Enterprise Network Security Accessing the WAN – Chapter 4 ITE I Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Describe the general methods used to mitigate security threats to Enterprise networks Configure Basic Router Security Explain how to disable unused Cisco router network services and interfaces Explain how to use Cisco SDM Manage Cisco IOS devices ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2 Why is Network Security Important? Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as: Loss of privacy, Theft of information, and even Legal liability. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 3 Increasing Threat to Security In 1985 = Password guessing, self replicating code In 1990= Password cracking, war dialing In 1995= Viruses example Nimda, Code red In 2000= Trajan Horse e.g Black Ortfice 2005 – to-date = Worm e.g Blaster, MyDoom, Slammer ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 4 Most common terms White hat-An individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. Hacker-A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent. Black hat-Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat. Phreaker-An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 5 Conti… Spammer-An individual who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages. Phisher-Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 6 Think like an Attacker The attacker's goal is : to compromise a network target or an application running within a network. Many attackers use this seven-step process to gain information and state an attack: Step 1-Perform footprint analysis (reconnaissance). A company webpage can lead to information, such as the IP addresses of servers. Step 2- Enumerate information. An attacker can expand on the footprint by monitoring network traffic with a packet sniffer such as Wireshark, finding information such as version numbers of FTP servers and mail servers. Step 3- Manipulate users to gain access. Step 4- Escalate (increase) privileges. Step 5- Gather additional passwords and secrets. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 7 Conti… Step 6- Install backdoors. Backdoors provide the attacker with a way to enter the system without being detected. The most common backdoor is an open listening TCP or UDP port. Step 7- Leverage the compromised system. After a system is compromised, an attacker uses it to stage attacks on other hosts in the network. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 8 Type of Computer Crime As security measures have improved over the years, some of the most common types of attacks have diminished in frequency, while new ones have emerged. nsider abuse of network access Virus Mobile device theft Phishing where an organization is fraudulently represented as the sender Instant messaging misuse Denial of service Unauthorized access to information Bots (Applications that run automated tasks) within the organization Theft of customer or employee data Abuse of wireless network ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 9 Conti… System penetration Financial fraud Password sniffing Key logging Website defacement Misuse of a public web application Theft of proprietary information Exploiting the DNS server of an organization Telecom fraud Sabotage Note: In certain countries, some of these activities may not be a crime, but are still a problem. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 10 Open versus Closed Networks The overall security challenge facing network administrators is balancing two important needs: Keeping networks open to support evolving business requirements and Protecting private, personal, and strategic business information. Open Network – Easy to configure and administer – Easy for end users to access network resources – Security cost: least expensive Restrictive – More difficult to configure and administer – More difficult for end users to access resources – Security cost: more expensive ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 11 Conti… Closed Network Most difficult to configure and administer Most difficult for end users to access resources Security cost: most expensive ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 12 Developing a Security Policy The first step any organization should take to protect its data and itself from a liability challenge is to develop a security policy. A policy is a set of principles that guide decision-making processes and enable leaders in an organization to distribute authority confidently. Assembling a security policy can be daunting if it is undertaken without guidance. For this reason, the International Organization for Standardization (ISO) And the International Electrotechnical Commission (IEC) have published a security standard document called ISO/IEC 27002. The document consists of 12 sections. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 13 Common Security Threats When discussing network security, three common factors are Vulnerability:- Vulnerability is the degree of weakness which is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices. Threat:- Threats are the people interested and qualified in taking advantage of each security weakness. Attack:-The threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices. There are three primary vulnerabilities or weaknesses: Technological weaknesses (HTTP, FTP etc) Configuration weaknesses (Unsecured Account, Internet Access etc) Security policy weaknesses (Lack of written security policy, Politics etc) ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 14 Conti… Threats to Physical Infrastructure When you think of network security, or even computer security, you may imagine attackers exploiting software vulnerabilities. A less glamorous, but no less important, class of threat is the physical security of devices. Hardware threats: Physical damage to servers, routers, switches, cabling plant, and workstations Environmental threats: Temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry) Electrical threats: Voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss Maintenance threats: Poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling One can mitigate these physical threats by locking, temperature control system, UPS and generator sets etc. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 15 Conti… Threats to Networks Unstructured Threats : Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools, such as shell scripts and password crackers. Structured Threats: Structured threats come from individuals or groups that are more highly motivated and technically competent. In 1995, Kevin Mitnick was convicted of accessing interstate computers in the United States for criminal purposes. He broke into the California Department of Motor Vehicles database, routinely took control of New York and California telephone switching hubs, and stole credit card numbers. He inspired the 1983 movie "War Games." External Threats: External threats can arise from individuals or organizations working outside of a company who do not have authorized access Internal Threats: Internal threats occur when someone has authorized access to the network with either an account or physical access. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 16 ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 17 Conti… Types of Network Attacks – Reconnaissance: Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities - ping or gping– Access: System access is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password- dictionary ,rainbow table -L0phtCrack- or brute force attack. – Denial of Service: Denial of service (DoS) is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. – Worms, Viruses, and Trojan Horses: Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services. Sub7 ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 18 Conti… General Mitigation Technique Antivirus Software Personal Firewall Operating System Patches HIDS and HIPS ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 19 Common Security Appliances and Applications – In the past, the one device that would come to mind for network security was the firewall. – An integrated approach involving firewall, intrusion prevention, and VPN is necessary. – Threat control- Devices that provide threat control solutions are: Cisco ASA 5500 Series Adaptive Security Appliances – Integrated Services Routers (ISR) – Network Admission Control – Cisco Security Agent for Desktops – Cisco Intrusion Prevention System ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 20 Conti… Secure communications: VPN Network admission control (NAC) :Provides a roles-based method of preventing unauthorized access to a network. Cisco offers a NAC appliance. Cisco IOS Software on Cisco Integrated Services Routers (ISRs) Cisco ASA 5500 Series Adaptive Security Appliance The PIX has evolved into a platform that integrates many different security features, called the Cisco Adaptive Security Appliance (ASA). The Cisco ASA integrates firewall, voice security, SSL and IPsec VPN, IPS, and content security services in one device. Cisco IPS 4200 Series Sensors Cisco NAC Appliance: Enforce security policy compliance on all devices Cisco Security Agent (CSA) provides threat protection capabilities for server, desktop, and point-of-service (POS) computing systems. E.g spyware, rootkits, and day-zero attacks. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 21 Conti…. To assist with the compliance of a security policy, the Security Wheel, a continuous process, has proven to be an effective approach. The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis. Step 1. Secure Step 2. Monitor Step 3. Test Step 4. Improve ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 22 Securing Cisco Routers The Role of Routers in Network Security Router security is a critical element in any security deployment. Routers are definite targets for network attackers. If an attacker can compromise and access a router, it can be a potential aid to them Routers fulfill the following roles: Advertise networks and filter who can use them. Provide access to network segments and subnetworks. Here are some examples of various security problems Compromising the access control Compromising the route tables Misconfiguring a router traffic filter ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 23 Conti… Securing Your Network Securing routers at the network perimeter is an important first step in securing the network. Think about router security in terms in these categories: Physical security Update the router IOS whenever advisable Backup the router configuration and IOS Harden the router to eliminate the potential abuse of unused ports and services (You should harden your router configuration by disabling unnecessary services.) ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 24 Conti… Steps to Safeguard a Router Step 1. Manage router security (Good password practices, Passphrases) Step 2. Secure remote administrative access to routers(SSH) Step 3. Logging router activity ((syslog)) Step 4. Secure vulnerable router services and interfaces ((CDP) Step 5. Secure routing protocols Step 6. Control and filter network traffic R1(config)# service password-encryption R1(config)# do show run | include username R1(config)# security passwords min-length 10 ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 25 Cisco SDM The Cisco Router and Security Device Manager (SDM) is an easy-to-use, Web-based device-management tool designed for configuring LAN, WAN, And security features on Cisco IOS software-based routers. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 26 Conti… Cisco SDM Features Cisco SDM simplifies router and security configuration through the use of several intelligent wizards Efficient configuration of key router virtual private network (VPN) Cisco IOS firewall parameters. This capability permits administrators to quickly and easily deploy, configure, and monitor Cisco access routers. Cisco SDM Interfaces Interfaces and Connections Firewall Policies VPN Routing ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 27 Configuring Router to support SDM Step 1. Access the router's Cisco CLI interface using Telnet or the console connection Step 2. Enable the HTTP and HTTPS servers on the router Step 3.Create a user account defined with privilege level 15 (enable privileges). Step 4. Configure SSH and Telnet for local login and privilege level 15. SDM Interfaces ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 28 How to Use Cisco SDM Start SDM ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 29 Conti… ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 30 Conti… The Cisco SDM one-step lockdown wizard implements almost all of the security configurations that Cisco AutoSecure offers ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 31 Manage Cisco IOS Devices R2# copy running-config startup-config R2# copy system:running-config nvram:startup-config Copy the running configuration from RAM to a remote location: R2# copy running-config tftp: R2# copy system:running-config tftp: Copy a configuration from a remote source to the running configuration: R2# copy tftp: running-config R2# copy tftp: system:running-config Copy a configuration from a remote source to the startup configuration: R2# copy tftp: startup-config R2# copy tftp: nvram:startup-config ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 32 Manage Cisco IOS Devices How to recover the enable password and the enable secret passwords ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 33 Summary Security Threats to an Enterprise network include: –Unstructured threats –Structured threats –External threats –Internal threats Methods to lessen security threats consist of: –Device hardening –Use of antivirus software –Firewalls –Download security updates ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 34 Summary Basic router security involves the following: –Physical security –Update and backup IOS –Backup configuration files –Password configuration –Logging router activity Disable unused router interfaces & services to minimize their exploitation by intruders Cisco SDM –A web based management tool for configuring security measures on Cisco routers ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 35 Summary Cisco IOS Integrated File System (IFS) –Allows for the creation, navigation & manipulation of directories on a cisco device ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 36 ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 37