Chapter 7 - Quản trị bảo mật cho hệ thống (Security management system). After studying this chapter you will be able to: Understand the purpose of a network firewall and the kinds of firewall technology available on the market; understand the role of routers, switches, and other networking hardware in security; determine when VPN or RAS technology works to provide a secure network connection.
Chương Quản Trị Bảo Mật Cho Hệ Thống Tóm tắt nội dung ATHENA Objectives in this Chapter ATHENA Understand the purpose of a network firewall and the kinds of firewall technology available on the market Understand the role of routers, switches, and other networking hardware in security Determine when VPN or RAS technology works to provide a secure network connection Firewalls Hardware or software devices that provides a means of securing a computer or network from unwanted intrusion • Dedicated physical device that protects network from intrusion • Software feature added to a router, switch, or other device that prevents traffic to or from part of a network ATHENA Three firewall technolog ATHENA Packet filtering Application layer gateways Stateful inspection Packet filtering firewall ATHENA A packet filtering firewall works at the Network layer of the Open Systems Interconnection (OSI) model and is designed to operate rapidly by either allowing or denying packets Application layer gateways ATHENA An application layer gateway operates at the Application layer of the OSI model, analyzing each packet and verifying that it contains the correct type of data for the specific application it is attempting to communicate with Stateful inspection firewall ATHENA A stateful inspection firewall checks each packet to verify that it is an expected response to a current communications session This type of firewall operates at the Network layer, but is aware of the Transport, Session, Presentation, and Application layers and derives its state table based on these layers of the OSI model Management Cycle for Firewall Protection Draft a written security policy Design the firewall/network to implement the policy Implement the design by installing selected hardware and software Test the firewall Review new threats, requirements for additional security, and updates to systems and software; repeat process from first step ATHENA Drafting a Security Policy ATHENA What am I protecting? From whom? What services does my company need to access over the network? Who gets access to what resources? Who administers the network? Intrusion Detection Systems (IDS) Monitor networks and report on unauthorized attempts to access any part of the system Available from many vendors Forms • Host IDS • Network IDS Types of detection • Anomaly-based detection • Signature-based detection ATHENA Host-based IDS Software applications (“agents”) are installed on each protected computer • Make use of disk space, RAM, and CPU time to analyze OS, applications, system audit trails • Compare these to a list of specific rules • Reports discrepancies ATHENA Can be self-contained or remotely managed Easy to upgrade software, but not scale well (also cost of each installation, management costs) Network-based IDS Monitors activity on a specific network segment (watches the packets as they go by) (Usually) Dedicated platforms with two components • Sensor (Passively analyzes network traffic) • Management system (Displays alarm information from the sensor) ATHENA ATHENA IDS ATHENA The sensor analyzes each packet’s header to determine source and destination, other header information, and also the contents of the packet Most attacks have a “signature” Rules can be written to look for specific attacks Anomaly-based Detection Builds statistical profiles of user activity and then reacts to any activity that falls outside these profiles Often leads to large number of false positives • Users not access computers/network in static, predictable ways • Cost of building a sensor that could hold enough memory to contain the entire profile and time to process the profiles is prohibitively large ATHENA Signature-based Detection ATHENA Similar to antivirus program in its method of detecting potential attacks Vendors (or you or me) produce a list of signatures used by the IDS to compare against activity on the network or host When a match is found, the IDS take some action (eg, logging the event) (shunning – the IDS changes the firewall rules to block certain traffic) Can produce false positives; normal network activity may be construed as malicious Network Monitoring and Diagnostics Essential steps in ensuring safety and health of a network (along with IDS) Can be either stand-alone or part of a network-monitoring platform • • • • ATHENA HP’s OpenView IBM’s Netview/AIX Fidelia’s NetVigil Aprisma’s Spectrum Ensuring Workstation and Server Security ATHENA Remove unnecessary protocols such as NetBIOS or IPX Remove unnecessary user accounts Remove unnecessary file/folder shares Rename the administrator account Use strong passwords Ensuring Workstation and Server Security ATHENA Remove unnecessary services Use anti-virus software – keep the signature file up-to-date Apply patches as soon as they are available * Use a personal firewall Educate your users Personal Firewall Software Packages Offer application-level blocking, packet filtering, and can put your computer into stealth mode by turning off most if not all ports Many products available, including: • • • • ATHENA Norton Firewall ZoneAlarm Black Ice Defender Tiny Software’s Personal Firewall Firewall Product Example ATHENA Antivirus Software Packages Necessary even on a secure network – (Viruses come in attached to email, worms come in through ports you can’t block) Many vendors, including: • • • • ATHENA McAffee Norton Computer Associates Network Associates Mobile Devices Can open security holes for any computer with which these devices communicate ATHENA Summary Virtual isolation of a computer or network by implementing a firewall through software and hardware techniques: • • • • ATHENA Routers Switches Modems Various software packages designed to run on servers, workstations, and PDAs Virtual private networks (VPNs) Private branch exchanges (PBX) Remote Access Services (RAS) continued… ... of the network access-list 101 permit tcp any 111.222.111.222 0.0.0.0 eq 80 Access-list 101 deny ip any 111.222.111.222 0.0.0.0 – r u ATHENA Access Control Lists (ACL) ATHENA ACLs are made... to or from part of a network ATHENA Three firewall technolog ATHENA Packet filtering Application layer gateways Stateful inspection Packet filtering firewall ATHENA A packet filtering firewall... FTP servers Databases Intruders • Sport hackers • Malicious hackers • The Pros ATHENA ATHENA Services and Security ATHENA To determine the services you need, you have to know how your network