Network Secuirty Fundamentals

Network Security Fundamentals Notes

Page 1: Introduction

  • Instructor: Dr. Muhammad Hanif Durad, DCIS, PIEAS

  • Course: Network Security Fundamentals

  • Material: Security Guide to Network Security Fundamentals Fifth Edition by Mark Ciampa, Chapter 7

Page 2: Objectives

  • Key Objectives:

    • List and explain different types of network security devices.

    • Define concepts such as network address translation and network access control.

    • Understand how to enhance security through network design.

Page 3: Security Through Network Devices

  • Importance of designing applications with security in mind.

  • Networks with weak security can invite attacks.

  • Key aspects for building a secure network:

    • Network devices

    • Network technologies

    • Network design

Page 4: Standard Network Devices (1/12)

  • Security Features of Network Hardware: Provides basic level of security.

  • Open Systems Interconnection (OSI) Model: Classifies network devices based on function.

    • Relevant since 1978, revised in 1983.

    • Illustrates:

      • How a network device prepares data for delivery.

      • How received data is handled.

Page 5: OSI Model Layers

  • Seven Layers of OSI Model: Each has distinct functions and collaborates with adjacent layers.

Page 6: OSI Model Layer Functions

  • Layer 1: Physical Layer: Signal transmission.

  • Layer 2: Data Link Layer: Packet division; physical addressing.

  • Layer 3: Network Layer: Routing and logical addressing.

  • Layer 4: Transport Layer: Error-free data delivery.

  • Layer 5: Session Layer: Manages sessions.

  • Layer 6: Presentation Layer: Data formatting.

  • Layer 7: Application Layer: User interface and application services.

Page 7: Hubs

  • Functionality of Hubs:

    • Connect multiple Ethernet devices; operates at Layer 1.

    • Do not read or manage data, leading to security vulnerabilities.

Page 8: Switches

  • Functionality of Switches:

    • Operate mainly at Data Link Layer (Layer 2); forward frames using MAC addresses.

    • More secure than hubs as they can specifically identify devices.

Page 9: Traffic Monitoring

  • Importance of traffic monitoring for network administrators.

  • Traffic Monitoring Methods:

    • Port Mirroring

    • Network Tap

Page 10: Visual Representation of Port Mirroring

  • Diagram showing port mirroring setup with switches and monitoring.

Page 11: Visual Representation of Network Tap

  • Diagram depicting network tap setup for secure data interception.

Page 12: Security Threats and Defenses

  • Types of Attacks:

    • MAC flooding, MAC address impersonation, ARP poisoning, port mirroring, network tap attacks.

  • Recommended Defenses: Use switches with port closing capabilities, ARP detection appliances, secure switch environments.

Page 13: Routers

  • Routers:

    • Operate at Network Layer (Layer 3); filter network traffic using Access Control Lists (ACLs).

    • Can be standard or extended ACLs based on traffic filtering requirements.

Page 14: Load Balancers

  • Distributes work evenly across multiple devices, improving efficiency and availability.

Page 15: Load Balancer Protocols

  • Common protocols used by load balancers:

    • HTTP/HTTPS, TCP, UDP, DNS.

Page 16: Cluster with Network Load Balancing

  • Diagram illustrating failover cluster with network load balancing.

Page 17: Advantages of Load Balancing

  • Optimizes network bandwidth, reduces server overload, and minimizes downtime.

Page 18: Security Advantages of Load Balancing

  • Can abort DoS attacks, hide server details, and enhance application security.

Page 19: Perimeter Defense Overview

  • Perimeter Defense Strategies: Essential for securing internal network against external threats.

Page 20: Firewalls - General Model

  • Illustrates the relationship between internal and external networks, showing how firewalls protect against untrusted networks.

Page 21: Network Security Hardware

  • Description of security hardware’s role, including firewalls and specialized devices for enhanced network protection.

Page 22: Firewall Actions

  • Firewall Operations: Allow, block, or prompt actions on packets based on rule settings.

Page 23: Types of Firewalls

  • Various firewall options, including packet filtering, stateful inspection, and application-level gateways.

Page 24: Firewall Packet Filtering

  • Methods for Packet Filtering: Stateless and stateful filtering techniques.

Page 25: Web Application Firewall

  • Analyses HTTP traffic deeply; capable of blocking specific attack vectors (e.g., XSS, SQL injection).

Page 26: Pros and Cons of Firewalls

  • Overview of advantages and disadvantages of different firewall types, including the complexity and cost associated with management.

Page 27: Proxy Servers

  • Functionality: Acts as an intermediary between users and the web, caching requests for efficiency and security.

Page 28: Proxy Server Advantages

  • Benefits include improved speed, cost efficiency, management capability, security enhancements.

Page 29: Reverse Proxy

  • Routes incoming requests to the correct server while hiding internal infrastructure.

  • Objectives include reducing public IP usage and mitigating automated scanning attacks.

Page 30: Security Technologies

  • VPNs: Secure remote access over public networks using encryption to ensure data integrity.

Page 31: VPN Types

  • Two Main Types:

    • Remote Access VPN

    • Site-to-Site VPN

Page 32: VPN Protocols

  • List of protocols used in VPN implementations: IPSec, L2TP, PPTP, and others.

Page 33: Endpoint Considerations

  • Use of VPN concentrators for enhanced security and functionality within VPN frameworks.

Page 34: Content Filtering and Security

  • Internet Content Filters: Monitor and restrict access based on URLs or specific content types.

Page 35: Web Security Gateways

  • Real-time blocking of harmful web content through application-level filtering.

Page 36: Passive vs Active Security Measures

  • Importance of both types in network security infrastructure.

Page 37: Monitoring Methodologies

  • Different approaches include anomaly-based, signature-based, and behavior-based monitoring.

Page 38: Intrusion Detection Systems (IDS)

  • HIDS vs NIDS: Comparison of host-based and network-based IDS solutions, including their strengths and weaknesses.

Page 39: Intrusion Prevention System (IPS)

  • Active systems that block malicious attacks in real-time.

Page 40: Data Loss Prevention (DLP)

  • DLP technologies scan data transfers to prevent unwanted data dissemination across networks.

Page 41: Overview of Unified Threat Management (UTM)

  • Combined features of multiple security tools into a single appliance for streamlined management and cost efficiency.

Page 42: Security Information and Event Management (SIEM)

  • Provides a comprehensive security management solution by aggregating, analyzing, and responding to security data.

Page 43: Differences between SOC and NOC

  • SOC focuses on safeguarding network security while NOC manages service level agreements and operational aspects.

Page 44: Conclusion

  • Summarize the importance of various security devices, protocols, and methodologies in ensuring robust network security.