E-Book, Englisch, 512 Seiten
Seagren Secure Your Network for Free
1. Auflage 2011
ISBN: 978-0-08-051681-3
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
E-Book, Englisch, 512 Seiten
ISBN: 978-0-08-051681-3
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
This is the only book to clearly demonstrate how to get big dollar security for your network using freely available tools. This is a must have book for any company or person with a limited budget.
Network security is in a constant struggle for budget to get things done. Upper management wants thing to be secure but doesn't want to pay for it. With this book as a guide, everyone can get what they want. The examples and information will be of immense value to every small business. It will explain security principles and then demonstrate how to achieve them using only freely available software.
* Teachers you how to implement best of breed security using tools for free
* Ideal for anyone recomending and implementing new technologies within the company
* Companion Web site contains dozens of working scripts and tools
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Secure Your Network for Free;4
3;Copyright Page;5
4;Contents;10
5;Chapter 1. Presenting the Business Case for Free Solutions;16
5.1;Introduction;17
5.2;The Costs of Using Free Security Solutions;17
5.3;The Savings of Using Free Security Solutions;21
5.4;Comparing Free Solutions with Commercial Solutions;23
5.5;“Selling” a Free Solution;31
5.6;Summary;34
5.7;Solutions Fast Track;34
5.8;Frequently Asked Questions;36
6;Chapter 2. Protecting Your Perimeter;38
6.1;Introduction;39
6.2;Firewall Types;39
6.3;Firewall Architectures;42
6.4;Implementing Firewalls;46
6.5;Providing Secure Remote Access;101
6.6;Summary;145
6.7;Solutions Fast Track;146
6.8;Frequently Asked Questions;147
7;Chapter 3. Protecting Network Resources;148
7.1;Introduction;149
7.2;Performing Basic Hardening;149
7.3;Hardening Windows Systems;154
7.4;Hardening Linux Systems;179
7.5;Hardening Infrastructure Devices;190
7.6;Patching Systems;191
7.7;Personal Firewalls;195
7.8;Providing Antivirus and Antispyware Protection;203
7.9;Encrypting Sensitive Data;216
7.10;Summary;224
7.11;Solutions Fast Track;224
7.12;Frequently Asked Questions;227
8;Chapter 4. Configuring an Intrusion Detection System;230
8.1;Introduction;231
8.2;Intrusion Detection Systems;231
8.3;Configuring an Intrusion Detection System;232
8.4;Configuring Snort on a Windows System;236
8.5;Configuring Snort on a Linux System;255
8.6;Other Snort Add-Ons;269
8.7;Demonstrating Effectiveness;272
8.8;Summary;273
8.9;Solutions Fast Track;274
8.10;Frequently Asked Questions;276
9;Chapter 5. Managing Event Logs;278
9.1;Introduction;279
9.2;Generating Windows Event Logs;279
9.3;Generating Syslog Event Logs;294
9.4;Securing Your Event Logs;342
9.5;Applying Your Knowledge;346
9.6;Summary;348
9.7;Solutions Fast Track;348
9.8;Frequently Asked Questions;350
10;Chapter 6. Testing and Auditing Your Systems;352
10.1;Introduction;353
10.2;Taking Inventory;353
10.3;Vulnerability Scanning;381
10.4;OSSTMM;397
10.5;Summary;401
10.6;Solutions Fast Track;401
10.7;Frequently Asked Questions;402
11;Chapter 7. Network Reporting and Troubleshooting;404
11.1;Introduction;405
11.2;Reporting on Bandwidth Usage and Other Metrics;405
11.3;Collecting Data for Analysis;407
11.4;Understanding SNMP;409
11.5;Troubleshooting Network Problems;439
11.6;Additional Troubleshooting Tools;453
11.7;Summary;457
11.8;Solutions Fast Track;457
11.9;Frequently Asked Questions;459
12;Chapter 8. Security as an Ongoing Process;462
12.1;Introduction;463
12.2;Patch Management;463
12.3;Change Management;469
12.4;Antivirus;474
12.5;Antispyware;474
12.6;Intrusion Detection Systems;475
12.7;Vulnerability Scanning;475
12.8;Penetration Testing;478
12.9;Policy Review;480
12.10;Physical Security;481
12.11;CERT Team;483
12.12;Summary;485
12.13;Solutions Fast Track;485
12.14;Frequently Asked Questions;487
13;Index;490
Chapter 2 Protecting Your Perimeter
Solutions in this chapter: ¦ Firewall Types ¦ Firewall Architectures ¦ Implementing Firewalls ¦ Providing Secure Remote Access ? Summary ? Solutions Fast Track ? Frequently Asked Questions Introduction
When it comes to securing networks, the first items that come to mind are firewalls, which are the primary gatekeepers between an organization’s internal network and the outside world. While a properly implemented firewall can be one of the most effective security tools in your arsenal, it shouldn’t be the only tool. The adage “defense-in-depth” means that you should have multiple layers of security. Using a defense-in-depth configuration, if one component of your defense failed or was defeated, there would still be a variety of other fallbacks to protect your network. With the availability of increasingly affordable firewalls such as the popular Linksys cable/digital subscriber line (DSL) router, using the free firewall alternatives may not be as attractive for some. With a little effort, however, you will find the free alternatives are more configurable, allowing greater flexibility and control than the “home office” grade offerings. This chapter focuses on securing your network perimeter. Remember that although the most common way to implement a firewall is between an internal network and the outside world (often the Internet), you should not limit yourself to placing firewalls only on the network edge. A firewall should be in any place you want to restrict the flow of traffic. With the current trend of security breaches originating from the inside of the network (often employees or ex-employees), companies are increasingly relying on firewalls to isolate and filter traffic between portions of the internal network. This chapter reviews some basic firewall concepts and briefly discusses the different architectural ways to implement a firewall. Most of this chapter discusses the installation and configuration of free firewalls to run on both Windows- and Linux-based systems. Finally, once the network edge has been adequately secured, we discuss how to create controlled, secure paths through the perimeter for remote connectivity, including administrative access or remote office/work from home scenarios. Firewall Types
No discussion of firewalls would be complete without a discussion of the different types of firewalls. This is particularly true in this context, because it allows you to better understand exactly where in the spectrum the free firewall offerings lie. In the networking sense, a firewall is basically any component (software or hardware) that restricts the flow of network traffic. This is a sufficiently broad definition to allow for all of the various ways people have chosen to implement firewalls. Some firewalls are notoriously limited in capability and others are extremely easy to use. Within the realm of firewalls there are many different ways to restrict network traffic. Most of these methods vary in the level of intelligence that is applied to the decision-making process. For example, to permit or deny traffic based on which network device is the sender or recipient, you would use a packet-filtering firewall. In reality, even the simplest packet filtering firewalls can typically make decisions based on the source Internet Protocol (IP) address, the destination IP address, and the source and/or destination port number. While this type of firewall may sound overly simplistic, consider if you have a server running a Web site for use on the Internet. In all likelihood, the only traffic that you need to allow to the server uses a destination port of Transmission Control Protocol (TCP) 80 or 443; thus, you could configure your firewall to permit only that traffic. These ports are used for HTTP and HTTPS, respectively. Because the server is available for the Internet, you can’t filter traffic based on the source address or source port, which will be different for each connection. The primary drawback with a simple packet filter is that the packet-filtering firewall has to rely on very primitive means to determine when traffic should be allowed (e.g., synchronous [SYN] or acknowledgement [ACK] bits being set). While this was adequate in the early days of the Internet when security was not as big of a concern, it won’t work any more. It is trivial to set the bits on the packet using freely available software to make the traffic look like it is a reply to another connection. Thus the stateful inspection firewall was born of necessity. This type of firewall monitors all connections (inbound or outbound), and as the connection is permitted (based on the firewall’s configured rules) it enters this connection into a table. When the reply to this connection comes back, even if the reply uses a port that the firewall was not previously configured to permit, it can intelligently realize the traffic is a response to a permitted session and permit the traffic. Unfortunately, as the firewalls get better so do the methods hackers use to circumvent them. Suppose you have configured your firewall perfectly and there are no holes: every permitted port is one you expressly want to allow. Using the previous example, no traffic is allowed to the Web server except Web traffic. Sounds good, but the problem is, if the firewall is completely secure, the server might not be. Flaws in the Web server software could allow the attacker to send the server an HTTP request that is 10,000 characters long, overflowing the buffers and allowing the attacker to execute the code of his choice. The packets used to transport the 10,000-character HTTP request are all legal TCP packets as far as the firewall is concerned: therefore, it would permit them to pass through to the Web server. The next step in firewall evolution serves to combat this type of attack. These types of firewalls are application gateways, or layer 7 firewalls. This type of firewall not only filters network traffic based on the standard network parameters, but they also understand the higher layer protocol information contained within the packet, in this example HTTP. The firewall itself knows what a legitimate HTTP request looks like and can filter out a malformed or malicious request even though, from a network perspective, it might otherwise be a permitted packet. There is a downside to this type of approach, which is that the firewall must be programmed with all the same intelligence needed to filter normal traffic, plus the firewall must fully understand the protocols it is inspecting. This means additional programming for any protocol you want the firewall to understand. Most of the major commercial application gateways offer support for the major protocols such as HTTP, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP). With all of this information circulating in your head, you’re probably wondering which type is available for free. Generally speaking, you can find many free varieties of firewalls that perform some type of stateful inspection. Application layer gateways are not readily available for free. In reality, few organizations have the funds to use application gateways extensively. One ramification of not using an application gateway is that you need to ensure that the service that is exposed to un-trusted traffic is configured as securely as possible and that the server itself is hardened against attack. Keeping the service patches up-to-date will help reduce the odds that an application-level attack will be successful. Firewall Architectures
The most securely configured firewall in existence will not provide much protection if a network was not designed properly. For example, if the firewall was installed into an environment that allows an alternate network path that bypasses the firewall, the firewall would only be providing a false sense of security. This is an architectural error that would render the firewall useless. In short, where the firewall is implemented is every bit as important as how it is implemented. The first step to installing anything is always planning. What follows is a discussion of the most common firewall architectures, in increasing order of security. Remember, these sections are discussing firewall architectures independent of the firewall type. For example, you could use a packet-filtering firewall, a stateful inspection firewall, or an application gateway in any of the designs discussed in the next section. Screened Subnet
A screened subnet is the simplest and most common firewall implementation. Most small businesses and homes use this type of firewall (see Figure 2.1). This design places the firewall on the edge of your network, dividing everything (from the firewall’s point of view) into internal and external, with nothing in between. Figure 2.1 Screened Subnet Firewall The screened subnet firewall (or edge firewall) is as straightforward as you can get. Internet users who need access to an internal server (e.g., Web, FTP, SMTP, and so on) must traverse the firewall to do so. Internal users needing access to those same servers would be able to access them...
