1 / 92

Network Security and Firewalls

Network Security and Firewalls. Lesson 1: What Is Security. Objectives. Define security Explain the need for network security Identify resources that need security Identify the two general security threat types List security standards and organizations. What Is Security?. LANs WANs VPNs

melosa
Télécharger la présentation

Network Security and Firewalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Securityand Firewalls

  2. Lesson 1:What Is Security

  3. Objectives • Define security • Explain the need for network security • Identify resources that need security • Identify the two general security threat types • List security standards and organizations

  4. What Is Security? • LANs • WANs • VPNs • Network perimeters

  5. Hacker Statistics • One of every five Internet sites has experienced a security breach • Losses due to security breaches are estimated at $10 billion each year • Intrusions have increased an estimated 50 percent in the past year

  6. What Is the Risk? • Categorizing attacks • Countering attacks systematically

  7. The Myth of 100-Percent Security • Security as balance • Security policies

  8. Attributes of anEffective Security Matrix • Allows access control • Easy to use • Appropriate cost of ownership • Flexible and scalable • Superior alarming and reporting

  9. What You AreTrying to Protect • End user resources • Network resources • Server resources • Information storage resources

  10. Who Is the Threat? • Casual attackers • Determined attackers • Spies

  11. Security Standards • Security services • Authentication • Access control • Data confidentiality • Data integrity • Nonrepudiation • Security mechanisms • The Orange Book

  12. Summary • Define security • Explain the need for network security • Identify resources that need security • Identify the two general security threat types • List security standards and organizations

  13. Lesson 2:Elements of Security

  14. Objectives • Formulate the basics of an effective security policy • Identify the key user authentication methods • Explain the need for access control methods • Describe the function of an access control list

  15. Objectives (cont’d) • List the three main encryption methods used in internetworking • Explain the need for auditing

  16. Elements of Security Audit Administration Encryption Access Control User Authentication Corporate Security Policy

  17. The Security Policy • Classify systems • Prioritize resources • Assign risk factors • Define acceptable and unacceptable activities • Define measures to apply to resources • Define education standards • Assign policy administration

  18. Encryption • Encryption categories • Symmetric • Asymmetric • Hash • Encryption strength

  19. Authentication • Authentication methods • Proving what you know • Showing what you have • Demonstrating who you are • Identifying where you are

  20. SpecificAuthentication Techniques • Kerberos • One-time passwords

  21. Access Control • Access Control List • Objects • Execution Control List • Sandboxing

  22. Auditing • Passive auditing • Active auditing

  23. Security Tradeoffsand Drawbacks • Increased complexity • Slower system response time

  24. Summary • Formulate the basics of an effective security policy • Identify the key user authentication methods • Explain the need for access control methods • Describe the function of an access control list

  25. Summary (cont’d) • List the three main encryption methods used in internetworking • Explain the need for auditing

  26. Lesson 3:Applied Encryption

  27. Objectives • Create a trust relationship using public-key cryptography • List specific forms of symmetric, asymmetric, and hash encryption • Deploy PGP in Windows 2000 and Linux

  28. Creating Trust Relationships • Manually • Automatically

  29. Rounds, Parallelizationand Strong Encryption • Round • Discrete part of the encryption process • Parallelization • Use of multiple processes, processors or machines to work on cracking one encryption algorithm • Strong encryption • Use of any key longer than 128 bits

  30. Symmetric-KeyEncryption • One key is used to encrypt and decrypt messages

  31. Data encryption standard Triple DES Symmetric algorithms created by the RSA Security Corporation International Data Encryption Algorithm Blowfish and Twofish Skipjack MARS Rijndael and Serpent Advanced Encryption Standard SymmetricAlgorithms

  32. Asymmetric Encryption • Asymmetric-key encryption elements • RSA • DSA • Diffie-Hellman

  33. Hash Encryption • Signing • Hash algorithms • MD2, MD4, and MD5 • Secure hash algorithm

  34. AppliedEncryption Processes • E-mail • PGP and GPG • S-MIME • Encrypting drives • Web server encryption

  35. Summary • Create a trust relationship using public-key cryptography • List specific forms of symmetric, asymmetric, and hash encryption • Deploy PGP in Windows 2000 and Linux

  36. Lesson 4:Types of Attacks

  37. Objectives • Describe specific types of security attacks • Recognize specific attack incidents

  38. Brute-Force andDictionary Attacks • Brute-force attack • Repeated access attempts • Dictionary attack • Customized version of brute-force attack

  39. System Bugs and Back Doors • Buffer overflow • Trojans and root kits

  40. Social Engineeringand Nondirect Attacks • Call and ask for the password • Fraudulent e-mail • DOS and DDOS attacks • Spoofing • Trojans • Information leakage • Hijacking and man-in-the-middle attacks

  41. Summary • Describe specific types of security attacks • Recognize specific attack incidents

  42. Lesson 5:General Security Principles

  43. Objectives • Describe the universal guidelines and principles for effective network security • Use universal guidelines to create effective specific solutions

  44. Be paranoid Have a security policy No system stands alone Minimize the damage Deploy companywide enforcement Provide training Integrate security strategies Place equipment according to needs Identify security business issues Consider physical security CommonSecurity Principles

  45. Summary • Describe the universal guidelines and principles for effective network security • Use universal guidelines to create effective specific solutions

  46. Lesson 6:Protocol Layersand Security

  47. Objectives • List the protocols that pass through a firewall • Identify potential threats at different layers of the TCP/IP stack

  48. TCP/IP andNetwork Security • The Internet and TCP/IP were not designed around strong security principles

  49. The TCP/IP Suite andthe OSI Reference Model • Physical layer • Network layer • Transport layer • Application layer • Presentation layer • Session layer • Data link layer

  50. TCP/IPPacket Construction Application Message: e-mail, FTP, Telnet TCP Segment Header Body IP Datagram Header Body Ethernet Frames Header Body Trailer

More Related