Upload
twallerstedt
View
279
Download
6
Tags:
Embed Size (px)
DESCRIPTION
Sample Chapter Presentation for MIS 450
Citation preview
Chapter 5 - Auditing Switches, Routers, and FirewallsMIS 450 Auditing and Security ControlsTed WallerstedtCommunity Faculty
Networking HardwareSwitches Layer 2 Networks within local Sends the message only to the port with the correct destination MAC addressRouters Layer 3 Data Link between networks, IP addressesUses dynamic routing tables such as OSPF open shortest path first
Network AddressesMAC address media access control assigned to each NIC network interface card (unique)
IP address internet protocol static unique to computer Now dynamically assigned within a LAN
Networks Models
ISOs OSI modelInternational Standards OrganizationsOpen System Interconnection
TCP/IP modelTransmission control protocol/internet protocol
OSI Model7 Application end user6 Presentation formatting encryption5 Session App to App4 Transport packet assembly/disassembly, error control TCP3 Network routing, IP addresses2 Data Link broadcast domain, Switches, MAC address1 Physical wiring, modulation, flow control
FirewallsProtects information in Security zonesPacket-Filtering layer 3 routers, list of IP addresses Stateful Packet Inspection layers 3 & 4, session states from layers 4 and 5 are protected from other trafficApplication proxies layer 7 (proxies hide the source of the communicationApplication-Level 7 gateways, dynamically refuses or allows access to the application
General Network Equipment Audit Apply to all hardware at all layersConfiguration file contains all information you need about the hardware.Config files are not secure out of the boxReview controls around developing and maintaining configurationsChange managementTest Immediately for degraded performance
1. HowMonitor Security mailing list (seclists.org)Routinely apply latest patchesStrictly followed existing configuration guideline (http://www.juniper.net/techpubs/software/junos/junos94/swconfig-routing/bgp-configuration-guidelines.html)Regularly scan for vulnerabilities pen testsRegularly compare actual with guidelinesIssue regular status reports of network security to upper management
2. Ensure Controls for Vulnerabilities are in place for current softwareSoftware updates, configuration changesCheck National Vulnerability Database http://nvd.nist.gov
3. Unnecessary services are Disabledunnecessary services are susceptibleMake sure exceptions have a legitimate business need.Figure 5-3 Cisco device services that should be disabled
4. Follow good SNMP management practicesSimple Network Management ProtocolFull administrative Access to network devicesCheck if SNMP is supportedVersion 3 authenticates packets and encrypts passwordsVersion 2 used clear text and are not authenticatedFollow standard password policiesUsers should be restricted
5. Procedures for User AccountsOnly create accounts when necessaryRemove or disable obsolete accountsStrong login proceduresNever share accounts
6. Password controlsStrong, Encrypted, change required PasswordsPasswords should be unique for privileged modes of operationType 5 encryption strong, MD5 hashType 7 weak, reversible algorithmAny plain text passwords should not be the same as any encrypted passwordsDont share passwords on different devices
7. Use secure management protocols when possibleSSHEncrypted Kerberized TelnetIPSecSNMPv3
8. Current Backups exist for config files
9. Logging is enabled and sent to centralized systemLogs should be sent to a secure host to prevent tampering
10. Evaluate use of Network Time ProtocolSynchronizes the timestamp on logged eventsStandardize clocks to a single time zone
11. Banner stating companys policy for use and monitoringPosted Keep Out
12. Access Controls are Applied to the Console PortPassword protected
13.All network equipment is stored in a secure locationEven the cables can be tampered with
14. Use standard naming convention for all devices
15. Standard documented processes exist for building network devices
Switches Layer 2Avoid using VLAN 1 Cisco routers by default have all ports assigned to VLAN 1. Therefore intruders can easily get to everything.Trunk autonegotiationSpanning-Tree protocol attack mitigation is ON
VLANsVirtual LANs break up domains and divide the network into multiple security levelsDisable unused ports and put them in an unused VLANVLAN Trunking Protocol VTP distributes config info over trunksAn attacker could change or destroy all vlansThresholds to limit broad or multicast trafficStorm control
Router Controls Layer 3Disable inactive interfaces on the routerSave core dumps?Routing updates must be authenticatedDisable IP source routing and IP directed broadcasts
Firewall controlsAll packets are denied by defaultFilter inappropriate internal and external IP addresses
Derived from: IT AuditingUsing Controls to Protect Information Assets(Davis, Schiller, Wheeler)2007 McGraw-Hill
*