Chapter 7 - 02 - Discuss Security Benefits of Network Segmentation - 03_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls - Technical Controls Exam 212-82 Introduction to Bastion Host 000 A bastion host is a computer system designed and configured to protect network resources from attacks A bastion host is the only host computer on the Internet that can be addressed directly from the public network It provides a limited range of services such as website hosting, and mail to ensure security ¢ Intranet Bastion Host Introduction to Bastion Host A bastion host is designed for defending a network against attacks. It acts as a mediator between inside and outside networks. A bastion host is a computer system designed and configured to protect network resources from attacks. It provides a limited range of services such as website hosting, and mail to ensure security. Traffic entering or leaving the network passes through a firewall. A bastion host has two interfaces: = A public interface directly connected to the Internet = A private interface connected to the intranet A bastion host is the only host computer on the Internet that can be addressed directly from the public network. As these components are exposed to substantial risk, enormous effort is required in designing and configuring bastion hosts to minimize the probability of attacks. Various other types of bastion hosts are web, mail, Domain Name System (DNS), and FTP servers. Bastion hosts also provide packet filtering and proxy services. Internet Intranet Firewall Bastion Host Figure 7.32: lllustration of Bastion Host Module 07 Page 738 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 6 6 6 Need for Bastion Host o A a Minimize the chances of penetration by intruders Create all the logs, which can be used to identify attack or attempts to attack In case of an attack, bastion host acts as scapegoat \H N @ Provide an additional level of security Need for Bastion Host A bastion host is a system operating system on such computer in the network. software, the rule sets for of the hardened operating that has multiple network interfaces exposed to the Internet. The a device is made tough to create more security than on any other After the configuration of the computer and installation of the internal and external traffic may be installed and configured on top system. All the network services are disabled on the bastion hosts. They allow only specified Internet access. For example, there must not be any user accounts on the bastion server, which creates the possibility of a user logging on to the system and taking control of it and also accessing the Internet. Even the network file system, which offers access to files across the network, must also be disabled so that it does not create an opportunity to access the bastion server and files that can be accessed on the Internet. The safest place to place the host is in the subnet as a component of the firewall. The main advantage of placing them in their own network is that it makes it difficult to compromise them with no other resource on the network. Bastion servers create all the logs, which there has been an attack or attempts to the backup for various security reasons. logs is by connecting the bastion host to track of the secure backup logs. can be used by the intranet attack. Two copies of system One of the possible methods a dedicated computer, which administrator, to tell if logs are maintained as to back up the security functions only to keep Automated monitors are more complex programs than auditing software. Automated monitors frequently check the bastion server’s system logs, and it raises alarms if any suspicious activities are found in the system’s logs. For example, an alarm is raised if it finds any unsuccessful attempts by a user with three different logins. Module 07 Page 739 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Technical Controls Exam 212-82 The number of bastion hosts in a firewall is not restricted to a certain host can manage multiple Internet services on the same intranet. bastion host can be used as a victim machine. The victim machine can the Internet service that cannot be managed by the proxying or by number. Every bastion In some instances, the then be used to handle those Internet services where in the victim’s security issues are not known. The services are substituted machine instead of the bastion host with other services. It acts as a backup to the bastion servers even if the server is down. If the filtering router is placed between the bastion host and the intranet, it can be an added security. The filtering router drops all the unauthorized between the Internet and intranet. packets after checking all the packets The bastion server cannot manage the requests such as sending a web page or delivering email when it receives a request for service. The request is sent across to the suitable intranet server. The intranet server processes the request, and the reply is sent back to the bastion server. The bastion server dispatches the requested service to the requester. A few bastion servers incorporate auditing programs, which check if an attack has been launched against them. There are several ways of auditing. One can use the checksum program to audit, which is used to check if any unauthorized person has modified any software on the bastion server. The checksum is calculated based on the size of an executable program installed on the server. This program calculates the checksum to see if there are any modifications. If there are any changes in the checksum, these changes are the indications of an attack. Module 07 Page 740 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls —- Technical Controls Exam 212-82 Positioning the Bastion Host Physical Location ; QO / Network Location Placed in a specially selected server room with suitable environmental controls Set on a special network also known as Demilitarized zone (DMZ) that does not carry sensitive data QOO Must be set up in a locked server cabinet QO Avoid placing the bastion host on internal networks with proper ventilation, cooling, and backup power O |[ @ )1 Should be located on an additional layer known as a perimeter network ' Q Attach packet filtering router v Copyright © by m.. ;.m Exterior ll : e mitime Firewall Firewa A z:ssttlson [_T_]._J St ESf e mimme A \P NOStS enrssnnssnnsbanensnensssnrnsnsnnnn............ sonsmrmnar i aaa s L80838 s AN. AAAVIALISS SO0 0S4 | BOLAAAAMAMAAMIAS i y,_,\\\\\ \ EEE‘\\\;\\\&\ N 7 ] i DMZoror Perimeter Network DMZ L b | ). i | v mmterior mmmrior Intranet..................... DT v v T v v v P Firewall TT T TTEPTEP PP PTPPP RPN v L All Rights Reserved. Reproduction is Strictly Prohibited. Positioning the Bastion Host There are several options for positioning a bastion host within the network configuration, namely: = Physical Location: The bastion host is placed in a specially selected server room with suitable environmental controls (against extreme weather) and the required physical Module 07 Page 741 EC-Council Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Technical Controls Exam 212-82 security devices. It must be set up in a locked server cabinet with proper ventilation, cooling, and backup power. Network Location: The host is placed on its own network, also known as the demilitarized zone, where no secret network traffic exists. It is recommended to avoid placing the bastion host on internal networks. The bastion host should be located on an additional layer known as a perimeter network, and a packet-filtering router should be attached to it. Bastion Exterior Hosts Firewall Internet Interior Firewall Intranet Figure 7.33: Positioning the bastion host Module 07 Page 742 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.