CWSP Guide to Wireless Security
Guide to Tactical Perimeter Defense
Chapter 1Network Defense Fundamentals
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Objectives
• Describe the threats to network security
• Explain the goals of network security
• Describe a layered approach to network defense
• Explain how network security defenses affect your organization
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security
• Motivation of attackers– Status
– Revenge
– Financial gain
– Industrial espionage
– Principle
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Types of attackers– Crackers
• Try to gain access to unauthorized network resources
• Motivations: knowledge/improvement of Internet; destruction; thrill
– Disgruntled employees• Motivation: revenge over perceived injustice
– Criminal and industrial spies• Motivation: profit; competition; potential victims
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Types of attackers (con’t.)– Script kiddies
• Find viruses/scripts online and spread though weaknessesin computer systems
– Packet monkeys• Block Web-site activities through a distributed denial-of-
service (DDoS) attack
– Terrorists• Motivations: political goals, psychological effect
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Malicious code– Malware: software designed to cause harm to networks
or steal information from networks
– Examples:• Code Red worm
• MSBlast worm
• Slammer worm
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Types of malware– Virus
• Replicates and performs benign or harmful action throughexecutable code, attachments, Web pages
– Worm• Replicates repeatedly
• Self-propagating
• Can install backdoor or destroy data on disk
– Trojan program• Installs malware under guise of performing useful task
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Types of malware (con’t.)– Macro virus
• Script that automates repetitive task in an application
– Spyware• Can decrease productivity, carry additional malware, use
system resources, or steal information
• Includes adware, tracking cookies, dialers, and spam
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Activity 1-1: Scanning for Spyware– Objective: Download and run Spy Sweeper to scan your
computer for spyware
Figure 1-1 The Spy Sweeper user interface
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Other threats to network security– Infection of new malware
– Exploitation of recently discovered vulnerability
– Natural disaster such as earthquake
– Solution: cyber-risk insurance
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Social engineering– Attackers obtain passwords or access codes from
gullible employees
– Employees abuse accepted security practices
– Solution: strong, enforced security policy and security awareness training
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Table 1-1 Attacks and defenses
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Table 1-1 Attacks and defenses (con’t.)
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Internet security concerns– Sockets
• Attackers attempt to identify and exploit sockets that respond to connection requests
– E-mail and communications• Attachments or files may contain malware
• Use personal firewall system for protection
– Scripting
– Always-on connectivity
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Internet security concerns (con’t.)– Scripting
• Executable code attached to e-mail or downloaded files
• May only be filtered through specialty firewall software
– Always-on connectivity• Computers are easier to attack because IP address
remains the same while connected
• Remote users connecting to internal network may cause vulnerability
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Activity 1-2: Examining E-mail Content Filters and Security Suites – Objective: Evaluate e-mail security software
– Read about features of MailMarshal
– Find three other vendors and create a comparison chartof features and cost
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Overview of Threats to Network Security (con’t.)
• Activity 1-3: Identifying Open Ports– Objective: use the Netstat command to look for open
ports on your computer
– A secure computer should have minimal set of resources and open ports on it
– Netstat command utility available in Windows and UNIX• In Windows XP: type netstat –a
• Displays protocol and state of TCP/UDP ports
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Goals of Network Security
• Providing network connectivity– Priority: secure connectivity with trusted users and
networks
– Vulnerable online activities• Placing and purchasing orders
• Paying bills
• Accessing account information
• Looking up personnel records
• Creating authentication information
– Use layered security scheme
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Goals of Network Security (con’t.)
• Securing remote access– For contractors and employees
– Use a virtual private network (VPN)• Combination of encryption and authentication
• Cost-effective
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Goals of Network Security (con’t.)
Figure 1-2 Providing secure connectivity with VPNs
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Goals of Network Security (con’t.)
• Ensuring privacy– Maintain customer confidentiality in organizational
databases
– Be aware of laws that protect private information• Sarbanes-Oxley
• Health Insurance Portability and Accountability Act (HIPAA)
• Gramm-Leach-Bliley Act
– Educate employees about security dangers and policies
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Goals of Network Security (con’t.)
• Providing nonrepudiation– Capability of prevent a participant of an electronic
transaction from denying that it performed an action
– Ensures that sender can’t deny sending a message andreceiver can’t deny receiving a message
– Provided through encryption• Protects integrity, confidentiality, and authentication of
digital information
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Goals of Network Security (con’t.)
• Confidentiality, integrity, and availability: the CIA triad– Confidentiality: prevent intentional or unintentional
disclosure of communications between a sender and recipient
– Integrity: ensure the accuracy and consistency of information during all processing
– Availability: ensure that those authorized to access resources can do so in a reliable and timely manner
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Goals of Network Security (con’t.)
Figure 1-3 The CIA Triad
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Physical security– Measures taken to physically protect a computer or
network device from theft, fire, or environmental disaster• Computer locks or specialized locks
• Critical servers in room with lock and/or alarm
• Engraving tools to identify laptops
• Uninterruptible power supply (UPS)
• Fire suppression system with gaseous agent
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Password security– Choose strong passwords
– Keep passwords secure
– Change passwords regularly
– Use multiple passwords to protect critical applications
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Authentication methods– Something the user knows
• Example: username/password combination
– Something the user possesses• Example: smart card
– Something the user is• Example: retinal scans, fingerprints (biometrics)
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Operating system security– Install OS patches that have been issued to address
security flaws
– Keep up with hot fixes and service packs for your system
– Stop any unneeded services
– Disable guest accounts
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Antivirus protection– Antivirus software is a necessity
• Examines files and e-mail messages for file extensions that typically contain malware (.exe, .zip)
• Compare with current signature files
• Quarantines malware
– Keeping software updated is critical
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Packet filtering– Block or allow transmission of packets based on port, IP
address, protocol, etc.
– Evaluates information in packet header and compares itto rule base
– Can be hardware or software• Routers: use access control list (ACL)
• Operating system utilities: Iptables, TCP/IP Filtering
• Software firewalls: Check Point, ZoneAlarm
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Firewalls– Use organization’s security policy as guide
– Enforces policy set by network administrator
– Permissive policies• Allows all traffic by default
• Blocks services on a case-by-case basis
– Restrictive policies• Denies all traffic by default
• To allow a specific type of traffic, a new rule must be placed before the “deny all” rule
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Demilitarized zones (DMZs)– Subnet that sits outside the internal network but is
connected to the firewall
– Makes service publicly available while protecting internal LAN
– May contain domain name server (DNS) to resolve domain names to IP addresses
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Intrusion detection systems (IDSs)– Offers additional layer of protection for network
– Recognizes signs or possible attack• Signatures: combination of IP addresses, port number, and
frequency of access attempts
– Sends notification to administrator
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Virtual private networks (VPNs)– Secure connection that uses public Internet
– Lower cost than leased lines from telecommunication companies
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Network auditing and log files– Process of monitoring computers accessing a network
and recording that information in a log file
– Analyzing log files:• Sort logs by time of day and per hour
• Learn peak times of traffic and most used services
• Use GUIs and log analyzers to spot trends and create easy-to read log files and trends
– Configuring log files
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Network auditing and log files (con’t.)– Configuring log files: view information in various ways
• System events: track operations of IDS or firewall
• Security events: records alerts that firewall/IDS has issued
• Traffic
• Packets
– Some programs customize log files and allow searchingfor items/events
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Using GUI log viewers: organizes logged information and enables sorting
Figure 1-5 ZoneAlarm’s log viewer
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Using Network Defense Technologies in Layers (con’t.)
• Routers and access control methods– Typical access points of entry: vulnerable services; e-
mail gateways; porous borders
– Access control methods• Mandatory Access Control (MAC): defines access
capabilities rigorously in advance
• Discretionary Access Control (DAC): users are allowed toshare information with other users
• Role Based Access Control (RBAC): establishes organizational roles to limit information access by job function/responsibility
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
The Impact of Defense
• Cost of security breach can be very high in terms of return on investment (ROI)
• Gain management support to ensure sound security scheme– Discuss funding, staff, downtime, and resources for
entire span of project
• Security systems must be continuously maintained and updated
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Summary
• Network intruders are motivated by various desires– Data; revenge; financial gain; proprietary information for
resale
• Understanding network security concerns regarding online communication is essential– Vulnerability of e-mail attachments
– Use of firewalls and VPNs
• Goals for a network security program– Privacy; data integrity; authentication; remote users
CWSP Guide to Wireless SecurityTactical Perimeter Defense 1
Summary (con’t.)
• Network security has many several layers of defense
• Auditing and log files help detect vulnerable points in a system
• Routers at network perimeter need access control for security
• Defense affects the entire organization