Security+ Guide to Network

Security Fundamentals,
Fourth Edition

Chapter 7
Administering a Secure Network
 Objectives
• List and describe the functions of common network
protocols
• Explain how network administration principles can
be applied
• Define the new types of network applications and
how they can be secured

Security+ Guide to Network Security Fundamentals, Fourth Edition 2

 Common Network Protocols
• Protocols
– Rules of conduct and communication
– Essential for proper communication between
network devices
• Transmission Control Protocol/Internet Protocol
(TCP/IP)
– Most common protocol suite used for local area
networks and the Internet

Security+ Guide to Network Security Fundamentals, Fourth Edition 3

 Common Network Protocols (cont’d.)
• IP
– Protocol that functions primarily at Open Systems
Interconnection (OSI) Network Layer (Layer 3)
• TCP
– Transport Layer (Layer 4) protocol
– Establishes connections and reliable data transport
between devices
• TCP/IP uses a four layer architecture
– Network Interface, Internet, Transport, Application

Security+ Guide to Network Security Fundamentals, Fourth Edition 4

 Figure 7-1 OSI model vs. TCP/IP model
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 5

 Internet Control Message Protocol
(ICMP)
• ICMP
– One of the core protocols of TCP/IP
– Used by devices to communicate updates or error
information to other devices
– Used to relay query messages

Security+ Guide to Network Security Fundamentals, Fourth Edition 6

 Internet Control Message Protocol
(cont’d.)
• ICMP message fields
– Type (8-bit)
• Identifies general message category
– Code (8-bit)
• Gives additional information about the Type field
– Checksum (16-bit)
• Verifies message integrity

Security+ Guide to Network Security Fundamentals, Fourth Edition 7

 Table 7-1 Common ICMP code values for Type 3, Destination Unreachable

Security+ Guide to Network Security Fundamentals, Fourth Edition 8

 Internet Control Message Protocol
(cont’d.)
• Attacks that use ICMP
– Network discovery
– Smurf DoS attack
– ICMP redirect attack
– Ping of death

Security+ Guide to Network Security Fundamentals, Fourth Edition 9

Simple Network Management Protocol
(SNMP)
• First introduced in 1988
• Supported by most network equipment
manufacturers
• Allows administrators to remotely monitor, manage,
and configure network devices
• Functions by exchanging management information
between network devices
• Each SNMP-managed device has an agent or
service
– Listens for and executes commands
Security+ Guide to Network Security Fundamentals, Fourth Edition 10
Simple Network Management Protocol
(cont’d.)
• Agents are password protected
– Password is known as community string
• Security vulnerabilities were present in SMNP
versions 1 and 2
– Versions 1 & 2: community strings passed in clear
– Version 3 introduced in 1998
• Uses usernames and passwords along with
encryption to address vulnerabilities

Security+ Guide to Network Security Fundamentals, Fourth Edition 11

 Domain Name System (DNS)
• DNS
– A TCP/IP protocol that maps IP addresses to their
symbolic name
– Database with name of each site and corresponding
IP number
– Database is distributed to many different servers on
the Internet

Security+ Guide to Network Security Fundamentals, Fourth Edition 12

 Figure 7-2 DNS lookup
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 13

 Domain Name System (cont’d.)
• DNS can be the focus of attacks
– DNS poisoning substitutes fraudulent IP address
• Can be done in local host table or external DNS
server
• Latest edition of DNS software prevents DNS
poisoning
– Zone transfer allows attacker access to network,
hardware, and operating system information
• Port 53 – DNS Server zone transfers
• Port 67 – Client to Server DNS traffic

Security+ Guide to Network Security Fundamentals, Fourth Edition 14

 File Transfer Protocols
• TCP/IP protocols used for transferring files
– File transfer protocol (FTP)
– Secure transfer protocol (SCP)
• Methods for using FTP on local host computer
– Command prompt
– Web browser
– FTP client
• Using FTP behind a firewall can present challenges
– FTP active mode
– FTP passive mode
Security+ Guide to Network Security Fundamentals, Fourth Edition 15
 Figure 7-3 FTP client
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 16

 File Transfer Protocols (cont’d.)
• FTP vulnerabilities – Ports 20 & 21
– Does not use encryption
– Files transferred using FTP vulnerable to man-in-the-
middle attacks
• Secure transmission options over FTP – Port 115
– Secure sockets layer (FTPS) encrypts commands
– Secure FTP (SFTP)

Security+ Guide to Network Security Fundamentals, Fourth Edition 17

 File Transfer Protocols (cont’d.)
• Secure Copy Protocol (SCP) – Port 22
– Enhanced version of Remote Copy Protocol
– Encrypts files and commands
– File transfer cannot be interrupted and resumed
– Found mainly on Linux and UNIX platforms

Security+ Guide to Network Security Fundamentals, Fourth Edition 18

 IPv6
• Current version of IP protocol is version 4 (IPv4)
– Developed in 1981
– Number of available IP address is limited to 4.3
billion
• Number of internet connected devices will grow
beyond this number
– Has security weaknesses
• Internet Protocol version 6 (IPv6)
– Next generation of IP protocol
– Addresses weaknesses of IPv4

Security+ Guide to Network Security Fundamentals, Fourth Edition 19

 IPv6 Growth Report – Nov 21, 2011
http://venturebeat.com/2011/11/21/godaddy-ipv6/
• The IPv6 Census shows that over the past year, the percentage of zones under .com, .net
and .org top level domains with IPv6 support has increased by 1,900 percent.
• “This dramatic increase can be primarily attributed to the introduction of support of IPv6 by
a single registrar, GoDaddy,” said Infoblox, the IT network automation and control
company that sponsored the census, in a statement.
• To be clear, IPv6 still needs more support. The large growth statistic from 2010 to 2011 is
largely because of an extremely low starting point. Just 1.27 percent of subdomains in the
2010 census supported IPv6. By 2011, that number had risen to 25.4 percent. While that is
a dramatic increase, registrars and other involved parties still have a lot of work to do.
• GoDaddy had a larger impact due to its size alone. It is the current leading registrar,
controlling around 37 million domains, or around 32 percent of the global market. (We note
that in June 2011, the percentage was closer to half the global market; in August, the
company controlled 45 million domains.)
• “Factoring out Go Daddy’s contribution, the percentage of zones that support IPv6
increased organically more than two-fold over the previous year to over 3 percent,”
Infoblox stated.
• Currently, less than 1 percent of the zones surveyed had IPv6-enabled web servers. The
U.S., France and the Czech Republic are the leading countries in IPv6 adoption.
Security+ Guide to Network Security Fundamentals, Fourth Edition 20
 Figure 7-4 IPv4 and IPv6 headers
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 21

 IPv6 (cont’d.)
• IPv6 (cont’d.)
– Provides enhanced security features
• Cryptographic protocols
• New authentication headers prevent IP packets from
being altered

Security+ Guide to Network Security Fundamentals, Fourth Edition 22

 Table 7-2 Comparison of IPv4 and IPv6 headers

Security+ Guide to Network Security Fundamentals, Fourth Edition 23

 Network Administration Principles
• Administering a secure network can be challenging
• Rule-based management approach
– Relies on following procedures and rules
– Rules may be external (applicable laws) or internal
– Procedural rules dictate technical rules
– Technical rules
• Device security
• Network management and port security
• Example: configuring a firewall to conform to
procedural rules

Security+ Guide to Network Security Fundamentals, Fourth Edition 24

 Device Security
• Device security
– Establishing a secure router configuration
– Implementing flood guards
– Analyzing device logs
• Secure router configuration
– Router operates at Network Layer (Layer 3)
• Forwards packets across computer networks
– Routers can perform a security function
• Can be configured to filter out specific types of
network traffic

Security+ Guide to Network Security Fundamentals, Fourth Edition 25

 Table 7-3 Secure router configuration tasks

Security+ Guide to Network Security Fundamentals, Fourth Edition 26

 Figure 7-5 Network diagram
showing routers
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 27

 Device Security (cont’d.)
• SYN flood attack
– Takes advantage of procedures for initiating a
session
• Flood guard
– Protects against denial of service attacks
– Controls device’s tolerance for unanswered service
requests
• Set maximum number of “developing” connections
– Commonly found on firewalls, IDSs, and IPSs

Security+ Guide to Network Security Fundamentals, Fourth Edition 28

 Device Security (cont’d.)
• Log analysis
– Log records events that occur
– Monitoring logs can be useful in determining how
attack occurred
– System logs and security application logs
– Network security logs
• Types of security hardware logs
– NIDS, NIPS, DNS, proxy servers, and firewalls

Security+ Guide to Network Security Fundamentals, Fourth Edition 29

 Table 7-4 DNS detailed log data

Security+ Guide to Network Security Fundamentals, Fourth Edition 30

 Figure 7-6 Basic firewall log
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 31

 Figure 7-7 Detailed firewall log
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 32

 Device Security (cont’d.)
• Firewall log items to be examined
– IP addresses rejected and dropped
– Probes to ports that have no application servers on
them
– Source-routed packets
– Suspicious outbound connections
– Unsuccessful logins

Security+ Guide to Network Security Fundamentals, Fourth Edition 33

 Network Design Management
• Growing network may need reconfiguration
• Network separation
– Provides separation between different parts of the
network
– Example: order entry network segment cannot
access human resources network
• Options to accomplish network separation
– Physically separate users by connecting them to
different switches and routers
– Air gap switch

Security+ Guide to Network Security Fundamentals, Fourth Edition 34

Network Design Management (cont’d.)
• Loop protection
– Refer to Figure 7-8 for description of broadcast
storm
– Host Z wants to send frames to Host X
– Switch A floods network with the packet
– Packet travels down Segments 1 and 3 to the
Switches B and C
– Switches B and C add Host Z to their lookup tables
– Both switches flood Segment 2 looking for Host X
• They receive each other’s packets and flood them
back out again
Security+ Guide to Network Security Fundamentals, Fourth Edition 35
 Figure 7-8 Broadcast storm
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 36

Network Design Management (cont’d.)
• Loop protection can prevent broadcast storms
– Uses IEEE 802.1d spanning tree algorithm
– Determines which switch has multiple ways to
communicate with host
– Determines best path and blocks other paths
• Virtual LAN (VLAN) management
– Network may be segmented into logical groups of
physical devices through VLAN
– Scattered users may be logically grouped together:
• Regardless of which switch they are attached to

Security+ Guide to Network Security Fundamentals, Fourth Edition 37

Network Design Management (cont’d.)
• General principles for managing VLANs
– A VLAN should not communicate with another VLAN
unless they are both connected to a router
– Configure empty switch ports to connect to an
unused VLAN
– Different VLANs should be connected to different
switches
– Change any default VLAN names

Security+ Guide to Network Security Fundamentals, Fourth Edition 38

Network Design Management (cont’d.)
• General principles for managing VLANs (cont’d.)
– Configure switch ports that pass tagged VLAN
packets to explicitly forward specific tags
– Configure VLANs so that public devices are not on a
private VLAN

Security+ Guide to Network Security Fundamentals, Fourth Edition 39

 Port Security
• Disabling unused ports
– Turn off ports not required on a network
– Often overlooked security technique
– Switch without port security allows attackers to
connect to unused ports and attack network
– All ports should be secured before switch is
deployed
– Network administrator should issue shutdown
command to each unused port

Security+ Guide to Network Security Fundamentals, Fourth Edition 40

 Port Security (cont’d.)
• MAC limiting and filtering
– Filters and limits number of media access control
(MAC) addresses allowed on a port
– Port can be set to limit of 1
– Specific MAC address can be assigned to a port
• Enables only single authorized host to connect

Security+ Guide to Network Security Fundamentals, Fourth Edition 41

 Table 7-5 MAC limiting and filtering configuration options

Security+ Guide to Network Security Fundamentals, Fourth Edition 42

 Port Security (cont’d.)
• IEEE 802.1x
– Standard that provides the highest degree of port
security
– Implements port-based authentication
– Blocks all traffic on a port-by-port basis:
• Until client is authenticated

Security+ Guide to Network Security Fundamentals, Fourth Edition 43

 Figure 7-9 IEEE 802.1x process
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 44

 Securing Network Applications
• Virtualization
– Means of managing and presenting computer
resources without regard to physical layout or
location
• Operating system virtualization
– Virtual machine simulated as software environment
on host system
• Virtualization advantages
– Test latest patches by downloading on a virtual
machine before installing on production computer

Security+ Guide to Network Security Fundamentals, Fourth Edition 45

 Securing Network Applications
(cont’d.)
• Virtualization advantages (cont’d.)
– Penetration testing can be performed using
simulated network environment
– Can be used for training purposes
• Server virtualization
– Creating and managing multiple server operating
systems
– Relies on the hypervisor software to manage virtual
operating systems
– Can reduce costs and energy use

Security+ Guide to Network Security Fundamentals, Fourth Edition 46

 Securing Network Applications
(cont’d.)
• Server virtualization (cont’d.)
– Can help provide users uninterrupted server access
– Live migration enables virtual machine to be moved
to a different computer with no user impact
• Can also be used for load balancing
• Virtualized environment security concerns
– Physical firewall may not be able to inspect and filter
amount of traffic coming from running multiple
virtualized servers

Security+ Guide to Network Security Fundamentals, Fourth Edition 47

 Securing Network Applications
(cont’d.)
• Virtualized environment security concerns (cont’d.)
– Security must be in place to accommodate live
migration
– Some hypervisors do not have necessary security
controls to keep out attackers
– Existing security tools do not always adapt well to
multiple virtual machines
– External physical appliances not designed to protect
multiple virtual servers
– Virtual machines need protection from other virtual
machines running on the same computer
Security+ Guide to Network Security Fundamentals, Fourth Edition 48
 Table 7-6 Virtualization security tool features

Security+ Guide to Network Security Fundamentals, Fourth Edition 49

 IP Telephony
• Shift to all digital technology infrastructure is
underway
– Converges voice and data traffic over single IP
network
– IP telephony adds digital voice clients and new voice
applications to a data based network
• IP telephony advantages
– Incoming calls can be selectively forwarded or
blocked

Security+ Guide to Network Security Fundamentals, Fourth Edition 50

 IP Telephony (cont’d.)
• IP telephony advantages (cont’d.)
– Cost savings
– Managing a single network for all applications
– Applications can be developed more quickly with
fewer resources
– Reduced wired infrastructure requirements
– Reduced regulatory requirements
– Increased user productivity

Security+ Guide to Network Security Fundamentals, Fourth Edition 51

 Table 7-7 IP telephony vulnerabilities

Security+ Guide to Network Security Fundamentals, Fourth Edition 52

 Cloud Computing
• Pay-per-use computing model
– Customers pay for only the resources they need
– May revolutionize computing
– Unlike hosted services, does not require long-term
contracts
• Three service models of cloud computing
– Cloud software as a service (SaaS)
– Cloud platform as a service (PaaS)
– Cloud infrastructure as a service (IaaS)

Security+ Guide to Network Security Fundamentals, Fourth Edition 53

 Table 7-8 Cloud computing characteristics

Security+ Guide to Network Security Fundamentals, Fourth Edition 54

 Cloud Computing (cont’d.)
• Cloud computing security challenges
– Cloud provider must guarantee means to approve
authorized users and deny imposters
– Transmissions from the cloud must be protected
– Customers’ data must be isolated from one another

Security+ Guide to Network Security Fundamentals, Fourth Edition 55

 Summary
• TCP/IP
– Most common protocol for LANs and the Internet
• Protocols for transferring files
– FTP, FTPS, SFTP, SCP
• Router configuration must provide a secure
network environment
• Flood guard defends against denial-of-service
attacks
• Networks can be configured to provide separation
and increased security
Security+ Guide to Network Security Fundamentals, Fourth Edition 56
 Summary (cont’d.)
• Securing ports is an important step in network
management
– Unused ports should be disabled
• New network applications that have special
security considerations
– Virtualization
– IP telephony
– Cloud computing

Security+ Guide to Network Security Fundamentals, Fourth Edition 57