Upload
blusmurfydot1
View
308
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
11
CONFIGURING TCP/IP ADDRESSING AND SECURITY
Chapter 11
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 2
OVERVIEW
Understand IP addressing
Manage IP subnetting and subnet masks
Understand IP security terminology
Manage Internet security features of Windows XP
Configure and troubleshoot Windows Firewall
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 3
Overview - 2
This chapter addresses advanced TCP/IP addressing and Internet security. It introduces students to classless interdomain routing (CIDR) subnetting and subnet masks, and it explores the binary nature of IP addresses and the knowledge necessary to troubleshoot addressing issues.
We will also introduce Windows XP Internet security features such as Windows Firewall. Proper configuration and operation of Windows Firewall can protect systems inexpensively.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 4
UNDERSTANDING BINARY NUMBERS
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 5
CONVERTING DECIMAL ADDRESSES TO BINARY
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 6
CONVERTING BINARY ADDRESSES TO DECIMAL
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 7
USING CALCULATOR TO CONVERT NUMBERS
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 8
SUBNET MASKS
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 9
PROBLEMS WITH CLASSFUL ADDRESSES
Wasted addresses
Shortage of address blocks
Excessive routing table entries
Netblock - a range of consecutive IP addresses
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 10
…More detail…
Netblocks were rigid, so organizations needing a contiguous address space were assigned an address block that, in some cases, was vastly larger than they needed. One example was any organization assigned a Class A netblock. Who has 1.7 million public systems?
The supply of netblocks was limited. The Class A networks were all taken, and Class B networks were getting scarce.
To deal with the scarcity of Class B blocks, some organizations obtained multiple Class C blocks to support their requirements. This resulted in a proliferation of routing table entries because several entries would be required to support several Class C networks for a single organization.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 11
SUBNETTING A LARGE NETWORK
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 12
Previous Slide…
This slide shows a Class A network being subnetted first into Class B networks and then into Class C networks.
This is one solution to the scarcity of Class B networks. It creates 256 Class B subnetworks for each Class A network divided in this way.
Each Class B network can then be divided into 256 Class C networks.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 13
CLASSLESS INTERDOMAIN ROUTING (CIDR)
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 14
SUPERNETS
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 15
SECURING IP COMMUNICATIONS
Internet threats
Protective technologies
Configuring and managing Windows Firewall
Monitoring Internet communications security
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 16
INTERNET THREATS
Viruses (the oldest threat)
Worms (the most persistent threat)
Trojan horses
Spyware
Zombies
Direct hacking
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 17
VIRUSES
Take advantage of gullible users
Infect document, graphics, andexecutable files
Often include mass-mailing components
Can carry destructive payloads
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 18
Viruses (continued…)
Computer viruses have been around since 1975, when John Walker released a program called Pervade to distribute a game he had invented. The game replicated itself to UNIVAC systems everywhere and, according to some accounts, eventually ended up on UNIVAC system distribution tapes.
Since that time, many more virulent viruses have been written, and the damage they have caused in terms of time and money has been enormous. Corporations spend billions of dollars each year to protect themselves against viruses, and billions of dollars more when their protections fail.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 19
WORMS
Self-replicating
Network-aware
Use bugs in programs or systems to spread
Can carry viruses or other payloads
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 20
Worms (continued…)
Worms scan networks looking for systems that are running operating systems or applications with certain known vulnerabilities. When they find a vulnerability, they insert themselves into the vulnerable system and begin using it to scan for more victims.
If a system is infected, any unpatched system connected to the network will be infected, repeating the cycle.
Discuss any recent news-making worms. Describe their attack vector and their payload. Discuss how infections from that particular worm might be prevented.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 21
TROJAN HORSES
Usually e-mailed or downloaded
Appear to be a useful program or game
Carry payload or back door application
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 22
Trojan Horses (continued…)
Trojan horses rely on credulous victims. They appear on the Internet as useful programs or fun games.
When they are executed on the victim’s system, they install a back door application to let hackers control the system or they launch a viral payload on the victim.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 23
SPYWARE
Has attributes of Trojan horses or worms
Spies on its victim
Might transmit marketing data or transmit personal data to the spyware author
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 24
Spyware (continued…)
Some spyware is voluntarily installed by users as part of a marketing agreement.
Other versions use viral or worm vectors to spread to target systems. Once installed, some versions simply collect demographic data.
Others log keystrokes or redirect browsers to sites that pay a royalty to the author.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 25
ZOMBIES
Payload of worm or Trojan horse
Remotely controlled to attack network targets
Participate in large-scale assaults on public Web sites
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 26
Zombies (continued…)
Zombies are planted and controlled by hackers to attack large sites.
Fleets of zombies can be coordinated by one “zombie master” to direct large-scale attacks against targets.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 27
DIRECT HACKING
Relatively low incidence Hardest form of attack to defeat
Although well-publicized by the movie industry, direct interactive penetration by hackers is relatively rare because it takes time, patience, and skill to locate vulnerable components on the intended victim’s system. Many hackers prefer to use mass attacks such as worms, Trojan horses, and viruses to gain access to systems.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 28
PROTECTIVE TECHNOLOGIES
Security Center
Windows Firewall
Internet Connection Sharing (ICS)
Third-party utilities
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 29
SECURITY CENTER
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 30
FIREWALL TERMINOLOGY
Packet filtering The process of inspecting packet headers to
determine whether they are allowed to enter the network. Those that do not conform with established rules for address, port, or protocol type are dropped.
Stateful packet filtering A more advanced form of packet filtering where
inbound packets must be received in response to an initial communication from the system. Outbound traffic is tracked in a “state table,” and inbound packets must conform to expected reply traffic to those communications.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 31
FIREWALL TERMINOLOGY
Exceptions (packet filter rules) Rules that allow some inbound traffic to
enter your system. For example, to allow Remote Desktop to enter your system if you want to access your system from work or school, you would enable an exception.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 32
FIREWALL TERMINOLOGY
Allowed traffic Packet traffic that is allowed to pass the
firewall. Rejected traffic
Packet traffic that has not met acceptance rules and is dropped.
Logging The process by which firewalls maintain a
history of acceptance and rejection events. Logging is often used to discover penetration attempts or troubleshoot connectivity issues.
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 33
ENABLING WINDOWS FIREWALL
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 34
FIREWALL EXCEPTIONS
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 35
ADVANCED WINDOWS FIREWALL SETTINGS
ICMP -Internet Control Message
Protocol
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 36
MONITORING INTERNET SECURITY
Windows Firewall monitoring
Service logs
Event logs
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 37
WINDOWS FIREWALL ALERTS
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 38
WINDOWS FIREWALL LOGS
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 39
SERVER LOGS
Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 40
SUMMARY
IP addresses are 32-bit binary addresses.
The network portion of IP addresses determines location.
CIDR allows creation of custom netblocks.
CIDR permits use of variable-length subnet masks.
Windows Firewall blocks unauthorized packets.
Windows Firewall exceptions allow specified traffic to pass through the firewall.
Alerts and logs warn of attempted attacks.