Chapter 3: Securing Network PDF
Document Details
Uploaded by SmarterStarfish5366
École Supérieure des Sciences et Technologies
Tags
Summary
This document covers Chapter 3 on securing networks. Topics explored include intrusion detection systems (IDS), firewalls, intrusion prevention systems (IPS), packet sniffing, and network access control. It also discusses VPNs and VPN concentrators.
Full Transcript
Chapter 3: Securing Network Introduction Understanding IDS and IPS. Remote Access. Network Access Control. IDSs and IPS Intrusion Detection System (IDS) Detects attacks but does not stop them Detective control Passive IDS merely logs attacks,...
Chapter 3: Securing Network Introduction Understanding IDS and IPS. Remote Access. Network Access Control. IDSs and IPS Intrusion Detection System (IDS) Detects attacks but does not stop them Detective control Passive IDS merely logs attacks, and/or sends alerts Active IDS may send alerts and change environment Firewall Preventive control Attempts to prevent attacks before they occur Intrusion Prevention System (IPS) Stops attack in progress Preventive control Similar to Active IDS Packet Sniffing Host-based and Network-based IDS Host and Network-based IDS Sensor and Collector Placement IDS Detection Methods IDS Detection Methods IDS considerations IDS collects data from various sources Firewall logs System logs Application logs May monitor logs in real time IDS considerations Passive (Alerts personnel) Pop-up window Central monitor E-mail Page or text message Active Alerts personnel Modify ACL on Firewall Close process Divert attack to a honeypot or other safe environment IDS considerations Alarms Also called Alerts Indicates that an interesting event was detected Does not always indicate a real attack Configuration Set threshold low enough to detect all real attacks, but High enough to avoid too may false positives False positive: Alert on nonthreatening events False negative: Real attack, but no alert IDS considerations IDS Threshold Number of events required to cause an alert Example: 50 incomplete TCP handshakes per minute from the same IP There are no established rules for thresholds Must be "tuned" by administrators Untuned security devices tend to produce many false positives IDS considerations Counterattacks Some active IDS systems attack the attacker back Legal problems Likely that you are attacking another innocent victim Other tools Honeypot Appears to be a server worth hacking into Has no valuable data Often used to collect knowledge about attackers Can be useful to observe zero day exploits Other tools SSL / TLS decryptors Placed in DMZ between user and Internet Allow inspection of content 802.1x port security Provides port-based authentication Prevents rogue devices. Honey Pot Exploring Remote Access Remote Access Through dial-up or VPN (Virtual Private Network) VPN Uses the Internet Faster and cheaper than Dial-up Uses tunneling to move LAN packets over the Internet VPN Concentrator Used at large companies Includes Strong encryption and authentication Handles many clients Network Access Control Checks health of client Health agent runs on client Deny access if clients don't provide valid credentials
