Computer Security II

Lecturer– Lynn Ackler– Office – CSC 222– Office Hours

• 9:00 – 10:00 M,WCourse

– CS 457– CS 557

Course Objectives

Critical Security ControlsNetworks

Weaknesses, Defenses and Vigilances Protection, Detection and

Decontamination

Past, Current and Theoretical

CSIA

WARNING

The material that you will learn in the CSIA track is dual use.

The ethical and legal implications of your use of information and techniques presented should always be part of your decisions.

Outline

• Intro to Course• Critical Security Controls• LAN Network Security• LAN Network Assessment• Intrusion Detection Systems• Vulnerability Assessment• Internet Security (IPSec, VPN's and SSL)

• Secure Computing Environment Design

Course Requirements

• 1 Hour Test 20%• 1 Final Exam (3/24/06 @ 7:30) 30%• Lab Reports & Exercises 30%• Security + 20%

Texts

• Suggested– Linux Firewalls, 2nd, Ziegler, New Rider

– ISBN 0-73571-099-6

Schedule

• Week 1 - Intro &Critical Security Controls• Week 2 - Network review• Week 3 - LAN Security• Week 4 - Firewalls• Week 5 - LAN Assessment• Week 6 - Midterm• Week 7 - Intrusion Detection• Week 8 - Network Design• Week 9-10 - IPSEC & SSL

Lab Reports

• Significant portion of the course• 2 people to a workstation• Collaborative work• Independent reports• Reports are important

• Well written in English

Lab Projects

1.Stateful Trace2.Use of net tools3.Firewall – Installation and test4.Nmap exercisae5. IDS – Installation, configuration and

evaluation6. IPSEC Trace

Lab Report

• Description• Purpose• Step by step description• Justification• Test and evaluation• Conclusions

Lab Grades

• Adherence to requirements• Innovation• Completeness• Correctness• Clarity• Independence

Information Security Model

Confidentiality

Integrity

Availability

Transm

ission

Storage

Processin

g

Tec

hnol

ogy

Pol

icie

s

Tra

inin

g

Information States

Cri

tica

l Inf

orm

atio

n C

hara

cter

isti

cs

Sec

urit

y M

easu

res

Information Systems Security Engineering

ISSEArt and science of discovering users'

information protection needs.Designing systems with economy and

elegance, so that safely resists the forces to which they will be subjected.

Building and testing such systems.

Network Security

• The Perimeter• Design• Firewalls• Routers• Design• NAT

Network Assessment

• Be careful• Vulnerability scanners• Port scanners• Audits

Intrusion Detection Systems

• Who's after me?• What did they get?• What did I do wrong?

• How did they do it?

Internet Security

• Cryptography• IPSec and VPN's• SSH• SSL

Network Design

• Perimeter Security• Security in depth• Layered protection

Server Configuration

• Gateway configuration• Apache installation and configuration• DNS installation and configuration• Design of a small home/office network

Security Dogma

• Policy of least privilege

• Deny all• Permit only with a lot of whining

Network Security Fundamentals

• Definitions• Defense in Depth

– The perimeter– The DMZ– The internal networks

Definitions

– The perimeter– Border router– Firewall– IDS– Secure session– Software architecture– DMZ– Screened subnets

The Perimeter

• The perimeter is a fortified boundary controlling ingress and egress.

• Routers• Firewalls• IDS• Software• Screened subnets• Secure sessions

Border Router

• The first point of ingress• The last point of egress• Choke point between the organization

and the Internet• First and last line of defense

Firewall

• Application or device with rules that accepts or rejects network traffic

• Types• Hardware, application or script• Static, stateful or proxy

– Static – Nortel Accellar– Stateful – iptables, Cisco pix, Linksys– Proxy -Secure Computing's Sidewinder

IDS

• Intrusion Detection System• Consists of a set of sensors and an analysis program

• Sensors – host based and network based• Sensors collect data on network traffic patterns• Analysis program

– Suspicious activity– Predefined signatures

• Sends alerts on suspected intrusion

Secure Session

• Secure communication from outside the network to inside the network

• VPN – virtual private networks• ssl & ssh• https• Encrypted communication channel

Software Architecture

• The collection of applications that the organization makes available outside the organization's network.

• Includes supporting applications• e-commerce site• Web sites

DMZ

• DeMilitarized Zone• Portion of the network between the

border router and the non-public computing services

Screened Subnets

• Subnetworks that are protected by a firewall

• Each subnet has a particular function within the organization. It's firewall has rules specific for that function.

Defense in Depth

• Architecture of an onion but no odor• Every layer has a single point of egress

and ingress• All layers have a specified configuration• Each configuration must be maintained

Internal Networks

• Ingress & egress filtering on every router• Internal firewalls to segregate resources• Proxy firewalls at certain choke points• IDS sensors on each subnet and router

Configuration Management

• Windows boxes are patched at level x• Linux boxes are running kernel .x.x.x• Anti-virus, spyware updated daily• Accepted acceptable use policy• Remote access protected and source is

hardened

Audit

• Check configuration periodically• Enforce the configuration policy• Issue final audit report• Follow up on recommendations

Hardened Hosts

• Every host both remote and local must be hardened in accordance with policy– Personal firewalls– Anti-virus protection– OS hardening

Host Hardening

• Local attacks• Network attacks• Application attacks

Hardening against Local Attacks

• Restrict administrative utilities• Levels of administrative privileges

• File permissions• Derive from policies

• Users and groups• Derive from policies• Strict adherence

• Log everything that is important and that will be analyzed

Hardening against Network Attacks

• Eliminate unnecessary accounts• Enforce strong password policy• Disable all unnecessary network services• Disable resource sharing• Disable remote access services• SNMP

Hardening against Application Attacks

• Controlling access of applications• Application passwords• Patch everything always