CIS 225

Lecture 19 - Network Security

Network Security

• Authentication & Authorization
• Intrusion Detection System
• Encryption
• Honeypots
• Log Monitoring
• NAT Routing
• Firewalls

Authentication & Authorization

• Verify that users or devices on the network are valid
• Confirm that users are allowed to access resources
• Enforced with ACLs, firewalls, etc.

Intrusion Detection System (IDS)

• Monitors network activity
• Uses signatures or statistical anomalies to detect unwanted network activity
• Can be programmed to automatically respond to detected threats

Encryption

• Protect network traffic by encrypting it
• Prevents eavesdroppers from listening in and intercepting data

Honeypots

• Fake network resources left open
• Any attempts to access are assumed to be malicious
• Information gained is used to strengthen protection

Log Monitoring

• Many network enabled programs are configured to log connections
• Those logs can be analyzed to find unwanted connections

NAT Routing

• Network Address Translation
• Multiple devices with different internal IP addresses share one public IP address
• External attackers only see router (unless ports are forwarded)
• Protects internal systems by not making them directly accessible externally

Firewalls

• Restrict network access to specific programs, ports, addresses, protocols, etc.
• Can be employed on an entire network or each individual system (or both)

Firewalls vs IDS

• Firewalls look at types of traffic, IDS looks at contents and meaning of traffic
• Firewalls can only prevent unwanted connections, IDS can detect them already in progress

Lab 9

• Turn on Firewalls
• Create Firewall Rules to allow access to the following resources
  • Remote Connection (SSH/RDP)
  • Shared Files (smb/Samba)
  • Web Server (apache/IIS)

Assignments

• Lab 9 - Network Security & Backups: Due 11/21 @ 12:30 PM
  WARNING: A couple of steps may take 1 hour or more to run; allow plenty of time to complete this lab