Steve Newlen's CIM 279 Network Security

Mastering Network Security Chapter Outlines

Chapter 5

  1. Defining an Access Control Policy
    1. Access Control Descriptors
      1. Direction
      2. Service
      3. Specific Host
      4. Individual Users
      5. Time of Day
      6. Public or Private
      7. Quality of Service (QoS)
  2. Definition of a Firewall
    1. When is a Firewall Required?
      1. Dial-In Modem Pool
      2. External Connections to Business Partners
      3. Between Departments
    2. Firewall Types
      1. Static Packet Filtering
        1. The TCP Flag Field
          1. ACK
          2. FIN
          3. PSH
          4. RST
          5. SYN
          6. URG
        2. Packet Filtering UDP Traffic
        3. Packet Filtering ICMP
        4. Static Packet Filtering Summary

Static packet filters are non-intelligent filtering devices. They offer little protection against advanced types of attack. They look at a minimal amount of information in order to determine which traffic should be allowed to pass and which traffic should be blocked. Many routers have the ability to perform static pack filtering.

      1. Dynamic Packet Filtering
        1. Dynamic Packet Filtering in Action
        2. UDP Traffic And Dynamic Packet Filtering
        3. Is My Transport supported?
        4. Dynamic Packet Filter Summary

Dynamic packet filters are intelligent devices that make traffic-control decisions based on packet attributes and state tables. State tables enable the firewalling device to "remember" previous communication packet exchanges and make judgements based on this additional information.

The biggest limitation of a dynamic packet filter is that it cannot make filtering decisions based on payload, which is the actual data contained within the packet. In order to filter on payload, you must use a proxy-based firewall.

    1. Proxies
      1. How a Poxy Passes Traffic
      2. Client Configuration in a Proxy Environment
      3. Benefits of a proxy Client
      4. Drawbacks to a Proxy Client
      5. Transparent Proxies
      6. Filtering Java, ActiveX, and HTML Scripts
  1. What Type of Firewall Should I Use?
  2. Should I Run My Firewall on UNIX or NT?
    1. UNIX versus NT
    2. NT versus UNIX
    3. You Decide...
  3. Additional Firewall Considerations
    1. Address Translataion
      1. Hiding NAT
      2. Static NAT
      3. Port Address Translations (PAT)
    2. Firewall Logging
    3. Firewall Deployment
  4. Chapter 5 SUMMARY

CHAPTER 9 -- Authentication and Encryption



  1. The Need for Improved Security
    1. Clear Text Transmissions
    2. Passively Monitoring Clear Text
    3. Clear Text Protocols
      1. FTP
      2. Telnet
      3. SMTP
      4. HTTP
      5. IMAP
      6. SNMPv1
  2. Good Authentication Required
    1. Session Hijacking
    2. Verifying the Destination
      1. C2MYAZZ
      2. DNS Poisoning
  3. Encryption 101
    1. Methods of Encryption
      1. Stream Cipher
      2. Block Cipher
      3. Public/Private Crypto Keys
    2. Encryption Weaknesses
      1. Mishandling or Human Error
      2. Cipher Deficiencies
      3. Brute Force Attacks
        1. Methods of Encryption and Their Associated Keys
Encryption Bits in Key Number of Possible Keys
Netscape 40 1.1x106
DES 56 72.1x106
Triple DES (2 keys) 112 5.2x1033
RC4/128 128 3.4x1038
Triple DES (3 keys) 168 3.7x1050
Future standard? 256 1.2x1077


      1. Government Intervention
  1. Good Encryption Required
  2. Solutions
    1. Data Encryption Standard (DES)
    2. Digital Certificate Servers
    3. IP Security (IPSEC)
    4. Kerberos
    5. Point-to-Point Tunneling Protocol
    6. Remote Access Dial-In User Service (RADIUS)
    7. RSA Encryption
    8. Secure Shell (SSH)
    9. Secure Sockets Layer (SSL)
    10. Security Tokens
    11. Simple Key Management for Internet Protocols (SKIP)
  3. Chapter 9 SUMMARY

CHAPTER 10 -- Virtual Private Networking



  1. VPN Basics
    1. VPN Usage
      1. Modem Pool Replacement
      2. Dedicated WAN Link Replacement
      3. Selecting a VPN Product
      4. Strong Authentication
      5. Adequate Encryption
      6. Adherence to Standards
    2. VPN Product Options
      1. Firewall-Based VPN
      2. Router-Based VPN
      3. Dedicated Hardware and Software
    3. VPN Alternatives
  2. Setting up a VPN
    1. Preparing the Firewall
    2. Our VPN Diagram
    3. Configuring Required Network Objects
      1. Defining Network Objects
      2. Defining the Firewalls
      3. Configuring the Remote Firewall
    4. Exchanging Keys
      1. Fetching Keys on the Remote Firewall
    5. Modifying the Security Policy
    6. Modifying the Security Policy on the Remote Firewall
    7. Testing the VPN
      1. Verifying the Data Stream
  3. Chapter 10 SUMMARY


Chapter 11 -- Virus, Trojans, and Worms: Oh My!



  1. Viruses: The Statistics
    1. Financial Repercussions
  2. What is a Virus?
    1. Replicaiton
      1. File Infection
      2. Boot Sector Replication
      3. Common Traits of File Infection and Boot Sector Replication
    2. Concealment
      1. Small Footprint
      2. Attribute Manipulation
      3. Stealth
      4. Anti-virus Countermeasures
      5. Encryption
      6. Polymorphic Mutation
      7. Bomb
    3. Social Engineering Viruses
      1. Replication
      2. Concealment
      3. Bomb
  3. Worms
      1. The Vampire Worm
      2. The Great Internet Worm
      3. The WANK Worm
      4. Other Worms
  4. Trojan Horses
      1. Why Trojan Horses are not Viruses
      2. Did I purchase a Trojan Horse?
  5. Preventative Measures
    1. Access Control
    2. Checksum Verification
    3. Process Monitoring
    4. Virus Scanners
    5. Virus Scanner Variations
      1. Problems with Large Environments
    6. Heuristic Scanners
    7. Application-Level Virus Scanners
  6. Deploying Virus Protection
    1. Protecting the Desktop Systems
      1. Enable BIOS Boot Sector Protection
      2. On-Demand Scanning
      3. Memory-Resident Scanning
      4. Options Not Considered
    2. Protecting the NT and NetWare Servers
      1. On-Demand Scanning
      2. Memory-Resident Scanning
      3. File Permissions
      4. Options Not Considered
    3. Protecting the UNIX System
      1. File Integrity Checking
      2. Process Monitoring
      3. File Permissions
      4. Options Not Considered
  7. Chapter 11 SUMMARY




CHAPTER 12 -- Network Disasters

  1. Disaster Categories
  2. Network Disasters
    1. Cabling
      1. Thinnet and Thicknet
      2. Twisted Pair
      3. Fiber Cabling (fibre)
      4. Excessive Cable Lengths
    2. Topology
      1. Ethernet
      2. Token Ring
      3. FDDI
      4. Lerased Line or T1 Connections
      5. Frame Relay
    3. Single Points of Failure
      1. Consolidated Equipment
      2. Taking Advantage of Redundant LAN Routes
      3. Dial Backup for WAN Connections
    4. Saving Configuration Files
      1. Terminal Logging
      2. TFTP Server
  3. Server Disasters
    1. Uninterruptible Power Supply (UPS)
    2. RAID
      1. RAID 0
      2. RAID 1
      3. RAID 2
      4. RAID 3 and RAID 4
      5. RAID 5
      6. RAID 10 and RAID11
    3. Redundant Servers
    4. Clustering
    5. Tape Backup
      1. Full Backups
      2. Incremental Backups
      3. Differential Backups
    6. Server Recovery
      1. Installing the server operating system
      2. Installing any required drivers
      3. Instgalling any required service packs
      4. Installing any required hotfixes or security patches
      5. Installing backup software
      6. Installing any required patches to the backup software
      7. Restoring your last full backup tape
      8. Restoring any incremental or differential tapes as required.
  4. Simulating Disasters
    1. Importance of disaster simulation
    2. Nondestructive Testing
    3. Document Your Procedures
  5. OctopusHA+ for NT Server
    1. An Octopus Example
    2. Installing Octopus
    3. Configuring Octopus
    4. Testing Octopus
  6. Chapter 12 Summary



Chapter 16 -- The Anatomy of an Attack

  1. Collecting Information
    1. The whois Command
    2. Domain Name
    3. Physical Location
    4. Administrative Contact
    5. Phone Numbers
    6. Valid Subnet
      1. What a War Dialer Can Find
    7. The nslookup Command
    8. Search Engines
  2. Probing the Network
    1. The traceroute Command
    2. Host and Service Scanning
      1. Ping Scanning
      2. Port Scanning
      3. TCP Half Scanning
      4. FIN Scanning
    3. Passive Monitoring
    4. Checking for Vulnerabilities
      1. Manual Vernabilities Checks
      2. Automated Velnerabilities Scanners


  3. Launching the Attack
    1. Hidden Accounts
    2. Man in the Middle
      1. C2MYAZZ
    3. Buffer Overflows
      1. An Example of a Buffer Overflow
      2. Other Buffer Overflow Attacks


    1. SYN Attack
    2. Teardrop Attacks
      1. Launching a teardrop Attack
    3. Smurf
      1. Blocking Smurf at the Source
      2. Blocking Smurf at the Bounce Site
      3. Blocking Smurf at the Target Site
    4. Brute Force Attacks
    5. Physical Access Attacks
  1. Chapter 16 -- The Anatomy of an Attack Summary