CPE549_L6 - Computer and Network Defense 1 Internet...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Computer and Network Defense 1 Internet Networks Enclave (Building, Base, Processing center) End System There is no magic bullet There is no magic bullet 4 Counter full range of attacks – Defense in multiple places – Defenses & detection against insiders and outsiders Multiple complimentary roadblocks to certain attacks – Increases resistance – May buy time to detect, analyze, and react Protect, Detect, React/Respond Paradigm – Detect is critical due to imperfection of protections Quality control via Certification and Accreditation ! ) ! " $ & $ # % '( !" # 2 ! # # # # # # # * # ' ' ' ' ' ' ' ' "* * * * " % & '( # & + * "& , & & ' -' & & # " $ % Sample topics include: • Principles of information security • Viruses and malware • Passwords • Physical security • Social engineering • Identity theft • Internet surfing • Use and abuse of e-mail • Mobile devices (laptops, pda's) • Copyright infringement and software piracy 3 " & ' " % & % $( Compliance Compliance Use of approved products Use . )* * /*0 1 / 0 /1 Trusted Supply Chain Trusted Code analysis Code Penetration Testing Penetration // )% Internet Networks • Encrypted circuits • Hardened infrastructure • Routers, switches, Domain Name System (DNS) servers • Including intra-component signaling • Infrastructure security services • Public Key Infrastructure, Directories • Firewalls for network control centers • Enterprise Intrusion Detection • Incident monitoring, correlation, response • Connection approval processes • Network Redesign • Control of connection to the Internet • Including stopping certain protocols 12 4 * +, • Inventory/Mapping of Enclave • Including all paths in and out • Proper defenses on each path • Firewalls, dial-in security • Placement of externally visible servers (e.g., web servers) • Enclave level incident monitoring, correlation, situation awareness • Hardening of infrastructure components • Routers, Domain Name System, etc. • Allowed & Disallowed protocols Enclave (Building, Department, etc.) 13 * • Properly configured operating systems • DISA and others provide guidance documents • For Microsoft and various UNIX operating systems • Properly designed and configured application software • Common Operating Environment, Command and Control Software, Combat Support Software • Security services at the workstation • Anti-virus software, etc. • Host incident monitoring/intrusion detection • Physical security and clearances End System 14 , • • Access Control Lists • Concept of Least Privilege • • Role-based access control Assign privileges to groups • Assign users to groups File System Protection • • • NTFS vs. FAT vs. EFS UNIX File Systems • • • Security Support Encryption of “Data at Rest” EXT2, EXT3, ReiserFS, XFS, JFS Hardening • Enabling Security settings via templates • Hardening Scripts • • Pushing security settings from server / Domain Controller Yassp, SECUR, Titan, Bastille, Jass 5 , Hardening … continued Services Remove unnecessary services Protect necessary services Protecting Shares Host-Based Firewall Protect services Log anomalous traffic Local IDS Detect anomalous events Authentication One-time Passwords 2-Factor authentication Bio-Metrics ' .' / .' )* * /*0 / 0/ 0 ) .) " .) / ) / / 00/ /* 24 -3 0 6 $ ' * 0 .$ ' 0 / *" " )* * /*0 / $ ) / / 0 0 0/ . 0/ / 0 56 3 9 78 $ / 0 $1 7 Firewalls % & % % ! * "* *" . * & . ' ' % % Implement a security policy Log activity Log Limit your network exposure 8 % " Packet Filtering Stateful Inspection Application Level Gateway Host based (Personal) % ( 1 .% . . . . %# . 2 + + & : & / +; < : : #: = (% ( > <? : 4 % : : ; +& : +, := @ A @ A " "* 9 # * . 00% : % . . ,B "* ' ( Enhancement to packet filtering Examines the state of any active network connections Accept or reject based on state Accept 10 $ 1 % * . .& .& : " * * ' *" .& 1 * :: . 1 * / :0 / -" % 1% $ . + -/ $ + ; . . . B B B + . 00 # <1# = : .+ +< + *= . +< + .+ < * " + . = = 11 $ $ + % # # +*" * C * * 00D : .+ # ## : % 3 : E % 12 % / * & * 5 ' 5 : % '5 * : % ' " 5 * 5 / & / - B 5 ' *' * ' B * *5 5 , ; F ; F * . ' 1B G " '* *" , / .% / * * ' % " Screening Router Dual-Homed Screened Subnet 13 $ 1 % 3+ : % +: ( +: : * 3 # " % 0 14 % Block packets of certain types Limit the amount of communication through it Focused choke point for security decisions Enforce security policies Provide centralized logging facility Limit network exposure % 4 Solve all of a company’s security issues Protect what does not go through them Prevent all attacks by all intruders Protect from malicious insider attacks Eliminate the need for good internal system and network security Protect against tunnelling on authorized protocols or services 15 ...
View Full Document

This note was uploaded on 12/14/2011 for the course CPE 549 taught by Professor Sparks during the Fall '11 term at University of Alabama - Huntsville.

Ask a homework question - tutors are online