Disclaimer: All information stated in this post may not be purely correct or purely wrong, believing this is your own choice. You are free to reference to any sources of information online to cross-reference or even correct me in the Comments Section below.
Hello!~
Other people very fast, this week I very de slow...
SO NOW I GO DO!
IPSec!!
Whats that sia?
-Protocol suite (Collection of protocols)
-used for securing Internet Protocol communications
How does it secure IP communications?
-IPSec authenticates and encrypts each IP packet of a communication session
But wait! That's not all!
-IPSec also includes protocols for establishing mutual authentication between..
Between who??
-Between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session (Meaning between the computers before the session starts, and also when agreeing on the keys to be used once session start)
Okay, I shall stop talking to myself now..
---------------------------------------------------------------------------------------------------------------------
IPSec is a end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It is able to protect data flows between the following:
- a pair of hosts (host-to-host)
- a pair of security gateways (network-to-network, for example a network router to network router)
- a security gateway to host (gateway-to-host)
If you're wondering what are the acronyms within the brackets beside "IPSec" stated in the title, then wonder-no-more! This post shall explain a few of them now, without any payment whatsoever!
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
These 2 members of the protocol suite can be used interchangeably or together.
ESP(Encapsulating Security Payloads) provides the following:
- Confidentiality [Limiting information access and disclosure to authorized and unauthorized users. Basically it means something like a Need-To-Know basis. If you have no purpose of accessing this information, then you're restricted from doing so.]
- Data-origin authentication [Verifying the messages received have not been tampered with and that they were sent from the expected sender, as the messages may have passed through a lot of nodes to reach the destination and there is always a chance of someone tampering with it along the way]
- Connectionless integrity [Ensuring that received traffic has not been modified, tampered with or changed. Integrity also includes anti-reply defenses]
- Anti-replay service [It is a form of partial sequence integrity, helps to counter denial of service attacks]
- Limited traffic-flow confidentiality [Ensuring that the network traffic is not being examined or viewed by non-authorized parties]
AH(Authentication Header) provides the following:
-Connectionless integrity [read above if you have not done so]
-Data-origin authentication [read above if you have not done so]
- Anti-replay service [read above if you have not done so]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Wednesday, 30 May 2012
Wednesday, 16 May 2012
Authentication, Authorization and Accounting
This week only got 1 post~~
About the AAA.
Then..next week Lab Test liao... T.T
Anywho....
Authentication, Authorization and Accounting (AAA)
- a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage and providing the information necessary to bill for services.
- these combined processes are considered important and much needed for effective network management and security.
Authentication, the first process, provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted.
- This process is based on each user having a unique set of criteria for gaining access.
- The AAA server compares the credentials inputted with the credentials database.
- If there is a match somewhere, then that user is granted access to the network.
- If there is no match, then the user can't enter the network.
After Authentication is Authorization. All users needs to be given the authorization to perform certain tasks.
- This process determines whether the user has any authority to perform any tasks (eg. Issuing commands)
- Authorization is the process of enforcing policies, determining what types or qualities of activities, resources or services a user is permitted.
- Usually Authorization happens together with Authentication.
- The moment a user is authenticated into the network, he/she is granted the authorization for different types of access or activity.
Last but not least is Accounting. It measures the resources a year consumes during access, possibly including the amount of system time or amount of data a user has sent/received during a session.
- Its normally done by logging of system statistics and usage information.
- Used for authorization control, billing, trend analysis, resource utilization and capacity planning activities.
AAA services are often provided by a dedicated AAA server, a program that performs all these functions.
About the AAA.
Then..next week Lab Test liao... T.T
Anywho....
Authentication, Authorization and Accounting (AAA)
- a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage and providing the information necessary to bill for services.
- these combined processes are considered important and much needed for effective network management and security.
Authentication, the first process, provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted.
- This process is based on each user having a unique set of criteria for gaining access.
- The AAA server compares the credentials inputted with the credentials database.
- If there is a match somewhere, then that user is granted access to the network.
- If there is no match, then the user can't enter the network.
After Authentication is Authorization. All users needs to be given the authorization to perform certain tasks.
- This process determines whether the user has any authority to perform any tasks (eg. Issuing commands)
- Authorization is the process of enforcing policies, determining what types or qualities of activities, resources or services a user is permitted.
- Usually Authorization happens together with Authentication.
- The moment a user is authenticated into the network, he/she is granted the authorization for different types of access or activity.
Last but not least is Accounting. It measures the resources a year consumes during access, possibly including the amount of system time or amount of data a user has sent/received during a session.
- Its normally done by logging of system statistics and usage information.
- Used for authorization control, billing, trend analysis, resource utilization and capacity planning activities.
AAA services are often provided by a dedicated AAA server, a program that performs all these functions.
Friday, 11 May 2012
Access Control Lists & Context Based Access Cotnrol
Okay, this week got 2 topics to post on. Access Control Lists and Context-based Access Control.
For Access Control List, here is my info:
Access Control List (ACL) are implemented in routers through the "access-list" command. ACLs are basically packet-classifying mechanisms that define the permissions of network traffic when it is applied to a particular router network.
They can appear in different forms, which is standard and extended access-lists. The difference between these two is that standard access-lists are defined to permit or deny an IP addresses or a range of IP addresses. Whereas extended access-lists define both a source and a destination IP address or IP address range. Extended access-lists can also be defined to permit or deny packets based on TCP, UDP, or ICMP
In summary, the factors that the lists can permit or deny are..
Standard Access-List : 1 IP Address or a Range of IP Addresses.
Extended Access-List : Source & Destination IP Address, TCP, UDP or ICMP and destination port number.
The access-list is only checked after a packet moves in or out of a router interface, other than that, its different from the routing functions of the router.
Having any undefined access-list means that the router would still act as though no access-list has been implemented and accepts all packets.
MOVING ON
__________________________________________________________________________________
Context Based Access Control (CBAC)
CBAC inspects the packets that enter through the firewall only if they are not specifically denied by an ACL. CBAC permit or denies specified TCP and UDP traffic through a firewall.
CBAC actually dynamically creates and deletes ACLs, and it also protects against DoS attacks.
Here's the situation
1) Packet traffic is inspected by CBAC.
2) CBAC creates a dynamic ACL that allows return traffic back through the firewall.
3) It continues to inspect the traffic and create and delete ACLs as required by the application, in addition to monitoring and protecting against application-specific attacks
4) CBAC detects when the application terminates or times out and removes ALL ACLs for that particular session.
Another example would be this:
1) User starts a telnet session
2) Return traffic for user's telnet session is permitted
3) Other telnet traffic is blocked.
CBAC is like the bouncer at a disco party where only invited people can go in.
It dynamically opens holes in the firewall so that invited traffic can pass through.
Many protocols support CBAC, and I would only name a few here.
TCP (Single channel)
UDP (Single channel)
RPC
FTP
TFTP
Unix R-commands
SMTP
HTTP (Java blocking)
and many many more!
CBAC also has other features like generating real-time alerts and audit trails.
Audit trails features use Syslog to track all network transactions.
For Access Control List, here is my info:
Access Control List (ACL) are implemented in routers through the "access-list" command. ACLs are basically packet-classifying mechanisms that define the permissions of network traffic when it is applied to a particular router network.
They can appear in different forms, which is standard and extended access-lists. The difference between these two is that standard access-lists are defined to permit or deny an IP addresses or a range of IP addresses. Whereas extended access-lists define both a source and a destination IP address or IP address range. Extended access-lists can also be defined to permit or deny packets based on TCP, UDP, or ICMP
In summary, the factors that the lists can permit or deny are..
Standard Access-List : 1 IP Address or a Range of IP Addresses.
Extended Access-List : Source & Destination IP Address, TCP, UDP or ICMP and destination port number.
The access-list is only checked after a packet moves in or out of a router interface, other than that, its different from the routing functions of the router.
Having any undefined access-list means that the router would still act as though no access-list has been implemented and accepts all packets.
MOVING ON
__________________________________________________________________________________
Context Based Access Control (CBAC)
CBAC inspects the packets that enter through the firewall only if they are not specifically denied by an ACL. CBAC permit or denies specified TCP and UDP traffic through a firewall.
CBAC actually dynamically creates and deletes ACLs, and it also protects against DoS attacks.
Here's the situation
1) Packet traffic is inspected by CBAC.
2) CBAC creates a dynamic ACL that allows return traffic back through the firewall.
3) It continues to inspect the traffic and create and delete ACLs as required by the application, in addition to monitoring and protecting against application-specific attacks
4) CBAC detects when the application terminates or times out and removes ALL ACLs for that particular session.
Another example would be this:
1) User starts a telnet session
2) Return traffic for user's telnet session is permitted
3) Other telnet traffic is blocked.
CBAC is like the bouncer at a disco party where only invited people can go in.
It dynamically opens holes in the firewall so that invited traffic can pass through.
Many protocols support CBAC, and I would only name a few here.
TCP (Single channel)
UDP (Single channel)
RPC
FTP
TFTP
Unix R-commands
SMTP
HTTP (Java blocking)
and many many more!
CBAC also has other features like generating real-time alerts and audit trails.
Audit trails features use Syslog to track all network transactions.
Friday, 4 May 2012
Secure Perimeter Routers and Disable Services and Logging
Last but not least, the 4th topic.
It is definitely a must that networks be secured using some kind of security policy and parameters. The perimeter routers must be secured to ensure that corporate LAN resources are protected from the outside world.
Ingress filtering blocks packets from outside the network but containing a source address from inside the network. This helps in preventing any spoofed IP address from entering the network.
Egress filtering blocks packets from inside the network but containing a source address from outside the network. This helps in preventing any user within the network from launching any IP spoofing attacks against external machines.
Perimeter router is a router which is used to provide a connection to the untrusted network also known as the internet. It is also used to provide a local area network (LAN) connection among the trusted network which is the internal network inside the organisation. Thus, to secure the perimeter routers, we can manage the router by logging, disabling of service, software maintenance or configuration maintenance.
A way on how disabling of service works would be a hacker can use these services to his advantage by gathering information about your router, executing a denial of service (DoS) attack, or attempting to gain unauthorized access. Therefore, you need to disable all of the services on your perimeter router that you are not using or that are necessary.
Logging works in many kinds of ways. One good way of doing it would be setting a log severity level. The severity levels can be sued in the form of "more serious to less serious". Level 0 to the highest level would be ranging from the most serious at level 0 to the highest level for the least serious.
It is definitely a must that networks be secured using some kind of security policy and parameters. The perimeter routers must be secured to ensure that corporate LAN resources are protected from the outside world.
Ingress filtering blocks packets from outside the network but containing a source address from inside the network. This helps in preventing any spoofed IP address from entering the network.
Egress filtering blocks packets from inside the network but containing a source address from outside the network. This helps in preventing any user within the network from launching any IP spoofing attacks against external machines.
Perimeter router is a router which is used to provide a connection to the untrusted network also known as the internet. It is also used to provide a local area network (LAN) connection among the trusted network which is the internal network inside the organisation. Thus, to secure the perimeter routers, we can manage the router by logging, disabling of service, software maintenance or configuration maintenance.
A way on how disabling of service works would be a hacker can use these services to his advantage by gathering information about your router, executing a denial of service (DoS) attack, or attempting to gain unauthorized access. Therefore, you need to disable all of the services on your perimeter router that you are not using or that are necessary.
Logging works in many kinds of ways. One good way of doing it would be setting a log severity level. The severity levels can be sued in the form of "more serious to less serious". Level 0 to the highest level would be ranging from the most serious at level 0 to the highest level for the least serious.
Common Threats to Router & Switch Physical and Mitigation
HELLO THIRD TOPIC!!
There are 4 categories of Common Physical Threats to Router and Switch Installations.
They are :
1) Hardware Threats
2) Environmental Threats
3) Electrical Threats
4) Maintenance Threats
Hardware Threats
Any threats that are associated with physical damages to the routers and switches are all classified as hardware threats. Through controlled access to the facilities, one can mitigate these hardware threats. One can also provide security by ensuring that there is no access to the facility via the ceilings, AC ducts, windows or walls. Mitigation of hardware threats can also be done through the installation of security cameras and the logging of entry attempts.
Environmental Threats
Any threats that are associated with climatic conditions are environmental threats. Adequate ventilation in the facility and the maintenance of temperature and humidity levels are needed to mitigate such threats. In addition, one must ensure that the temperature and humidity levels are maintained in accordance to the specifications defined in the equipment documentation. Once all these parameters are in place, the ability to remotely manage and monitor the temperature and humidity controls is a necessity. Ensuring that the facility is free from electrostatic discharge (ESD) and magnetic interference is also another way to mitigate environmental threats.
Electrical Threats
Some examples of electrical threats can be spikes, inadequate power supply, noise and power loss. An uninterruptible power supply (UPS) is needed for all your devices that you heavily rely on. A UPS provides protection against irregularities in your power distribution system. Ensure that there are redundant power supplies within your network devices for those who can support them, and also have spares always at your facility. This measure reduces the downtime of your network, should it occur.
Maintenance Threats
Some things like poor cabling, faulty labelling or electronic devices without adequate ESD deterents, they are all classified as maintenance threats. Do make sure that the cables are labelled properly and that a proper labeling convention is followed. Having properly labelled cables helps in tracing cables in the facility and helps in troubleshooting as well. Ensure that the cables have smooth bends when going around corners, for a more smoother flow of data.
There are 4 categories of Common Physical Threats to Router and Switch Installations.
They are :
1) Hardware Threats
2) Environmental Threats
3) Electrical Threats
4) Maintenance Threats
Hardware Threats
Any threats that are associated with physical damages to the routers and switches are all classified as hardware threats. Through controlled access to the facilities, one can mitigate these hardware threats. One can also provide security by ensuring that there is no access to the facility via the ceilings, AC ducts, windows or walls. Mitigation of hardware threats can also be done through the installation of security cameras and the logging of entry attempts.
Environmental Threats
Any threats that are associated with climatic conditions are environmental threats. Adequate ventilation in the facility and the maintenance of temperature and humidity levels are needed to mitigate such threats. In addition, one must ensure that the temperature and humidity levels are maintained in accordance to the specifications defined in the equipment documentation. Once all these parameters are in place, the ability to remotely manage and monitor the temperature and humidity controls is a necessity. Ensuring that the facility is free from electrostatic discharge (ESD) and magnetic interference is also another way to mitigate environmental threats.
Electrical Threats
Some examples of electrical threats can be spikes, inadequate power supply, noise and power loss. An uninterruptible power supply (UPS) is needed for all your devices that you heavily rely on. A UPS provides protection against irregularities in your power distribution system. Ensure that there are redundant power supplies within your network devices for those who can support them, and also have spares always at your facility. This measure reduces the downtime of your network, should it occur.
Maintenance Threats
Some things like poor cabling, faulty labelling or electronic devices without adequate ESD deterents, they are all classified as maintenance threats. Do make sure that the cables are labelled properly and that a proper labeling convention is followed. Having properly labelled cables helps in tracing cables in the facility and helps in troubleshooting as well. Ensure that the cables have smooth bends when going around corners, for a more smoother flow of data.
Network/Port Address Translation
2nd Topic for the week!~
Network Address Translation(NAT)
It is the process of mapping internal private IP address to a pool of global IP addresses (provided by the Internet Service Providers).
It allows one to one, and many to many IP translations.
When a organisation has many users, it is pointless to purchase an equal number of global IP addresses from the Internet Service Providers. So what can be done is to set up a private network using private IP addresses. Now, since private IP addresses can be repeated as many times as possible in private networks, they need something to allow their users to access the Internet normally. That is where the NAT would come in, mapping global IP addresses to private IP addresses allows users from private networks to access the Internet as per normal.
Port Address Translation(PAT)
Port Address Translation is an extension of Network Address Translation that allows multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
With PAT, multiple computers can be given the exact same IP address but with different port numbers assigned to it. This can happen simultaneously, and the router would still know which computer to send specific packets to because each computer has a unique internal address.
Port Address Translation is also called porting, port overloading, port-level multiplexed NAT and single address NAT.
Network Address Translation(NAT)
It is the process of mapping internal private IP address to a pool of global IP addresses (provided by the Internet Service Providers).
It allows one to one, and many to many IP translations.
When a organisation has many users, it is pointless to purchase an equal number of global IP addresses from the Internet Service Providers. So what can be done is to set up a private network using private IP addresses. Now, since private IP addresses can be repeated as many times as possible in private networks, they need something to allow their users to access the Internet normally. That is where the NAT would come in, mapping global IP addresses to private IP addresses allows users from private networks to access the Internet as per normal.
Port Address Translation(PAT)
Port Address Translation is an extension of Network Address Translation that allows multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
With PAT, multiple computers can be given the exact same IP address but with different port numbers assigned to it. This can happen simultaneously, and the router would still know which computer to send specific packets to because each computer has a unique internal address.
Port Address Translation is also called porting, port overloading, port-level multiplexed NAT and single address NAT.
Perimeter Router, Internal Router & Firewall
First off,
Perimeter Router
You may be wondering..
What the hell is a Perimeter Router and what is its purpose??
A Perimeter Router is a router that is installed on a perimeter segment of a network.
A perimeter segment is an area which connects a network to an untrusted network or an area which is located outside of the corporate firewalls.
Basically, a Perimeter Router is like the door to your house. It sits there and it connects your house (your network) to the world (the whole internet).
Its purpose is to offer and provide minimal protection to the trusted network from any untrusted networks apart from performing packet filtering on traffic.
Due to the fact that Perimeter Routers connect the networks that can be reached via the Internet, they are often the target of hackers trying to exploit any security vulnerabilities.
An unsecured perimeter router would be weak at filtering unwanted network traffic, as well as becoming an easy target for Denial Of Service (DoS) attacks, which can halt the network. Whereas a secured perimeter router can prevent network reconnaissance (the gathering of information to prepare for an attack) and therefore the attacks themselves.
__________________________________________________________________________________
Up next would be...
Internal Router
An Internal Router, a router that is normally set as a form of backup should the first router go down, whether due to an attack or a physical issue. This backup is to ensure that traffic can still flow within the internal network at all times.
Apart from that, it does filtering of traffic for the internal network as well.
__________________________________________________________________________________
And last but not least for the topic is...
Firewall
A Firewall is a set of related programs found at a network gateway server. It provides a certain level of protection on the resources of an internal network from users from other networks.
A Firewall is able to prevent outsiders from viewing private data and users from viewing certain outside resources.
Perimeter Router
You may be wondering..
What the hell is a Perimeter Router and what is its purpose??
A Perimeter Router is a router that is installed on a perimeter segment of a network.
Basically, a Perimeter Router is like the door to your house. It sits there and it connects your house (your network) to the world (the whole internet).
Its purpose is to offer and provide minimal protection to the trusted network from any untrusted networks apart from performing packet filtering on traffic.
Due to the fact that Perimeter Routers connect the networks that can be reached via the Internet, they are often the target of hackers trying to exploit any security vulnerabilities.
An unsecured perimeter router would be weak at filtering unwanted network traffic, as well as becoming an easy target for Denial Of Service (DoS) attacks, which can halt the network. Whereas a secured perimeter router can prevent network reconnaissance (the gathering of information to prepare for an attack) and therefore the attacks themselves.
__________________________________________________________________________________
Up next would be...
Internal Router
An Internal Router, a router that is normally set as a form of backup should the first router go down, whether due to an attack or a physical issue. This backup is to ensure that traffic can still flow within the internal network at all times.
Apart from that, it does filtering of traffic for the internal network as well.
__________________________________________________________________________________
And last but not least for the topic is...
Firewall
A Firewall is a set of related programs found at a network gateway server. It provides a certain level of protection on the resources of an internal network from users from other networks.
A Firewall is able to prevent outsiders from viewing private data and users from viewing certain outside resources.
WEEK 2 WEek 2 Week 2 week 2
This week, I am going to blog about 4 different topics, so there'll be 4 different posts.
1) Perimeter Router, Internal Router & Firewall
2) Network/ Port Address Translation
3) Common Threats To Router and Switch Physical & Mitigation
4) Secure Perimeter Routers & Disable Services & Logging.
I'll start posting about the topics stated above right after this messages..
OCP (Overseas Community Program) is coming right up most probably in our next Semester Break.
There will be NO subsidy, so you have to pay in full..
But all are encouraged to go.
Possible Countries are : Cambodia, Myanmar, China, Thailand, Germany, Britain, France, USA, and many more.
WHY WAIT?
Sign up now!
1) Perimeter Router, Internal Router & Firewall
2) Network/ Port Address Translation
3) Common Threats To Router and Switch Physical & Mitigation
4) Secure Perimeter Routers & Disable Services & Logging.
I'll start posting about the topics stated above right after this messages..
OCP (Overseas Community Program) is coming right up most probably in our next Semester Break.
There will be NO subsidy, so you have to pay in full..
But all are encouraged to go.
Possible Countries are : Cambodia, Myanmar, China, Thailand, Germany, Britain, France, USA, and many more.
WHY WAIT?
Sign up now!
Subscribe to:
Posts (Atom)