Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 119 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
119
Dung lượng
3,41 MB
Nội dung
Security+
All-In-One Edition
Chapter 8–Infrastructure
Security
Brian E. Brzezicki
WARNING!
ALOT of the material in these slides and in this
lecture is NOT in the book. This book does a
good job of presenting most of the material
needed for the security+ exam. However the
info in chapter8 is a little thin… so play close
note to the slides. Perhaps I provide a little
too much depth for the security+ exam… but
it’s well worth doing the extra learning…
especially if you want to take the CISSP or
really understand networks and network
security concepts to be USEFUL in real life!
Infrastructure Security
Infrastructure security is concerned with
providing security for the entire network
infrastructure. Infrastructuresecurity is
concerned with providing availability to
authorized users, ensuring no one is allowed
to access resources in an unauthorized
manner, and ensuring that the network
integrity is maintained. That is Infrastructure
security is concerned with the entire CIA triad.
Devices on the Network
Workstations
Workstations (202)
Often overlooked in security, workstations are a
very attractive target for hackers. Often IT
staff spend time securing servers and don’t
realize the dangers their unprotected
workstations are.
(more)
Workstations (202)
Workstations are often “low hanging fruit”
manned by end users who are themselves
are a security risk. Once a workstation is
infiltrated an attacker may have access to
data directly, via the authorized users on the
system, and that workstation can be used as
an attack point into the network.
Workstation security is CRITICAL to the
“holistic” network health and security.
Workstation Security Best Practices
(basic hardening) (203)
Physical
•
Physically restrict access to workstation
•
Use locking devices to ensure computer cannot be
opened, or be stolen (whether in whole or in part)
•
Set a BIOS password
•
Do not allow booting from removable media / or
allow altering of the boot order
•
Remove removable media attachments if possible
•
Use an encrypted file system (efs) or disk
encryption technology (Bit Locker) if possible
(more)
Workstation Security Best Practices
(basic hardening) (203)
Basic Account hardening
•
Rename the administrator account, set a
strong password
•
Disable un-needed accounts
•
Set strong password policies
(more)
Workstation Security Best Practices
(basic hardening) (203)
Basic software hardening and maintenance
•
Shutdown services that are not needed
•
Remove software that is not needed
•
Use a standard workstation image for consistent
installs and configuration
•
Keep the OS and applications patched!
•
Install anti-virus on the workstation, keep it auto-
updated
(more)
[...]... OSI model – layer 1 physical (n/b) • Layer 1 Physical – simply put is concerned with physically sending electric signals over a medium Is concerned with – specific cabling, – voltages and – Timings • This level actually sends data as electrical signals that other equipment using the same “physical” medium understand – ex Ethernet OSI model – layer 2 data link (n/b) • Layer 2 Data Link – data link... the same LAN communicate at the data link layer OSI model – layer 3 network (n/b) Layer 3 Network – Layer 3 is concerned with network addressing and specifically moving packets between networks in an optimal manner (routing) Some Layer 3 network protocols are – IP – IPX/SPX – Apple Talk OSI model Layer 4 Transport (n/b) • OSI Layer 4 Transport – Provides “end-toend” data transport services and establishes... ;) OSI model Layer 7 – Application (n/b) • This defines a protocol (way of sending data) that two different programs or protocols understand – HTTP – SMTP – DNS • This is the layer that most software uses to talk with other software OSI vs TCP/IP model TCP/IP model • Network Access = OSI layers 1 & 2, defines LAN communication, what do I mean by that? • Network = OSI layer 3 – defines addressing and... Model Layer 5 Session (n/b) • OSI Layer 5 Session – responsible for establishing a connection between two APPLICATIONS! (either on the same computer or two different computers) • Create connection • Transfer data • Release connection OSI model Layer 6 – Presentation (n/b) • OSI Layer 6 – present the data in a format that all computers can understand – Concerned with encryption, compression and formatting... workstations – Layered security / defense in depth – Diversity of defense (more) Servers (204) • Run a host based IDS on your servers • Periodically do vulnerability assessments on your servers • Periodically verify software and configuration files have not changed and no new services have been run Use version control if possible on configuration files Virtualization (n/b) Virtualization is KEY to network security, ... – defines a communication session between two applications on one or two hosts • Application = OSI layers 6,7 the application data that is being sent across a network Network Access • Maps to Layer 1 and 2 of the OSI model • The Level that a Network Interface Card Works on • Source and Destination MAC addresses are used defining communications endpoints • Protocols include – Ethernet – Token Ring –. .. so years, host based firewalls have Been shipped on every major OS You should run them on your workstations as another layer of defense (remember defense in depth/layered defense) – Windows Firewall – IP filter for Solaris – IP tables for Linux Windows Firewall (n/b) Quickly walk everyone through windows firewall Servers Servers (204) Ok everyone understand that you need to protect servers right? With... workstations • Identify which servers need to run which services (web, email, file sharing) • Try to ensure only one server runs one specific service and that service and OS is configured for maximum security • Set network service daemons to run as non-privileged users • Set strict permissions on network resources • Disable or completely remove if possible all NON essential services (more) Servers... few slides showed only the BASIC/minimum levels of workstation hardening These are much more specific details you should be concerned with in real life However the last few slides provide the info the security+ exam is conserned with and also provide a solid base from which you can expand to protect your workstations Workstation Anti-Virus (202) Don’t go on the network without it… And keep it updated... virtualization is? What does it allow you to accomplish How does it make your life as an admin easier How does it increase availability How does it allow you to make servers more modular? How does it increase security and integrity? Virtualization Virtualization migration OSI Model Oh no… OSI (n/b) OSI (n/b) Before we talk about network equipment we need to discuss the OSI framework briefly The OSI is a model . life!
Infrastructure Security
Infrastructure security is concerned with
providing security for the entire network
infrastructure. Infrastructure security. Security+
All-In-One Edition
Chapter 8 – Infrastructure
Security
Brian E. Brzezicki
WARNING!
ALOT of the