NETWORK SECURITY. Scott Hand. Melanie Rich-Wittrig. Enrique Jimenez

Similar documents
S N O R T I D S B L A S T C O U R S E

Penetration Testing LAB Setup Guide

Open Source Security Tool Overview

Introduction to Firewalls Open Source Security Tools for Information Technology Professionals

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

Penetration Testing LAB Setup Guide

Peeling Back the Layers of the Network Security with Security Onion Gary Smith, Pacific Northwest National Laboratory

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Lab Objectives & Turn In

USE HONEYPOTS TO KNOW YOUR ENEMIES

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

New Security Perspective for Virtualized Platforms

Network Security Monitoring

How to Guide: StorageCraft Cloud Services VPN

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

COUNTERSNIPE

Wireshark vs. The Cloud :

ΕΠΛ 674: Εργαστήριο 5 Firewalls

A NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS

How To Connect Log Files To A Log File On A Network With A Network Device (Network) On A Computer Or Network (Network Or Network) On Your Network (For A Network)

How to Create, Setup, and Configure an Ubuntu Router with a Transparent Proxy.

Network Security Monitoring

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Networking. Sixth Edition. A Beginner's Guide BRUCE HALLBERG

Setting up pfsense as a Stateful Bridging Firewall.

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

CTS2134 Introduction to Networking. Module Network Security

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Architecture Overview

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

DSL-G604T Install Guides

Compliance Solu.ons with a Budget in Mind

SANS Top 20 Critical Controls for Effective Cyber Defense

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Basic ESXi Networking

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

ISERink Installation Guide

Network Agent Quick Start

Firewall Security. Presented by: Daminda Perera

FROM A "WINDOWS" PERSPECTIVE

Unified Threat Management Systems (UTMS), Open Source Routers and Firewalls. Tim Hooks Scott Rolf

OpenWRT - embedded Linux for wireless routers

Overview. Firewall Security. Perimeter Security Devices. Routers

Lab Configuring Access Policies and DMZ Settings

Networking Devices. Lesson 6

Web Application Firewall

Industrial Security for Process Automation

Monitoring VMware ESX Virtual Switches

Virtual Appliance Setup Guide

How To Prevent Hacker Attacks With Network Behavior Analysis

Assignment 3 Firewalls

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Endian Unified Threat Management

Evaluation guide. Vyatta Quick Evaluation Guide

Protecting and controlling Virtual LANs by Linux router-firewall

CompTIA Exam N CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

6.0. Getting Started Guide

disect Systems Logging Snort alerts to Syslog and Splunk PRAVEEN DARSHANAM

Intrusion Detection and Prevention

Analysis of Network Segmentation Techniques in Cloud Data Centers

You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell

Perimeter Firewalls. Brandon Napier Rick Archibald Pete Jamison HAL PC & HLUG 09/22/2007. brought to you by: in association with

Enabling NAT and Routing in DGW v2.0 June 6, 2012

5 Best Practices to Protect Your Virtual Environment

Install Guide for JunosV Wireless LAN Controller

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Network Terminology Review

Web Application Firewall Technology Insight OWASP 22/ The OWASP Foundation. Joakim Sandström Role: OWASP Prospect.

Install and configure a Debian based UniFi controller

FIREWALL POLICY November 2006 TNS POL - 008

Sygate Secure Enterprise and Alcatel

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Critical Security Controls

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Course Title: Penetration Testing: Security Analysis

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Network Intrusion Analysis (Hands-on)

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Chapter 9 Firewalls and Intrusion Prevention Systems

Emerson Smart Firewall

Internet infrastructure. Prof. dr. ir. André Mariën

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Multi-Homing Security Gateway

Top-Down Network Design

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Transcription:

NETWORK SECURITY Scott Hand Melanie Rich-Wittrig Enrique Jimenez

Chapter 2 In Which Firewalls Are Erected, Packets Are Snorted, And Pwnage Denied

TOPICS COVERED Host Software Firewalls iptables Network Firewalls pfsense Intrusion Detection Systems Security Onion Web Firewall mod_security

Internal Users EXAMPLE NETWORK ARCHITECTURE Web/Mail/etc. Servers IDS Host Firewall Network Firewall Reverse Proxy Web Firewall DMZ Internal Network Internet External Network Internet User

SETTING UP YOUR ENVIRONMENT VMWare Workstation Use the Network Editor to add a new private network Set whatever subnet configuration you want Disable VMWare DHCP, we will use our gateway (pfsense) to do that Other stuff you can accomplish the same thing with Player and VirtualBox

Iptables SOFTWARE FIREWALLS

Internal Users SOFTWARE FIREWALLS Web/Mail/etc. Servers IDS Host Firewall Network Firewall Reverse Proxy Web Firewall DMZ Internal Network Internet External Network Internet User

OVERVIEW Last chance to detect and stop malicious traffic going into an end-point First change to detect and stop malicious traffic coming from an end-point All incoming packets are subjected to a chain of rules The first applicable rule is applied and the next packet is examined

TRY IT YOURSELF Iptables comes installed in most Debian distributions (as well as others) Tutorial can be found here: https://help.ubuntu.com/community/iptableshowto Make sure to try on a server you can access physically first you might lock yourself out

pfsense NETWORK FIREWALLS

Internal Users NETWORK FIREWALLS Web/Mail/etc. Servers IDS Host Firewall Network Firewall Reverse Proxy Web Firewall DMZ Internal Network Internet External Network Internet User

OVERVIEW First line of defense from external sources Separates external network (Internet) from internet network and DMZ Dedicated server with multiple network interfaces

PFSENSE We ll be using pfsense as a network firewall It s a full UNIX distribution Based on FreeBSD Uses pf for packet filtering Easy to setup and configure Offers lots of packages like snort, mod_security, etc. Beware: Some of the packages are poorly maintained and suck. YMMV

TRY IT YOURSELF Using VMWare Workstation, create a new private network without enabled DHCP Create a virtual machine (Linux 2.6) with a bridged interface and a private network interface Set WAN to bridged NIC and LAN to private NIC Enabled the DHCP server on the LAN for pfsense Everything should work right out of the box now, other VMs on the private network should be able to access the Internet

DEMO

Security Onion INTRUSION DETECTION SYSTEMS

Internal Users INTRUSION DETECTION SYSTEM Web/Mail/etc. Servers IDS Host Firewall Network Firewall Reverse Proxy Web Firewall DMZ Internal Network Internet External Network Internet User

OVERVIEW Uses a network tap to listen promiscuously to all traffic on that network Uses rules and heuristics to identify threats Does not act on threats that s an IPS (Intrusion Prevention System) Tags events and classifies them based on threat Able to detect malicious activity where endpoints might have trouble

SECURITY ONION Xubuntu Linux distribution that comes supplied with network analysis goodies Intrusion Detection Systems: Snort Popular free signature-based IDS Bro IDS that uses signatures as well as heuristics and high level traffic analysis Lots of monitoring and analysis tools Snorby Squert ELSA Sguil

TRY IT YOURSELF Add a new VM and install Security Onion Wait FOREVER while it installs updates (sudo apt-get update && sudo apt-get upgrade -y) Switch it to the private network with your pfsense machine We don t need a network tap because the VM s network adapter is able to listen to network traffic promiscuously out of the box

DEMO

mod_security WEB APPLICATION FIREWALLS

Internal Users WEB APPLICATION FIREWALL Web/Mail/etc. Servers IDS Host Firewall Network Firewall Reverse Proxy Web Firewall DMZ Internal Network Internet External Network Internet User

OVERVIEW Sits in front of web applications and detects malicious input Defends against threats such as SQLi XSS CSRF Automated scanners Two configurations: Web server Runs on top of web server on that machine and filters traffic Reverse proxy Traffic is analyzed and filtered before reaching wen-point web server

TRY IT YOURSELF Follow this guide to get up and running with mod_security: http://www.thefanclub.co.za/how-to/how-install-apache2-modsecurity-and-modevasiveubuntu-1204-lts-server Some rules, such as filtering numerical IP addresses, will be too restrictive Keep an eye on the log and remove whatever rules are causing issues Run some scanners (w3af for example) against it and laugh at the resulting failure

DEMO

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information