1 / 16

MIS 4700

MIS 4700. Security Part B. Maintaining IP Security. Apply security patches and Fixes to Operating system faults Security holes Microsoft security bulletins www.microsoft.com/security. Maintaining IP Security (cont.). Recognizing attack signatures IDS and network analyzer

amber
Télécharger la présentation

MIS 4700

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MIS 4700 Security Part B

  2. Maintaining IP Security • Apply security patches and Fixes to • Operating system faults • Security holes • Microsoft security bulletins • www.microsoft.com/security

  3. Maintaining IP Security (cont.) • Recognizing attack signatures • IDS and network analyzer • Using IP Security (IPSec) • Cryptographic security services • Support explicit and strong authentication • Integrity and access controls • Confidentiality of IP datagrams • (AH), (ESP)

  4. Knowing Which Ports To Block

  5. Protecting the Perimeter of the Network • Important devices and services to help protect the perimeter of your networks • Bastion host • Boundary (or border) router • Demilitarized zone • Firewall • Network address translation (NAT) • Proxy server • Screening host • Screening router

  6. Understanding the Basics of Firewalls • Control traffic flow and network access • Inspect incoming traffic • Block or filter traffic • Placed at network boundaries or organizational boundaries • Physical or software • Firewalls basic security functions • Address filtering • Proxy services • Network address translation

  7. Useful Firewall Specifics • Four major elements • Screening router functions • Domain name, IP address, port address, message type • Proxy service functions • “Stateful inspection” of packets sequences and services • Virtual Private Network services

  8. Commercial Firewall Features • Additional features and functions in some, but not necessarily all, firewalls • Address translation/privacy services • Specific filtering mechanisms • Alarms and alerts • Logs and reports • Transparency • Intrusion detection system (IDS) • Management controls

  9. Understanding the Basics of Proxy Servers • Between both outgoing and incoming service requests • Prevent external users from direct access to internal resources • Operate at the Application layer • Caching

  10. Implementing Firewalls and Proxy Servers • Planning and implementing, step by step • Security policies operate somewhere between the two extremes of “anything goes” (totally optimistic) and “no connection” (totally pessimistic) • 1) Plan • 2) Establish equipment • 3) Install • 4) Configure

  11. Implementing Firewalls and Proxy Servers (cont.) • Planning and implementing, step by step (cont.) • 5) Test • 6) Attack • 7) Tune • Repeat the test-attack-tune cycle (Steps 5-7) • 8) Implement • 9) Monitor and Maintain

  12. Implementing Firewalls and Proxy Servers (cont.) • Don’t ever work straight out of the box with a firewall or proxy server without checking for additional changes, updates, patches, fixes, and workarounds

  13. Understanding the Test-Attack-Tune Cycle • Harden the firewall or proxy server • Document the configuration • Do not disabled functionality that applications and services use to work properly • Battery of attack tools to test the network at • Network Associates • GNU NetTools • A port mapper such as AnalogX PortMapper or nmap • Internet Security System’s various security scanners

  14. Understanding the Role of IDS in IP Security • Automate recognizing and responding to potential attacks and other suspicious forms of network traffic • Recognize intrusion attempts in real time

  15. Updating Anti-Virus Engines and Virus Lists • Update anti-virus engine software and virus definitions on a regular basis • Automatic update facilities • Transparently and automatically check • E-mail attachments • Inbound file transfers • Floppy disks and other media • Other potential sources of infection

  16. The Security Update Process • Security update process involves four steps • Evaluate the vulnerability • Retrieve the update • Test the update • Deploy the update

More Related