1 / 27

Chapter 2

Chapter 2. NETWORK AND SERVER SECURITY. Content. Network Protocols Review Securing Servers Border Security. Network Protocols Review. Protocol: is a formal set of rules that describe how computers transmit data and communicate across a network.

acton
Télécharger la présentation

Chapter 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 2 NETWORK AND SERVER SECURITY

  2. Content • Network Protocols Review • Securing Servers • Border Security

  3. Network Protocols Review • Protocol: is a formal set of rules that describe how computers transmit data and communicate across a network. • Protocols are arranged in a stack of layers in which data is passed from the highest layer to the lowest layer to send a transmission(network stack).

  4. Network stack and data encapsulation

  5. OSI Seven-Layer Model

  6. The Functions of Layer • Session Layer: • Establishing the connection. • Transferring data. • Releasing the connection. • Network Layer: • Switching and routing • Forwarding • Addressing • Error detection • Node traffic control • Data Link Layer: • Media Access layer: • Supports the network computer’s access to packet data. • Controls the network computer’s permission to transmit packet data. • Logical Link layer: • Sets up the communication link between entities on a physical channel. • Converts data to be sent into bits for transmission. • Formats the data to be transmitted into frames. • Adds a header to the data that indicates the source and destination IP addresses. • Defines the network access protocol for data transmission and reception. • Controls error checking and frame synchronization. • Supports Ethernet and token-ring operations.

  7. Protocols associated with each layer • Application layer: • File Transfer Protocol (FTP) • Trivial File Transfer Protocol (TFTP) • Domain name system (DNS) • Simple Mail Transfer Protocol (SMTP) • Secure File Transfer Protocol (SFTP) • Shell (SSH) or SSH-2 • Remote login (Rlogin) • Simple Network Management Protocol (SNMP) • BootP • Multipurpose Internet Mail Extensions (MIME) • Presentation Layer • Hypertext Transfer Protocol (HTTP) • Moving Picture Experts Group (MPEG) • Joint Photographic Experts Group (JPEG)

  8. Protocols associated with each layer • Session Layer: • AppleTalk Session Protocol (ASP) • Network File System (NFS) • Remote procedure call (RPC) • Transport Layer: • Transmission Control Protocol (TCP) • Stream Control Transmission Protocol (SCTP) • User Datagram Protocol (UDP) • Sequenced Packet Exchange (SPX) • Network Layer: • Internet Protocol (IP) • Open Shortest Path First (OSPF) • Internet Control Message Protocol (ICMP) • Routing Information Protocol (RIP) • IP security (IPsec) • Address Resolution Protocol (ARP) • Reverse Address Resolution Protocol (RARP) • Data Link Layer: • Serial Line Internet Protocol (SLIP) • Point-to-Point Protocol (PPP)

  9. The TCP/IP Model Layers

  10. The TCP/IP Model Layers

  11. TCP/IP encapsulation

  12. TCP/IP Ports

  13. Best Practices for Network Security • Three basic guidelines for securing the servers on your network: • Designing applications with security in mind(Security by Design) • Maintaining a security mindset • Defense–in-depth

  14. Security by Design • Some of the factors affecting security in the design phase of a development effort are as follows: • The software developers and security professionals (network engineers) historically came from different communities. This is still an issue today, although more software developers are attending security training and security conferences. • The security threat was not well publicized. Security has made the front page more often in recent years. • In many cases, the software developers are building an application that they have never coded before. However, a network engineer who designs a network has probably designed dozens of networks in the past. • Until recently, software developers could not justify time spent on security features, because security features did not seem to affect the bottom line from management’s perspective. • In the highly competitive marketplace for software, there has been a natural rush-to-market approach to beat the competition.

  15. Maintaining a Security Mindset • The following are some approaches to developing a mindset that will help you secure the servers on your network: • Base security decisions on the risk. Security can be like insurance; the risk must be known to determine the coverage needed. • Use defense-in-depth. Many security controls are preferable to a single point of protection. • Keep things simple. Simplicity and clarity will support a more secure environment. • Respect the adversary. Do not underestimate the interest and determination of the threat. • Work on security awareness. Security training is needed at all levels of an organization. • Be paranoid and expect the worst.

  16. Securing Servers • To operate the server securely, an organization must establish a plan with associated procedures. These procedures should include the following key aspects: • Control the server configuration: The server must be configured to minimize exposure to an attack. • Control users and access: A need-to-know and need-to-access environment should be established regarding the server’s data and access. • Monitoring, auditing, and logging: Security does not stop with deployment of the server.

  17. Controlling the Server Configuration • The following are three important considerations when securing the host system: • Physical Security of the System: • Provide an uninterruptible power supply (UPS) unit with surge protection. • Provide fire protection to minimize the loss of data and equipment. • Provide adequate cooling and ventilation. • Provide adequate lighting and work space for maintaining and upgrading the system. • Restrict physical access to the server(server space should be locked, alarmed, and recorded for later evaluation).

  18. Controlling the Server Configuration • Minimizing Services • The following list shows typical services that should be disabled from a host if not needed: • Telnet: The secure alternative, SSH, should be used instead, if needed. • SMTP: Mail server applications are frequent targets of attacks. • FTP: FTP is used to upload files to and download files from a central repository. FTP has a number of vulnerabilities and must be properly configured to be safe. • TFTP: TFTP is used to transfer small files and can be used to upload a malicious file to a computer. • Finger: Finger allows you to determine the name associated with an email address and the last time the user logged on. • Netstat: Netstat is a Windows troubleshooting tool that allows you to see which ports a computer is listening on, as well as other information about the network. • Systat: Systat is a Unix® troubleshooting tool. • Chargen and Echo: These services can be used to launch data-driven attacks and denial-of-service (DoS) attacks. • DNS: This service requires frequent patches and upgrades to be secure. • RPC: Unless the server application explicitly uses RPC to communicate with other systems, this should be disabled.

  19. Managing Windows Services • Windows 2000 (and later) has three built-in accounts that are typically used to run services, but you can also create a special user account and assign it the necessary rights and permissions. • The three built-in accounts are as follows: • Local System: This account has permission to perform any task on the computer and permission to access resources on the network. • Local Service: This account has very limited permissions on the computer and cannot access other computers across the network. • Network Service: This account has the same local permissions as Local Service, but can also access computers across the network. • You change the security context for a service through the Log On tab of the service’s properties.

  20. Managing Windows Services

  21. Blocking Ports and Limiting Input and Output Devices • Blocking Ports: You can block traffic to a specific port by configuring a firewall or IPSec. • Some physical entry points you might consider removing include the following: • Modems • Network adapters • CD-ROM and DVD drives • Floppy drives • Universal Serial Bus (USB) ports • Monitor

  22. Border Security • Segmenting a Network: Network segments can be theoretically classified into the following: • Public networks: allow accessibility to everyone(unsecured Network) • Semi-private networks: sit between public networks and private networks(exclusive subnets of large public networks). • Private networks: are organizational networks that handle confidential and proprietary data and are the most common type of network. • The boundaries of such network segments are established by devices capable of regulating and controlling the flow of packets into and out of the segment, including the following: • Routers • Switches • Bridges • Multi-homed gateways

  23. Perimeter Defense

  24. Firewalls • The reasons for an organization to employ firewalls to secure their networks from other insecure networks: • Poor authentication • Poor authentication • Spoofing • Scanners and crackers • Type of Firewall: • Packet-Filtering Firewalls • Stateful packet-filtering • Application Proxy Firewalls: working at Layer 7 of OSI • Disadvantages of Firewalls • The cost involved in installation.

  25. A web server in a DMZ

  26. Network Address Translation • Feature of NAT: • It is used to translate private addresses to public address. • hosts from inside the protected networks (with a private address) are able to communicate with the outside world, but systems that are located outside the protected network have to go through the NAT system to reach internal networks. • The main feature in NAT is the translation table(A single public IP address might be mapped to more than one private IP address). • Translation tables are built using two methods: • Static: In this configuration, the relationships among the public and private IP addresses are fixed. • 2. Dynamic outbound packets: In this mode, the translation tables get updated automatically as outbound packets are processed from the private network.

  27. The NAT methodology

More Related