SlideShare a Scribd company logo

Ch05 Network Defenses

Download as PPT, PDF
I
Information Technology

Chapter 5 discusses network defenses, emphasizing the importance of security through design, including subnetting and VLANs for isolating network traffic. It covers critical devices such as firewalls, intrusion detection systems, and NAT to protect networks from external threats. The chapter highlights the role of network access control and integrated security hardware in enhancing overall network security.

EducationTechnology
1 of 46
Downloaded 209 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Chapter 5 Network Defenses
Objectives Explain how to enhance security through network design Define network address translation and network access control List the different types of network security devices and explain how they can be used
 
Security through Network Design Subnetting IP addresses are actually two addresses: one part is a network address and one part is a host address Subnetting or subnet addressing Splits a large block of IP addresses into smaller groups
Image from Cisco CCNA Class 1
Subnetting at CCSF Image from Cisco CCNA class 1, modified Whole College: 147.144.0.0 /16 147.144.0.1 through 147.144.255.254 CNIT Dept: 147.144.20.0 /24 147.144.20.1 through 147.144.20.254 Eng Dept: 147.144.51.0 /24 147.144.51.1 through 147.144.51.254
Advantages of Subnetting
Subnets Improve Security Each subnet can be isolated from the rest of the network Traffic between subnets can be monitored and restricted at the routers Subnets also allow network administrators to hide the internal network layout Outsiders only see your public servers, not your private subnets
Virtual Local Area Network (VLAN) VLANs segment a network with switches, not routers A VLAN allows scattered users to be logically grouped together even though they may be attached to different switches Can reduce network traffic and provide a degree of security similar to subnetting: VLANs can be isolated so that sensitive data is transmitted only to members of the VLAN
 
Accounting machines are on their own VLAN
VLAN Security VLAN communication can take place in two ways All devices are connected to the same switch Traffic is handled by the switch itself Devices are connected to different switches A special “tagging” protocol must be used, such as the IEEE 802.1Q-2005 A VLAN is heavily dependent upon the switch for correctly directing packets Attackers could take control of the switch itself, if it has a default or weak password Specially crafted traffic can also "hop" from one VLAN to another
Network Convergence Telephone, data, and video all using the same IP network Voice over IP, Video over IP Advantages Cost savings Management Application development Infrastructure requirements Reduced regulatory requirements Increased user productivity
Vulnerabilities in Converged Networks
Demilitarized Zone (DMZ) A separate network that sits outside the secure network perimeter Outside users can access the DMZ but cannot enter the secure network
DMZ with One Firewall
DMZ with Two Firewalls
Network Address Translation (NAT) Hides the IP addresses of network devices from attackers Private addresses IP addresses not assigned to any specific user or organization Function as regular IP addresses on an internal network Non-routable addresses--traffic addressed to private addresses is discarded by Internet routers
Network Address Translation (NAT) NAT removes the private IP address from the sender’s packet And replaces it with an alias IP address When a packet is returned to NAT, the process is reversed An attacker who captures the packet on the Internet cannot determine the actual IP address of the sender
Network Address Translation (NAT) Private IP Addresses Address Translation 192.168.1.101 -> 147.144.1.101 192.168.1.102 -> 147.144.1.102 192.168.1.103 -> 147.144.1.103 192.168.1.151 -> 147.144.1.104 Public IP Addresses
Port Address Translation (PAT) Normally performed along with NAT Each packet is given the same IP address but a different TCP port number Allows many machines to share the same public IP address
NAT with PAT Web browser: 192.168.1.101 Port 1100 Email: 192.168.1.101 Port 1102 Web browser: 192.168.1.103 Port 1100 Address Translation 192.168.1.101 Port 1100 -> 147.144.1.1 Port 2100 192.168.1.101 Port 1102 -> 147.144.1.1 Port 2101 192.168.1.103 Port 1100 -> 147.144.1.1 Port 2102
Network Access Control (NAC) Examines a computer before it is allowed to connect to the network Each computer must meet security policy first, such as Windows patches up to date Antivirus software Antispyware software Etc. Any device that does not meet the policy is only allowed to connect to a “quarantine” network where the security deficiencies are corrected
 
 
Network Security Devices Firewalls Proxy servers Honeypots Network intrusion detection systems Host and network intrusion prevention systems Protocol analyzers Internet content filters Integrated network security hardware
Firewall Typically used to filter packets Sometimes called a packet filter Designed to prevent malicious packets from entering the network A firewall can be software-based or hardware-based Hardware firewalls usually are located outside the network security perimeter As the first line of defense
Firewall (continued)
Firewall (continued) The basis of a firewall is a rule base Establishes what action the firewall should take when it receives a packet (allow, block, and prompt) Stateless packet filtering Looks at the incoming packet and permits or denies it based strictly on the rule base Stateful packet filtering Keeps a record of the state of a connection between an internal computer and an external server Then makes decisions based on the connection as well as the rule base
Stateless Firewall Rules
Stateful Firewall Rules Note error in textbook in left column, 3 rd row State = Established
Inbound and Outbound Traffic Filtering Most personal software firewalls today also filter outbound traffic as well as inbound traffic Filtering outbound traffic protects users by preventing malware from connecting to other computers and spreading But it annoys them with these alerts
Proxy Server I want to see yahoo.com I will get yahoo.com and save a copy Internet Here is my copy of yahoo.com
Proxy Server Clients never directly connect to the Internet This saves bandwidth, because one copy of a popular Web page can be used many times Allows a company to block forbidden Web sites It also prevents many attacks the same way NAT does Reverse proxy Does not serve clients but instead routes incoming requests to the correct server
Reverse Proxy Connect to Web server 1
Honeypot Intended to trap or trick attackers A computer typically located in a DMZ that is loaded with software and data files that appear to be authentic Yet they are actually imitations of real data files Three primary purposes of a honeypot: Deflect attention Early warnings of new attacks Examine attacker techniques
Network Intrusion Detection Systems (NIDS) Network intrusion detection system (NIDS) Watches for attempts to penetrate a network NIDS work on the principle of comparing new behavior against normal or acceptable behavior A NIDS looks for suspicious patterns Passive intrusion detection just logs the traffic and sends alerts
Network Intrusion Detection Systems (NIDS) (continued)
Intrusion Prevention Systems Finds malicious traffic and deals with it immediately Also called Active Intrusion Detection A typical IPS response may be to block all incoming traffic on a specific port
Host Intrusion Prevention Systems (HIPS) Installed on each system that needs to be protected Rely on agents installed directly on the system being protected Work closely with the operating system, monitoring and intercepting requests in order to prevent attacks
Host Intrusion Prevention Systems (HIPS) Most HIPS monitor the following desktop functions: System calls File system access System Registry settings Host input/output HIPS are designed to integrate with existing antivirus, anti-spyware, and firewalls HIPS provide an additional level of security that is proactive instead of reactive
Network Intrusion Prevention Systems (NIPS) Work to protect the entire network and all devices that are connected to it By monitoring network traffic NIPS can immediately react to block a malicious attack NIPS are special-purpose hardware platforms that analyze, detect, and react to security-related events Can drop malicious traffic based on their configuration or security policy
Protocol Analyzers Three ways for detecting a potential intrusion Detecting statistical anomalies (unusual traffic) Examine network traffic and look for well-known patterns of attack Use protocol analyzer technology Protocol analyzers Can fully decode application-layer network protocols Parts of the protocol can be analyzed for any suspicious behavior Such as an overly long User-Agent field in an HTTP GET request
Internet Content Filters Internet content filters Monitor Internet traffic and block access to preselected Web sites and files A requested Web page is only displayed if it complies with the specified filters Unapproved Web sites can be restricted based on the Uniform Resource Locator (URL) or by matching keywords
Internet Content Filters (continued)
Integrated Network Security Hardware Types of hardware security appliances: Dedicated security appliances provide a single security service Multipurpose security appliances that provide multiple security functions Integrated network security hardware Combines or integrates multipurpose security appliances with a traditional network device such as a switch or router Particularly attractive for networks that use IDS

More Related Content

PPT
Ch08 Authentication
Information Technology
 
PPT
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
PPTX
Trusted systems
ahmad abdelhafeez
 
PPT
Intruders and Viruses in Network Security NS9
koolkampus
 
PPT
Network security and protocols
Online
 
PPTX
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
PPTX
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Eric Vanderburg
 
PPT
Network security
Vikas Jagtap
 
Ch08 Authentication
Information Technology
 
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
Trusted systems
ahmad abdelhafeez
 
Intruders and Viruses in Network Security NS9
koolkampus
 
Network security and protocols
Online
 
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Eric Vanderburg
 
Network security
Vikas Jagtap
 

What's hot (20)

PPTX
Network security and firewalls
Murali Mohan
 
PPT
Intoduction to Network Security NS1
koolkampus
 
PPT
Ch02 System Threats and Risks
Information Technology
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
PPT
Intruders
techn
 
PPT
Network Security
Raymond Jose
 
DOCX
Network and web security
Nitesh Saitwal
 
PPSX
Intrusion detection system
gaurav koriya
 
PPT
Firewalls
Ram Dutt Shukla
 
PPTX
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Eric Vanderburg
 
PPT
Ch06 Wireless Network Security
Information Technology
 
PPTX
امن نظم المعلومات وامن الشبكات
Amr Rashed
 
PDF
Network Security & Attacks
Netwax Lab
 
PPTX
Network security - Defense in Depth
Dilum Bandara
 
PDF
Information Security Lecture Notes
FellowBuddy.com
 
PDF
Intruders
Dr.Florence Dayana
 
PDF
Firewalls
Dr.Florence Dayana
 
PPTX
Intrusion detection
CAS
 
PDF
Network security for E-Commerce
Hem Pokhrel
 
PDF
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
Network security and firewalls
Murali Mohan
 
Intoduction to Network Security NS1
koolkampus
 
Ch02 System Threats and Risks
Information Technology
 
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
Intruders
techn
 
Network Security
Raymond Jose
 
Network and web security
Nitesh Saitwal
 
Intrusion detection system
gaurav koriya
 
Firewalls
Ram Dutt Shukla
 
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Eric Vanderburg
 
Ch06 Wireless Network Security
Information Technology
 
امن نظم المعلومات وامن الشبكات
Amr Rashed
 
Network Security & Attacks
Netwax Lab
 
Network security - Defense in Depth
Dilum Bandara
 
Information Security Lecture Notes
FellowBuddy.com
 
Intruders
Dr.Florence Dayana
 
Firewalls
Dr.Florence Dayana
 
Intrusion detection
CAS
 
Network security for E-Commerce
Hem Pokhrel
 
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
Ad

Viewers also liked (20)

PPT
Network security
Gichelle Amon
 
PPT
Ch03 Protecting Systems
Information Technology
 
PPT
Microsoft Operating System Vulnerabilities
Information Technology
 
PPT
Ch10 Conducting Audits
Information Technology
 
PPT
Ch09 Performing Vulnerability Assessments
Information Technology
 
PPT
Ch13 Business Continuity Planning and Procedures
Information Technology
 
PPT
Ch01 Introduction to Security
Information Technology
 
PPT
Ch14 Policies and Legislation
Information Technology
 
PPTX
Web303
Information Technology
 
PPT
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
PPT
Ch11 Basic Cryptography
Information Technology
 
PPT
Ch07 Access Control Fundamentals
Information Technology
 
PDF
Network Security Presentation
Allan Pratt MBA
 
PPTX
My sql
Shashwat Shriparv
 
PPTX
Firewalls
Shashwat Shriparv
 
PPTX
Collaborative defence strategies for network security
sonukumar142
 
PPTX
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...
CODE BLUE
 
ODP
Python 3000
Bob Chao
 
PPTX
Python programming lab2
profbnk
 
PDF
OSCON 2008: Porting to Python 3.0
guest4d09
 
Network security
Gichelle Amon
 
Ch03 Protecting Systems
Information Technology
 
Microsoft Operating System Vulnerabilities
Information Technology
 
Ch10 Conducting Audits
Information Technology
 
Ch09 Performing Vulnerability Assessments
Information Technology
 
Ch13 Business Continuity Planning and Procedures
Information Technology
 
Ch01 Introduction to Security
Information Technology
 
Ch14 Policies and Legislation
Information Technology
 
Web303
Information Technology
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
Ch11 Basic Cryptography
Information Technology
 
Ch07 Access Control Fundamentals
Information Technology
 
Network Security Presentation
Allan Pratt MBA
 
My sql
Shashwat Shriparv
 
Firewalls
Shashwat Shriparv
 
Collaborative defence strategies for network security
sonukumar142
 
Practical network defense at scale Or: Protecting the “Eierlegende Wollmichsa...
CODE BLUE
 
Python 3000
Bob Chao
 
Python programming lab2
profbnk
 
OSCON 2008: Porting to Python 3.0
guest4d09
 
Ad

Similar to Ch05 Network Defenses (20)

PPTX
Firewall
trilokchandra prakash
 
PPT
Firewalls
University of Central Punjab
 
PPT
Day4
Jai4uk
 
PPTX
Chapter_1_Introduction to Network Security-1.pptx
mmmmoh35
 
PPT
Ch13 Protecting Networks with Security Devices
phanleson
 
PPT
Network security
Presentaionslive.blogspot.com
 
PPTX
Network security
Sidiq Dwi Laksana
 
PPTX
firrewall and intrusion prevention system.pptx
fatimagull32
 
PPTX
Network security
Fekadu Abera
 
PPTX
Firewall presentation
gaurav96raj
 
PDF
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
FahmiOlayah
 
PPTX
Cyber security tutorial2
sweta dargad
 
PPTX
Firewalls by Puneet Bawa
Puneet Bawa
 
DOCX
A firewall is a network security device.
abidhassan225
 
PPT
Chapter_Five[1].ppt
BachaSirata
 
PPT
Net Defender
krishna maddikara
 
PDF
Ch20 book
amitnitttr
 
PPTX
Firewalls
Deevena Dayaal
 
PPTX
PT.pptx
FranzLawrenzDeTorres1
 
PPT
Netdefender
krishna Maddikara
 
Firewall
trilokchandra prakash
 
Firewalls
University of Central Punjab
 
Day4
Jai4uk
 
Chapter_1_Introduction to Network Security-1.pptx
mmmmoh35
 
Ch13 Protecting Networks with Security Devices
phanleson
 
Network security
Presentaionslive.blogspot.com
 
Network security
Sidiq Dwi Laksana
 
firrewall and intrusion prevention system.pptx
fatimagull32
 
Network security
Fekadu Abera
 
Firewall presentation
gaurav96raj
 
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
FahmiOlayah
 
Cyber security tutorial2
sweta dargad
 
Firewalls by Puneet Bawa
Puneet Bawa
 
A firewall is a network security device.
abidhassan225
 
Chapter_Five[1].ppt
BachaSirata
 
Net Defender
krishna maddikara
 
Ch20 book
amitnitttr
 
Firewalls
Deevena Dayaal
 
PT.pptx
FranzLawrenzDeTorres1
 
Netdefender
krishna Maddikara
 

More from Information Technology (20)

PDF
Sql Server Security Best Practices
Information Technology
 
PPT
SAN
Information Technology
 
PPT
SAN Review
Information Technology
 
PPT
SQL 2005 Disk IO Performance
Information Technology
 
PPT
RAID Review
Information Technology
 
PPT
Review of SQL
Information Technology
 
PPT
Sql 2005 high availability
Information Technology
 
PPT
IIS 7: The Administrator’s Guide
Information Technology
 
PPT
MOSS 2007 Deployment Fundamentals -Part2
Information Technology
 
PPT
MOSS 2007 Deployment Fundamentals -Part1
Information Technology
 
PPT
Clustering and High Availability
Information Technology
 
PDF
F5 beyond load balancer (nov 2009)
Information Technology
 
PPT
WSS 3.0 & SharePoint 2007
Information Technology
 
PPT
SharePoint Topology
Information Technology
 
PDF
Sharepoint Deployments
Information Technology
 
PPT
Microsoft Clustering
Information Technology
 
PDF
Scalable Internet Servers and Load Balancing
Information Technology
 
PPT
Web Hacking
Information Technology
 
PPT
Migration from ASP to ASP.NET
Information Technology
 
PPT
Internet Traffic Monitoring and Analysis
Information Technology
 
Sql Server Security Best Practices
Information Technology
 
SAN
Information Technology
 
SAN Review
Information Technology
 
SQL 2005 Disk IO Performance
Information Technology
 
RAID Review
Information Technology
 
Review of SQL
Information Technology
 
Sql 2005 high availability
Information Technology
 
IIS 7: The Administrator’s Guide
Information Technology
 
MOSS 2007 Deployment Fundamentals -Part2
Information Technology
 
MOSS 2007 Deployment Fundamentals -Part1
Information Technology
 
Clustering and High Availability
Information Technology
 
F5 beyond load balancer (nov 2009)
Information Technology
 
WSS 3.0 & SharePoint 2007
Information Technology
 
SharePoint Topology
Information Technology
 
Sharepoint Deployments
Information Technology
 
Microsoft Clustering
Information Technology
 
Scalable Internet Servers and Load Balancing
Information Technology
 
Web Hacking
Information Technology
 
Migration from ASP to ASP.NET
Information Technology
 
Internet Traffic Monitoring and Analysis
Information Technology
 

Recently uploaded (20)

PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Institutional Correction lecture only . . .
limvtheghins
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Classroom Observation Tools for Teachers
Nicaramirez
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 

Ch05 Network Defenses

  • 1. Chapter 5 Network Defenses
  • 2. Objectives Explain how to enhance security through network design Define network address translation and network access control List the different types of network security devices and explain how they can be used
  • 3.  
  • 4. Security through Network Design Subnetting IP addresses are actually two addresses: one part is a network address and one part is a host address Subnetting or subnet addressing Splits a large block of IP addresses into smaller groups
  • 5. Image from Cisco CCNA Class 1
  • 6. Subnetting at CCSF Image from Cisco CCNA class 1, modified Whole College: 147.144.0.0 /16 147.144.0.1 through 147.144.255.254 CNIT Dept: 147.144.20.0 /24 147.144.20.1 through 147.144.20.254 Eng Dept: 147.144.51.0 /24 147.144.51.1 through 147.144.51.254
  • 8. Subnets Improve Security Each subnet can be isolated from the rest of the network Traffic between subnets can be monitored and restricted at the routers Subnets also allow network administrators to hide the internal network layout Outsiders only see your public servers, not your private subnets
  • 9. Virtual Local Area Network (VLAN) VLANs segment a network with switches, not routers A VLAN allows scattered users to be logically grouped together even though they may be attached to different switches Can reduce network traffic and provide a degree of security similar to subnetting: VLANs can be isolated so that sensitive data is transmitted only to members of the VLAN
  • 10.  
  • 11. Accounting machines are on their own VLAN
  • 12. VLAN Security VLAN communication can take place in two ways All devices are connected to the same switch Traffic is handled by the switch itself Devices are connected to different switches A special “tagging” protocol must be used, such as the IEEE 802.1Q-2005 A VLAN is heavily dependent upon the switch for correctly directing packets Attackers could take control of the switch itself, if it has a default or weak password Specially crafted traffic can also "hop" from one VLAN to another
  • 13. Network Convergence Telephone, data, and video all using the same IP network Voice over IP, Video over IP Advantages Cost savings Management Application development Infrastructure requirements Reduced regulatory requirements Increased user productivity
  • 15. Demilitarized Zone (DMZ) A separate network that sits outside the secure network perimeter Outside users can access the DMZ but cannot enter the secure network
  • 16. DMZ with One Firewall
  • 17. DMZ with Two Firewalls
  • 18. Network Address Translation (NAT) Hides the IP addresses of network devices from attackers Private addresses IP addresses not assigned to any specific user or organization Function as regular IP addresses on an internal network Non-routable addresses--traffic addressed to private addresses is discarded by Internet routers
  • 19. Network Address Translation (NAT) NAT removes the private IP address from the sender’s packet And replaces it with an alias IP address When a packet is returned to NAT, the process is reversed An attacker who captures the packet on the Internet cannot determine the actual IP address of the sender
  • 20. Network Address Translation (NAT) Private IP Addresses Address Translation 192.168.1.101 -> 147.144.1.101 192.168.1.102 -> 147.144.1.102 192.168.1.103 -> 147.144.1.103 192.168.1.151 -> 147.144.1.104 Public IP Addresses
  • 21. Port Address Translation (PAT) Normally performed along with NAT Each packet is given the same IP address but a different TCP port number Allows many machines to share the same public IP address
  • 22. NAT with PAT Web browser: 192.168.1.101 Port 1100 Email: 192.168.1.101 Port 1102 Web browser: 192.168.1.103 Port 1100 Address Translation 192.168.1.101 Port 1100 -> 147.144.1.1 Port 2100 192.168.1.101 Port 1102 -> 147.144.1.1 Port 2101 192.168.1.103 Port 1100 -> 147.144.1.1 Port 2102
  • 23. Network Access Control (NAC) Examines a computer before it is allowed to connect to the network Each computer must meet security policy first, such as Windows patches up to date Antivirus software Antispyware software Etc. Any device that does not meet the policy is only allowed to connect to a “quarantine” network where the security deficiencies are corrected
  • 24.  
  • 25.  
  • 26. Network Security Devices Firewalls Proxy servers Honeypots Network intrusion detection systems Host and network intrusion prevention systems Protocol analyzers Internet content filters Integrated network security hardware
  • 27. Firewall Typically used to filter packets Sometimes called a packet filter Designed to prevent malicious packets from entering the network A firewall can be software-based or hardware-based Hardware firewalls usually are located outside the network security perimeter As the first line of defense
  • 29. Firewall (continued) The basis of a firewall is a rule base Establishes what action the firewall should take when it receives a packet (allow, block, and prompt) Stateless packet filtering Looks at the incoming packet and permits or denies it based strictly on the rule base Stateful packet filtering Keeps a record of the state of a connection between an internal computer and an external server Then makes decisions based on the connection as well as the rule base
  • 31. Stateful Firewall Rules Note error in textbook in left column, 3 rd row State = Established
  • 32. Inbound and Outbound Traffic Filtering Most personal software firewalls today also filter outbound traffic as well as inbound traffic Filtering outbound traffic protects users by preventing malware from connecting to other computers and spreading But it annoys them with these alerts
  • 33. Proxy Server I want to see yahoo.com I will get yahoo.com and save a copy Internet Here is my copy of yahoo.com
  • 34. Proxy Server Clients never directly connect to the Internet This saves bandwidth, because one copy of a popular Web page can be used many times Allows a company to block forbidden Web sites It also prevents many attacks the same way NAT does Reverse proxy Does not serve clients but instead routes incoming requests to the correct server
  • 35. Reverse Proxy Connect to Web server 1
  • 36. Honeypot Intended to trap or trick attackers A computer typically located in a DMZ that is loaded with software and data files that appear to be authentic Yet they are actually imitations of real data files Three primary purposes of a honeypot: Deflect attention Early warnings of new attacks Examine attacker techniques
  • 37. Network Intrusion Detection Systems (NIDS) Network intrusion detection system (NIDS) Watches for attempts to penetrate a network NIDS work on the principle of comparing new behavior against normal or acceptable behavior A NIDS looks for suspicious patterns Passive intrusion detection just logs the traffic and sends alerts
  • 38. Network Intrusion Detection Systems (NIDS) (continued)
  • 39. Intrusion Prevention Systems Finds malicious traffic and deals with it immediately Also called Active Intrusion Detection A typical IPS response may be to block all incoming traffic on a specific port
  • 40. Host Intrusion Prevention Systems (HIPS) Installed on each system that needs to be protected Rely on agents installed directly on the system being protected Work closely with the operating system, monitoring and intercepting requests in order to prevent attacks
  • 41. Host Intrusion Prevention Systems (HIPS) Most HIPS monitor the following desktop functions: System calls File system access System Registry settings Host input/output HIPS are designed to integrate with existing antivirus, anti-spyware, and firewalls HIPS provide an additional level of security that is proactive instead of reactive
  • 42. Network Intrusion Prevention Systems (NIPS) Work to protect the entire network and all devices that are connected to it By monitoring network traffic NIPS can immediately react to block a malicious attack NIPS are special-purpose hardware platforms that analyze, detect, and react to security-related events Can drop malicious traffic based on their configuration or security policy
  • 43. Protocol Analyzers Three ways for detecting a potential intrusion Detecting statistical anomalies (unusual traffic) Examine network traffic and look for well-known patterns of attack Use protocol analyzer technology Protocol analyzers Can fully decode application-layer network protocols Parts of the protocol can be analyzed for any suspicious behavior Such as an overly long User-Agent field in an HTTP GET request
  • 44. Internet Content Filters Internet content filters Monitor Internet traffic and block access to preselected Web sites and files A requested Web page is only displayed if it complies with the specified filters Unapproved Web sites can be restricted based on the Uniform Resource Locator (URL) or by matching keywords
  • 46. Integrated Network Security Hardware Types of hardware security appliances: Dedicated security appliances provide a single security service Multipurpose security appliances that provide multiple security functions Integrated network security hardware Combines or integrates multipurpose security appliances with a traditional network device such as a switch or router Particularly attractive for networks that use IDS