Configure and Test Network Security

ICANWK406A Install, configure and test network security Terry Pecats
2013
Install, Configure and

test network security
Cert IV Information Technology Report
Terry Pecats
17/09/2013
0|Page
Contents
1.0 Assess network security threats and vulnerabilities to identify risk (VM).......................................3
1.1 Assess and report on current system security, according to required asset security level (VM
options).............................................................................................................................................3
1.2 Determine additional network, software, hardware and system security threats and
vulnerabilities (VM assessment)........................................................................................................6
1.3 Use identified threats and vulnerability information to identify security risks..........................10
1.4 Make recommendations to management to address security deficiencies, according to current
and future commercial and business requirements (VM Executive summary)...............................10
2.0 Implement countermeasures for identified vulnerabilities and threats (VM)...............................11
2.1 Implement required level of perimeter security based on current and future business needs
.........................................................................................................................................................11
2.2 Assess and implement best practice server and network hardening techniques and measures
.........................................................................................................................................................14
2.3 Implement secure authentication and user account controls...................................................14
2.4 Secure data integrity and transmission.....................................................................................15
3.0 Test and verify functionality and performance of security system implemented (CM).................15
3.1 Design test items to verify key function and performance measures against criteria...............15
3.2 Conduct function and performance tests recording results......................................................16
3.3 Modify and debug security system as necessary.......................................................................16
3.4 Develop documentation on current system settings and file for future reference....................17
4.0 Provide systems for monitoring and maintaining security (CM)....................................................18
4.1 Monitor current network security, including physical aspects, using appropriate third-party
testing software where applicable...................................................................................................18
4.2 Review logs and audit reports to identify and record security incidents, intrusions or attempts
.........................................................................................................................................................19
4.3 Carry out spot checks and audits to ensure that procedures are not being bypassed..............19
4.4 Document newly discovered security threats, vulnerabilities and risks in a report for
presentation to appropriate person to gain approval for changes to be made...............................20
1|Page
Test - network topology
Solution one test profile
Management-did you seek approval to test
Cost and compliance-will your report be used in court
2|Page
Case study
There are various networks which will be deployed in the computer lab. Server based and
web based. Do not scan any other networks other than those specified in these exercises.
Unauthorised access to a network is a criminal offence under Australian Law.
1.0 Assess network security threats and vulnerabilities to identify risk

(VM)
1.1 Assess and report on current system security, according to required

asset security level (VM options)
Weigh the pros and cons of each against five key factors: Design, Deployment,
Management, Cost and Compliance.
Qualysguard BELSECURE MBSA
Design, Dashboard Average Standard
Deployment,
3|Page
Management,
Cost and $5000 $2500 $0
Compliance. Legal in courts Not tested Did not work
Design: Assessing risk from the Outside, looking in.
Software-based solutions are installed by users on their enterprise network and operated
manually. This is a familiar process but using software-based solutions for vulnerability
management has huge drawbacks:
_ Software-based solutions don’t provide an outsider’s view of network vulnerabilities,
especially for devices on the perimeter.
_ Installation options are either on the non-routable private side of the network or on the
public-facing Internet side. Behind-the-firewall deployments are unable to process exploits
such as transmission of incorrectly formatted data packets so their scans generate many
false positives and false negatives. Products deployed outside the firewall are subject to
attacks and compromise.
Secure communications of scan assessments are questionable.
With SaaS, the application is installed and operated by a trusted third party and may be
hosted on a user’s network or on secure external facilities. The latter option enables the
SaaS vulnerability management solution to mimic the perspective of a hacker during the
network audit process – from the outside, looking in. An externally-hosted SaaS vulnerability
management solution can also assess security inside the firewall perimeter using a
‘hardened appliance’ (which contains integrated security protection) that can communicate
internal audit results to a central secure repository hosted and managed by the trusted third
party.
4|Page
Deployment: Keeping operational burdens to a minimum.
Deployment-which version are you testing
5|Page
When users deploy software-based solutions, they need to provide servers to run the
vulnerability management application.
For large enterprises, this may require servers in multiple data centres worldwide so
deployment can consume a lot of time as network and security staff roll out the required
infrastructure. Smooth integration of these resources with enterprise management
platforms is often challenging if not
impossible.
A SaaS solution has many operational advantages:
_ SaaS is already ‘up and running’ so deployment is instant,
no matter how many sites need vulnerability management,
and no matter where they are in the world.
_ There are no software agents to install that might conflict
with other applications.
_ SaaS is inherently scalable and immediately begins working
for the largest enterprise.
_ The solution should provide an API allowing for simple
integration with enterprise network management
platforms.
6|Page
Compliance: Audits and reports for a variety of policies and regulations.
Demonstrating compliance with software-based solutions is

difficult. In addition to manually collating reports, the data is
‘owned’ by the user and so is subject to extra scrutiny and
scepticism by auditors. By contrast, fully automated SaaS vulnerability
reporting is trusted by auditors because it’s collected
and held by a secure third party. SaaS provides
tamper-proof capability by enforcing access to VM functionality
and reporting based on a user’s operational role in an
organization. This role-based capability further protects the
integrity of VM results for verification of compliance.
1.2 Determine additional network, software, hardware and system security

threats and vulnerabilities (VM assessment)
We used three VM tools; Qualysguard, Belsecure, and Microsoft Baseline security Analyzer.
These revealed various threats to the test network.
7|Page
$5,000 solution - Qualys guard
$2,500 solution – BelManage 2013
The BelSecure Module automatically does a vulnerability assessment of your IT systems,

checks security policies, configuration settings, and discovers other information about the
host such as anti-virus status, application versions, security patches, user accounts and
more.
Host computer
8|Page
It is important to fix the critical issues - For example in the screenshot above; these
vulnerabilities need to be rectified via updates or through administration configurations.
Server
$0 solution - Microsoft Baseline Security Analyser
9|Page
Microsoft Baseline Security Analyser (MBSA) is a software tool released by Microsoft to

determine security state by assessing missing security updates and less-secure security
settings within Microsoft Windows, Windows components such as Internet Explorer, IIS web
server, and products Microsoft SQL Server, and Microsoft Office macro settings.
10 | P a g e
1.3 Use identified threats and vulnerability information to identify security

risks
Critical threats to the network are shown below.
1.4 Make recommendations to management to address security

deficiencies, according to current and future commercial and business
requirements (VM Executive summary)
A vulnerability scanner is one of many security tools used to improve the security of
networks. The goal of running a vulnerability scanner is to identify devices on a network that
are open to known vulnerabilities. A vulnerability tool can help secure a network or it can be
used by potential attackers to identify weaknesses in you system to mount an attack against.
The tool can be used to identify and fix weaknesses before potential attacker use them to
exploit victims. There are many different types of scanners that accomplish similar goals
through different means. Some scanners work better than others. Some of the highly rated
vulnerability scanning packages including Belsecure, SAINT, SARA and QualysGuard carry a
hefty price tag. Some companies do not mind the cost of the tools because they add
network security and peace of mind. With recent budget shortfalls within companies, many
others do not have the budget needed for these products. Companies that primarily use
Microsoft Windows products use a freely available tool called Microsoft Baseline Security
Analyser (MBSA). MBSA can be used to scan systems and identify missing patches and
missing or weak passwords and other common security issues. MBSA tool is used to assess
11 | P a g e
security settings within Microsoft (MS) Windows components such as: Internet Explorer,
Web Server, Products Microsoft SQL server, MS Office Settings and is compatible with the
Windows Operating Systems Windows – NT, 2000, XP, 2003, Vista, and 7. It average scans
over three million computers each week and is used by many leading third-party vendors,
security auditors, medium to large businesses, home Networks - Local Hosts
Recommend: use free tool first but need to protect networks with paid tools.
2.0 Implement countermeasures for identified vulnerabilities and

threats (VM)
2.1 Implement required level of perimeter security based on current and

future business needs
Assess Your Environment

In order to effectively secure your network environment, you must first become familiar
with all of its components. Assessing your infrastructure involves not only identifying all
assets and security issues, but also monitoring the quality of your overall security program.
To determine your specific network security needs, you should consider several issues. First,
you need to be sure that your IT staff has the necessary executive support to run a
successful security program. If you find yourself on the same page with management on
how to proceed, you should focus on establishing a process to identify and analyse security
risks on an on-going basis. Without such a plan in place, you run the risk of initiating projects
that are not solving your largest security problems.
Once you have established a risk management process, you should create and document a
set of security policies that control the use of all technology and resources within your
organization. Anything within your infrastructure that lacks a governing security policy, such
as unprotected computers, should be identified and removed from your network until they
are made compliant with your policies. To remove these computers, you will need to define
a process that will help you identify these potentially vulnerable devices.
You will also need to look at third party vendors involved with your network. Do you utilize a
third party to routinely perform assessments and penetration tests on your environment?
Do other vendors or contractors have access to your environment? If so, do you have
adequate physical security for all locations where an external or third party could directly
access your network or computers?
12 | P a g e
Protect Your Network

Being part of the connected world brings many benefits as well as challenges. Any computer
within your network that is connected to the Internet, directly or indirectly, is a potential
risk for an attack from viruses or external attackers. Traditionally, firewalls provide defence
against such attacks. Towards this end, you should review your firewall deployments to
ensure that the current rules and processes to implement and maintain them are still valid.
You should also make sure that you take adequate measures to help protect devices such as
laptops with technologies such as host-based firewalls.
You should not, however, solely rely on firewalls as your single means of defence. There are
additional factors to consider for protecting your network. Do you provide secure remote
access with strong authentication techniques? Similarly, you should know whether your
system uses the latest quarantine technologies that help to automatically identify remote
laptops or desktops with inefficient virus patches or security. Another avenue to consider is
the use of technologies such as Microsoft Outlook Web Access or Outlook access that uses
RPC over HTTPS to reduce the need for remote connections to the network.
A few final thoughts you should consider include making sure you have secured your
wireless network to help prevent unauthorized users from gaining access to your network
resources. You should also consider upgrading all Internet-facing servers to Microsoft
Windows Server 2003 and all traveling laptops to Windows XP to take advantage of the
reduced attack surface of these products, as well as to utilize the additional security features
such as Windows firewall for these high risk devices. Finally, you should consider using IPsec
to help prevent unauthorized users from gaining access to mission-critical resources or
rogue machines from accessing your network.
Protect Your Servers and Clients

Many customers we have worked with over the past year have spent considerable resources
protecting their perimeter networks but have allowed their internal infrastructure to remain
extremely vulnerable. You should be sure to take sufficient steps to harden your core
operating systems and major applications from common attacks. To strengthen your
security infrastructure and security tools, you should install Windows XP Service Pack2 (SP2)
with Advanced Security Technologies on your Windows XP laptops and remote systems. In
addition to a simplified monitoring of security, SP2 automatically turns on a built-in
Windows Firewall that offers additional protection during a computer’s boot time and shut
down process.
You should also check to make sure that you have deployed up-to-date antivirus software
on all of your servers and clients. This will also allow you to use the quarantine features,
among other capabilities found in Windows 2003, with remote users. If you have the latest
software versions installed, you should make sure to have in place an organized method for
keeping up-to-date on a regular basis with the latest virus and hacker information. This plan
13 | P a g e
of action should include a strategy for rapidly deploying the latest updates to all of your
operating systems and applications soon after the patches are released to the general
public. You should also consider establishing guidelines for developing secure applications
that include threat modelling, code reviews, and security testing. A final consideration might
be to investigate technologies such as Encrypting File System to encrypt and protect
business-critical folders and files.
For authentication purposes, if you have not already, then you should consider using multi-
factor authentication techniques such as smart cards or biometrics for critical accounts. You
should also consider deploying Active Directory for user authentication, Group Policy for
applying security settings to your Windows-based computers, and establishing an effective
identity and access management strategy that focuses on single sign-on capabilities.
Last but not least, to help limit the damage of a potential security breech or system
malfunction, you should always have a backup and recovery strategy in place to restore
services and data in an acceptable amount of time. This could include anything from a local
standby server or a remote server to software applications.
Monitor Your Environment

Monitoring and auditing are central to an organization's security efforts. We often think of
monitoring as watching and waiting for an event to occur so that we can react to the
situation. While this is important, a secure environment should establish a proactive
strategy that audits your network to identify systems configured in ways that do not meet
organizational standards or best practices. To achieve this, you should regularly review
client and server logs to look for common attack patterns.
During a review of your security program, you should look at the means in which you
conduct your security audits. Do you have a group that is focused on auditing computers
and applications for compliance with internal standards or regulatory requirements? If so, is
it separate from the operations team in performing the above tasks? Do you have a team
that is trained to help document and remediate issues that the audit finds?
Finally, you should consider what happens when a system is compromised. You should know
if you have an intrusion detection system, how it is deployed to monitor access to business-
critical systems, and how it can be used to help identify what portions of your system were
compromised. If your system is attacked or faces a viral outbreak, you should also have in
place an established incident response process to help minimize the effect on your network
and collect information to help your security team better secure your system against future
threats.
14 | P a g e
2.2 Assess and implement best practice server and network hardening
techniques and measures
Best practice involves the following:
1. Unauthorised access from employees (authentication)
2. Non employees - blocked.
3. Loss of access though disaster – offsite storage.
One form of hardening is to make the server headless which removes the ability to use the
keyboard, mouse and monitor.
2.3 Implement secure authentication and user account controls
The screenshot shows using telnet to secure authentication by SSH.
15 | P a g e
2.4 Secure data integrity and transmission
We downloaded Tera Term to handle the telnet
SSL; Secure Socket Layer
SSL encrypts outbound packets

for application layer before
transport layer (RC4 DES)
SSH provides data integrity for transmission over the network.
3.0 Test and verify functionality and performance of security system

implemented (CM)
Compliance management (CM) is testing the network for how the system is secured.
3.1 Design test items to verify key function and performance measures
against criteria
Test setup.
16 | P a g e
3.2 Conduct function and performance tests recording results
Router
3.3 Modify and debug security system as necessary
The primary objectives of VM function and CM performance tests are to cover

the following six areas:
 Identify and fix faults in the software that affect security, performance, or
functionality.
 Alter functionality or address a new security threat, such as updating an antivirus
signature.
 Change a software configuration to make it less susceptible to attack, run faster, or
improve functionality.
 Use the most effective means to thwart automated attacks (such as worms, bots,
and so on).
 Enable the effective improvement and management of security risks.
 Document the state of security for audit and compliance with laws, regulations, and
business policy.
17 | P a g e
3.4 Develop documentation on current system settings and file for future
reference
SECURING SERVER APPLICATIONS

When securing server applications, run only one server application on each computer to
prevent a breach in one application that might cause problems in another application.
As with operating systems, make sure you have the latest software patches for server
applications.
However, be sure to fully test significant upgrades to any application software. The upgrade
may be more secure than the original version, but might introduce incompatibilities or
inadvertent configuration problems. Make sure that an upgrade does not cause the same
types of problems as an attacker might.
Securing Telnet and FTP

Neither Telnet nor FTP is secure because both send user names and passwords as clear text.
However, FTP is useful as an anonymous client for downloading files when security is not an
issue. Likewise, using FTP to upload files on an isolated computer does not allow someone
to intercept user names and passwords. However, if you use an upload user name that also
provides access to other parts of the system, having your user name and password
intercepted could compromise the system.
Telnet should never be used over the Internet or any insecure network. With Telnet, you
connect to a computer system to execute command-line utilities, which can be dangerous.
Instead, you should use SSH, which allows you to perform the same tasks as Telnet, but in a
secure environment. Telnet and SSH are similar, so if you know how to use Telnet,
SSH will be familiar. Red Hat Linux installs SSHD, the SSH server, by default. When you want
to remotely connect to another computer running Linux, such as one called
web1.technowidgets.com, you would type sshƒweb1.technowidgets.com.
When you connect, SSH does not prompt you for a user name, but rather uses the same
user name you entered when you logged on to Linux. You can even connect to a remote
computer while you are logged on as root. (You cannot log on as root using a Telnet client.)
After you type your password in SSH, you can securely execute command-line utilities.
In Windows, you can use PuTTY as an SSH client. With PuTTY, you can use a Windows
computer to connect to the secure shell on a Linux computer. To use PuTTY, you download
putty.exe from the www.chiark.greenend.org.uk/~sgtatham/puttyWeb site. You can create
a \putty folder for putty.exe, and then double-click putty.exe to start the program and open
the PuTTY window, as shown in Figure 10-8.
18 | P a g e
With PuTTY, you type the IP address or host name and then click the SSH option button.
When you click Open, you are prompted for a user name and password.
You can make FTP transfers secure by using SSH on Linux. To do so, use the SFTP command
in Linux instead of the ftp command to transfer files. Linux then calls a secure FTP server
from SSHD. The major difference between using FTP and SSHD is that your default directory
on the Linux computer is your user directory instead of a specific FTP directory.
For Windows users, you can download a secure version of FTP called psftp.exe from the
same Web page that provides PuTTY, www.chiark.greenend.org.uk/~sgtatham/putty.
4.0 Provide systems for monitoring and maintaining security (CM)
4.1 Monitor current network security, including physical aspects, using

appropriate third-party testing software where applicable
 Network intrusion detection system (NIDS)

 Solar winds
 Microsoft server layer (Event viewer)
19 | P a g e
4.2 Review logs and audit reports to identify and record security incidents,
intrusions or attempts
Windows Server 2008 event viewer
20 | P a g e
4.3 Carry out spot checks and audits to ensure that procedures are not
being bypassed
4.4 Document newly discovered security threats, vulnerabilities and risks

in a report for presentation to appropriate person to gain approval for
changes to be made
The present method is to use Alert Central from solar winds:
Below is a screenshot of Alert Central.
21 | P a g e
Alert Central Version 1.1 is Now Available!
SATURDAY, 14 SEPTEMBER 2013 2:00 AM » POSTED BY
Hey everyone, the latest release of Alert Central is now available for download!
Here's what we've been working on for this release:
 Notification of Alert Central upgrades in your admin AC console and admin weekly
report (and support for proxy servers, so your upgrade feed doesn't get interrupted)
 A slew of improvements to user validation to help those of you with cell phones and
improve your expected workflow, including:
 The option to not automatically send the self-validation email on import.

 The ability for an admin to see whether a user's address is self-validated from the
user’s grid, not just from alerts themselves.
 The ability for an admin to re-send the self-validation email.
 The ability for an admin to manually validate an email address directly.
 Issues with self-validating SMS from Android.
 Support for Exchange Web Services to receive email from Exchange directly, not just
via IMAP/POP.
 A bunch of bug fixes for issues reported here on Thwack, including:
 Buttons appearing wonky when viewing alerts in Gmail.

 Notes being truncated to 60 characters and some general misbehaviour with longer
text.
 Increased session timeout from 10 to 60 minutes.
 Some issues with creating recurring calendar entries.
22 | P a g e
23 | P a g e
Security tools for each component.
Router/Firewall
Passwords, replace telnet with SSH encryption to stop Wireshark capture firewall check
incoming IP address
Switch
Passwords, Replace telnet with SSH encryption to stop Wireshark capture.
Server
Passwords, encryption, harden with specific roles, physical access restricted with headless
design, antivirus software.
Connection
Connectionless (web server) close ports, port scanner such as Shields up.
24 | P a g e

Configure and Test Network Security

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Configure and Test Network Security

Încărcat de

Drepturi de autor:

Formate disponibile

ICANWK406A Install, configure and test network security Terry Pecats

Install, Configure and

Test - network topology

Solution one test profile

Management-did you seek approval to test

Cost and compliance-will your report be used in court

1.0 Assess network security threats and vulnerabilities to identify risk

1.1 Assess and report on current system security, according to required

Qualysguard BELSECURE MBSA

Design, Dashboard Average Standard

Cost and $5000 $2500 $0

Compliance. Legal in courts Not tested Did not work

Design: Assessing risk from the Outside, looking in.

Deployment: Keeping operational burdens to a minimum.

Deployment-which version are you testing

Compliance: Audits and reports for a variety of policies and regulations.

Demonstrating compliance with software-based solutions is

1.2 Determine additional network, software, hardware and system security

$5,000 solution - Qualys guard

$2,500 solution – BelManage 2013

The BelSecure Module automatically does a vulnerability assessment of your IT systems,

$0 solution - Microsoft Baseline Security Analyser

Microsoft Baseline Security Analyser (MBSA) is a software tool released by Microsoft to

1.3 Use identified threats and vulnerability information to identify security

Critical threats to the network are shown below.

1.4 Make recommendations to management to address security

2.0 Implement countermeasures for identified vulnerabilities and

2.1 Implement required level of perimeter security based on current and

Assess Your Environment

Protect Your Network

Protect Your Servers and Clients

Monitor Your Environment

Best practice involves the following:

1. Unauthorised access from employees (authentication)

2. Non employees - blocked.

3. Loss of access though disaster – offsite storage.

2.3 Implement secure authentication and user account controls

The screenshot shows using telnet to secure authentication by SSH.

2.4 Secure data integrity and transmission

We downloaded Tera Term to handle the telnet

SSL; Secure Socket Layer

SSL encrypts outbound packets

SSH provides data integrity for transmission over the network.

3.0 Test and verify functionality and performance of security system

3.2 Conduct function and performance tests recording results

3.3 Modify and debug security system as necessary

The primary objectives of VM function and CM performance tests are to cover

SECURING SERVER APPLICATIONS

Securing Telnet and FTP

4.0 Provide systems for monitoring and maintaining security (CM)

4.1 Monitor current network security, including physical aspects, using

 Network intrusion detection system (NIDS)

Windows Server 2008 event viewer

4.4 Document newly discovered security threats, vulnerabilities and risks

The present method is to use Alert Central from solar winds:

Below is a screenshot of Alert Central.

Alert Central Version 1.1 is Now Available!

SATURDAY, 14 SEPTEMBER 2013 2:00 AM » POSTED BY

Here's what we've been working on for this release:

 The option to not automatically send the self-validation email on import.

 A bunch of bug fixes for issues reported here on Thwack, including:

 Buttons appearing wonky when viewing alerts in Gmail.