Upload
acton
View
63
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Chapter 2. NETWORK AND SERVER SECURITY. Content. Network Protocols Review Securing Servers Border Security. Network Protocols Review. Protocol: is a formal set of rules that describe how computers transmit data and communicate across a network. - PowerPoint PPT Presentation
Citation preview
Chapter 2
NETWORK AND SERVERSECURITY
Content
• Network Protocols Review• Securing Servers• Border Security
Network Protocols Review
• Protocol: is a formal set of rules that describe how computers transmit data and communicate across a network.
• Protocols are arranged in a stack of layers in which data is passed from the highest layer to the lowest layer to send a transmission(network stack).
Network stack and data encapsulation
OSI Seven-Layer Model
The Functions of Layer• Session Layer:
– Establishing the connection.– Transferring data.– Releasing the connection.
• Network Layer:– Switching and routing– Forwarding– Addressing– Error detection– Node traffic control
• Data Link Layer:– Media Access layer:
• Supports the network computer’s access to packet data.• Controls the network computer’s permission to transmit packet data.
– Logical Link layer:• Sets up the communication link between entities on a physical channel.• Converts data to be sent into bits for transmission.• Formats the data to be transmitted into frames.• Adds a header to the data that indicates the source and destination IP addresses.• Defines the network access protocol for data transmission and reception.• Controls error checking and frame synchronization.• Supports Ethernet and token-ring operations.
Protocols associated with each layer
• Application layer:– File Transfer Protocol (FTP)– Trivial File Transfer Protocol (TFTP)– Domain name system (DNS)– Simple Mail Transfer Protocol (SMTP)– Secure File Transfer Protocol (SFTP)– Shell (SSH) or SSH-2– Remote login (Rlogin)– Simple Network Management Protocol (SNMP)– BootP– Multipurpose Internet Mail Extensions (MIME)
• Presentation Layer– Hypertext Transfer Protocol (HTTP)– Moving Picture Experts Group (MPEG)– Joint Photographic Experts Group (JPEG)
Protocols associated with each layer
• Session Layer:– AppleTalk Session Protocol (ASP)– Network File System (NFS)– Remote procedure call (RPC)
• Transport Layer:– Transmission Control Protocol (TCP)– Stream Control Transmission Protocol (SCTP)– User Datagram Protocol (UDP)– Sequenced Packet Exchange (SPX)
• Network Layer:– Internet Protocol (IP)– Open Shortest Path First (OSPF)– Internet Control Message Protocol (ICMP)– Routing Information Protocol (RIP)– IP security (IPsec)– Address Resolution Protocol (ARP)– Reverse Address Resolution Protocol (RARP)
• Data Link Layer:– Serial Line Internet Protocol (SLIP)– Point-to-Point Protocol (PPP)
The TCP/IP Model Layers
The TCP/IP Model Layers
TCP/IP encapsulation
TCP/IP Ports
Best Practices for Network Security
• Three basic guidelines for securing the servers on your network:– Designing applications with security in
mind(Security by Design)– Maintaining a security mindset– Defense–in-depth
Security by Design• Some of the factors affecting security in the design phase of a development
effort are as follows:– The software developers and security professionals (network engineers)
historically came from different communities. This is still an issue today, although more software developers are attending security training and security conferences.
– The security threat was not well publicized. Security has made the front page more often in recent years.
– In many cases, the software developers are building an application that they have never coded before. However, a network engineer who designs a network has probably designed dozens of networks in the past.
– Until recently, software developers could not justify time spent on security features, because security features did not seem to affect the bottom line from management’s perspective.
– In the highly competitive marketplace for software, there has been a natural rush-to-market approach to beat the competition.
Maintaining a Security Mindset• The following are some approaches to developing a mindset that
will help you secure the servers on your network:– Base security decisions on the risk. Security can be like insurance; the
risk must be known to determine the coverage needed.– Use defense-in-depth. Many security controls are preferable to a single
point of protection.– Keep things simple. Simplicity and clarity will support a more secure
environment.– Respect the adversary. Do not underestimate the interest and
determination of the threat.– Work on security awareness. Security training is needed at all levels of
an organization.– Be paranoid and expect the worst.
Securing Servers
• To operate the server securely, an organization must establish a plan with associated procedures. These procedures should include the following key aspects:– Control the server configuration: The server must be
configured to minimize exposure to an attack.– Control users and access: A need-to-know and need-to-
access environment should be established regarding the server’s data and access.
– Monitoring, auditing, and logging: Security does not stop with deployment of the server.
Controlling the Server Configuration
• The following are three important considerations when securing the host system:– Physical Security of the System:
• Provide an uninterruptible power supply (UPS) unit with surge protection.
• Provide fire protection to minimize the loss of data and equipment.
• Provide adequate cooling and ventilation.• Provide adequate lighting and work space for maintaining and
upgrading the system.• Restrict physical access to the server(server space should be
locked, alarmed, and recorded for later evaluation).
Controlling the Server Configuration
• Minimizing Services– The following list shows typical services that should be disabled from a host if
not needed:• Telnet: The secure alternative, SSH, should be used instead, if needed.• SMTP: Mail server applications are frequent targets of attacks.• FTP: FTP is used to upload files to and download files from a central repository. FTP has a
number of vulnerabilities and must be properly configured to be safe.• TFTP: TFTP is used to transfer small files and can be used to upload a malicious file to a
computer.• Finger: Finger allows you to determine the name associated with an email address and
the last time the user logged on.• Netstat: Netstat is a Windows troubleshooting tool that allows you to see which ports a
computer is listening on, as well as other information about the network.• Systat: Systat is a Unix® troubleshooting tool.• Chargen and Echo: These services can be used to launch data-driven attacks and denial-
of-service (DoS) attacks.• DNS: This service requires frequent patches and upgrades to be secure.• RPC: Unless the server application explicitly uses RPC to communicate with other
systems, this should be disabled.
Managing Windows Services• Windows 2000 (and later) has three built-in accounts that
are typically used to run services, but you can also create a special user account and assign it the necessary rights and permissions.
• The three built-in accounts are as follows:– Local System: This account has permission to perform any task on
the computer and permission to access resources on the network.– Local Service: This account has very limited permissions on the
computer and cannot access other computers across the network.– Network Service: This account has the same local permissions as
Local Service, but can also access computers across the network.• You change the security context for a service through the
Log On tab of the service’s properties.
Managing Windows Services
Blocking Ports and Limiting Input and Output Devices
• Blocking Ports: You can block traffic to a specific port by configuring a firewall or IPSec.
• Some physical entry points you might consider removing include the following:– Modems– Network adapters– CD-ROM and DVD drives– Floppy drives– Universal Serial Bus (USB) ports– Monitor
Border Security• Segmenting a Network: Network segments can be theoretically classified
into the following:– Public networks: allow accessibility to everyone(unsecured Network)– Semi-private networks: sit between public networks and private
networks(exclusive subnets of large public networks).– Private networks: are organizational networks that handle confidential and
proprietary data and are the most common type of network.• The boundaries of such network segments are established by devices
capable of regulating and controlling the flow of packets into and out of the segment, including the following:– Routers– Switches– Bridges– Multi-homed gateways
Perimeter Defense
Firewalls• The reasons for an organization to employ firewalls to secure
their networks from other insecure networks:– Poor authentication– Poor authentication– Spoofing– Scanners and crackers
• Type of Firewall:– Packet-Filtering Firewalls– Stateful packet-filtering– Application Proxy Firewalls: working at Layer 7 of OSI
• Disadvantages of Firewalls– The cost involved in installation.
A web server in a DMZ
Network Address Translation• Feature of NAT:
– It is used to translate private addresses to public address.– hosts from inside the protected networks (with a private address) are
able to communicate with the outside world, but systems that are located outside the protected network have to go through the NAT system to reach internal networks.
– The main feature in NAT is the translation table(A single public IP address might be mapped to more than one private IP address).
• Translation tables are built using two methods:– Static: In this configuration, the relationships among the public and
private IP addresses are fixed.– 2. Dynamic outbound packets: In this mode, the translation tables get
updated automatically as outbound packets are processed from the private network.
The NAT methodology