26
Chapter 5 - Auditing Switches, Routers, and Firewalls MIS 450 Auditing and Security Controls Ted Wallerstedt Community Faculty

Chap 5 Switches, Routers, And Firewalls

Tags:

Embed Size (px)

DESCRIPTION

Sample Chapter Presentation for MIS 450

Citation preview

  • Chapter 5 - Auditing Switches, Routers, and FirewallsMIS 450 Auditing and Security ControlsTed WallerstedtCommunity Faculty

  • Networking HardwareSwitches Layer 2 Networks within local Sends the message only to the port with the correct destination MAC addressRouters Layer 3 Data Link between networks, IP addressesUses dynamic routing tables such as OSPF open shortest path first

  • Network AddressesMAC address media access control assigned to each NIC network interface card (unique)

    IP address internet protocol static unique to computer Now dynamically assigned within a LAN

  • Networks Models

    ISOs OSI modelInternational Standards OrganizationsOpen System Interconnection

    TCP/IP modelTransmission control protocol/internet protocol

  • OSI Model7 Application end user6 Presentation formatting encryption5 Session App to App4 Transport packet assembly/disassembly, error control TCP3 Network routing, IP addresses2 Data Link broadcast domain, Switches, MAC address1 Physical wiring, modulation, flow control

  • FirewallsProtects information in Security zonesPacket-Filtering layer 3 routers, list of IP addresses Stateful Packet Inspection layers 3 & 4, session states from layers 4 and 5 are protected from other trafficApplication proxies layer 7 (proxies hide the source of the communicationApplication-Level 7 gateways, dynamically refuses or allows access to the application

  • General Network Equipment Audit Apply to all hardware at all layersConfiguration file contains all information you need about the hardware.Config files are not secure out of the boxReview controls around developing and maintaining configurationsChange managementTest Immediately for degraded performance

  • 1. HowMonitor Security mailing list (seclists.org)Routinely apply latest patchesStrictly followed existing configuration guideline (http://www.juniper.net/techpubs/software/junos/junos94/swconfig-routing/bgp-configuration-guidelines.html)Regularly scan for vulnerabilities pen testsRegularly compare actual with guidelinesIssue regular status reports of network security to upper management

  • 2. Ensure Controls for Vulnerabilities are in place for current softwareSoftware updates, configuration changesCheck National Vulnerability Database http://nvd.nist.gov

  • 3. Unnecessary services are Disabledunnecessary services are susceptibleMake sure exceptions have a legitimate business need.Figure 5-3 Cisco device services that should be disabled

  • 4. Follow good SNMP management practicesSimple Network Management ProtocolFull administrative Access to network devicesCheck if SNMP is supportedVersion 3 authenticates packets and encrypts passwordsVersion 2 used clear text and are not authenticatedFollow standard password policiesUsers should be restricted

  • 5. Procedures for User AccountsOnly create accounts when necessaryRemove or disable obsolete accountsStrong login proceduresNever share accounts

  • 6. Password controlsStrong, Encrypted, change required PasswordsPasswords should be unique for privileged modes of operationType 5 encryption strong, MD5 hashType 7 weak, reversible algorithmAny plain text passwords should not be the same as any encrypted passwordsDont share passwords on different devices

  • 7. Use secure management protocols when possibleSSHEncrypted Kerberized TelnetIPSecSNMPv3

  • 8. Current Backups exist for config files

  • 9. Logging is enabled and sent to centralized systemLogs should be sent to a secure host to prevent tampering

  • 10. Evaluate use of Network Time ProtocolSynchronizes the timestamp on logged eventsStandardize clocks to a single time zone

  • 11. Banner stating companys policy for use and monitoringPosted Keep Out

  • 12. Access Controls are Applied to the Console PortPassword protected

  • 13.All network equipment is stored in a secure locationEven the cables can be tampered with

  • 14. Use standard naming convention for all devices

  • 15. Standard documented processes exist for building network devices

  • Switches Layer 2Avoid using VLAN 1 Cisco routers by default have all ports assigned to VLAN 1. Therefore intruders can easily get to everything.Trunk autonegotiationSpanning-Tree protocol attack mitigation is ON

  • VLANsVirtual LANs break up domains and divide the network into multiple security levelsDisable unused ports and put them in an unused VLANVLAN Trunking Protocol VTP distributes config info over trunksAn attacker could change or destroy all vlansThresholds to limit broad or multicast trafficStorm control

  • Router Controls Layer 3Disable inactive interfaces on the routerSave core dumps?Routing updates must be authenticatedDisable IP source routing and IP directed broadcasts

  • Firewall controlsAll packets are denied by defaultFilter inappropriate internal and external IP addresses

    Derived from: IT AuditingUsing Controls to Protect Information Assets(Davis, Schiller, Wheeler)2007 McGraw-Hill

    *


TeamViewer 14 Manual Remote Control · 2019-09-10 · TeamViewer works behind firewalls, NAT routers and proxy servers without configuration effort. 1.2 About the manual This manual

TeamViewer 14 Manual Remote Control · 2019-09-10 · TeamViewer works behind firewalls, NAT routers and proxy servers without configuration effort. 1.2 About the manual This manual

Documents
Global Solutions, Local Approach. Global Services Brochure.pdfIPsec VPN equipment such as the Cisco 800 Series, Cisco 1900 Series, etc. Firewalls, modems, routers, switches. ... Maintenance

Global Solutions, Local Approach. Global Services Brochure.pdfIPsec VPN equipment such as the Cisco 800 Series, Cisco 1900 Series, etc. Firewalls, modems, routers, switches. ... Maintenance

Documents
Vulnerability Analysis Using Nessus I find it runs best on Linux, ... lNessus will crash systems, routers, firewalls, ... l What kind of host (Windows, Unix, Mac)

Vulnerability Analysis Using Nessus I find it runs best on Linux, ... lNessus will crash systems, routers, firewalls, ... l What kind of host (Windows, Unix, Mac)

Documents
DESIGN AND IMPLEMENTATION OF A HIGH ......Unlike firewalls, network intrusion prevention systems (NIPSes) are significantly more complex and, as a result, are lagging behind routers

DESIGN AND IMPLEMENTATION OF A HIGH ......Unlike firewalls, network intrusion prevention systems (NIPSes) are significantly more complex and, as a result, are lagging behind routers

Documents
Firewalls Types of Firewalls

Firewalls Types of Firewalls

Documents
ARIZONA DEPARTMENT OF HOMELAND SECURITY · •Hardware - intrusion detection systems, intrusion prevention systems (firewalls), additional servers, routers/switches ... regarding

ARIZONA DEPARTMENT OF HOMELAND SECURITY · •Hardware - intrusion detection systems, intrusion prevention systems (firewalls), additional servers, routers/switches ... regarding

Documents
Network Security - Siemens · SCALANCE M Internet and mobile wireless routers 16 Application examples 18 ... perimeter network Firewalls and VPN Network security G_IK10_XX_10336 Defense

Network Security - Siemens · SCALANCE M Internet and mobile wireless routers 16 Application examples 18 ... perimeter network Firewalls and VPN Network security G_IK10_XX_10336 Defense

Documents
ASA 5505 Dropping Connection General Gateways Routers and Firewalls General Networking

ASA 5505 Dropping Connection General Gateways Routers and Firewalls General Networking

Documents
Chap 7 – Configure Wireless Routers Learning Objectives

Chap 7 – Configure Wireless Routers Learning Objectives

Documents
og NET 4 201anetusa.net/public/documents/SureLog_Fetures.pdfToday's IT operations require many technologies; routers, firewalls, switches, file servers, and applications ... Linux

og NET 4 201anetusa.net/public/documents/SureLog_Fetures.pdfToday's IT operations require many technologies; routers, firewalls, switches, file servers, and applications ... Linux

Documents
Routers Firewalls And Proxies - OH MY!

Routers Firewalls And Proxies - OH MY!

Technology
Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers

Ensuring Continuous PCI-DSS 3.0 Compliance for Your Firewalls and Routers

Technology
SNMP In Depth. SNMP u Simple Network Management Protocol –The most popular network management protocol –Hosts, firewalls, routers, switches…UPS, power

SNMP In Depth. SNMP u Simple Network Management Protocol –The most popular network management protocol –Hosts, firewalls, routers, switches…UPS, power

Documents
Auditing Routers, Switches, And Firewalls

Auditing Routers, Switches, And Firewalls

Documents
Firewalls CS432. Overview What are firewalls? Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls

Firewalls CS432. Overview What are firewalls? Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls

Documents
HELSINKI UNIVERSITY OF TECHNOLOGY NETWORKING … · 2007. 4. 19. · `University of Wisconsin NTP server was hard-coded in ~700K appliances (routers, firewalls) `Implementation bug:

HELSINKI UNIVERSITY OF TECHNOLOGY NETWORKING … · 2007. 4. 19. · `University of Wisconsin NTP server was hard-coded in ~700K appliances (routers, firewalls) `Implementation bug:

Documents
Test Report: DNSSEC Impact on Broadband Routers and Firewalls

Test Report: DNSSEC Impact on Broadband Routers and Firewalls

Documents
WhatsUp Gold...Manage & Monitor Your Infrastructure WhatsUp Gold continuously monitors the availability and performance of your infrastructure from routers, switches, and firewalls

WhatsUp Gold...Manage & Monitor Your Infrastructure WhatsUp Gold continuously monitors the availability and performance of your infrastructure from routers, switches, and firewalls

Documents
UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls

UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls

Documents
An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview

An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview

Documents
Application Note: Hardening Netscreen Firewalls - cymru.com · 3 routers and firewalls coincide, but by drawing from the most effective functions of these devices and bringing them

Application Note: Hardening Netscreen Firewalls - cymru.com · 3 routers and firewalls coincide, but by drawing from the most effective functions of these devices and bringing them

Documents
Security Testing - · PDF fileSecurity Testing: Step by Step System ... -Firewalls, Routers, Gateways, Switches-Web Servers-Database Servers ... - Windows - Solaris - Linux Viruses

Security Testing - · PDF fileSecurity Testing: Step by Step System ... -Firewalls, Routers, Gateways, Switches-Web Servers-Database Servers ... - Windows - Solaris - Linux Viruses

Documents
The SIP Switch - Intertex - sip enabled firewalls, adsl …intertex.se/upfiles/SIPSwitch.pdfKEY FEATURES Without With (For Intertex routers, fi rewalls and ADSL modems) SIP Switch

The SIP Switch - Intertex - sip enabled firewalls, adsl …intertex.se/upfiles/SIPSwitch.pdfKEY FEATURES Without With (For Intertex routers, fi rewalls and ADSL modems) SIP Switch

Documents
Firewalls - ubnetdef.org · •Network routers were predecessors to modern firewalls •Packet Filters developed in 1987 by AT&T Bell Labs •Stateful Filters developed 1989-1990

Firewalls - ubnetdef.org · •Network routers were predecessors to modern firewalls •Packet Filters developed in 1987 by AT&T Bell Labs •Stateful Filters developed 1989-1990

Documents
Extending ADDM Discovery to Firewalls, Applications and Routers

Extending ADDM Discovery to Firewalls, Applications and Routers

Technology
CS155 - Firewalls · 1 CS155 - Firewalls Simon Cooper CS155 – Firewalls 22 May 2003

CS155 - Firewalls · 1 CS155 - Firewalls Simon Cooper CS155 – Firewalls 22 May 2003

Documents
Devices ISQS 6342 Spring 2004 Gurkan Ozfidan. Outline Firewalls, Routers, Switches Firewalls, Routers, Switches Wireless/Modems Wireless/Modems Remote

Devices ISQS 6342 Spring 2004 Gurkan Ozfidan. Outline Firewalls, Routers, Switches Firewalls, Routers, Switches Wireless/Modems Wireless/Modems Remote

Documents
IP Security - Computer Action Teamweb.cecs.pdx.edu/~jrb/netsec/lectures/pdfs/ipsec.pdf · firewalls/routers great MITM attack ... Stallings - Cryptography and ... Jim Binkley 39 naming

IP Security - Computer Action Teamweb.cecs.pdx.edu/~jrb/netsec/lectures/pdfs/ipsec.pdf · firewalls/routers great MITM attack ... Stallings - Cryptography and ... Jim Binkley 39 naming

Documents
AARNet BGP multihoming - gdt.id.augdt/presentations/2008-07-08-questnet-bgp/glen...BGP multihoming Mike Groeneweg ... Figure 1: Typical university network design Core routers Firewalls

AARNet BGP multihoming - gdt.id.augdt/presentations/2008-07-08-questnet-bgp/glen...BGP multihoming Mike Groeneweg ... Figure 1: Typical university network design Core routers Firewalls

Documents
This presentation discusses Microsoft® System Center …download.microsoft.com/download/C/2/2/C22B638D-12D1... · and Linux servers, ... firewalls, load balancers, routers, ... the

This presentation discusses Microsoft® System Center …download.microsoft.com/download/C/2/2/C22B638D-12D1... · and Linux servers, ... firewalls, load balancers, routers, ... the

Documents