Security Certified Program

• Welcome to the Classroom

• Building Facilities
• Class schedule
• Contact Information
 Security Certified Program

Vendor-Neutral Security courses

– But will be very Hands-On, including the
exams.
Three Certification Programs
– Security Certified Network Specialist (SCNS)
– Security Certified Network Professional (SCNP)
– Security Certified Network Architect (SCNA)
 Classroom Environment
• The Classroom is divided into multiple segments.
• The left and the right “sides” of the network, and the
Center of the network.
– This could simulate branch offices and a central headquarters,
where all Internet access is run through the HQ, for example.
• This allows for great flexibility in Tasks, for packet
captures, accurate work environments, and so on
• It is strongly recommended that you go beyond the tasks
presented in the course, and create your own additional
tasks, to take advantage of the room environment
Tactical Perimeter Defense

Lesson 1
Network Defense Fundamentals
 Objectives
1A Describe the five keys of network security.
1B Describe the concepts of defensive technologies
in creating a layered defense.
1C Describe the objectives of access control
methods.
1D Identify the impact of a layered defense on the
performance of the network.
1E Define concepts of auditing in a network.
Topic 1A: Describe Network Defense
 Five Key Issues of Network Security

• Authorization and Availability

• Authentication
• Confidentiality
• Integrity
• Non-repudiation
 Authorization and Availability
Creates system assurance, which ensures that:
– systems are available with the required functionality
present and correctly configured for implementation
on an on-going basis
– there are adequate controls to protect against
unauthorized user access and unintentional errors by
users or software
– there are security measures in place to deter or stop
intentional exploits by attackers
 Authentication
– verifies users to be who they say they are
One-factor authentication
– what you know
Two-factor authentication
– what you have & what you know
Three-factor authentication
– what you have, what you know & who you are
 Confidentiality
– ensures the privacy of data on a network system
Data that requires confidentiality
– technical data
– source information
– time dependent information
– Information that may reveal organizational or system
relationships that may give unauthorized users a
channel for social engineering exploits or other
opportunities
– Private and confidential data
 Integrity
– ensures continuous accuracy of data and information
stored within network systems
Objectives
– ensure that data has not been altered in an
unauthorized manner while in transit, during storage,
or while being processed
– System integrity ensures that a system, while
performing its intended processes and applications,
provides support to authorized users free from
unauthorized manipulation
 Non-Repudiation

– prevent parties in a data transaction from

denying their participation after the transaction
has occurred
Types of repudiation
– Repudiation of origin
– Repudiation of receipt
– Repudiation of submission
 The Threats to Security

Malicious threats
– authorized or unauthorized users
– intentional or un-intentional
– internal or external
 Network Security Administrators Must:

• Realize how to minimize, or mitigate, the effects

of current and future threats upon their network

• Realize what defensive strategies and techniques

must be implemented to keep networks secure
 Defensive Strategies

Static defensive posture

– known threats
– unknown threats
 Defense-in-Depth

– all information technology assets within a

protected network need to have the necessary
amount of security protection to guard against
direct attacks at whichever level the asset
resides within the network
 Active
Defense-in-Depth
 Defensive Strategy Requirements

• Training and awareness

• Perimeter security
• Intrusion detection systems (IDS)
• Attack response
 Training and Awareness

Cultural change required of users

“Train like you fight because you will fight

like you train.”
 Perimeter Security

Firewall properties and rules

– base your packet filtering and traffic
management rules to be according to an
organizational security policy
– define all network connections
– All traffic from inside out and outside in must
pass through the firewall.
 Intrusion Detection System (IDS)

combination of hardware and software

systems that monitor and collect network
system information and analyze it to detect
attacks or intrusions
 Attack Response

many practices in response to attacks or

incidents whether real, false or
simulated for training

Keep response methods secret!

 Task 1A-1: Identifying
Non-Repudiation Issues

1. What are the three potential

problems a network could face if
there were no assurance of non-
repudiation, and what is the
potential excuse for each problem?
 Topic 1B
Identify Defensive Technologies

The more layers an attacker will have to go

through, the more difficult it is for the
attack to be successful
The Castle Analogy
 The Defense Technologies

The layers of defense in reaching a file.

 Analyzing Defense

• Start on the outside

• Security Policy
• Implementation of defense systems
– Routers
– Firewalls
– IDS
– Authentication
– File system security
– Physical security
 Task 1B-1: Describe the Layers
of a Defended Network

1. Describe how an organization

benefits from implementing
each layer of a layered defense
to protect their network.
 Topic 1C
Describe the Objectives of Access Control

• access control
• authentication
• authentication tokens
 Access Control

who has access to what

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

 Mandatory Access Control

access control policy that supports a system

which generally handles highly sensitive or
secret information
 Discretionary Access Control (DAC)

an access control policy that uses the identity of

the user or group that they belong to allow
authorized access
Create
Read
Update
Delete
 Authentication

– verifies the user who is requesting access

– process of determining the identity of a user
that is attempting to access a system

Passwords
Biometrics
 Authentication Token

– portable device used for authenticating a user,

thereby allowing authorized access into a
network system

RSA SecureID Token

Cryptocards
 Challenge Response Token

authentication technique using a calculator type

token that contains identical security keys or
algorithms as a Network Access Server
(NAS).
An example of
a challenge
response card
from
Cryptocard.
 The Challenge Response Process

Data Encryption Standard (DES)

encryption key

PIN

11 step process
 Time Based Tokens
utilizes an authentication technique where the
security token and the security server use an
identical algorithm.
RSA SecureID Token
 Software Tokens

authentication technique using a portable device

to carry the embedded software

An example of a Palm Pilot

running RSA security
software.
Task 1C-1: Describing the Challenge
Response Token Process

1. Describe the Challenge

Response token process
between the user, client, and
server.
 Topic 1D
Identify the Impact of Defense

Networks must be secure but the implementation

of security cannot hinder the objective and
purpose of the network itself.
Some Technologies

Firewalls
Encryption
Passwords
IDS
Auditing
 Firewalls
• Entry point in a properly designed network
• Jobs performed
– Packet filtering
– Network address translation
– Proxy services
• Disadvantages
– May block access to essential resources
– Latency
 Encryption

taking data that is readable in plain text and

using a mathematical calculation to make the
text unreadable (and vice versa)

Considerations
– more bandwidth
– extra workload
 Passwords

Considerations
– administrators must educate users
– generating easy to remember passwords
 Intrusion Detection Systems

Considerations
– filtering the proper packets to examine
– false alarms
– slower response
 Auditing

Considerations
– logging the proper information
– attacker’s hiding their tracks
 Task 1D-1: Describing the Problems of
Additional Layers of Security

1.How could adding additional layers

of defense cause problems for the
users of a network?
2.How could adding additional layers
of defense cause problems for the
packet flow on the network?
 Topic 1E
Define the Concepts of Network Auditing

Security Auditing Basics

– What was checked?
– Who did the checking?
– When was it checked?
– How was it checked?
– Were there any findings?
 Concepts of Network Auditing

Auditing should capture

– All access events with use of identification and
authentication mechanisms
– Any deletion of files, data, or information
– Modification of directories
– Movement of large data assets into user’s address
space
– Any security actions or other security related events
 Concepts of Network Auditing

Audit Log Information

– Date and time of the event
– Name of user creating the event as well as
event origin
– Event description and type
– Name of asset in case of deletion
– Event success or failure
 Security Audits

Operational audit
– usually done by internal resources to examine
operational and on-going activities within a
network system for compliance with an
established security policy
 Independent Audit

Usually conducted by external/outside resources

and may be a review/audit of detailed logs to:
– Examine system activities and access logs.
– Assess the adequacy of security methods and controls.
– Assess compliance with established enterprise
network system policies and procedures.
– Assess effectiveness of support, enabling, and core
processes.
– Recommend improvements in security processes,
methods, and controls.
 Independent Audit
Clues to Possible Existing and Future Problems
– Accounts with no name/ expired accounts
– New accounts needing validation
– Group accounts needing access control specifics
– Recent permission/protection changes to files
– Accounts with easy, expired or no passwords
– Suspicious activity
 Audit Trails

Documentation that records the historical

use of the network system
 Handling and Preserving Audit Data

Secure audit data and backups of audit

data

Audit data may be key to an investigation

 Legal Considerations

Privacy of individuals

Knowledge of intrusive behavior

originating from your site
Task 1E-2: Describing the Pros and Cons of
Network Auditing
1.What are the benefits of auditing
network traffic?
2.What is a possible drawback to
network auditing?
3.Why is the handling and storage of
audit data so critical?
Lesson 1 Summary
Lesson 1 Review
End of Lesson 1