Documente Academic
Documente Profesional
Documente Cultură
2013
Terry Pecats
17/09/2013
0|Page
ICANWK406A Install, configure and test network security Terry Pecats
Contents
1.0 Assess network security threats and vulnerabilities to identify risk (VM).......................................3
1.1 Assess and report on current system security, according to required asset security level (VM
options).............................................................................................................................................3
1.2 Determine additional network, software, hardware and system security threats and
vulnerabilities (VM assessment)........................................................................................................6
1.3 Use identified threats and vulnerability information to identify security risks..........................10
1.4 Make recommendations to management to address security deficiencies, according to current
and future commercial and business requirements (VM Executive summary)...............................10
2.0 Implement countermeasures for identified vulnerabilities and threats (VM)...............................11
2.1 Implement required level of perimeter security based on current and future business needs
.........................................................................................................................................................11
2.2 Assess and implement best practice server and network hardening techniques and measures
.........................................................................................................................................................14
2.3 Implement secure authentication and user account controls...................................................14
2.4 Secure data integrity and transmission.....................................................................................15
3.0 Test and verify functionality and performance of security system implemented (CM).................15
3.1 Design test items to verify key function and performance measures against criteria...............15
3.2 Conduct function and performance tests recording results......................................................16
3.3 Modify and debug security system as necessary.......................................................................16
3.4 Develop documentation on current system settings and file for future reference....................17
4.0 Provide systems for monitoring and maintaining security (CM)....................................................18
4.1 Monitor current network security, including physical aspects, using appropriate third-party
testing software where applicable...................................................................................................18
4.2 Review logs and audit reports to identify and record security incidents, intrusions or attempts
.........................................................................................................................................................19
4.3 Carry out spot checks and audits to ensure that procedures are not being bypassed..............19
4.4 Document newly discovered security threats, vulnerabilities and risks in a report for
presentation to appropriate person to gain approval for changes to be made...............................20
1|Page
ICANWK406A Install, configure and test network security Terry Pecats
2|Page
ICANWK406A Install, configure and test network security Terry Pecats
Case study
There are various networks which will be deployed in the computer lab. Server based and
web based. Do not scan any other networks other than those specified in these exercises.
Unauthorised access to a network is a criminal offence under Australian Law.
Weigh the pros and cons of each against five key factors: Design, Deployment,
Management, Cost and Compliance.
Deployment,
3|Page
ICANWK406A Install, configure and test network security Terry Pecats
Management,
Software-based solutions are installed by users on their enterprise network and operated
manually. This is a familiar process but using software-based solutions for vulnerability
management has huge drawbacks:
_ Software-based solutions don’t provide an outsider’s view of network vulnerabilities,
especially for devices on the perimeter.
_ Installation options are either on the non-routable private side of the network or on the
public-facing Internet side. Behind-the-firewall deployments are unable to process exploits
such as transmission of incorrectly formatted data packets so their scans generate many
false positives and false negatives. Products deployed outside the firewall are subject to
attacks and compromise.
Secure communications of scan assessments are questionable.
With SaaS, the application is installed and operated by a trusted third party and may be
hosted on a user’s network or on secure external facilities. The latter option enables the
SaaS vulnerability management solution to mimic the perspective of a hacker during the
network audit process – from the outside, looking in. An externally-hosted SaaS vulnerability
management solution can also assess security inside the firewall perimeter using a
‘hardened appliance’ (which contains integrated security protection) that can communicate
internal audit results to a central secure repository hosted and managed by the trusted third
party.
4|Page
ICANWK406A Install, configure and test network security Terry Pecats
5|Page
ICANWK406A Install, configure and test network security Terry Pecats
When users deploy software-based solutions, they need to provide servers to run the
vulnerability management application.
For large enterprises, this may require servers in multiple data centres worldwide so
deployment can consume a lot of time as network and security staff roll out the required
infrastructure. Smooth integration of these resources with enterprise management
platforms is often challenging if not
impossible.
A SaaS solution has many operational advantages:
_ SaaS is already ‘up and running’ so deployment is instant,
no matter how many sites need vulnerability management,
and no matter where they are in the world.
_ There are no software agents to install that might conflict
with other applications.
_ SaaS is inherently scalable and immediately begins working
for the largest enterprise.
_ The solution should provide an API allowing for simple
integration with enterprise network management
platforms.
6|Page
ICANWK406A Install, configure and test network security Terry Pecats
We used three VM tools; Qualysguard, Belsecure, and Microsoft Baseline security Analyzer.
These revealed various threats to the test network.
7|Page
ICANWK406A Install, configure and test network security Terry Pecats
Host computer
8|Page
ICANWK406A Install, configure and test network security Terry Pecats
It is important to fix the critical issues - For example in the screenshot above; these
vulnerabilities need to be rectified via updates or through administration configurations.
Server
9|Page
ICANWK406A Install, configure and test network security Terry Pecats
10 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
A vulnerability scanner is one of many security tools used to improve the security of
networks. The goal of running a vulnerability scanner is to identify devices on a network that
are open to known vulnerabilities. A vulnerability tool can help secure a network or it can be
used by potential attackers to identify weaknesses in you system to mount an attack against.
The tool can be used to identify and fix weaknesses before potential attacker use them to
exploit victims. There are many different types of scanners that accomplish similar goals
through different means. Some scanners work better than others. Some of the highly rated
vulnerability scanning packages including Belsecure, SAINT, SARA and QualysGuard carry a
hefty price tag. Some companies do not mind the cost of the tools because they add
network security and peace of mind. With recent budget shortfalls within companies, many
others do not have the budget needed for these products. Companies that primarily use
Microsoft Windows products use a freely available tool called Microsoft Baseline Security
Analyser (MBSA). MBSA can be used to scan systems and identify missing patches and
missing or weak passwords and other common security issues. MBSA tool is used to assess
11 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
security settings within Microsoft (MS) Windows components such as: Internet Explorer,
Web Server, Products Microsoft SQL server, MS Office Settings and is compatible with the
Windows Operating Systems Windows – NT, 2000, XP, 2003, Vista, and 7. It average scans
over three million computers each week and is used by many leading third-party vendors,
security auditors, medium to large businesses, home Networks - Local Hosts
Recommend: use free tool first but need to protect networks with paid tools.
Once you have established a risk management process, you should create and document a
set of security policies that control the use of all technology and resources within your
organization. Anything within your infrastructure that lacks a governing security policy, such
as unprotected computers, should be identified and removed from your network until they
are made compliant with your policies. To remove these computers, you will need to define
a process that will help you identify these potentially vulnerable devices.
You will also need to look at third party vendors involved with your network. Do you utilize a
third party to routinely perform assessments and penetration tests on your environment?
Do other vendors or contractors have access to your environment? If so, do you have
adequate physical security for all locations where an external or third party could directly
access your network or computers?
12 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
You should not, however, solely rely on firewalls as your single means of defence. There are
additional factors to consider for protecting your network. Do you provide secure remote
access with strong authentication techniques? Similarly, you should know whether your
system uses the latest quarantine technologies that help to automatically identify remote
laptops or desktops with inefficient virus patches or security. Another avenue to consider is
the use of technologies such as Microsoft Outlook Web Access or Outlook access that uses
RPC over HTTPS to reduce the need for remote connections to the network.
A few final thoughts you should consider include making sure you have secured your
wireless network to help prevent unauthorized users from gaining access to your network
resources. You should also consider upgrading all Internet-facing servers to Microsoft
Windows Server 2003 and all traveling laptops to Windows XP to take advantage of the
reduced attack surface of these products, as well as to utilize the additional security features
such as Windows firewall for these high risk devices. Finally, you should consider using IPsec
to help prevent unauthorized users from gaining access to mission-critical resources or
rogue machines from accessing your network.
You should also check to make sure that you have deployed up-to-date antivirus software
on all of your servers and clients. This will also allow you to use the quarantine features,
among other capabilities found in Windows 2003, with remote users. If you have the latest
software versions installed, you should make sure to have in place an organized method for
keeping up-to-date on a regular basis with the latest virus and hacker information. This plan
13 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
of action should include a strategy for rapidly deploying the latest updates to all of your
operating systems and applications soon after the patches are released to the general
public. You should also consider establishing guidelines for developing secure applications
that include threat modelling, code reviews, and security testing. A final consideration might
be to investigate technologies such as Encrypting File System to encrypt and protect
business-critical folders and files.
For authentication purposes, if you have not already, then you should consider using multi-
factor authentication techniques such as smart cards or biometrics for critical accounts. You
should also consider deploying Active Directory for user authentication, Group Policy for
applying security settings to your Windows-based computers, and establishing an effective
identity and access management strategy that focuses on single sign-on capabilities.
Last but not least, to help limit the damage of a potential security breech or system
malfunction, you should always have a backup and recovery strategy in place to restore
services and data in an acceptable amount of time. This could include anything from a local
standby server or a remote server to software applications.
During a review of your security program, you should look at the means in which you
conduct your security audits. Do you have a group that is focused on auditing computers
and applications for compliance with internal standards or regulatory requirements? If so, is
it separate from the operations team in performing the above tasks? Do you have a team
that is trained to help document and remediate issues that the audit finds?
Finally, you should consider what happens when a system is compromised. You should know
if you have an intrusion detection system, how it is deployed to monitor access to business-
critical systems, and how it can be used to help identify what portions of your system were
compromised. If your system is attacked or faces a viral outbreak, you should also have in
place an established incident response process to help minimize the effect on your network
and collect information to help your security team better secure your system against future
threats.
14 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
2.2 Assess and implement best practice server and network hardening
techniques and measures
One form of hardening is to make the server headless which removes the ability to use the
keyboard, mouse and monitor.
15 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
Compliance management (CM) is testing the network for how the system is secured.
3.1 Design test items to verify key function and performance measures
against criteria
Test setup.
16 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
Router
Identify and fix faults in the software that affect security, performance, or
functionality.
Alter functionality or address a new security threat, such as updating an antivirus
signature.
Change a software configuration to make it less susceptible to attack, run faster, or
improve functionality.
Use the most effective means to thwart automated attacks (such as worms, bots,
and so on).
Enable the effective improvement and management of security risks.
Document the state of security for audit and compliance with laws, regulations, and
business policy.
17 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
3.4 Develop documentation on current system settings and file for future
reference
When you connect, SSH does not prompt you for a user name, but rather uses the same
user name you entered when you logged on to Linux. You can even connect to a remote
computer while you are logged on as root. (You cannot log on as root using a Telnet client.)
After you type your password in SSH, you can securely execute command-line utilities.
In Windows, you can use PuTTY as an SSH client. With PuTTY, you can use a Windows
computer to connect to the secure shell on a Linux computer. To use PuTTY, you download
putty.exe from the www.chiark.greenend.org.uk/~sgtatham/puttyWeb site. You can create
a \putty folder for putty.exe, and then double-click putty.exe to start the program and open
the PuTTY window, as shown in Figure 10-8.
18 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
With PuTTY, you type the IP address or host name and then click the SSH option button.
When you click Open, you are prompted for a user name and password.
You can make FTP transfers secure by using SSH on Linux. To do so, use the SFTP command
in Linux instead of the ftp command to transfer files. Linux then calls a secure FTP server
from SSHD. The major difference between using FTP and SSHD is that your default directory
on the Linux computer is your user directory instead of a specific FTP directory.
For Windows users, you can download a secure version of FTP called psftp.exe from the
same Web page that provides PuTTY, www.chiark.greenend.org.uk/~sgtatham/putty.
19 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
4.2 Review logs and audit reports to identify and record security incidents,
intrusions or attempts
20 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
4.3 Carry out spot checks and audits to ensure that procedures are not
being bypassed
21 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
Hey everyone, the latest release of Alert Central is now available for download!
Notification of Alert Central upgrades in your admin AC console and admin weekly
report (and support for proxy servers, so your upgrade feed doesn't get interrupted)
A slew of improvements to user validation to help those of you with cell phones and
improve your expected workflow, including:
22 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
23 | P a g e
ICANWK406A Install, configure and test network security Terry Pecats
Router/Firewall
Passwords, replace telnet with SSH encryption to stop Wireshark capture firewall check
incoming IP address
Switch
Passwords, Replace telnet with SSH encryption to stop Wireshark capture.
Server
Passwords, encryption, harden with specific roles, physical access restricted with headless
design, antivirus software.
Connection
Connectionless (web server) close ports, port scanner such as Shields up.
24 | P a g e