Professional Documents
Culture Documents
Routers/ AAA
Firewalls Switches Encryption
Mechanism
Content
Source
Perimeter Security Data Privacy Filtering
Identification
Security Policy
Perimeter Security
– Firewall
– Intrusion Detection
– Authentication
– Content Filtering
– URL Filtering
Encryption
– Link Encryption
– Network Layer Encryption
– Application Layer Encryption
– Public Key Infrastructure
Building Blocks-Network Security
Contd.
Host Security
– Operating System Hardening
– Application Security
Reporting & Logging Tools
Perimeter Security-Firewall
A Network Security interface between two
networks (logical & physical)
External Firewalls
– May be multi-layered
– Outside to protect DMZ (De-militarized Zone)
– Inside to protect the balance of the organization
Internal Firewalls
– Used to create Security Domains
– Protection for sensitive departments or applications
– Used to add Security Layers
– Forcing an external intruder to breach several firewalls
to get the sensitive information
Perimeter Security-Firewall Contd.
Can also filter Non-TCP/IP Protocols
– Multi-protocol Firewalls can filter TCP/IP, IPX/SPX,SNA
and many others
Firewalls cannot protect against
– Any intrusions that bypasses the Firewall
– Employee Misconduct
– Employee Ignorance
• Sharing Passwords
• Responding to Social Engineering Probes without
verification
• Running downloaded software without Virus Checks
Perimeter Security-Firewall Contd.
Improper Firewall selection and usage
Firewalls are not forever and may be
defeated in the best of the environments
No one Firewall is ideal for all applications
Different vendors use different design
criteria
Commercial Firewalls are often
combinations of firewall technologies
Perimeter Security-Intrusion Detection
Detects Intruders into the network
Available as
– Network based IDS
– Host based IDS
– Hybrid IDS
IDS = Sniffer + Signature Verification &
Corrective action
400+ signatures are available currently
Perimeter Security-Authentication
Identifies the source
Authorizes the source for accessing specified
network resources
Accounts for the duration the specified resource
was accessed
Authentication can be done at Layer 2 of OSI
model also
Specifically for WAN PPP authentication
– PAP
– CHAP
Perimeter Security-Authentication Contd.
Standard Application layer Protocols used
are
– RADIUS
– TACACS
– KERBEROS
Perimeter Security-Content Filtering
Internet is the biggest source of Computer
Viruses
Content Filtering protects internal network
resources for
– SMTP (Virus file as mail attachment)
– FTP (Downloaded file infected with virus)
– HTTP (Pages/files infected with virus)
Content Filtering solution can be
integrated with Firewall solution
Perimeter Security-URL Filtering
70% Internet Porn is downloaded between 9 to 5
(during office hours)
40% of workplace Internet surfing is not business
related
The top 3 Internet word searches in the world are
MP3,SEX & HOTMAIL
URL Filtering helps an organization to enforce
proper Internet Access policies
Specific Sites that are not business related can
be blocked from access
Encryption
Link Encryption
– Encrypts all the packets that goes onto the link
– Normally connected between the CSU/DSU and
Router/Multiplexer
– Uses DES/3DES encryption
Layer 2 Encryption
– Encrypts all the packets upto Layer 3
– Standard Layer 2 Tunneling mechanisms are
• L2F
• L2TP
• PPTP
Encryption Contd.,
Network Layer Encryption
– Encrypts data upto Transport Layer
– Generally termed as VPN (Virtual Private Network) when
encryption done for Internet data
– Standard L3 Tunneling mechanisms are
• GRE
• IPSec
Application Layer Encryption
– Encrypts data at Application Layer
– Standard Application layer Encryption Protocols is
Secure Socket Layer (SSL)
Encryption Contd.,
Public Key Infrastructure
– Symmetric & Asymmetric Encryption
– Symmetric Encryption
• Uses Pre-shared keys for authentication & encryption
• Suitable for a small network with a maximum of 10 nodes
participating in encryption
• Configuration complexities and hence administrative
overheads
– Asymmetric Encryption
• Uses combination of Public and Private keys for
encryption and authentication
• Public keys will be transmitted on the network whereas
Private keys are never transmitted out of the node
• Much secure than Symmetric encryption
Encryption Contd.,
– Digital Certificates
• Certificate for Authentication
• A Central certifying authority provides Digital Certificates
to all nodes participating in the PKI domain
• Nodes need to exchange the digital certificates before data
communication
• Contains information of Node/Certificate Authority
– Certificate Authorities
• Provides Digital Certificates to all the nodes in the same
PKI Domain
• Central authority certifying the nodes’ authenticity
• All Nodes in the same PKI domain need to get authorized
by the same Root CA
Host Security
Perimeter Security provides first level of Security
Providing Perimeter Security only is not sufficient
Perimeter Security provides security mechanisms
until the server/desktop
Second Level of Security is obtained by ensuring
the server/desktop security
Host involves two basic software components
– Operating System
– Application
All Operating Systems fall under Windows or
Unix
Windows has various OS I.e Win95/98/NT/2000/XP
Host Security Contd.
Unix has multiple flavors I.e. Solaris/HP-
UX/Linux/AIX/Irix/Sco-Unix/Unix Ware
By default all Operating Systems provide
Absolute Access to its resources
Generally Security configuration is done for
Authentication and Authorization purposes only
Tools are available that exploit any of the
services/ports left open in OS
To run services that use privileged ports (<1024)
root access privileges are necessary
Hardening or Fine Tuning the Operating System
is essential and necessary
Host Security Contd.
Most of the vulnerabilities are due to
improper application design &
configuration
Hardening/Fine tuning (patch upgrades)
the application is essential
Reporting & Logging
Most of the Security Devices do not provide
proper reporting mechanisms
Logs provided are very difficult to analyze
Logs are helpful for investigating any security
breach and helps to ensure proper
countermeasures are taken
Reporting & Logging applications help in
presenting these logs in GUI format
R & L applications can log the events for various
security devices like Firewall,IDS and VPNs