2-Network Security's Nuts & Bolts

Cyberoam Certified Network & Security Professional (CCNSP)
training.cyberoam.com © Copyright 2012 Cyberoam Technologies Pvt. Ltd. All Rights Reserved.
Module 2 – Network Security’s Nuts & Bolts
Learning
training.cyberoam.com
Module 2 > What is Network Security ?
• A methodology consisting of policies defined by network admin to

monitor and prevent unauthorized access to the network
• Includes authorization to access data in network
• Includes all network resources like
• Internet
• Shared devices like printers, faxes, scanners, etc.
• Servers like Web, FTP, email, etc.
Learning
Module 2 > Identifying Risks in the Network
• Network risk is a broader term and can be divided into many smaller
terms
• Threats
• Vulnerabilities
• Confidentiality Attacks
Learning
Module 2 > Threats
• A threat is any such incident which can harm the security of a computer
network.
• Threats are categorized into
• Internal
• External
Learning
Module 2 > Threats > Internal Threat
• Till now we have only known that the threats to a network is from the
Internet, and other outside world, but a study reveals that the actual
threat to an organization is more internal than external.
Learning
Module 2 > Threats > External Threat
• External threats are the threats which come from outside the network
usually through the internet.
• An external threat relies on technical means to achieve its goals.
• The network security defense mechanisms fight most against the
external threats.
• Firewalls, Intrusion Prevention System (IPS), and other such terms can
help to reduce the threats to an organization
Learning
Module 2 > Vulnerability
• Vulnerability is defined as an organization’s own weakness.

• Vulnerability is a loop hole in the network which could have been
prevented but due to some lacks, it could not be prevented and becomes
a threat to a network.
• Vulnerability is a combination of three major elements
• A flaw in the system
• An attacker can access the flaw
• Attacker having a capability to exploit the flaw.
Learning
Module 2 > Confidentiality Attacks
• A confidentiality attack talks about a person stealing or trying to steal an

organization’s confidential data.
• A confidentiality attack is not necessary only physical but can be logical
also.
• An attacker may try to copy sensitive files onto a USB Memory without
the information of the owner, or even without leaving a trace.
• It is difficult to track any unauthorized copying or leakage of data without
auditing and monitoring the data at all times.
• Confidentiality attacks are classified as
• Logical
• Physical
Learning
Module 2 > Confidentiality Attacks > Logical Attacks
• Packet Sniffing
• Port Scanning
• Social Engineering
Learning
Module 2 > Confidentiality Attacks > Physical Attacks
• Dumpster Diving
• Wiretapping
Learning
Module 2 > Security Principles
• Response
• Detection
• Prevention
Learning
Module 2 > Evolution of Firewall
• A Firewall can be hardware or software, used to secure network access

• Previously, Companies would place their systems directly on the Internet
with a public IP address.
• Later, border router connected the Internet to the local network
• Need for better security gave rise to new types of firewalls for an
Internet-enabled office
Learning
Module 2 > Evolution of Firewall > Packet Filter
• Filters packets based on Source/Destination IP, Source/destination port,

and on a packet-per-packet basis
• Provides the minimum amount of required security.
Destination
port 80
Destination
port 8080
Learning
Module 2 > Evolution of Firewall > Application Filter
• Situated between protected network and the Internet

• Secure, because entire packet, including the application portion of the
packet, can be completely inspected
• Apart from being Packet filters, they also check for source/destination IP
Destination IP
192.18.1.1:80
Destination IP
192.18.1.1:8080
Learning
Module 2 > Evolution of Firewall > Stateful Inspection
• Monitors the “state” of a communication.

• Not only work as packet filter and application proxies, but also maintain
the “state”, meaning that the packet goes via the similar route in which it
was received.
• Advantage - it does not check any rule on sending the response packet
Destination
session live
Destination
session expire
Learning
Module 2 > Evolution of Firewall > UTM
• It is a firewall device with all security features bundled in a single

product.
• Traditional UTM functions as a network firewall, network intrusion
prevention system, anti-virus, anti-spam, VPN solution, filtering web
content solution and load balancing solution in one box.
• Can also generate reports, and maintain the “state”
No Virus
Found virus
Learning
Module 2 > Evolution of Firewall > UTM Pros & Cons
• Can be deployed as a single appliance, taking control of network as a

single Rack mounted appliance.
• Is capable of generating reports, but becomes essential to connect the
UTM appliance to a reporting server.
• There is a need to secure the reporting server, especially from external
attacks.
• If the reporting server goes down, it becomes difficult to maintain and
fetch report.
Learning
Module 2 > Evolution of Firewall > Next Generation UTM
Destination
port 80
Destination IP
192.18.1.1:80
Destination
session live
No Virus
User: John
Destination
port 8080
Destination IP
192.18.1.1:8080
Destination
session expire
Found virus
User: Mike
Learning
Module 2 > Identifying Vital Data & Assets
• Servers/DMZ
• Servers/DMZ (De-Militarized Zone) is an approach to securing the
vital data and assets.
• In this approach the servers and machines which carry vital data are
separated from the network.
• Different rules can be created for this zone in the firewall, since this
area needs most protection from the attackers.
Learning
Module 2 > Identifying Vital Data & Assets
• Grouping Segments of an Organization

• The user policies are different among different groups.
• Like for example, a marketing person has access to different
resources than a financial person.
• It is therefore mandatory to divide the network into different
segments. Since, the network is divided into different segments;
each segment gets its own range of IP address
Learning
Module 2 > DMZ & Firewall Scenarios
Learning
Module 2 > Baseline Security Principles
• Establishing Baseline Security

• Security Models
• Security by Obscurity
• Perimeter Defense
• Defense in depth
• Monitoring Baseline Security
• Logging and Reporting Events
• Maintaining Baseline Security
• Dealing security breaches
Learning
• Security by Obscurity
• Security by obscurity is a stealth type of protection.
• It relies on the concept that if a network is unknown and undetected
by outsiders, it will not be affected by any threats.
• The basic principle of this model is to hide to network by not
advertising it.
• The only flaw for this model is that it does not work in the longer
run; once a network is detected it is vulnerable to attacks
Learning
• Perimeter Defense
• Perimeter defense applies security by obscurity, but at a lower level.
The perimeter defense model separates the outer network and inner
network by adding a firewall in between.
• The internal network and its structure are hidden from the outsiders,
so there can be no vulnerabilities
Learning
• Defense in depth
• Defense in depth is the best model approach to network security.
• The defense in depth model applies security to each node on the
network making each node act as an individual.
• The advantage of defense in depth is that if there are any internal
attacks, or any internal node is compromised, the other internal
nodes can detect and prevent the further attacks on the entire
network
Learning
Module 2 > Compliances
• CIPA
• Children’s Internet Protection Act
• HIPAA
• Health and Insurance Portability & Accountability Act
• GLBA
• Gramm-Leach-Biley Act
• SOX
• Sarbanes-Oxley
• PCI
• Payment Card Industry
• FISMA
• Federal Information Security Management Act
Learning
Module 2 > Goals of Network Security
• Confidentiality
• Providing confidentiality is an assurance that only authorized users
can view the sensitive information
• Integrity
• Providing integrity to sensitive data assures that only authorized
users can change the data.
• Availability
• Confidentiality and integrity together should be organized in such a
way that the availability of sensitive data to the authorized users is
always high
Learning
Next> Deploying Security Solution
Learning

2-Network Security's Nuts & Bolts

Uploaded by

Copyright:

Available Formats

2-Network Security's Nuts & Bolts

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2-Network Security's Nuts & Bolts

Uploaded by

Copyright:

Available Formats

Cyberoam Certified Network & Security Professional (CCNSP)

• A methodology consisting of policies defined by network admin to

• Vulnerability is defined as an organization’s own weakness.

• A confidentiality attack talks about a person stealing or trying to steal an

• A Firewall can be hardware or software, used to secure network access

• Filters packets based on Source/Destination IP, Source/destination port,

• Situated between protected network and the Internet

• Monitors the “state” of a communication.

• It is a firewall device with all security features bundled in a single

• Can be deployed as a single appliance, taking control of network as a

• Grouping Segments of an Organization

• Establishing Baseline Security

You might also like