NETWORK SECURITY

HOSTED BY: ED-LAB PAKISTAN AND RISK ASSOCIATES

LOAD BALANCERS

Load Balancers dynamically balance the load between devices

• Typically servers but could be other devices as well
• Could be hardware or software based
Scheduling
• Affinity (Sticky Session)
• Round-robin

• Active-passive
• Active-active
ROUND ROBIN

Round robin network load balancing rotates connection requests among web servers in the
order that requests are received. For a simplified example, assume that an enterprise has a
cluster of three servers: Server A, Server B, and Server C.
• • The first request is sent to Server A.
• The second request is sent to Server B.
• The third request is sent to Server C
• The load balancer continues passing requests to servers based on this order. This ensures
that the server load is distributed evenly to handle high traffic.
DIFFERENCE BETWEEN WEIGHTED LOAD
BALANCING VS ROUND ROBIN LOAD BALANCING
• The weighted round robin load balancing algorithm allows site administrators to assign weights to each
server based on criteria like traffic-handling capacity. Servers with higher weights receive a higher
proportion of client requests. For a simplified example, assume that an enterprise has a cluster of three
servers:
Server A can handle 15 requests per second, on average
Server B can handle 10 requests per second, on average
Server C can handle 5 requests per second, on average
• Next, assume that the load balancer receives 6 requests.
• 3 requests are sent to Server A
• 2 requests are sent to Server B
• 1 request is sent to Server C.
In this manner, the weighted round robin algorithm distributes the load according to each server’s capacity.
SECURITY / SEGMENTATION MODELS

• Physical
• Logical
• Virtualization
• Air Gapping
PHYSICAL

Physically connected to the same switches

PHYSICAL/ LOGICAL

• By
Implementing
VLANs
systems
could be
logically on
separate
networks
PHYSICAL / LOGICAL

1. VLANS can group hosts that are in different

locations in to logical groupings

2. Creates smaller collision domains, reducing

chatter

3. Can be used to create security boundaries

to segment traffic
ZERO TRUST

• Castle and moat philosophy where everything behind the firewalls was thought to be safe is
no longer valid
• Internal and external traffic should be monitored and nothing implicitly trusted (internal or
external)
• Micro-segmentation and gritty access providing only the levels of permissions required
1. MFA
2. IAM
3. Orchestration
4. Analytics
5. Encryption
VIRTUAL PRIVATE NETWORK (VPN)

Creates a private network across a public network

• Tunneling protocol such as:
• - L2TP (Layer 2 Tunneling Protocol)
• - PPTP (Point to Point Tunneling Protocol)
• - IPSec (IP Security)

• Security comes from tunneling protocol (i.e. PPTP) and encryption method (i.e. IPSec)
VPN

Many companies provide VPN access to their remote employees to access corporate
resources from offsite location
- Access can be restricted to only certain parts of the corporate network
SPLIT TUNNEL

Split tunnel allows a user to access one set of resources via Firewall/VPN and other
resources directly (i.e. internet websites)
TRANSPORT ENCRYPTION

• IPsec (Internet Security Protocol)

• - Authentication Header (AH)
• Provides authentication and integrity
TRANSPORT ENCRYPTION

• IPSec
• - Encapsulating Secure Payload (ESP)
• Provides confidentiality along with optional integrity checking
• Adds a header, trailer and integrity check value (ICV)
NETWORK ACCESS CONTROL (NAC)

Network Access Control or Network • - Becoming more important as BYOD

Admission Control becomes more and more prevalent
• Refers to a set of policies that define a • Good Messaging
minimal set of requirements each device • Mobile Iron
must have before being allowed on the • Airwatch
network • Types of Agents
• Anti-virus installed and up to date
• Permanent Agent
• Certain OS / Patch level
• Applications
• Dissolvable Agent
IN-BAND VS. OUT-OF-BAND

• Network devices can be managed/accessed both in-band and out-of-band depending on

preference, architectural limitations, etc.
• In-Band Access Control
Out-of-Band NICs
• - Separate interface for management network
• - Used for lights out management
• - Monitoring and audit/logging
• - Can be used to patch, install OS, or troubleshoot a host that is offline or won’t boot
PORT SECURITY

• Configure a switch so that it only learns one MAC address per port
• – Keeps attackers from sending multiple fake MAC addresses
• – Can be set to trigger alert
• – MAC address can be hard-coded to a particular port
• Can be used in conjunction with 802.1x to strengthen security at the wall jack
DHCP SNOOPING

DHCP snooping is a layer 2 security technology that monitors for rogue DHCP servers
• Switches can be configured to prevent malicious or malformed DHCP packets
• When a violation is detected, the event should be logged, and alerts generate for further
follow-up/action
MAC FILTERING

• MAC filtering predefines which Media Access Control (MAC) address can connect to the
router or access point.
• This won’t prevent a skilled hacker from spoofing an allowed MAC address
• MAC Addresses are very easy to spoof
• - Tools like Kali Linux and WireShark can allow an attacker to scan a network and discover
valid MAC addresses
• - Use aireplay-ng or aircrack-ng to send a deassociation packets to the client and connect in
its place
• - Can be done manually or even faster via scripts
JUMP SERVER

Servers used to connect to devices in remote networks

• Can be used to perform admin tasks in networks with limited connectivity
• • Firewalls, bandwidth, etc.
Security risks potentially if not configured and maintained, bridge networks, etc.
WEB SECURITY GATEWAYS

Proxy Server with Advanced Features

• Virus Scanning
• Prevent connections to inappropriate sites such as P2P or file-sharing sites like Dropbox,
Box.net, etc
• Data Loss Prevention (DLP)
• For example: Cisco WSA, Squid Proxy, etc.
TYPES OF FIREWALLS

• Stateless Firewalls or packet-filtering firewalls

• Proxy firewalls (ALG)
• Stateful Firewalls
• Next Generation Firewalls
WEB APPLICATION FIREWALL

Operates at the Application Layer of the OSI model (Layer 7)

Designed with granular rules specifically to analyze traffic to web servers and prevent
typical attacks
• SQL Injection attacks
• XSS (Cross-site-scripting)
• Forged HTTP requests
UNIFIED THREAT MANAGEMENT (UTM)

Multi-purpose suite of tools that provide:

• Firewall
• NIDS/NIPS
• Gateway Anti-virus / Anti-SPAM
• VPN functionality
• Content filtering
• Load Balancing
• Data Loss Prevention (DLP)
FILE INTEGRITY CHECK

• Integrity checks protect against tampering by ensuring a file hasn’t been modified
• - Credentials
• - Privileges and Security Settings
• - Content
• - Attributes and size
• - Hash values
• Compares current state against a known good state