This is a free example essay on Network Defense and Countermeasures:
My goal is to provide an evaluation of the second class in the New Horizons Security Certified Program. This evaluation is a personal opinion and does not express the opinion of the State of Michigan or the Information Security Cortsoidum or any persons holding a CISSP.
This portion of the New Horizons class was well spread out. The first lesson was Network Defense Fundamentals. Authorization, availability, authentication, confidentiality, and integrity were defined and discussed as the five major key issues in network defense.
Layered defenses were examined as the best defensive strategy. When we talk about strategies, it is always good to use a well-known analogy so the students can relate. This portion of the course uses the castle analogy to discuss the various layers of security. Basic definitions included training and awareness, perimeter security, intrusion detection, non-repudiation, and attack responses.
The active defense-in depth defense was introduced and discussed in detail. This defense strategy stresses the use of multiple, overlapping protection approaches to ensure that failure or by-pass of any individual protection approach will not leave the system unprotected. The defense technologies involved in a layered defense include routers, firewalls, intrusion detection, and access control methods.
The audition process was briefly discussed. This topic could have been more in-depth. The security professional should know how to read logs. They should know that although most people don’t log all in coming and outgoing packets, they should. It is much harder to recreate a breach without logs. If the argument for not logging is due to the storage of data, organizations should weigh the risk between spending money to store this logged data or spending money to repair damage of a DDoS or worst yet a blended virus like Code Red. You need to know who is attempting to get into your system.
The second lesson, Designing Firewall systems were very thorough. What firewalls can and cannot do were discussed. A review was given into the different types of firewalls (packet filters, proxy servers). Where firewalls should be implemented was discussed. This took into account whether one was using a screened host; multi honed host, single packet filtering device, or a demilitarized zone.
Developing policies were stressed. Defining firewall policy was discussed along with various items that should be included in the security policy. The most common were the acceptable use statement, the network connection statement, the contracted worker statement, and the firewall administrator statement.
Although these were only examples, the security professional should become more educated on these and other policies. The introduction of wireless technologies has made developing policy a must in all organizations. They should also be aware that just having policies does not stop unauthorized behavior. Along with policy you must have some kind of enforcement mechanism in place.
Lesson 3, Configuring Firewalls included hands on implementation of Checkpoint’s Firewall-1. The definition and the use of stateful packet inspection were given along with in-depth dissuasion of installing and configuring Checkpoint’s VPN/1 Firewall-1.
Microsoft ISA Server was introduced and hands-on practice with creating policy and configuring rule sets were given. The Linux ability to bound together rules into IP chains was a concept that was new to me and was very interesting. We also had hands-on practice with creating these rules and following the flow of these rules by creating users and structuring rule management.
In Lesson 4 the objective was to implement a virtual private network and to examine the issues of the VPN and firewall architecture and VPN authentication. The discussions began with what the business driver was for a VPN, one being remote access and two being extranets. Advantages and disadvantages were covered for Remote Access but not for the Extranet. I would have liked the instructor to warn the future Security Professionals about the vulnerabilities of extranets. They need to know that your security is only as good as your connection to other networks, and once you are connected you need an agreement to make sure the other guy is secure.
A review was given into the types of VPN solutions, along with an in-depth review of IPSec, firewall related RFC’s, firewall vendors, and Windows 2000 VPN installation.
Lesson 5 included a much-needed refresher course on Intrusion Detection systems. Students were instructed on data collection and data analysis. We were taught the difference between Host-based and Network-based designs. We were also taught how to read the data collected through signature and satistical analysis.
Lesson 6 continued with configuring an IDS system. This was the most informative of all the lessons. Here we got a chance to use some tools that most of us (who work in state government) are not allowed to use. We installed snort and configured it to be an IDS by creating a simple rule set. We practiced with the command line version of Snort and the IDS GUI environment.
Lesson 7 continued with analyzing intrusion signatures. We discussed the normal and abnormal signatures along with common vulnerabilities, exploits and denial of service attacks. Snort logs were very helpful in viewing these types of attacks and exploits.
Lesson 8 gave us deep insight into the fundamentals of performing a risk analysis along with predicting, quantifying and mitigating risk. Knowing the overview of your organization, and network was also stressed. The risk analysis process was defined and the five stages (inventory, threat assessment, vulnerability list, evaluation of control, management, and monitoring) of the process were discussed.
On a going forward basis, continual risk analysis was discussed. The need to develop a total, continuous risk assessment process was stressed.
In Lesson 9 we examined the concept of security policies: design, enforcement, and monitoring. Policy standards and templates were explored. Specific procedures for incident handling were explored. This section was very informative. We not only learned the difference between the CSO, Chief Security Officer, CTO, Chief Technical Officer and the SA, Security Analyst; we also learned what the areas of responsibility were for each.
This was a very informative class and I would give it a personal recommendation to anyone interested in learning about network defense and countermeasures. The content of the instruction along with the hands-on practice with the tools that were included presents a very detailed road map for learning. The case study of the attacks on GRC was a great insight into hackers and their methods.
______________