Lesson
11: Security Basics
Why Security?
| Identity
| Integrity
| Active
Audit
Integrity
Let's look at some of the different integrity solutions.
Integrity—Network Availability
One of the functions of integrity is making
sure the network is up. You need to guarantee that data in
fact gets where it’s supposed to This is job 1! Your
network isn’t worth a thing if your routers go down.
If network infrastructure isn’t reliable, business doesn’t
happen. Let’s look at a few features.
TCP Intercept
TCP Intercept is designed to prevent a SYN
flooding Denial of Service attack by tracking, optionally
intercepting and validating TCP connection requests. A SYN
flooding attack involves flooding a server with a barrage
of requests for connection. However, since these messages
have invalid return addresses, the connections can never be
established. The resulting volume of unresolved open connections
eventually overwhelms the server and can cause it to deny
service to valid requests. TCP Intercept is capable of operating
in two different modes - intercept mode and monitor mode.
When used in intercept mode (the default setting), it checks
for incoming TCP connection requests and will proxy-answer
on behalf of the destination server to ensure that the request
is valid before connecting to the server. In monitor mode,
TCP Intercept passively watches the connection requests flowing
through, and, if a connection fails to get established in
a configurable interval, it will intervene and terminate the
connection attempt.
Route Authentication
A common hacking technique is to instruct
devices to send traffic along an alternate route, a less secure
route, that opens up a doorway for the hacker to get in.
Route authentication enables routers to identify one another
and verify each other’s legitimacy before accepting
route updates. So route authentication ensures that you have
trusted devices talking to trusted devices.
Integrity—Perimeter Security
Integrity also means ensuring the safety
of the network devices and the flows of information between
them, including payload data, configuration and configuration
updates.
Everyone is connecting to the Internet, so networks are vulnerable:
you need to defend your perimeters. There are several kinds
of network perimeter, and you may need some kind of firewall
protection at each perimeter access point to reflect your
security policy. Perimeter security gives customers the ability
to leverage the Internet as a business resource, while protecting
internal resources.
The key to network integrity is that it be implemented across
all types of devices with full internetworking, so that every
device in the network can participate and not be a weak link
in the security implementation chain.
Let’s look at some of these technologies.
Access Lists
So Access Control Lists are often the first
wave of defense. Security is a multi-step thing, and Access
Control Lists can play an important part in this. Standard
Access Control Lists can filter addresses.
So you can say, "Hey, I don't want traffic from particular
places," maybe people that are known spammers or something
like that. It may be anything. It's not part of your extranet.
So you can do permit and denies on an entire protocol suite.
Maybe you don't want to see a particular class of service
flowing through this particular router. There's also extended
Access Control Lists where we can filter the source and destination
address. So if you have a list of people that you don't want
to be making connections, you can tell that to your ACL, as
Access Control Lists are called.
You can sort these both on inbound and outbound, on port number.
For an example, maybe you want to create a demilitarized zone,
or DMZ, and you only want traffic that's on the Web port where
HTML traffic goes, which is port 80.
So this would be an example of using a port number to restrict
traffic to a particular part of the network.
You can have permit and deny of specific protocols. Reflexive;
in other words, Access Control Lists that can change based
on certain criteria.
And also time based. Maybe you have a different set of rules
during business hours as opposed to after business hours.
<<Back
[1] [2]
[3]
[4] [5]
[6] [7]
[8] [9]
[10]
[11] [12] [13]
Next>>
|
