OV 4 - 1 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork...

Hardening Internetwork Devices and Services

Harden Internetwork Connection Devices Harden DNS and BIND Servers Harden Web Servers Harden File Transfer Protocol (FTP) Servers Harden Network News Transfer Protocol (NNTP) Servers Harden Email Servers Harden Conferencing and Messaging Servers

Internetwork Devices

SwitchesRouters Firewalls

Unnecessary Network Protocols

Transport protocols

NetBEUI

NWLink

AppleTalk

Service protocols

Others

Firmware Updates

Internetwork Device Vulnerabilities

SNMP Telnet Router configuration Finger Small server IP filter Default ports IP source routing ICMP redirect RIP v1

Web server

An Intranet

Employee handbook

An Extranet

Company A

Company C Company B

A VLAN

Point-to-pointconnection

VLAN switch

192.168.12.100

NAT Server

192.168.12.20 192.168.12.30

24.96.83.120

Network Media Types

Twisted pair

Fiber-optic

Network Media Vulnerabilities

Coax vulnerabilities Twisted-pair vulnerabilities Fiber-optic vulnerabilities General vulnerabilities

Hardening Internetwork Devices

Protect the devices while maintaining connectivity Follow hardening guidelines Requirements will vary

everythingforcoffee.com

www.everythingforcoffee.com192.168.1.2

.com .org

DNS and BIND Vulnerabilities

Spoofing Hijacking Cache corruption Input validation Environment variables Zone transfers Rogue client registrations

Hardening DNS and BIND

Protect the zone information while maintaining

service availability Follow hardening guidelines Requirements will vary

Web client Web server

Web Server Authentication

Web client Web server

Web Server Authentication Methods

Address-based Anonymous Basic Digest Integrated Certificates

Web Server Vulnerabilities

Format string Improper input validation CGI scripts Code outside web root Web server applications Weak authentication Clear text transmissions HTML source code Buffer overflows

Hardening Web Servers

Protect data and server while maintaining

website access Follow hardening guidelines Requirements will vary

FTP client

FTP Vulnerabilities

Basic authentication Anonymous and blind FTP Unnecessary services Clear text transmissions Firewall configuration “Glob” “Bounce” File sharing exploitation

PasswordPasswordPassword isencrypted

Password isencrypted

Session issecured

011001slogin

SSH encryptionFTP client

Hardening FTP Servers

Protect the server and data while

maintaining service Follow hardening guidelines Requirements will vary

Subscriber

NNTP Vulnerabilities

Anonymous access Password privacy Data privacy Email integration

Hardening an NNTP Server

Prevent unauthorized postings and data

loss while maintaining service Follow hardening guidelines Requirements will vary

Email clientEmail server

Email Vulnerabilities

Email worms Malicious code 8.3 file names Data buffers Spam Hoaxes SMTP relays

Public email security Encrypt message contents and encrypt key Digital signing

S/MIME

Security for email attachments Various attachment file formats Encryption and digital signing

Hardening Email Servers

Protect server and mail data while

supporting email users Follow hardening guidelines Requirements will vary

Conferencing and Messaging Vulnerabilities

Sniffing Eavesdropping Privacy Social engineering

Hardening Conferencing and Messaging Servers

Protect server and data, prevent spoofing,

maintain service availability Follow hardening guidelines Requirements will vary

Reflective Questions

1. Which internetwork connection device do you think is most important to secure?

2. Which provides a greater security threat to your organization: your border router or your email infrastructure?

OV 4 - 1 Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork...

Documents

ETHERNET INTERNETWORK NODE CONTROLLER … · EINC Data Sheet TA200137 Issue 2/B 25/09/03 1 Data Sheet EINC Ethernet Internetwork Node Controller ETHERNET INTERNETWORK NODE CONTROLLER

Cisco - Cisco Guide to Harden Cisco IOS Devices · Cisco Guide to Harden Cisco IOS Devices Document ID ... General Management Plane Hardening ... NetFlow can also be used in order

1 Securing the Network Infrastructure. Objectives Work with the network cable plant Secure removable media Harden network devices Design network topologies

Postmodern Internetwork Architecture

Harden · Luxurious comfort meets west coast style. That’s Hale Harden. A clothing line that specializes in cashmere, Hale Harden blends traditional artistry

Internetwork Operation Done

Internetwork Protocols

CCNA Exploration Network Fundamentals - … networks/Chapter10... · Internetwork Devices Routers are the primary devices used ... devices used are hubs and switches. Hub ... Network

COE 444 - Internetwork Design and Management

Liam harden - Media

LEDC InterNetwork Soapbox

2013 Harden Picnic Races - Fairfax Media6 - THE HARDEN MURRUMBURRAH EXPRESS, Thursday, October 24, 2013. THE HARDEN MURRUMBURRAH EXPRESS, Thursday, October 24, 2013. - 7 2013 Harden

Recursive InterNetwork Architecture - delaat.net · Recursive InterNetwork Architecture AnAssessmentoftheIRATIImplementation JeroenvanLeur JeroenKlomp University of Amsterdam System

Internetwork Solutions - Cisco Training & Certification

Interconnection of Networks: Internetwork

Harden to Aurbach

4 Harden Ability

Internetwork Planning and Design - KFUPM

Harden Security Devices Against Increasingly Sophisticated Evasions

Mobility in a Publish Subscribe Internetwork