Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Network hardening

No description
by

on 31 March 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Network hardening

Network Hardening

Overview
Cisco security solution
Cisco IOS Software delivers a sophisticated set of security capabilities for a comprehensive, layered security approach throughout your network infrastructure.
Cisco IOS security technologies help to defend critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls.
Cisco IOS Content Filtering
Monitor and block Web activity
Protection from malicious websites
Easy deployment
Conserve network resources
Cisco IOS Firewall
protect the network infrastructure against network- and application-layer attacks, viruses, and worms.
Suitable for branch offices, small to medium business environments, or managed services.
It works with other Cisco IOS security features, including Cisco IOS IPS, IOS Content Filtering, and IOS Network Address Translation (NAT), to create a completely integrated branch-office perimeter security solution.
Cisco IOS IPS
Inline, deep-packet inspection feature that effectively mitigates a wide range of network attacks.
Provides your network with the intelligence to accurately identify, classify, and stop or block malicious traffic in real time.
Faster remediation of the attack
Asma Adnane
What is network hardening ?
What are basics of Network hardening ?
Segmentation
Hardening:
Mobile environments
Data transport
Wireless
Other elements
CISCO IOS Security
Definition
The proactive approach to enterprise network security by implementing preventive measures against attacks before they occur
http://www.secure-bytes.com/hardening+services.php
Ports & services
Admin account & tasks
Filter malicious content
Rogue connections
Account settings
Basics of Network hardening
Change default settings
Rename admin account
disable guest accounts
Only prevents simple attacks
Accounts are
Used only for admin tasks
Run as administrator
$ SU ... (Linux)
1 - Identify unused/unnecessary ports
scanner/netstat
2- Disable unused services & daemons
Use security template
Disable rogue applications
Find all wireless connections
Provide protection from virus intrusion
Provide protection from malware
Detail recovery procedures
Segmentation
Model
Job responsibilities
Threat level
Risk level
Service types
Business needs
Methods
At the server
Access Control Lists
Firewalls
VLANs
Example
Hardening Mobile Environments
Establish a mobile-device Security Policy
Provide secure mobile authentication
Mobile-connectivity risks
Medium range threats
Short range threats
Long range threats
Hardening Data transport
Encryption standard
Encryption Protocol
Authentication method
When in Doubt, Use IPSec
When should encryption be used
Hardening Wireless
Plan for secure wireless networks



Seek & Destroy rogue WLANs

WLAN Topology: Unified, sgemented, VPN Access
Security Policy
Segregation
Authentication
Encryption
Implement WLAN Discovery Procedures
Authentication
Servers
(Web, DB,...)
IDS and Firewalls
Internet Security & acceleration Server (ISA)
Accelerates the Internet by web caching
ISA helps to implement an organization's business security policy through its administrative tools
Proxy server
Packet filtering
Stateful inspection
Application filtering
Server and Web publishing
Monitoring and Reporting
Support for Remote Access
Cisco IOS IPsec
IPsec is a robust encryption technology that enables to securely connect branch offices and remote users
You can increase the reach of your network without significantly expanding your infrastructure by using Cisco IOS IPsec VPNs.
access control to business resources,
Cost-saving: easy-to-install, easy-to-use
Cisco IOS SSLVPN
Extend Your Network to Any Location
the industry's first router-based Secure Sockets Layer VPN solution,
offers "anywhere" connectivity from any resources (company resources, employee PCs, contractor or business partner desktops, and Internet kiosks).
Cisco Secure Desktop, a component of SSL VPN, provides data theft prevention even on non corporate devices.
Cisco IOS NFP
Cisco Network Foundation Protection (NFP) framework aim to develop and implement security controls to protect the network infrastructure
And more ...
http://www.cisco.com/en/US/products/ps6586/products_ios_technology_home.html
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_implementation_design_guide09186a00800fd670.pdf
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/product_data_sheet0900aecd803137cf.pdf
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/product_data_sheet0900aecd80405e25.pdf
Reading list
Cisco - Secure Network infrastructure:
http://www.cisco.com/en/US/products/ps6540/index.html
Hardening Network Security, by John Mallery et all, Osborn ISBN 0-07-225703-2
Any questions ?
Full transcript