Section 8.1: Network Threats 

Summary

In this section students will learn about threats to a network and the countermeasures to reduce the effects of an attack. Threats discussed include:

 

 

Generic countermeasures discussed include implementation of:

 

Specific countermeasures are presented to prevent:

 

Lecture Focus Questions:

Video/Demo                                                          Time

8.1.1 Network Threats                                                    16:09
8.1.2 Social Engineering                                                8:25
Total                                                                           24:34

Section 8.2: Firewalls

Summary

This section discusses using firewalls to allow or block network traffic. The following details about firewalls are discussed:

 

·         Network-based firewall

·         Host-based firewall

·         Filtering rules (also called access control lists (ACLs))

·         Firewall types

o   Packet filtering firewall

o   Circuit-level proxy: second generation of firewalls, calling them Circuit-level gateway.[citation needed] Second-generation firewalls perform the work of their first-generation predecessors but operate up to layer 4 (transport layer) of the OSI model. This is achieved by retaining packets until enough information is available to make a judgement about its state.[11] Known as stateful packet inspection, it records all connections passing through it and determines whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection.

 

o   Application level gateway: Also known as application proxy or application-level proxy, an application gateway is an application program that runs on a firewall system between two networks. When a client program establishes a connection to a destination service, it connects to an application gateway, or proxy. The client then negotiates with the proxy server in order to communicate with the destination service. In effect, the proxy establishes the connection with the destination behind the firewall and acts on behalf of the client, hiding and protecting individual computers on the network behind the firewall. This creates two connections: one between the client and the proxy server and one between the proxy server and the destination. Once connected, the proxy makes all packet-forwarding decisions. Since all communication is conducted through the proxy server, computers behind the firewall are protected. While this is considered a highly secure method of firewall protection, application gateways require great memory and processor resources compared to other firewall technologies, such as stateful inspection.

·         Zones used with firewalls

·         Demilitarized zone (DMZ) configurations

·         Characteristics of network ports

·         ICANN categories for ports:

o   Well known ports that correspond to common Internet services: These generally correspond to processes that implement key IP applications, such as , FTP servers and the like. For this reason, these are sometimes called system port numbers. 0 to 1,023

o   Registered ports: Anyone who creates a viable TCP/IP can request to reserve one of these port numbers, and if approved, the IANA will register that port number and assign it to the application. 1,024 to 49,151

o   Dynamic ports (also called private or high): These ports are neither reserved nor maintained by IANA. They can be used for any purpose without registration, so they are appropriate for a private protocol used only by a particular organization. 49,152 to 65,535

 

Lecture Focus Questions:

Video/Demo                                                          Time

8.2.1 Firewalls                                                      15:47
8.2.4 Configuring Windows Firewall                    3:50
Total                                                                           19:37

Lab/Activity

Section 8.3: VPNs

Summary

This section provides details of how a Virtual Private Network (VPN) uses encryption to secure IP traffic over a TCP/IP network. Facts discussed include:

 

·         The role of a tunneling protocol

·         The role of tunnel endpoints

·         Possible VPN implementations

·         Implementation methods

o   Host-to-host VPN

o   Site-to-site VPN

o   Remote access VPN

·         A comparison of common tunneling protocols

o   Point-to-Point Tunneling Protocol (PPTP): e most popularly VPN protocol. easiest to configure and has low overhead that makes it faster than other VPN protocols. Firewalls such as ISA Server, Cisco PIX and Sonic Wall recognize the protocol. PPTP encrypts data using a 128-bit key which puts it in the “weakest” category of VPN protocols. It has also had other weaknesses in the past, such as clear-text authentication prior to a connection being established and as such it is rarely used in sensitive business environments. However, the most recent implementations of this protocol have resolved some of the security issues – for example, the implementation of EAP authentication.

o   Layer Two Tunneling Protocol (L2TP): came about through a partnership between Cisco and Microsoft with the intention of providing a more secure VPN protocol. L2TP is considered to be a more secure option than PPTP. requires a pre-shared certificate or key. L2TP’s strongest level of encryption makes use of 168 bit keys, 3 DES encryption algorithm and requires two levels of authentication. L2TP has a number of advantages in comparison to PPTP in terms of providing data integrity and authentication of origin verification designed to keep hackers from compromising the system. However, the increased overhead required to manage this elevated security means that it performs at a slower pace than PPTP.

o   Internet Protocol Security (IPSec): a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, while some other Internet security systems in widespread use, such as Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of the TCP/IP model. Hence, IPsec protects any application traffic across an IP network. Applications do not need to be specifically designed to use IPsec. Without IPsec, the use of TLS/SSL must be designed into an application to protect the application protocols.

o   Secure Sockets Layer (SSL): cryptographic protocols which are designed to provide communication security over the Internet. They use X.509 certificates and hence asymmetric cryptography to assure the counterparty with whom they are communicating, and to exchange a symmetric key.

 

Lecture Focus Questions:

Video/Demo                                                          Time

 

8.3.1 Virtual Private Networks (VPNs)              10:16
8.3.3 Configuring a VPN Connection                12:40
Total                                                                           23:03

Lab/Activity

Section 8.4: Switch Security

 

 

Lecture Focus Questions:

Video/Demo                                                          Time

8.4.1 Switch Security                                                     13:01
8.4.2 Configuring VLANs                                               4:35
Total                                                                           17:36

Lab/Activity

Section 8.5: Authentication

 

·         The process to access resources on a network:

o   Identification

o   Authentication

·         Ways to prove identity to an authentication server:

o   Type 1 Something you know

o   Type 2 Something you have

o   Type 3 Something you are

·         Terms to measure the effectiveness of authentication solutions:

o   False negative

o   False positive

o   Crossover error rate

o   Processing rate

·         Authentication methods to increase security:

o   Two-factor, three-factor, multi-factor

o   Strong

o   One-factor

o   Mutual

·         Single Sign-on (SSO):

o   Advantages

o   Disadvantages

·         Authentication protocols:

o   Certificates

o   Public Key Infrastructure (PKI)

o   Certification Authorities (CAs)

o   Trusted CAs and certificates

o   Digital signatures

·         Authentication protocols

o   Challenge Handshake Authentication Protocol (CHAP)

o   Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

o   Extensible Authentication Protocol (EAP)

o   Kerberos

o   802.1x

 

Lecture Focus Questions:

Video/Demo                                                          Time

8.5.1 Authentication                                                       11:19

8.5.3 Authentication Protocols                                     14:05
8.5.4 Digital Certificates                                                  7:02

 Total                                                                           32:26

Section 8.6: Secure Protocols

 

·         Secure protocols

o   Secure Sockets Layer (SSL)

o   Transport Layer Security (TLS)

o   Secure Shell (SSH)

·         Comparison of unsecure and secure protocols:

 

Lecture Focus Questions:

Video/Demo                                                          Time

8.6.1 Secure Protocols                                                    4:50
8.6.2 Adding SSL to a Web Site                                    5:23

 Total                                                                           10:13

Section 8.7: Detection and Prevention

 

·         Network tools to monitor a network for threats include:

 

Lecture Focus Questions:

Video/Demo                                                          Time

8.7.1 Intrusion Detection and Prevention                                6:03

8.7.4 Vulnerability Assessment                                     4:54

 Total                                                                           10:57

Lab/Activity