Upload
theodore-newton
View
225
Download
0
Tags:
Embed Size (px)
Citation preview
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
1
IT 4823 – Information Security Administration
Chapter 4: Telecommunications and Network Security, Part 2 of 3
Summer 2006, Feibish
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
2
OSI/TCP Models
Last lecture: discussion of OSI and TCP/IP models
THIS CHAPTER COVERS A TREMENDOUS AMOUNT OF GENERAL NETWORK INFORMATION. WE WILL NOT HAVE TIME TO REVIEW ALL OF THIS INFORMATION IN CLASS.
If you are not familiar with computer networks, pay special attention to this chapter. We wll focus on the security-related information in the chapter.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
3
Protocol
Def: A network protocol is a standard set of rules that determines how systems will communicate across networks.
Two different systems that use the same protocol can communicate and understand each other despite their differences, similar to how two people can communicate and understand each other by using the same language.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
4
Review: Encapsulation
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
5
Duplex:
• Simplex Communication takes place in one direction.
• Half-duplex Communication takes place in both directions, but only one application can send information at a time.
• Full-duplex Communication takes place in both directions, and both applications can send information at the same time.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
6
Data Link and Physical Layers
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
7
Application Layer Protocols
• File Transfer Protocol (FTP) • Trivial File Transfer Protocol (TFTP) • Simple Network Management Protocol
(SNMP) • Simple Mail Transfer Protocol (SMTP) • Telnet • Hypertext Transfer Protocol (HTTP)
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
8
Presentation Layer Protocols
• American Standard Code for Information Interchange (ASCII)
• Extended Binary-Coded Decimal Interchange Mode (EBCDIC)
• Tagged Image File Format (TIFF) • Joint Photographic Experts Group (JPEG) • Motion Picture Experts Group (MPEG) • Musical Instrument Digital Interface (MIDI)
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
9
Session Layer Protocols
• Network File System (NFS) • NetBIOS • Structured Query Language (SQL) • Remote procedure call (RPC)
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
10
Transport Layer Protocols
• Transmission Control Protocol (TCP) • User Datagram Protocol (UDP) • Secure Sockets Layer (SSL
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
11
Network Layer Protocols
• Internet Protocol (IP) • Internet Control Message Protocol (ICMP) • Internet Group Management Protocol
(IGMP) • Routing Information Protocol (RIP) • Open Shortest Path First (OSPF) • Novel Internetwork Packet Exchange (IPX)
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
12
Data Link Layer Protocols
• Address Resolution Protocol (ARP) • Reverse Address Resolution Protocol ( • Point-to-Point Protocol (PPP) • Serial Line Internet Protocol (SLIP) • 802.3 (Ethernet) • 802.11x (Wireless Ethernet)
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
13
Physical Layer Protocols
• High-Speed Serial Interface (HSSI) • X.21 • EIA/TIA-232 and EIA/TIA-449
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
14
TCP/IP – well known ports
Port numbers up to 1023 (0–1023) are called well-known ports, and almost every computer in the world has the exact same protocol mapped to the exact same port number.
• Telnet port 23 • SMTP port 25 • HTTP port 80 • SNMP ports 161 and 162 • FTP ports 21 and 20
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
15
Types of transmission:Analog or Digital Analog transmission signals are continuously
varying electromagnetic waves that can be carried over air, water, twisted-pair cable, coaxial cable, or fiber-optic cable.
Digital signals represent binary digits as electrical pulses. Each individual pulse is a signal element and represents either a 1 or a 0
Digital signals are more reliable than analog signals over a long distance and provide a clear-cut and efficient signaling method because the voltage is either on (1) or noton (0), compared to interpreting the waves of an analog signal.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
16
Asynchronous and Synchronous
Asynchronous communication is used when the two devices are not synchronized in any way.
Synchronous communication takes place between two devices that are synchronized, usually via a clocking mechanism.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
17
Broadband and Baseband
Baseband uses the entire communication channel for its transmission, whereas
broadband divides the communication channel into individual and independent channels so that different types of data can be transmitted at the same time.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
18
Network Topology
Ring Bus Star Mesh Tree
(Be able to compare/contrast these – table 7-2)
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
19
Topology Matrix
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
20
LAN Media Access Methods
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
21
UTP Cable Ratings
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
22
Review – Network Vocabulary
• Digital signals Represent binary digits as discrete electrical pulses
• Analog signals Continuous signals that vary by amplification and frequency
• Asynchronous communication Transfers data sequentially, uses start and stop bits, and requires that communicating devices to communicate at the same speed
• Synchronous communication High-speed transmission controlled by electronic clock timing signals
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
23
Review – Network Vocabulary
• Baseband transmission Uses the full bandwidth for only one channel and has a low data transfer rate
• Broadband transmission Divides the bandwidth into many channels, enabling different types of data to be transmitted, and provides a high data transfer rate
• Unicast transmission Occurs when a packet is sent from one source computer to one destination computer
• Multicast transmission Occurs when a packet is sent from one source computer to several specific computers
• Broadcast transmission Occurs when a packet is sent from one source computer to all computers on a certain network segment
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
24
Networking Devices
• Repeaters • Bridges • Routers • Switches
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
25
Repeater
Physical Layer A repeater provides the simplest type of
connectivity, because it only repeats and amplifies electrical signals between cable segments, which enables it to extend a network.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
26
Bridges
Data Link Layer A bridge is a LAN device that is used to
connect LAN segments. It works at the data link layer and therefore
works with MAC addresses
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
27
Router
Network Layer Routers are layer 3, or network layer, devices
that are used to connect similar or different networks.
discovers information about routes and changes that take place in a network through its routing protocols (RIP, BGP, OSPF, and others).
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
28
Routers vs. Bridges
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
29
Switches
Repeater + Bridge Layer 2 Switches can “talk” to each other
Have almost completely replaced the old layer 1 hubs which were used in the past.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
30
VLANs
Virtual Lans Can group users logically on top of physical
topology
Limits broadcasts
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
31
PBXs
Private Branch Exchange “voice switch” for phone calls a private telephone switch that is located on a
company’s property
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
32
MEMORIZE THIS!
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
33
Firewalls
used to restrict access to one network from another network.
Most companies use firewalls to restrict access to their networks from the Internet.
supports and enforces the company’s network security policy
described as a “choke point” in the network, because all communication should flow through it, and this is where traffic is inspected and restricted.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
34
Firewalls / DMZ
A firewall is actually a type of gateway that may be a router, server, or specialized hardware device.
companies set up firewalls to construct a demilitarized zone (DMZ), which is a network segment that is located between the protected and the unprotected networks.
usually contains web, mail, and DNS servers, which must be hardened systems because they would be the first in line for attacks
Many DMZs also have an IDS sensor that listens for malicious and suspicious behavior
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
35
Example: DMZ
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
36
Types of firewalls
The types of firewalls we will review are • Packet filtering • Stateful • Proxy • Dynamic packet filtering • Kernel proxy
We will then dive into the three main firewall architectures, which are • Screened host • Dual-home • Screened subnet
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
37
Packet Filtering Firewalls
Rules (ACL) based (first generation) Based on network layer information Does not keep track of state or application info
For instance, an ACL may have one line that states that any packets coming from the IP range 172.168.0.0 must be denied; a second line that indicates that no packets using the Telnet service are allowed to enter the network; a third line indicating that no traffic headed toward port 443 is allowed;
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
38
Pros and Cons of Packet Filtering
Pros: • Scaleable • Provides high performance • Application independent
Cons: • Does not look into the packet past the
header information • Low security relative to other options • Does not keep track of the state of a
connection
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
39
Stateful Firewalls
like a nosy neighbor who gets into people’s business and conversations.
nosier than a regular filtering device, because it keeps track of what computers say to each other.
firewall maintain a state table, which is like a score sheet of who said what to whom.
Most stateful inspection firewalls work at the network and transport layers.
Stateful inspection firewalls unfortunately have been the victims of many types of denial-of-service (DoS) attacks.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
40
Stateful Inspection Firewall Characteristics • Maintains a state table that tracks each and every
communication channel. • Provides a high degree of security and does not
introduce the performance hit that application proxy firewalls introduce.
• Scaleable and transparent to users. • Provides data for tracking connectionless protocols
such as UDP and ICMP. • Stores and updates state and context of the data
within the packets. • Considered a third-generation firewall.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
41
Proxy Firewall
A proxy is a middleman. Proxy firewalls are second-generation
firewalls. what a proxy firewall does—it accepts
messages either entering or leaving a network, inspects them for malicious information, and, when it decides the messages are okay, passes the data on to the destination computer.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
42
Pros and Cons of Proxy Firewalls
Pros: Looks at the information within a packet, possibly all
the way up to the application layer. Provides better security than packet filtering. Breaks the connection between trusted and untrusted
systems. Cons:
Some proxy firewalls support only a limited number of applications.
Degrades traffic performance. Application-based proxy firewalls may have scalability
and performance issues. Breaks client/server model, which is good for security
but sometimes bad for functionality.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
43
Application- and Circuit-Level Proxies Proxies can work for a single application or
for a group of applications
SOCKS is an examples of a circuit-level proxy
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
44
Application-Level vs. Circuit-LevelProxy Firewall Characteristics Application-level proxy firewall:
• Different proxy required for each service allowed • Provides more intricate control than circuit-level proxy
firewalls • Requires more processing per packet and thus is
slower than a circuitlevel proxy firewall Circuit-level proxy firewall:
• Does not require a proxy for each and every service • Does not provide the detailed access control that an
application-level proxy firewall provides • Provides security for a wider range of protocols
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
45
Dynamic Packet Filtering
Fourth Generation firewall gives you the option of allowing any type of
traffic outbound and allowing only response traffic inbound.
NAT/PAT type scenario Sender creates a new upper-level sending
port, expects receipt at the same port, then closes port when receiver’s message comes in.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
46
Dynamic Packet Filtering
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
47
Kernel Proxy Firewall
5th generation firewall Creates dynamic, customized TCP/IP stacks
when a packet needs to be evaluated. (!!!) When a packet arrives…
New virtual network stack is created Only required protocol components are loaded All layers are evaluated carefully If anything is unsafe, packet is discarded
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
48
Review: Firewall Types
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
49
Questions?