TECHNOLOGIES
CHAPTER 3
OBJECTIVES:
OBJ #1
END PROTECTION AND MANAGEMENT
Host and server based security
PC management
Device Hardening
Personal Firewall
Antivirus Software
Operating System Patches
Intrusion Detection and Prevention
DEVICE HARDENING
Device hardening is the most basic controls used to protect data
and systems.
The purpose of device hardening is to eliminate as many security
risks as possible.
It consists of
timely application of patches
careful configuration of system components
removing the most fundamental security vulnerabilities.
PERSONAL FIREWALL
A personal firewall is an application which
controls network traffic to and from a computer,
permitting or denying communications based on
a security policy.
Example of personal firewall are ZoneAlarm,
Outpost, Comodo and etc.
Antivirus Software
Antivirus software is used to prevent, detect, and
remove malware, including computer viruses,
worms, and trojan horses.
Example: Kaspersky, Norton, Panda and etc.
PC MANAGEMENT
Desktop Inventory and maintenance
Update Anti-virus definitions
Update HIDS and HIPS signatures
3. Measure utilization
understanding how they are being used
4. Plan changes
plan in advance for disposals
Acquisitions
network-wide upgrades
5. Financials
keep track of warranties
maintenance contracts
software licenses
OBJ #2
PLAN NETWORK PROTECTION
Network based security components and
technologies
Security architecture
Appliance-based Firewalls
Server-based Firewalls
Network-based Intrusion Detection Systems
Virtual Private Network
Trust and Identity
SECURITY ARCHITECTURE
SAFE model
PDIOO
SAFE MODEL
SAFE has SIX security goals:
1. Security and attack mitigation based on policy
2. Security implementation throughout the
infrastructure
3. Secure management and reporting
4. Authentication and authorization of users and
administrators to critical network resources
5. Intrusion detection for critical resources and
subnets
6. Support for emerging networked applications
SAFE MODEL
PDIOO
PLAN
DESIGN
IMPLEMENT
OPERATE
OPTIMIZE
OBJ #3
UNDERSTAND FIREWALLS
Firewall Architecture
Types of Firewall
Technologies employed in building firewalls
INTRODUCTION OF FIREWALL
Firewall
Router
Intranet
DMZ
Demilitarized Zone:
publicly accessible
servers and networks
Firewall cannot do
Cannot defend against attacks that do not go through
the firewall.
Cannot tell a security administrator when the firewall
rules are inadequate.
Not a monitoring tool.
FIREWALL ARCHITECTURE
Screened Host
Two Routers with One Firewall
DMZ Screened Subnet
Multi-Firewall DMZ
Two Firewalls, One DMZ
Two Firewalls, Two DMZ
Screening Router
Dual-Homed Host
Screened Host
Function similar to the dual-homed gateway and
bastion host.
Requires two network connections using two
interfaces.
Router -> to perform packet filtering.
Installing an application gateway or a proxy
server can increase security.
Screened Host
DMZ Screened
Subnet
Disadvantages
To control traffic both directions; it need these
rules to be complicated.
Performance: Bottleneck.
Multi-Firewall DMZ
The use of firewalls between the LANs and the
Internet is mandatory.
Problem:
Increase security -> decreases the speed of the
network.
Solution:
Multiple firewalls
Disadvantages:
Working with more than firewall raises issues
such as the support to NAT, Kerberos, IPsec, etc.
Screening Router
Simplest way to provide security.
Installing a router that performs packet filtering
between the client systems and the Internet.
The router define the path of the flow of data
through the interfaces using ACL.
Screening Router
Dual-Homed Host
Dual-homed host is a personal computer that connects
to the network with security provided by a firewall.
The PC has additional security with the configuration
of firewalls between the operating system and the NIC.
Limitation:
If the PC problems weaken the security provided by the
firewalls.
Cannot resist the password breaking attempts because
the PC only have a single layer of protection.
Dual-Homed Host
TYPES OF FIREWALL
CIRCUIT-LEVEL GATEWAYS
Works at the session layer in the OSI model, which means that
more information is required before packets are allowed or denied.
It monitor TCP handshaking between packets to determine
whether a requested session is legitimate (genuine/legal).
Access is determined based on: address, DNS domain name, or
DNS username.
Special client software must be installed on the workstation.
Circuit-level gateways can bridge different network
protocols, for example, IPX to IP.
Our username is checked and granted (decided/approved) access
before the connection to the router is established.
Disadvantages: do not filter the individual packets
CIRCUIT-LEVEL GATEWAYS
IP header information.
TCP/UDP port number in use.
Fragmentation flags like ACK and SYN
Filtering suspicious inbound packets.
PROXY SERVER
Works as shield, protecting and hiding the
computer from the outside network.
Increasing the performance of network.
PROXY SERVER
PROXY SERVER
Internal host request to process a website.
The request enters the proxy server. It examines the header
and packet content based on the rule base.
Server reconstructs the data packet with a different source
IP address.
The proxy server transmits the packet to the target address
that conceals the actual end user who made the request.
If data packet is returned, it is again sent to the proxy
server to check with rule base.
The returned packet is reconstructed by the proxy server
and is sent to the source computer.
Packet Filtering