Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

IS3220 Information Technology Infrastructure Security Unit 4

IS3220 Information Technology
Infrastructure Security
Unit 4
Network Security Tools and Techniques
© ITT Educational Services, Inc. All rights reserved.
Class Agenda 1
 Learning Objectives
 Discussion of Project
 Lesson Presentation and Discussions.
 Discussion on Assignments.
 Discussion on Lab Activities.
 Break Times. 10 Minutes break in every 1 Hour.
 Note: Submit all Assignment and labs due today.
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 2
Class Agenda 2
 Theory: 6:00pm -8:00pm
 Lab: 8:15pm to 11:00pm
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 3
Reading Assignment
 Chapter 5: Network Security
Implementation
 Chapter 7: Exploring the Depths of
Firewalls
 Chapter 15: Perspectives, Resources, and
the Future
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 4
Learning Objective and Key Concepts
Learning Objective
 Identify network security tools and discuss techniques for
network protection
Key Concepts
 Securing the LAN-to-WAN Domain – Internet
ingress/egress point
 Mitigating risk with IDSs and IPSs
 Intrusion detection and intrusion prevention strategies
 Automated network scanning and vulnerability
assessment tools
 Data protection strategies
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 5
Network Security Implementation
 Seven domains are commonly found in the typical
IT infrastructure
 Hackers look for every opportunity to exploit a
target.
 No aspect of an IT infrastructure is without risk or
immune to the scrutiny of hackers.
 Each of the seven domains of a typical IT
infrastructure has unique aspects that need
security improvements
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 6
Seven Domains of IT Infrastructure
 Risk associated to the every Seven Domains of IT
Infrastructure
 User Domain- training, strong authentication, granular
authorization, and detailed accounting.
 Workstation Domain- require security countermeasures
such as antivirus, anti-spyware, and vulnerability software
patch management
 Local Area Network (LAN) Domain-Protocols, addressing,
topology, and communication encryption provide security
for this domain.
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 7
 LAN-to-Wide Area Network (WAN) Domain- Switches,
routers, firewalls, proxies, and communication encryption
are important aspects of security for this domain.
 Remote Access Domain- involve SSL 128-bit encrypted
remote browser access or encrypted VPN tunnels for
secure remote communications.
 WAN Domain- Protocol selection, addressing schemes,
and communication encryption are elements of securing
this domain.
 Systems/Applications Domain -Network design,
authentication, authorization, accounting, and node
security are important security concerns for this domain.
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 8
EXPLORE: CONCEPTS
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 9
Vulnerability Assessment Scanners
 Network Scanners
 Web Application Scanners
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 10
Nmap and Zenmap
 Network mapper (Nmap) runs at command line
 Zenmap is the graphical user interface to Nmap
 Originally intended as a network mapping utility
 Port scanning and host detection features
• Identify access points to a network
• Identify holes in access controls
 Highly configurable
 Open source
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 11
Zenmap: Nmap Output Tab
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 12
Nessus
 Commercial security scanner developed by
Tenable Network Security
 UNIX based
 Network-centric with Web-based consoles and a
central server
 Offers a comprehensive set of tools
 Useful tool for larger networks
 Reports indicate which ports are open on which
hosts and any security threats to those ports
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 13
Retina
 Proprietary vulnerability scanner
 Deep-scan a network looking for known issues
that have not been patched in existing
applications
 Also scans for open ports
 Output report indicates network vulnerabilities
and the state of the environment
 Easy-to-understand graphically intensive format
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 14
SAINT
 SAINT = System Administrator’s Integrated
Network Tool
 Commercial vulnerability assessment tool
 UNIX based
 Full suite of tools like Nessus
 Saint Corporation sells SAINT and other
security tools
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 15
EXPLORE: PROCESS
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 16
Network Analysis
 Also referred to as “network forensic analysis”
 Analysis of network data to reconstruct network
activity over a specific period of time
 Common uses
• Detect vulnerabilities and threats
• Reconstruct the sequence of events that took place
during a network-based security incident
• Discover the source of security policy violations or
information assurance breaches
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 17
Network Analysis (Continued)
 Able to Reveal
• Vulnerabilities
• Probing
• Denial of service (DoS) attacks
• User-to-root attacks
• Remote-to-local attacks
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 18
Overview of Network Analysis Tools
 Packet Capture Tools
 Intrusion Detection Systems (IDSs)
 Data Collector
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 19
EXPLORE: ROLES
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 20
Data Loss/Data Leak Prevention Tools
 Detect and block sensitive data from
exiting a network
 Enforce policies across file shares,
databases, e-mail systems and on stored
data
 Two basic types
• Perimeter-based and client-based
• Some product combine the types
 Cloud products are coming
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 21
EXPLORE: CONTEXT
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 22
The LAN-to-WAN Domain
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 23
Ingress and Egress
 Ingress = Inbound traffic
 Egress = Outbound traffic
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 24
The Boundary Router
 Functions at the network perimeter in the
DMZ
 Accepts traffic from the Internet
 Filters unapproved traffic and passes
approved traffic to firewall
 Protects the internal network against IP
address spoofing and directed IP
broadcasts
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 25
Ingress Filtering
 Excludes or rejects all data packets that
have an internal host address
 Drops non-routable IP addresses
Note:
Non-routable IP addresses are specified
in RFC 1918 (Private Network Addresses)
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 26
Egress Filtering
 Stops packets from leaving the internal
(company) network that have non-company
addresses as their source address
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 27
Intrusion Detection System (IDS)
 Monitors internal hosts or networks
 Seeks symptoms of compromise or intrusion
 Upon detection of an intruder, an IDS can:
• Send commands or requests to the firewall to break a
connection
• Block an IP address
• Block a port/protocol
 Some IPSs provide basic data loss/leak
prevention capabilities
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 28
Intrusion Prevention System (IPS)
 Monitors internal hosts or networks
watching for symptoms of compromise or
intrusion
 Detects attempts to attack or intrude before
they are successful
 Upon detection of an intruder, an IPS can
respond by preventing the success of the
attempt
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 29
IDS vs. IPS
IDS
IPS
Detects and Acts
Prevents
Reacts to events
that IPS misses
First layer of
proactive defense
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 30
Host-Based vs. Network-Based IDSs/IPSs
 IDSs and IPSs
• IDSs and IPSs look for attack signatures—specific
patterns that usually indicate malicious or suspicious
intent
• Can be anomaly-based or behavioral-based
 Host-based and Network-based IDSs/IPSs
• Network-based IDSs/IPSs look for patterns in network
traffic
• Host-based IDSs/IPSs look for attack signatures in log
files
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 31
Summary
 Securing the LAN-to-WAN Domain ~
• Internet ingress and egress point
 Mitigating risk with IDSs and IPSs
 Intrusion detection and intrusion
prevention strategies
 Automated network scanning and
vulnerability assessment tools
 Data protection strategies
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 32
Unit 4 Assignments
 Discussion 4.1 Host-Based vs. Network-Based IDSs/IPSs
 Lab 4.2 Configuring a pfSense Firewall on the Server
 Assignment 4.3 Identify Unnecessary Services From a
Saved Vulnerability Scan
 Project 4.4 Network Survey
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 33
Related documents
ITT Technical Institute
ITT Technical Institute
ITT Tech ADV Committee Minutes
ITT Tech ADV Committee Minutes
2012 FIRST ITT Tech Scholarship Application
2012 FIRST ITT Tech Scholarship Application
Research Assignment
Research Assignment
10web - Temple University
10web - Temple University
ITT TECH PARTNERS WITH IMAGINEDESIGN TO LAUNCH PRO
ITT TECH PARTNERS WITH IMAGINEDESIGN TO LAUNCH PRO
Download