time for suspicious patterns that might indicate a network or system security breach. IDS alerts the administrator about suspicious activities. Check the network traffic for signatures that match known intrusion patterns and trigger an alarm when a match is found. How does an IDS Work? Honeypot A honeypot is an information system resource that is explicitly set up to attract and trap people who attempt to penetrate an organization’s network. It has no authorized activity, does not have any production value, and any traffic to it is likely a probe or an attack. A honeypot can log port access attempts or monitor an attacker's keystrokes. These could be early warnings of a more intensive attack. Proxy Server A dedicated computer or a software system virtually located between a client and the actual server. Intercepts and filters all the requests going to the real server Sentinel between an internal network and the open internet It serves client’s requests on behalf of actual servers, thereby preventing actual servers from exposing themselves to the outside world Network defenders should deploy a proxy server to intercept malicious, offensive web content, computer viruses, etc. Example of a Proxy Server: Squid Proxy Network Protocol Analyzer Example: Wireshark It is a combination of hardware and software that can be installed on an organization’s network to enhance network security against malicious activity. Also called a packet analyzer, network analyzer, etc. Examines packets transmitted across a network segment, decodes the packet’s data if needed, and analyzes its content. Load Balancer Load Balancer is a device that is responsible for distributing the network traffic across several servers in a distributed system. It has the capability of controlling the number of requests and protect rate-based attacks such as a denial of service (DoS) or a distributed denial of service (DDoS). Unified Threat Management (UTM) It is a network security management solution that allows an administrator to monitor and manage an organization’s network security through a centralized management console It provides firewall, intrusion detection, anti-malware, spam filter, load balancing, and virtual private network (VPN) capabilities using a single UTM appliance. Sophos Essential UTM Firewall Network Access Control (NAC) NAC solutions protect the network by restricting the connection of an end user to a network based on a security policy. The preinstalled software agent might inspect several items before admitting the device and might restrict where the device might be connected. What does NAC do? Authentication of users connected to network resources Identification of devices, platforms, and operating systems Defining a connection point of network devices Virtual Private Network (VPN) A VPN is a private network that uses public networks, such as the Internet, to provide secured connections to employees working remotely. It uses public networks and assures secure transfer of data between systems over an insecure network. It uses encryption techniques and security mechanisms to provide security by using tunneling protocols and encryption methods. Network Security Protocols Remote Authentication Dial-In User Service (RADIUS) RADIUS is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) for users who connect and use a network service. Authentication Authorization Accounting Terminal Access Controller Access Control System Plus (TACACS+) It is a network security protocol used for AAA of network devices such as switches, routers, and firewalls through one or more centralized servers. TACACS+ encrypts the entire communication between the client and the server, including the user’s password, which protects it from sniffing attacks PGP (Pretty Good Privacy) Encryption standards for securing email communications. Uses a combination of symmetric and asymmetric encryption (public/private key pair). Users generate their own public/private key pairs and verify each other's keys. Primarily used for encrypting and signing emails S/MIME Working Internet Protocol Security (IPsec) It is a network layer protocol that ensures secure IP-level communication. Provides end-to-end security at the internet layer of the internet protocol suite. Encrypts and authenticates each IP packet in the communication Supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. Thank You!