Docstoc

ch10 CE

Document Sample
ch10 CE Powered By Docstoc
					Guide to Networking Essentials, Fifth Edition   10-1




Chapter 10
Introduction to Network Security

At a Glance

Instructor’s Manual Table of Contents
   Overview

   Objectives

   Teaching Tips

   Quick Quizzes

   Class Discussion Topics

   Additional Projects

   Additional Resources

   Key Terms

   Technical Notes for Hands-On Projects
Guide to Networking Essentials, Fifth Edition                                               10-2



Lecture Notes

Overview
       Chapter 10 offers an introduction to network security. Students learn about the basics of
       developing a network security policy and securing physical access to network
       equipment. They also learn how to secure network data. Finally, they learn how to use
       different tools to find network security weaknesses.


Objectives
      Develop a network security policy
      Secure physical access to network equipment
      Secure network data
      Use tools to find network security weaknesses


Teaching Tips
Network Security Overview and Policies
   1. Explain that perceptions on security vary depending on who you are talking to, and the
      industry this person works in.

   2. Stress that network security should be as unobtrusive as possible.

   3. Note that a company that can demonstrate its information systems are secure is more
      likely to attract customers, partners, and investors.

Developing a Network Security Policy

   1. Describe the role of a network security policy.

   2. Briefly discuss the desirable characteristics of a network security policy.

Determining Elements of a Network Security Policy

   1. Briefly describe each of the elements that are (at least) required for most network
      security policies: privacy policy, acceptable use policy, authentication policy, Internet
      use policy, access policy, auditing policy, and data protection policy.
Guide to Networking Essentials, Fifth Edition                                                  10-3



               To learn more about security policies, refer to RFC 2196 at:
Teaching
               http://rfc.net/rfc2196.html. You may also visit www.sans.org/resources/policies/
Tip
               and www.cisco.com/warp/public/126/secpol.html.


   2. Stress that a security policy should protect an organization legally, and that it should be
      a continual work in progress.

Understanding Levels of Security

   1. Explain that security doesn’t come without a cost.

   2. List (and explain) the questions that should be answered before deciding on a level for
      the security policy.

   3. Note that there are three levels of security policies.

   4. Highly restrictive security policies. Describe the features included. Note that they might
      require third-party hardware and software. Explain why this type of policy has high
      implementation expenses. Stress that this type of policy should be used when the cost of
      a security breach is high.

   5. Moderately restrictive security policies. Stress that most organizations can opt for this
      type of policy. Describe its characteristics and note that its costs are primarily in initial
      configuration and support.

   6. Open security policies. Describe the characteristics of this type of policy (with respect
      to passwords, resource access, auditing, Internet access, and sensitive data). Note that
      they make sense for a small company with the primary goal of making access to
      network resources easy.

   7. Common elements of security policies. Describe the common elements of security
      policies: virus protection, backup procedures, policies, etc. Stress that security is aimed
      not only at preventing improper use of or access to network resources, but also at
      safeguarding the company’s information.


Securing Physical Access to the Network
   1. Explain that if there’s physical access to equipment, there is no security. Describe the
      risks involved in computers left alone without physical access control (including the
      case when the computer is left with a user logged on).
Guide to Networking Essentials, Fifth Edition                                            10-4



Teaching      Read more about securing physical infrastructures at:
Tip           www.networkmagazineindia.com/200302/security2.shtml.


Physical Security Best Practices

   1. Describe the most important physical security best practices: use of locked rooms for
      servers and equipment, use of locking cabinets, adequate wiring protection, and
      availability of a physical security plan.

   2. Physical security of servers. Note that servers may be stashed away in lockable wiring
      closets, along with the switches to which the servers are connected. Stress that they
      often require more tightly controlled environmental conditions than patch panels, hubs,
      and switches. Explain that server rooms should be equipped with power that’s
      preferably on a circuit separate from other devices.

   3. Security of internetworking devices. Explain the importance of securing internetworking
      devices, and describe how to achieve this.


Quick Quiz 1
   1. What is a privacy policy?
      Answer: A privacy policy describes what staff, customers, and business partners can
      expect for monitoring and reporting network use.

   2. Most organizations can probably opt for a(n) ____________________ restrictive
      security policy.
      Answer: moderately

   3. A physical security ____________________ should include procedures for recovery
      from natural disasters, such as fire or flood.
      Answer: plan

   4. If you’re forced to place servers in a public access area, ____________________
      cabinets are a must.
      Answer: locking


Securing Access to Data
   1. Briefly describe each of the facets required to secure access to data.
Guide to Networking Essentials, Fifth Edition                                              10-5

Implementing Secure Authentication and Authorization

   1. Explain the difference between authentication and authorization.


Teaching      The IETF has an Authentication, Authorization and Accounting (aaa) charter
Tip           (www.ietf.org/html.charters/aaa-charter.html).


   2. Describe the authentication and authorization security options and restrictions usually
      configurable by NOSs’ tools.

   3. Explain that file system access controls and user permission settings determine what a
      user can access on a network and what actions a user can perform.

   4. Configuring password requirements in a Windows Environment. Describe the password
      requirements and options that can be configured in a Windows environment. Use Figure
      10-1 to explain that password policies for a single Windows XP/Vista or Windows
      Server 2003 computer can be set in the Local Security Settings MMC found in the
      Administrative Tools section of Control Panel.

   5. Configuring password requirements in a Linux Environment. Describe the password
      requirements and options that can be configured in a Linux environment. Don’t forget
      to introduce the terms shadow passwords and Pluggable Authentication Modules
      (PAM).

   6. Reviewing password dos and don’ts. Provide some tips on how to set secure passwords.

   7. Restricting logon hours and logon location. Use Figure 10-2 to explain that both
      Windows and Linux have solutions to restrict logon by time of day, day of the week,
      and location. Explain that a common use of restricting logon hours is to disallow logon
      during system backup, which usually takes place in the middle of the night. Figure 10-3
      shows the Windows user account settings for logon location; the user can log on only to
      the computers named smiller01 and engineering. As with logon hours, this option is
      available only in a Windows domain environment. Note that although Linux offers
      similar features for logon restrictions using the PAM authentication service, in general,
      standard Linux distributions don’t include a GUI to configure these settings.


              Note that in Novell NetWare, an administrator can configure all the logon
Teaching
              settings discussed previously in ConsoleOne, iManager, or NetWare
Tip
              Administrator.
Guide to Networking Essentials, Fifth Edition                                               10-6

           a. Authorizing access to files and folders. Describe each of the two options for file
              security provided by Windows OSs: sharing permissions and NTFS permissions.
              Use Figure 10-4 to explain that to set Windows NTFS permissions on a folder,
              you should right-click the folder, click Sharing and Security, and then click the
              Security tab in the Properties dialog box. Use Figure 10-5 to explain that Linux
              also supports file and folder security. Note that Linux permissions are fairly
              simple, compared with the multitude of configuration options in Windows
              NTFS permissions.

Securing Data with Encryption

   1. Explain that encryption can be used to safeguard data as it travels across one or more
      networks, and also to secure data stored on disks.

   2. Using IPSec to secure network data. Explain that the most popular method for
      encrypting data as it travels network media is to use an extension to the IP protocol
      called IP Security (IPSec). Briefly describe how this protocol works, noting that an
      association is formed by two devices authenticating their identities via a preshared key,
      Kerberos authentication, or digital certificates. Use Figure 10-6 to explain that IPSec is
      configured on a Windows Vista, Windows XP, or Windows Server 2003 computer in
      the IP Security Policies MMC. Explain that three standard IPSec policies are available:
      client, server, and secure server. Stress that these policies are intended as models for
      administrators to create their own policies suitable for their networks, but they can be
      used as is or edited. Note that an IPSec policy must be assigned before IPSec can be
      enabled on a computer, and that only one IPSec policy can be assigned per computer.
      Use Figure 10-7 to explain that in a Linux Fedora Core 4 environment, IPSec is
      configured with the Network Configuration tool.

Teaching
              For more information on IPSec, visit: http://en.wikipedia.org/wiki/Ipsec.
Tip

   3. Securing data on disk drives. Use Figure 10-8 to explain that in Windows XP, Vista,
      and Server 2003, Encrypting File System (EFS) is a standard feature available on
      NTFS-formatted disks. Note that after a file is encrypted, Windows Explorer displays
      the file name in green text so that it’s recognizable as an encrypted file. Stress that by
      default, only the creator of the file and the designated Data Recovery Agent for the
      system can decrypt the file. Explain that on Linux systems, a simple method to encrypt
      files involves using a command-line program called gpg.

Securing Communication with Virtual Private Networks

   1. Use Figure 10-9 to explain how VPNs work. Explain that the tunnel is really a special
      encapsulation of the IP protocol, in which it appears to the client as though a direct
      point-to-point connection exists between client and server.
Guide to Networking Essentials, Fifth Edition                                                 10-7


Teaching
              For more information on VPNs, visit: http://en.wikipedia.org/wiki/VPN.
Tip

   2. VPNs in a Windows environment. Describe how PPTP and L2TP can be used to create
      VPNs in a Windows environment.

   3. VPNs in Other OS environments. Briefly describe how VPNs can be created in Linux,
      NetWare, and Mac OS systems. Note that one method of providing VPN services to
      connect remote sites is to use routers with VPN capability to form a router-to-router
      VPN connection.

   4. VPN benefits. Discuss the advantages of using VPNs to secure remote access to
      networks. Stress that VPNs save costs.

Protecting Networks with Firewalls

   1. Describe the role of a firewall. Explain the difference between software and hardware
      firewalls.


Teaching      For more information on firewalls, visit:
Tip           http://en.wikipedia.org/wiki/Firewall_(networking).


   2. Explain how firewalls work and briefly discuss how rules are created and applied.
      Introduce the term stateful packet inspection (SPI).


Teaching      Explain that firewalls perform other functions not mentioned here, but the
Tip           functions discussed in this section are typically universal of all firewalls.


   3. Using a router as a firewall. Explain how access control lists can be used to configure a
      router with firewall capabilities. Note that typically, an administrator builds access
      control lists so that all packets are denied, and then creates rules that make exceptions.

   4. Using intrusion detection systems. Briefly describe the role of IDSs in securing
      networks.

Teaching
              Snort (www.snort.org/) is a very good open source IDS.
Tip

   5. Using network address translation to improve security. Explain how NAT can be used
      to improve security.
Guide to Networking Essentials, Fifth Edition                                               10-8

Protecting a Network from Worms, Viruses, and Rootkits

   1. Introduce the terms virus, worm, backdoor, malware, Trojan program, rootkit, and hoax
      virus.


Teaching      In the Computer section of the www.snopes.com site, you can find a list of real
Tip           and hoax viruses.


   2. Explain that to help prevent spread of malware, every computer should have virus-
      scanning software running.

Teaching
              For more information on malware, visit: http://en.wikipedia.org/wiki/Malware.
Tip

   3. Stress that while malware protection can be expensive, the loss of data and productivity
      that can occur when a network becomes infected is much more costly.

Protecting a Network from Spyware and Spam

   1. Explain how spyware and spam affect a network and reduce productivity.

   2. Explain how spyware and spam can be removed or prevented from reaching users, but
      note that their detection and prevention is an uphill battle.

Implementing Wireless Security

   1. Explain that attackers who drive around looking for wireless LANs to intercept are
      called wardrivers.

   2. Describe each of the wireless security mechanisms that can be used to restrict access to
      WLANs.

   3. Note that as an administrator, you should also set policies like limiting the AP signal
      access, changing the encryption key regularly, etc.


Quick Quiz 2
   1. What is the difference between authentication and authorization?
      Answer: Authentication and authorization are security features that allow administrators
      to control who has access to the network (authentication) and what users can do after
      they are logged on to the network (authorization).
Guide to Networking Essentials, Fifth Edition                                              10-9

   2. Linux shadow passwords are stored in an encrypted format in the shadow file located in
      the ____________________ directory; this file is accessible only by the root system
      user.
      Answer: /etc

   3. What is encryption used for?
      Answer: Many network administrators use encryption technologies to safeguard data as
      it travels across the Internet and even within the company network. This security
      measure prevents somebody using eavesdropping technology, such as a packet sniffer,
      from capturing packets and using data in the packets for malicious purposes. Data
      stored on disks can also be secured with encryption to prevent someone who has gained
      physical access to the computer from being able to use the data.

   4. A(n) ____________________ is a hardware device or software program that inspects
      packets going into or out of a network or computer and then discards or forwards those
      packets based on a set of rules.
      Answer: firewall


Using a Cracker’s Tools to Stop Network Attacks
   1. Explain that if you want to design a good, solid network infrastructure, you can hire a
      security consultant who knows the tools of the cracker’s trade.

   2. Describe the difference between crackers and hackers. Introduce the terms “black hat”
      and “white hat.” Note that white hats often use the term penetration tester for their
      consulting services.

Discovering Network Resources

   1. Explain that attackers use command-line utilities, such as Ping, Traceroute, Finger, and
      Nslookup, to get information about the network configuration and resources. Briefly
      describe how these tools can be used to discover network resources.

   2. Describe how other tools like ping scanners (see Figure 10-10), port scanners (see
      Figure 10-11), and protocol analyzers can be used to discover network resources.
      Explain how a network administrator can use this information for security purposes.

   3. Use Figure 10-12 to explain that Whois is a handy utility for discovering information
      about an Internet domain. You can find the name and address of the domain name
      owner, contact information for the domain, and the DNS servers that manage the
      domain.
Guide to Networking Essentials, Fifth Edition                                             10-10

Gaining Access to Network Resources

   1. Explain that one of the easiest resources to open is one in which no password is set.
      Explain how to avoid having this vulnerability.

   2. Explain how Finger, default account names and password-cracking utilities can be used
      by attackers to learn user names and passwords.


Teaching      For a complete list of security and hacking tools, including password crackers,
Tip           visit: www.securiteam.com/tools/archive.html.


Teaching
              For another good list of security tools, visit: http://sectools.org/.
Tip

Disabling Network Resources

   1. Explain what a DoS attack is. Explain that DoS attacks can be performed in several
      ways, including: packet storms, half-open SYN attacks, and ping floods.

   2. When describing a packet storm, introduce the term spoofed address.


Quick Quiz 3
   1. What is a cracker?
      Answer: A cracker is someone who attempts to compromise a network or computer
      system for the purposes of personal gain or to cause harm.

   2. What is a hacker?
      Answer: Hacker is sometimes a derogatory term to describe an unskilled or
      undisciplined programmer. It can also mean someone who is highly skilled with
      computer systems and programs and is able to use some of the same tools crackers use
      to poke around networks or systems, but not for evil purposes.

   3. A(n) ____________________ scanner determines which TCP and UDP ports are
      available on a particular computer or device.
      Answer: port

   4. What is a DoS attack?
      Answer: A denial-of-service (DoS) attack is an attacker’s attempt to tie up network
      bandwidth or network services so that it renders those resources useless to legitimate
      users.
Guide to Networking Essentials, Fifth Edition                                           10-11


Class Discussion Topics
   1. Ask students if they have experienced any computer security problems before. Perhaps
      their PCs have been infected by viruses or their logon password has been stolen using a
      backdoor, etc. They should discuss the problems they had and describe how they solved
      them.

   2. What measures do students take to protect their PCs from malware?


Additional Projects
   1. CIA is a mnemonic for the three goals of information security (see
      http://en.wikipedia.org/wiki/CIA_triad). Ask students to do some research to find out
      what these goals are. They should write a report with their findings and classify the
      security problems presented in this chapter, depending on which of these goals they
      affect.

   2. Ask students to do some research on how SSH can be used to create secure tunnels.


Additional Resources
   1. The SANS Security Policy Project:
      www.sans.org/resources/policies/

   2. Network Security Policy: Best Practices White Paper:
      www.cisco.com/warp/public/126/secpol.html

   3. Secure Physical Infrastructure Too:
      www.networkmagazineindia.com/200302/security2.shtml

   4. Virtual Private Network:
      http://en.wikipedia.org/wiki/VPN

   5. Top 100 Network Security Tools:
      http://sectools.org/

   6. Authentication, Authorization and Accounting (aaa):
      www.ietf.org/html.charters/aaa-charter.html

   7. IPsec:
      http://en.wikipedia.org/wiki/Ipsec

   8. Penetration Testing IPsec VPNs:
      www.securityfocus.com/infocus/1821
Guide to Networking Essentials, Fifth Edition                                           10-12

   9. Firewall (networking):
      http://en.wikipedia.org/wiki/Firewall_(networking)

   10. Intrusion Detection FAQ:
       www.sans.org/resources/idfaq/

   11. Intrusion-Detection System:
       http://en.wikipedia.org/wiki/Intrusion-detection_system

   12. Malware:
       http://en.wikipedia.org/wiki/Malware

   13. Securing your Wireless Network:
       www.practicallynetworked.com/support/wireless_secure.htm

   14. Top 8 Tips for Wireless Home Network Security:
       http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm


Key Terms
    802.11i — A security extension to 802.11 and a successor to Wi-Fi Protected Access
     that is the currently accepted best security protocol for wireless networks.
    access control lists — Sets of rules defined by an administrator that determine which
     packets should be allowed and which should be denied.
    authentication — A security feature that allows an administrator to control who has
     access to the network.
    authorization — A security feature that allows an administrator to control what a user
     can do and which resources can be accessed after the user is authenticated to the
     network.
    backdoor — A program installed on a computer that permits access to the computer,
     thus bypassing the normal authentication process.
    cracker — Someone who attempts to compromise a network or computer system for
     the purposes of personal gain or to cause harm.
    denial-of-service (DoS) attack — An attempt to tie up network bandwidth or services
     so that network resources are rendered useless to legitimate users.
    Encrypting File System (EFS) — A feature available on Windows operating systems
     that allows file contents to be encrypted on the disk. These files can be opened only by
     the file creator or designated agents.
    encryption — A technology used to make data unusable and unreadable to anybody
     except authorized users of the data.
    firewall — A hardware device or software program that inspects packets going into or
     out of a network or computer and then discards or forwards those packets based on a set
     of rules.
    hacker — Sometimes a derogatory term to describe an unskilled or undisciplined
     programmer. Hacker can also mean someone who is highly skilled with computer
     systems and programs and is able to use some of the same tools crackers use to poke
     around networks or systems, but not for evil purposes.
Guide to Networking Essentials, Fifth Edition                                          10-13

    hoax virus — A type of virus that’s not really a virus but simply an e-mail
     announcement of a made-up virus. Its harm lies in people believing the announcement
     and forwarding the message on to others.
    intrusion detection system (IDS) — Usually a component of a firewall, an IDS detects
     an attempted security breach and notifies the network administrator. An IDS can also
     take countermeasures to stop an attack in progress.
    IP Security (IPSec) — An extension to the IP protocol suite that creates an encrypted
     and secure conversation between two hosts.
    MAC address filtering — A security method often used in wireless networks, whereby
     only devices with MAC addresses specified by the administrator can gain access to the
     wireless network.
    malware — Any software designed to cause harm or disruption to a computer system
     or otherwise perform activities on a computer without the consent of the computer’s
     owner.
    NTFS permissions — Permissions assigned to files or folders on an NTFS-formatted
     volume in a Windows system. NTFS permissions affect user access to resources
     whether the user is logged on locally or over the network.
    penetration tester — A term used to describe a security consultant who is able to
     detect holes in a system’s security for the purpose of correcting these vulnerabilities.
    ping scanner — An automated method for pinging a range of IP addresses.
    Pluggable Authentication Modules (PAM) — A software service used on many
     Linux distributions for authenticating users. PAM is extensible so that new
     authentication features can be added as needed.
    port scanner — Software that determines which TCP and UDP ports are available on a
     computer or device.
    protocol analyzers — Programs or devices that can capture packets traversing a
     network and display packet contents in a form useful to the user.
    rootkits — Forms of Trojan programs that can monitor traffic to and from a computer,
     monitor keystrokes, and capture passwords. They are among the most insidious form of
     Trojan software because they can mask that the system has been compromised by
     altering system files and drivers required for normal computer operation.
    shadow passwords — A secure method of storing user passwords on a Linux system.
    sharing permissions — A list of permissions that can be assigned to users and groups
     and applied to Windows shared folders. Sharing permissions don’t affect access to files
     and folders by users logged on locally to the system hosting the files.
    spam — Unsolicited e-mail. The harm in spam is the loss of productivity when people
     receive dozens or hundreds of spam messages daily and the use of resources to receive
     and store spam on e-mail servers.
    spoofed address — A source address inserted into a packet that is not the actual
     address of the sending station.
    spyware — A type of malware that monitors or in some way controls part of your
     computer at the expense of your privacy and to the gain of some third party.
    stateful packet inspection (SPI) — A filtering method used in a firewall, whereby
     packets are not simply filtered based on packet properties but also the context in which
     packets are being transmitted. If a packet is not part of a legitimate, ongoing data
     conversation, it’s denied.
    Trojan program — A program that appears to be something useful, such as a free
     utility you can use on your computer, but in reality contains some type of malware.
Guide to Networking Essentials, Fifth Edition                                            10-14

    virtual private networks (VPNs) — Temporary or permanent connections across a
     public network that use encryption technology to transmit and receive data.
    virus — A malicious program that spreads by replicating itself into other programs or
     documents. A virus usually aims to disrupt computer or network functions by deleting
     and corrupting files.
    wardrivers — Attackers who drive around with a laptop or PDA looking for wireless
     LANs to access.
    Wi-Fi Protected Access (WPA) — A wireless security protocol that is the successor to
     Wired Equivalency Protocol. WPA has enhancements that make cracking the
     encryption code more difficult.
    Wired Equivalency Protocol (WEP) — A form of wireless security that encrypts data
     so that unauthorized people receiving wireless network signals can’t interpret the data
     easily.
    worm — A self-replicating program, similar to a virus, that uses network services such
     as e-mail to spread to other systems.


Technical Notes for Hands-On Projects

Hands-On Project 10-1: This project requires a Web browser, Internet access, and a program
   for unzipping files. Students also use the Windows net and ping command-line utilities.

Hands-On Project 10-2: This project requires the NetInfo program installed in the previous
   project.

Hands-On Project 10-3: This project requires a computer with Windows XP SP2 or later and
   that students are able to enable Windows Firewall. Administrator access is necessary.

Hands-On Project 10-4: This project requires Windows XP and Administrator access.

Hands-On Project 10-5: This project requires Windows XP and Administrator access.

Hands-On Project 10-6: This project requires a Web browser and Internet access.