Lesson 5: Network perimeter security



Similar documents
Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Introduction of Intrusion Detection Systems

Chapter 9 Firewalls and Intrusion Prevention Systems

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

From Network Security To Content Filtering

Achieving PCI-Compliance through Cyberoam

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

MANAGED SECURITY SERVICES

Security Technology: Firewalls and VPNs

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Firewall Defaults and Some Basic Rules

74% 96 Action Items. Compliance

How To Protect Your Network From Attack

INTRUSION DETECTION SYSTEMS and Network Security

Cornerstones of Security

8. Firewall Design & Implementation

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Intro to Firewalls. Summary

Firewalls, Tunnels, and Network Intrusion Detection

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Configuration Example

12. Firewalls Content

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Firewall Audit Techniques. K.S.Narayanan HCL Technologies Limited

Chapter 4: Security of the architecture, and lower layer security (network security) 1

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Information Technology Security Guideline. Network Security Zoning

The Bomgar Appliance in the Network

Architecture Overview

Networking for Caribbean Development

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

About Firewall Protection

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Firewalls (IPTABLES)

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

What would you like to protect?

Computer Security: Principles and Practice

Figure 41-1 IP Filter Rules

13 Ways Through A Firewall What you don t know will hurt you

Fortigate Features & Demo

13 Ways Through A Firewall

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Computer Security DD2395

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

FIREWALL POLICY DOCUMENT

Application Note. Stateful Firewall, IPS or IDS Load- Balancing

Network Security Topologies. Chapter 11

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Honeypot as the Intruder Detection System

Firewall Environments. Name

Gateway Security at Stateful Inspection/Application Proxy

INTRODUCTION TO FIREWALL SECURITY

FIREWALL POLICY November 2006 TNS POL - 008

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Network Security. Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ. July Network Security 08

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

FIREWALLS & CBAC. philip.heimer@hh.se

Chapter 15. Firewalls, IDS and IPS

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

SECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS

SIP Trunking Configuration with

Chapter 11 Cloud Application Development

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

SonicWALL PCI 1.1 Implementation Guide

UCIT INFORMATION SECURITY STANDARDS

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Using a Firewall General Configuration Guide

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Access Security. Lesson 10

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

Transcription:

Lesson 5: Network perimeter security Alejandro Ramos Fraile aramosf@sia.es Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA)

Perimeter Security The architecture and elements that provide security to the perimeter of an internal network from other networks like the Internet: Firewalls Intrusion Detection and Prevention Systems Antivirus and anti-spam gateways Honeypots 2

Example of a network architecture without perimeter security Flat network without segmentation Internal services publishing: data base No monitoring elements No inbound or outbound traffic filtering No malware or spam e-mail verification The remote client has direct access to the services Remote client INTERNAL NETWORK / FLAT NETWORK 3

Firewalls Network elements that define access policies to allow or deny traffic based on certain rules Two philosophies of use: Restrictive policy (white list): denies all traffic except that which is specifically accepted x Permissive policy (black list): accepts all traffic except that which is specifically denied 4

Circuit level gateways Types of Firewalls Work for specific applications Network layer firewalls Filter on the network layer (source/destination IP) or the transport layer (source/destination port) Application layer firewalls Filter based on the required protocol, like HTTP or SQL Personal firewalls Software for personal devices such as PCs or mobile phones 5

Example of Firewall Rules Rule Action Source IP Destination IP Protocol Source Port Destination Port 1 Accept 172.16.0.0/16 192.168.0.4 TCP Any 25 2 Accept Any 192.168.10.8 TCP Any 80 3 Accept 172.16.0.0/16 192.168.0.2 TCP Any 80 4 Deny Any Any Any Any Any 6

Demilitarized Zone (DMZ) A local network placed between the intranet and an external network (like the Internet) Used for public services like DNS, e-mail, Web and ftp that are exposed to security risks Created with one or two firewalls that restrict traffic between the three networks Connections from the DMZ towards the internal network are not allowed Firewall Internal network 7

Intrusion Detection and Prevention Systems (IDS/IDPS) Devices that monitor and generate alarms when security alerts are triggered IDPS (Intrusion Detection and Prevention Systems) block attacks to avoid their effects Main functions: Identifying possible attacks Registering events Blocking attacks Reporting to the administration and security staff 8

Intrusion Detection and Prevention Systems (IDS/IDPS) Two types of IDS: HIDS: Host IDS, monitor changes in the operating system and software NIDS: Network IDS, monitor network traffic Two detection methods: Signatures Behaviour patterns Firewall Internal network 9

Example of an IDS signature: snort alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"web-iis ISAPI.printer access"; flow:to_server,established; uricontent:".printer"; nocase; reference:arachnids,533; reference:bugtraq,2674; reference:cve,2001-0241; reference:nessus,10661; classtype:webapplication-activity; sid:971; rev:9;) 10

Honeypots Systems configured with vulnerabilities so they can receive attacks and be used to study new techniques Two main types of honeypots: Low-interaction: simulate the operating system and applications High-interaction: the operating system isn't simulated They are also used to gather examples of virus and spam They should be under close control and disconnected from all networks 11

Antivirus and Anti-spam Gateways Intermediate services that filter malicious content from the network's input channels Malware detection in Web gateways and mail servers Anti-spam/Antivirus User Valid e-mail E-mail with spam o malware E-mail server 12

Virtual Private Networks (VPN) Networks that use a public infrastructure (non-secure) to access a private network in a reliable way Usually used to connect remote users, branches and offices with the internal network (point-to-point) Branch 1 Head quarters Branch 2 Remote users 13

Virtual Private Networks: Characteristics Authentication and authorization: managing users, roles and permissions Integrity: with the use of hash functions Confidentiality: the information is encrypted with DES, 3DES, AES, etc. Non-repudiation: the transmitted data is signed Head quarters Remote users 14

Unified Threat Management (UTM) Systems that integrate in one device a set of perimeter security solutions: Firewalls Intrusion Detection and Prevention Systems Antivirus and anti-spam gateways Virtual Private Networks 15

Example of a network architecture with perimeter security Firewall Internal network Remote client VPN Tunnel Firewall installed DMZ and internal network Restrictive policy Anti-spam and antivirus installed NIDS installed in the three interfaces Segmentation of public services: Web and antivirus/anti-spam gateway Internal services relocated: data base and mail Remote clients use VPN 16

Contact: info@intypedia.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information