Scribd
Upload
17 views40 pages

CH 4 Securing Your Network

Chapter 4 covers advanced security measures including Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), highlighting their roles in detecting and preventing attacks. It also discusses securing wireless networks, the types of wireless attacks, and the use of VPNs for secure remote access. Key topics include authentication protocols, network access control, and the importance of monitoring and securing wireless communications.

Uploaded by

arash.m.eslami
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views40 pages

CH 4 Securing Your Network

Chapter 4 covers advanced security measures including Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), highlighting their roles in detecting and preventing attacks. It also discusses securing wireless networks, the types of wireless attacks, and the use of VPNs for secure remote access. Key topics include authentication protocols, network access control, and the importance of monitoring and securing wireless communications.

Uploaded by

arash.m.eslami
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 40

Chapter 4

Securing Your Network

GetCertifiedGetAhead.com © 2021 YCDA, LLC


Introduction
• Exploring Advanced Security Devices

• Securing Wireless Networks

• Understanding Wireless Attacks

• Using VPNs for Remote Access


Understanding IDSs and IPSs
• Intrusion Detection System (IDS)
– Detective control
– Attempts to detect attacks after they occur
• Firewall is a preventive control
– Attempts to prevent the attacks before they occur.
• Intrusion Prevent System (IPS)
– A preventive control
– Will stop an attack in progress.
Host- and Network-Based IDS
HIDS NIDS
• Additional software on a • Installed on network
workstation or server devices, such as routers or
firewalls
• Can detect attacks on the
local system • Monitors network traffic
• Protects local resources on • Can detect network-based
the host such as operating attacks such as smurf
system files attacks
• Cannot monitor network • Cannot monitor encrypted
traffic traffic and cannot monitor
traffic on individual hosts.
Sensor and Collector Placement
IDS Detection Methods
Signature-based Heuristic-, behavior-based
• Also called definition- • Also called anomaly-based
based • Starts with a performance
• Use a database of baseline of normal
predefined traffic patterns behavior
(such as CVE list) • IDS compares activity
• Keep signature files up-to- against this baseline
date • Alerts on traffic anomalies
• Most basic form of • Update the baseline if the
detection environment changes
• Easiest to implement
IDS Considerations
• Data sources and trends

• Reporting

• False positives
– Increase administrator’s workload

• False negatives
– No report during an incident
IDS vs IPS

• IPS is a preventive control

– Can actively monitor data streams

– Can detect malicious content

– Can stop attacks in progress


IDS vs IPS

• IPS is placed in line with traffic

– In contrast IDS (not shown) is out of band


Other Tools
• Honeypots and Honeynets
– Used to divert an attacker
– Allow IT administrators an opportunity to observe
methodologies
– Can be useful to observe zero day exploits
• Honeyfile
– Attract the attention of an attacker
• Fake Telemetry
– Corrupts the data sent to monitoring systems and can
disrupt a system
Securing Wireless Networks
• WAPS and wireless routers

– All wireless routers are WAPs

– Not all WAPs are wireless routers


Wireless Routers
Wireless Basics
• Band Selection and Channel Widths
– 801.11b, 2.4 GHz
– 801.11g, 2.4 GHz
– 801.11n, 2.4 GHz,
and 5 GHz
– 801.11ac, 5 GHz

• MAC Filtering
– MAC Cloning
Wireless Basics
Access Point SSID
• Network name

• Change default SSID

• Disabling SSID broadcast

– Hides from some devices

– Does not hide from attackers


Wireless Networks
• Site Surveys and Footprinting
– Wi-Fi analyzer
– heat map
– Wireless
footprinting

• Wireless Access Point Placement


– Omnidirectional (or omni) antenna
Wireless Cryptographic Protocols

• WPA2 and CCMP


• Open
• Pre-shared key (PSK)
• Enterprise modes
• WPA3 and Simultaneous Authentication of
Equals
Enterprise Modes
• RADIUS server
• RADIUS port
• Shared secret
Authentication Protocols
• EAP-TLS
– Most secure (compared to other EAP methods)
– Provides mutual authentication
– Requires certificate on 802.1x server
– Requires certificate on the clients
Authentication Protocols
• EAP
– Uses pairwise master key
• EAP-FAST
– Replaced LEAP
• PEAP
– Requires certificate on server
• EAP-TTLS
– Requires certificate on 802.1x server
Wireless
• RADIUS federation
– Provides single sign-on for two or more entities
– Federation includes multiple 802.1x servers
– Can use any of the EAP versions

• Captive Portals
– Free Internet access
– Paid Internet access
– Alternative to IEEE 802.1x
Wireless Attacks
• Disassociation attack
– Removes a wireless client from a wireless network
• WPS
– Streamlines process of configuring wireless clients
• WPS attack
– Brute force method to discover WPS PIN
– Reaver
Wireless Attacks
• Rogue access points
– Unauthorized AP
• Evil twins
– Rogue AP with same SSID as legitimate AP
• Jamming attack
– Broadcasts noise or other signals on same
frequency
Wireless Attacks
• IV attack
– Attempts to discover PSK from the IV
• NFC attack
– Uses an NFC reader to capture data
Wireless Attacks
• Wireless replay attacks
– Captures data
– Attempts to use to impersonate client

• RFID attacks
– Sniffing or eavesdropping
– Replay
– DoS
Wireless Attacks
• War driving
– Practice of looking for a wireless network

• War flying
– Uses planes or drones instead of cars
Bluetooth Wireless
• Bluejacking
– Unauthorized sending of text messages from a
Bluetooth device
• Bluesnarfing
– Unauthorized access to or theft of information
from a Bluetooth device
• Bluebugging
– Allows an attacker to take over a mobile phone
Remote Access
• VPNs and VPN concentrators
Tunneling Protocols
• IPsec as a tunneling protocol
– Authentication
• AH provides authentication &integrity (protocol ID 51)
– Encryption
• ESP adds confidentiality (protocol ID 50)
– Uses tunnel mode for VPNs with IKE over port 500
• TLS as a tunneling Protocol
– Useful when VPN go through NAT
– SSTP uses TLS over port 443
Site-to-Site VPNs
• Gateways as VPN servers
Always-On VPNs
• Site-to-site VPNs

• Regular VPNs for users

• Mobile devices
Tunneling Protocols
• L2TP
– not used by itself for VPN traffic

• HTML5 VPN Portal


– allows users to connect to the VPN using their
web browser
Network Access Control
• Health agents
– Inspects clients for predefined conditions
– Restricts access of unhealthy clients to a
remediation network
– Used for VPN clients
and internal clients
NAC Agents
• Permanent (Agent)
– Installed on client and remains on client
– Persistent NAC agent
• Dissolvable (Agentless)
– Does not stay on client
– Downloaded to client when session starts
– Removed during or after session
– Commonly used for mobile devices
Identity and Access Services
• PAP – Sends passwords in cleartext

• CHAP – uses shared secret

• TACACS+
– Cisco alternative to RADIUS
– Uses TCP port 49
– Encrypts entire authentication process
– Uses multiple challenges and responses
Identity and Access Services
• RADIUS
AAA Protocols
• Provide authentication, authorization, and
accounting
– Authentication verifies a user’s identification

– Authorization provides access

– Accounting tracks user access with logs


From Appendix C – Table 1
From Appendix C – Table 2
Chapter 4 Summary
• Exploring Advanced Security Devices

• Securing Wireless Networks

• Understanding Wireless Attacks

• Using VPNs for Remote Access

You might also like