Chapter 10

Ace your homework & exams now with Quizwiz!

Specialized security devices

Firewalls and I D S/I P S systems

Network authentication and logon restrictions

Harden your network by requiring secure passwords to authenticate to the network

Next Generation Firewalls (N G F W)

Have built-in Application Control features and are application aware (They can monitor and limit traffic of specific applications), Adapt to the class of a specific user or user group, May also be context aware (They adapt to various applications, users, and devices)

S I E M systems can be configured to evaluate all log data

Looking for significant events that require attention from the IT staff

Signature-based detection

Looks for identifiable patterns (signatures) of code that are known to indicate specific vulnerabilities, exploits, or other undesirable traffic

Directory service

Maintains a database of account information, such as, usernames, passwords, and other authentication credentials

Redundancy allows data the option of traveling through more than one switch

Makes a network less vulnerable to hardware malfunctions

Troubleshooting firewalls

Most common cause of firewall failure is firewall misconfiguration, Configuration must not be so strict that it prevents authorized users from transmitting and receiving necessary data (But no so lenient that you unnecessarily risk security breaches), You may need to create exceptions to the rules

R B A C (role-based access control)

Most popular authorization method, Administrator assigns privileges and permissions necessary for users to perform their roles (duties), Administrators create groups associated with certain roles

Two types of agents

Nonpersistent agent remains on the device long enough to verify compliance and complete authentication and then uninstalls (Also called dissolvable agent), Persistent agent is permanently installed on a device

I D S drawback

Number of false positives

T A C A C S+ (Terminal Access Controller Access Control System Plus)

Offers the option of separating authentication, authorization, and auditing capabilities

Port mirroring

One port makes copy of traffic and sends to second port for monitoring

RADIUS (Remote Authentication Dial-In User Service)

Open-source and standardized by the I E T F, Runs in the Application layer and can use either U D P or T C P in the Transport layer, Can operate as application on remote access server Or on dedicated RADIUS server, Highly scalable, May be used to authenticate wireless, mobile, and remote users, RADIUS services are often combined with other network services on a single machine

host-based firewalls

Other types of firewalls only protect the computer on which they are installed

Port blocking

Prevents connection to and transmission completion through ports

Root guard

Prevents switches beyond the configured port from becoming the root bridge

Terms of kerberos

Principal, K D C (Key Distribution Center), Ticket

Authentication

Process of verifying user's credentials to grant user access to secured resources

M F A (multifactor authentication

Process that requires two or more pieces of information

H I P S (host-based intrusion prevention)

Protects certain hosts

N I P S (network-based intrusion prevention)

Protects entire networks

Using multiple options for network security results in layered security

Provides more protection than any one type of device

Reverse proxy

Provides services to Internet clients from servers on its own network, Provides identity protection for the server rather than the client, Useful when multiple Web servers are accessed through the same public I P address

Non-security devices with security features

Proxy servers and A C Ls

Newer (faster) versions of S T P include

R S T P (Rapid Spanning Tree Protocol) and M S T P (Multiple Spanning Tree Protocol)

I P S (intrusion prevention system

Reacts to suspicious activity when alerted, Detects threat and prevents traffic from flowing to network, Based on originating IP address

Router receives packet, examines packet

Refers to A C L for permit, deny criteria, Drops packet if deny characteristics match, Forwards packet if permit characteristics match, If the packet does not match any criteria given, the packet is dropped

Differences of TACACS+ from RADIUS

Relies on T C P, not U D P, at the Transport layer, Proprietary protocol developed by Cisco Systems, Inc., Typically installed on a router or switch, rather than a server, Encrypts all information transmitted for AAA

if a switch is removed

S T P will recalculate the best loop-free data paths between the remaining switches

Unified Threat Management (U T M)-

Security strategy that combines multiple layers of security appliances and technologies into a single safety net, Requires a great deal of processing power

Switch path management 3 steps

Select root bridge based on Bridge I D (B I D), Examine possible paths between network bridge and root bridge, Disables links not part of shortest path

Devices that do not meet compliance requirements can be placed in a quarantine network

Separate from sensitive network resources

Five categories of authentication factors-

Something you know—password or PIN, Something you have—A T M or smart card, Something you are—fingerprint or facial pattern, Somewhere you are—location in a specific building, Something you do—specific way you type or speak

Common packet-filtering firewall criteria-

Source and destination IP addresses, Source and destination ports, Flags set in the T C P header, Transmissions using U D P or I C M P protocols, Packet's status as the first packet in new data stream, subsequent packet, Packet's status as inbound to, outbound from private network

I D S (intrusion detection system)

Stand-along device, an application, or a built-in feature running on a workstation, server, switch, router, or firewall, Monitors network traffic and generates alerts about suspicious activity, Commonly exists as an embedded feature in U T M solutions or N G F Ws

L D A P (Lightweight Directory Access Protocol)

Standard protocol for accessing an existing directory, All the above are built to be L D A P-compliant,

In Windows

Switch from local authentication to network authentication on the domain using the System Properties dialog box

On a Juniper switch

The mac-limit command restricts the number of MAC addresses allowed in the MAC address table, Allowed MAC addresses are configured with the allowed-mac command

A C Ls do affect router performance

The more statements or tests a router must scan the more time it takes a router to act

User access to network resources falls into one of the two categories

The privilege or right to execute, install, and uninstall software, Permission to read, modify, create, or delete files and folders

Authentication protocols

The rules computers follow to accomplish authentication

Additional authentication restrictions that strengthen network security

Time of day, Total time logged on, Source address, Unsuccessful logon attempts, Geographic location (geofencing)

Network technicians should review raw data on a regular basis

To ensure no glaring indicators are being missed by existing rules

Accounting

To keep an account of the client's system or network usage

A firewall is a specialized device or software that selectively filters or blocks traffic between networks

Typically involves hardware and software combination

Unused physical and virtual ports on switches and other network devices should be disabled

Use the shutdown command on Cisco, Huawei, and Arista routers and switches, Use the no shutdown command to enable them again

Recall a disadvantage of W E P

Used a shared key for all clients and the key might never change

A C L (access control list)

Used by routers to decline forwarding certain packets

2F A (two-factor authentication)

User must provide something and know something

Local authentication

Usernames and passwords are stored locally which has both advantages and disadvantages-Low security, Convenience varies, Reliable backup access

Uses key encryption

Verifies client identity, Securely exchanges information after client logs on

S T P information is transmitted between switches

Via B P D Us (Bridge Protocol Data Units)

Network administrators can fine-tune a S I E M's configuration rules for the specific needs

Which event should trigger responses

To make networks more fault tolerant

You install multiple (redundant) switches at critical junctures

M F A requires at least one authentication method from

at least two different categories

Several types of

authentication services and protocols exist

Controlling users' access to a network and its resources consists of three major elements

authentication, authorization, accounting

N A C authenticates and authorizes devices

before it can be authenticated-Monitors device's status to determine the device's compliance

punching a hole in the firewall

create exceptions to the rules

A network access control (N A C) solution

employs a set of rules called network policies which determine the level and type of access granted to a device when it joins a network

Implicit deny rule

if the packet does not match any criteria given, the packet is dropped

A log file viewer can be

installed to make it easier to monitor log files for interesting or suspicious events

A stateless firewall

manages each incoming packet as a stand-along entity without regard to active connections

N I D S (network-based I D S)

protects a network and is usually situated at the edge of the network or in the D M Z (demilitarized zone)-Network's protective perimeter

H I D S (host-based I D S)

runs on a single computer to alert about attacks to that one host-Might also include F I M (file integrity monitoring) which alerts when any changes made to files that shouldn't change

Packet-filtering firewall

simplest firewall, Examines header of every entering packet (inbound traffic), Can block traffic entering or exiting a LAN (outbound traffic)

The access-list command is used to assign

statement to an already-installed A C L, it must identify the A C L and include a permit or deny argument

Two primary methods for detecting threats

statistical anomaly detection, signature based detection

I D S can only detect and log

suspicious activity

AD is configured to use

the Kerberos protocol

A user can be authenticated to

the local device or to the network

A potential problem with redundant paths is

traffic loops

In Windows, use Event viewer to

view Windows logs

Firewall default configuration

-Blocks most common security threats, Preconfigured to accept and deny certain traffic types, Network administrators often customize settings

S S O

-Form of authentication in which a client signs on one time to access multiple systems or resources, Primary advantage is convenience, Disadvantage is that once authentication is cleared, the user has access to numerous resources

Examples of directory services

A D (Active Directory) in Windows, Open L D A P, 389 Directory Server

Kerberos server runs two services

A S (authentication service)-Initially validates a client, T G S (ticket-granting service)-An application running separate from the AS that also runs on the K D C, Alleviates the need for the client to request a new ticket from the T G S each time it wants to use a different service on the network

S P B (Shortest Path Bridging)

A descendent of S T P that operates at Layer 3, Keeps all potential paths active while managing flow of data

Security token

A device or application that stores or generates information

T R I L L (Transparent Interconnection of Lots of Links)

A multipath, link-state protocol

Proxy server

Acts as an intermediary between external and internal networks, Screens all incoming and outgoing traffic, Manages security at Application layer, Appears as an internal network server to the outside world, but is a filtering device for internal LAN, One of its most important functions is preventing the outside world from discovering the addresses of the internal network

ACL (access control list)

Acts like a filter to instruct the router to permit or deny traffic according to one or more of the following variables: Network layer protocol (e.g., IP or I C M P), Transport layer protocol (e.g., T C P or U D P), Source IP address, Destination IP address, T C P or U D P port number

Another Cisco command (also used on Arista devices) to secure switch access ports-

Another Cisco command (also used on Arista devices) to secure switch access ports-

Security precautions that must be configured on S T P-enabled interfaces

BPDU Guard, BPDU filter, Root guard

Firewall location

Between two interconnected private networks, Between private and public networks (network-based firewall), May also see firewall features integrated in routers, switches, and other network devices

B P D U guard

Blocks B P D Us on any port serving network hosts, Ensures these devices aren't considered as possible paths

S T P prevents traffic loops

Calculating paths avoiding potential loops, Artificially blocking links completing loop

B P D U filter

Can be used to disable S T P on specific ports

Statistical anomaly detection

Compares network traffic samples to a predetermined baseline in order to detect anomalies

Kerberos

Cross-platform authentication protocol

S T P (Spanning Tree Protocol)

Defined in I E E E standard 802.1D, Operates in Data Link layer

Effectiveness of the S I E M

Determined by the amount of storage space needed for the amount of data generated

Authorization

Determines what the user can and cannot do with network resources

On most routers, each interface must be assigned a separate A C L

Different A C Ls may be associated with inbound and outbound

Role separation-

Each user can only be a member of a single group

Optional firewall functions

Encryption, User authentication, Centralized management, Easy rule establishment, Content-filtering based on data contained in packets, Logging, auditing capabilities, Protect internal LAN's address identity, Monitor packets according to existing traffic streams (stateful firewall)

With local authentication

Every computer on the network is responsible for securing its own resources

Router's main functions

Examine packets, Determine destination based on Network layer addressing information

Some switch manufacturers have designed proprietary versions of S T P

Example: Cisco and Extreme Networks


Related study sets

A book's call number enables you to

View Set

Mental Health Course Point Chapter 16

View Set

Chapter 12: Processes of Birth questions

View Set

ANS + Cardiac (Drugs/monitors/physiology)

View Set

What Was the First Thanksgiving questions

View Set