Security+ All-In-One Edition Chapter 8 – Infrastructure Security Brian E. Brzezicki WARNING! ALOT of the material in these slides and in this lecture is NOT in the book. This book does a good job of presenting most of the material needed for the security+ exam. However the info in chapter 8 is a little thin… so play close note to the slides. Perhaps I provide a little too much depth for the security+ exam… but it’s well worth doing the extra learning… especially if you want to take the CISSP or really understand networks and network security concepts to be USEFUL in real life! Infrastructure Security Infrastructure security is concerned with providing security for the entire network infrastructure. Infrastructure security is concerned with providing availability to authorized users, ensuring no one is allowed to access resources in an unauthorized manner, and ensuring that the network integrity is maintained. That is Infrastructure security is concerned with the entire CIA triad. Devices on the Network Workstations Workstations (202) Often overlooked in security, workstations are a very attractive target for hackers. Often IT staff spend time securing servers and don’t realize the dangers their unprotected workstations are. (more) Workstations (202) Workstations are often “low hanging fruit” manned by end users who are themselves are a security risk. Once a workstation is infiltrated an attacker may have access to data directly, via the authorized users on the system, and that workstation can be used as an attack point into the network. Workstation security is CRITICAL to the “holistic” network health and security. Workstation Security Best Practices (basic hardening) (203) Physical • Physically restrict access to workstation • Use locking devices to ensure computer cannot be opened, or be stolen (whether in whole or in part) • Set a BIOS password • Do not allow booting from removable media / or allow altering of the boot order • Remove removable media attachments if possible • Use an encrypted file system (efs) or disk encryption technology (Bit Locker) if possible (more) Workstation Security Best Practices (basic hardening) (203) Basic Account hardening • Rename the administrator account, set a strong password • Disable un-needed accounts • Set strong password policies (more) Workstation Security Best Practices (basic hardening) (203) Basic software hardening and maintenance • Shutdown services that are not needed • Remove software that is not needed • Use a standard workstation image for consistent installs and configuration • Keep the OS and applications patched! • Install anti-virus on the workstation, keep it auto- updated (more) [...]... OSI model – layer 1 physical (n/b) • Layer 1 Physical – simply put is concerned with physically sending electric signals over a medium Is concerned with – specific cabling, – voltages and – Timings • This level actually sends data as electrical signals that other equipment using the same “physical” medium understand – ex Ethernet OSI model – layer 2 data link (n/b) • Layer 2 Data Link – data link... the same LAN communicate at the data link layer OSI model – layer 3 network (n/b) Layer 3 Network – Layer 3 is concerned with network addressing and specifically moving packets between networks in an optimal manner (routing) Some Layer 3 network protocols are – IP – IPX/SPX – Apple Talk OSI model Layer 4 Transport (n/b) • OSI Layer 4 Transport – Provides “end-toend” data transport services and establishes... ;) OSI model Layer 7 – Application (n/b) • This defines a protocol (way of sending data) that two different programs or protocols understand – HTTP – SMTP – DNS • This is the layer that most software uses to talk with other software OSI vs TCP/IP model TCP/IP model • Network Access = OSI layers 1 & 2, defines LAN communication, what do I mean by that? • Network = OSI layer 3 – defines addressing and... Model Layer 5 Session (n/b) • OSI Layer 5 Session – responsible for establishing a connection between two APPLICATIONS! (either on the same computer or two different computers) • Create connection • Transfer data • Release connection OSI model Layer 6 – Presentation (n/b) • OSI Layer 6 – present the data in a format that all computers can understand – Concerned with encryption, compression and formatting... workstations – Layered security / defense in depth – Diversity of defense (more) Servers (204) • Run a host based IDS on your servers • Periodically do vulnerability assessments on your servers • Periodically verify software and configuration files have not changed and no new services have been run Use version control if possible on configuration files Virtualization (n/b) Virtualization is KEY to network security, ... – defines a communication session between two applications on one or two hosts • Application = OSI layers 6,7 the application data that is being sent across a network Network Access • Maps to Layer 1 and 2 of the OSI model • The Level that a Network Interface Card Works on • Source and Destination MAC addresses are used defining communications endpoints • Protocols include – Ethernet – Token Ring –. .. so years, host based firewalls have Been shipped on every major OS You should run them on your workstations as another layer of defense (remember defense in depth/layered defense) – Windows Firewall – IP filter for Solaris – IP tables for Linux Windows Firewall (n/b) Quickly walk everyone through windows firewall Servers Servers (204) Ok everyone understand that you need to protect servers right? With... workstations • Identify which servers need to run which services (web, email, file sharing) • Try to ensure only one server runs one specific service and that service and OS is configured for maximum security • Set network service daemons to run as non-privileged users • Set strict permissions on network resources • Disable or completely remove if possible all NON essential services (more) Servers... few slides showed only the BASIC/minimum levels of workstation hardening These are much more specific details you should be concerned with in real life However the last few slides provide the info the security+ exam is conserned with and also provide a solid base from which you can expand to protect your workstations Workstation Anti-Virus (202) Don’t go on the network without it… And keep it updated... virtualization is? What does it allow you to accomplish How does it make your life as an admin easier How does it increase availability How does it allow you to make servers more modular? How does it increase security and integrity? Virtualization Virtualization migration OSI Model Oh no… OSI (n/b) OSI (n/b) Before we talk about network equipment we need to discuss the OSI framework briefly The OSI is a model . life! Infrastructure Security Infrastructure security is concerned with providing security for the entire network infrastructure. Infrastructure security. Security+ All-In-One Edition Chapter 8 – Infrastructure Security Brian E. Brzezicki WARNING! ALOT of the