Secure Your Network for Free -  Eric Seagren

Secure Your Network for Free (eBook)

(Autor)

eBook Download: EPUB
2011 | 1. Auflage
512 Seiten
Elsevier Science (Verlag)
978-0-08-051681-3 (ISBN)
Systemvoraussetzungen
33,41 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
This is the only book to clearly demonstrate how to get big dollar security for your network using freely available tools. This is a must have book for any company or person with a limited budget.

Network security is in a constant struggle for budget to get things done. Upper management wants thing to be secure but doesn't want to pay for it. With this book as a guide, everyone can get what they want. The examples and information will be of immense value to every small business. It will explain security principles and then demonstrate how to achieve them using only freely available software.

* Teachers you how to implement best of breed security using tools for free
* Ideal for anyone recomending and implementing new technologies within the company
* Companion Web site contains dozens of working scripts and tools
This is the only book to clearly demonstrate how to get big dollar security for your network using freely available tools. This is a must have book for any company or person with a limited budget.Network security is in a constant struggle for budget to get things done. Upper management wants thing to be secure but doesn't want to pay for it. With this book as a guide, everyone can get what they want. The examples and information will be of immense value to every small business. It will explain security principles and then demonstrate how to achieve them using only freely available software. - Teachers you how to implement best of breed security using tools for free- Ideal for anyone recomending and implementing new technologies within the company

Front Cover 1
Secure Your Network for Free 4
Copyright Page 5
Contents 10
Chapter 1. Presenting the Business Case for Free Solutions 16
Introduction 17
The Costs of Using Free Security Solutions 17
The Savings of Using Free Security Solutions 21
Comparing Free Solutions with Commercial Solutions 23
“Selling” a Free Solution 31
Summary 34
Solutions Fast Track 34
Frequently Asked Questions 36
Chapter 2. Protecting Your Perimeter 38
Introduction 39
Firewall Types 39
Firewall Architectures 42
Implementing Firewalls 46
Providing Secure Remote Access 101
Summary 145
Solutions Fast Track 146
Frequently Asked Questions 147
Chapter 3. Protecting Network Resources 148
Introduction 149
Performing Basic Hardening 149
Hardening Windows Systems 154
Hardening Linux Systems 179
Hardening Infrastructure Devices 190
Patching Systems 191
Personal Firewalls 195
Providing Antivirus and Antispyware Protection 203
Encrypting Sensitive Data 216
Summary 224
Solutions Fast Track 224
Frequently Asked Questions 227
Chapter 4. Configuring an Intrusion Detection System 230
Introduction 231
Intrusion Detection Systems 231
Configuring an Intrusion Detection System 232
Configuring Snort on a Windows System 236
Configuring Snort on a Linux System 255
Other Snort Add-Ons 269
Demonstrating Effectiveness 272
Summary 273
Solutions Fast Track 274
Frequently Asked Questions 276
Chapter 5. Managing Event Logs 278
Introduction 279
Generating Windows Event Logs 279
Generating Syslog Event Logs 294
Securing Your Event Logs 342
Applying Your Knowledge 346
Summary 348
Solutions Fast Track 348
Frequently Asked Questions 350
Chapter 6. Testing and Auditing Your Systems 352
Introduction 353
Taking Inventory 353
Vulnerability Scanning 381
OSSTMM 397
Summary 401
Solutions Fast Track 401
Frequently Asked Questions 402
Chapter 7. Network Reporting and Troubleshooting 404
Introduction 405
Reporting on Bandwidth Usage and Other Metrics 405
Collecting Data for Analysis 407
Understanding SNMP 409
Troubleshooting Network Problems 439
Additional Troubleshooting Tools 453
Summary 457
Solutions Fast Track 457
Frequently Asked Questions 459
Chapter 8. Security as an Ongoing Process 462
Introduction 463
Patch Management 463
Change Management 469
Antivirus 474
Antispyware 474
Intrusion Detection Systems 475
Vulnerability Scanning 475
Penetration Testing 478
Policy Review 480
Physical Security 481
CERT Team 483
Summary 485
Solutions Fast Track 485
Frequently Asked Questions 487
Index 490

Chapter 2

Protecting Your Perimeter


Solutions in this chapter:

Introduction


When it comes to securing networks, the first items that come to mind are firewalls, which are the primary gatekeepers between an organization’s internal network and the outside world. While a properly implemented firewall can be one of the most effective security tools in your arsenal, it shouldn’t be the only tool. The adage “defense-in-depth” means that you should have multiple layers of security. Using a defense-in-depth configuration, if one component of your defense failed or was defeated, there would still be a variety of other fallbacks to protect your network. With the availability of increasingly affordable firewalls such as the popular Linksys cable/digital subscriber line (DSL) router, using the free firewall alternatives may not be as attractive for some. With a little effort, however, you will find the free alternatives are more configurable, allowing greater flexibility and control than the “home office” grade offerings.

This chapter focuses on securing your network perimeter. Remember that although the most common way to implement a firewall is between an internal network and the outside world (often the Internet), you should not limit yourself to placing firewalls only on the network edge. A firewall should be in any place you want to restrict the flow of traffic. With the current trend of security breaches originating from the inside of the network (often employees or ex-employees), companies are increasingly relying on firewalls to isolate and filter traffic between portions of the internal network.

This chapter reviews some basic firewall concepts and briefly discusses the different architectural ways to implement a firewall. Most of this chapter discusses the installation and configuration of free firewalls to run on both Windows- and Linux-based systems. Finally, once the network edge has been adequately secured, we discuss how to create controlled, secure paths through the perimeter for remote connectivity, including administrative access or remote office/work from home scenarios.

Firewall Types


No discussion of firewalls would be complete without a discussion of the different types of firewalls. This is particularly true in this context, because it allows you to better understand exactly where in the spectrum the free firewall offerings lie. In the networking sense, a firewall is basically any component (software or hardware) that restricts the flow of network traffic. This is a sufficiently broad definition to allow for all of the various ways people have chosen to implement firewalls. Some firewalls are notoriously limited in capability and others are extremely easy to use.

Within the realm of firewalls there are many different ways to restrict network traffic. Most of these methods vary in the level of intelligence that is applied to the decision-making process. For example, to permit or deny traffic based on which network device is the sender or recipient, you would use a packet-filtering firewall. In reality, even the simplest packet filtering firewalls can typically make decisions based on the source Internet Protocol (IP) address, the destination IP address, and the source and/or destination port number. While this type of firewall may sound overly simplistic, consider if you have a server running a Web site for use on the Internet. In all likelihood, the only traffic that you need to allow to the server uses a destination port of Transmission Control Protocol (TCP) 80 or 443; thus, you could configure your firewall to permit only that traffic. These ports are used for HTTP and HTTPS, respectively. Because the server is available for the Internet, you can’t filter traffic based on the source address or source port, which will be different for each connection.

The primary drawback with a simple packet filter is that the packet-filtering firewall has to rely on very primitive means to determine when traffic should be allowed (e.g., synchronous [SYN] or acknowledgement [ACK] bits being set). While this was adequate in the early days of the Internet when security was not as big of a concern, it won’t work any more. It is trivial to set the bits on the packet using freely available software to make the traffic look like it is a reply to another connection. Thus the stateful inspection firewall was born of necessity. This type of firewall monitors all connections (inbound or outbound), and as the connection is permitted (based on the firewall’s configured rules) it enters this connection into a table. When the reply to this connection comes back, even if the reply uses a port that the firewall was not previously configured to permit, it can intelligently realize the traffic is a response to a permitted session and permit the traffic.

Unfortunately, as the firewalls get better so do the methods hackers use to circumvent them. Suppose you have configured your firewall perfectly and there are no holes: every permitted port is one you expressly want to allow. Using the previous example, no traffic is allowed to the Web server except Web traffic. Sounds good, but the problem is, if the firewall is completely secure, the server might not be. Flaws in the Web server software could allow the attacker to send the server an HTTP request that is 10,000 characters long, overflowing the buffers and allowing the attacker to execute the code of his choice. The packets used to transport the 10,000-character HTTP request are all legal TCP packets as far as the firewall is concerned: therefore, it would permit them to pass through to the Web server. The next step in firewall evolution serves to combat this type of attack. These types of firewalls are application gateways, or layer 7 firewalls.

This type of firewall not only filters network traffic based on the standard network parameters, but they also understand the higher layer protocol information contained within the packet, in this example HTTP. The firewall itself knows what a legitimate HTTP request looks like and can filter out a malformed or malicious request even though, from a network perspective, it might otherwise be a permitted packet. There is a downside to this type of approach, which is that the firewall must be programmed with all the same intelligence needed to filter normal traffic, plus the firewall must fully understand the protocols it is inspecting. This means additional programming for any protocol you want the firewall to understand. Most of the major commercial application gateways offer support for the major protocols such as HTTP, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).

With all of this information circulating in your head, you’re probably wondering which type is available for free. Generally speaking, you can find many free varieties of firewalls that perform some type of stateful inspection. Application layer gateways are not readily available for free. In reality, few organizations have the funds to use application gateways extensively. One ramification of not using an application gateway is that you need to ensure that the service that is exposed to un-trusted traffic is configured as securely as possible and that the server itself is hardened against attack. Keeping the service patches up-to-date will help reduce the odds that an application-level attack will be successful.

Firewall Architectures


The most securely configured firewall in existence will not provide much protection if a network was not designed properly. For example, if the firewall was installed into an environment that allows an alternate network path that bypasses the firewall, the firewall would only be providing a false sense of security. This is an architectural error that would render the firewall useless. In short, where the firewall is implemented is every bit as important as how it is implemented. The first step to installing anything is always planning. What follows is a discussion of the most common firewall architectures, in increasing order of security. Remember, these sections are discussing firewall architectures independent of the firewall type. For example, you could use a packet-filtering firewall, a stateful inspection firewall, or an application gateway in any of the designs discussed in the next section.

Screened Subnet


A screened subnet is the simplest and most common firewall implementation. Most small businesses and homes use this type of firewall (see Figure 2.1). This design places the firewall on the edge of your network, dividing everything (from the firewall’s point of view) into internal and external, with nothing in between.

Figure 2.1 Screened Subnet Firewall

The screened subnet firewall (or edge firewall) is as straightforward as you can get. Internet users who need access to an internal server (e.g., Web, FTP, SMTP, and so on) must traverse the firewall to do so. Internal users needing access to those same servers would be able to access them...

Erscheint lt. Verlag 18.4.2011
Sprache englisch
Themenwelt Sachbuch/Ratgeber
Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
Wirtschaft Betriebswirtschaft / Management
ISBN-10 0-08-051681-5 / 0080516815
ISBN-13 978-0-08-051681-3 / 9780080516813
Haben Sie eine Frage zum Produkt?
EPUBEPUB (Adobe DRM)

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belle­tristik und Sach­büchern. Der Fließ­text wird dynamisch an die Display- und Schrift­größe ange­passt. Auch für mobile Lese­geräte ist EPUB daher gut geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation

von Holger Kaschner

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
34,99
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
42,99