Scribd
Upload
4 views

Lect 01 Unit-III

Uploaded by

thebigbull405
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

Lect 01 Unit-III

Uploaded by

thebigbull405
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Unit 3: Security Controls and Tools

 Intrusion Detection and Prevention


o Intrusion Detection Systems (IDS)
 Network-Based IDS (NIDS)

 Host-Based IDS (HIDS)

o Intrusion Prevention Systems (IPS)


 Signature-Based IPS

 Behavior-Based IPS

 Virtual Private Networks (VPN)


o VPN Components and Technologies
 VPN Concentrators

 VPN Protocols (IPsec, SSL VPN)

o Configuring and Managing VPNs


 VPN Client Configuration

 Site-to-Site VPN Deployment

 Wireless Network Defense


o Wireless Network Threats and Countermeasures
 Rogue Access Points

 Evil Twin Attacks

o Implementing Wireless Security Controls


 Wi-Fi Protected Access (WPA/WPA2)

Wireless Intrusion Detection Systems (WIDS) Prof. (Dr.) Satish N. Gujar


Professor, JSPM University.
An Intrusion Detection and Prevention System (IDPS) is a crucial component in
network security. It monitors network traffic for suspicious activities and takes action
to prevent potential threats. Here’s a brief overview:

Key Functions of IDPS


1.Monitoring and Detection: Continuously scans network traffic to identify potential
threats.
2.Alerting: Sends alerts to administrators about detected threats.
3.Prevention: Takes automated actions to block or mitigate threats.

Types of IDPS
•Network-based IDPS (NIPS): Monitors traffic across the entire network.
•Host-based IDPS (HIPS): Focuses on monitoring traffic on individual hosts or devices.
Detection Methods
•Signature-based Detection: Compares network activity against a database of known
threat signatures.
•Anomaly-based Detection: Identifies deviations from normal network behavior.
•Hybrid Detection: Combines multiple detection methods for improved accuracy.
A Network-Based Intrusion Detection System (NIDS) is a type of Intrusion Detection
System (IDS) that monitors network traffic at strategic points within a network to
detect suspicious activities and potential threats. Here are some key points about
NIDS:
1.Functionality: NIDS analyzes data packet headers and payloads as they flow across
the network. It can detect various types of malicious activities, such as unauthorized
access attempts, malware, and other security breaches.
2.Detection Methods:
1. Signature-Based Detection: Identifies known threats by comparing network
traffic against a database of known attack signatures.
2. Anomaly-Based Detection: Detects deviations from normal network behavior,
which could indicate potential threats.
3. Hybrid Detection: Combines both signature-based and anomaly-based methods
to improve detection accuracy.
3.Deployment: NIDS can be deployed as dedicated hardware appliances, software
applications, or cloud-based services. They are typically placed at key points in the
network, such as routers or switches, to monitor traffic effectively.
4.Passive Monitoring: NIDS operates passively, meaning it only observes network
traffic and generates alerts when suspicious activity is detected. It does not take
direct action to block or mitigate threats.
5.Complementary Role: NIDS works alongside other security measures like firewalls
and antivirus software to provide a comprehensive security posture.
Signature-Based IPS
•How it works: This type of IPS uses a database of known attack patterns or
signatures. When network traffic matches one of these signatures, the IPS
takes action to block the threat.
•Strengths: Effective at identifying and stopping known threats quickly.
•Limitations: It can only detect attacks that have been previously identified
and added to the signature database.
Behavior-Based IPS
•How it works: This type of IPS monitors the behavior of network traffic and
systems. It looks for anomalies or deviations from normal behavior that
might indicate a potential threat.
•Strengths: Capable of detecting new, unknown threats (zero-day attacks) by
identifying unusual activity.
•Limitations: May produce more false positives, as legitimate activities
might sometimes be flagged as suspicious.
A Virtual Private Network (VPN) is a technology that creates a secure and
encrypted connection over a less secure network, such as the internet. This
allows users to send and receive data as if their devices were directly
connected to a private network, ensuring privacy and security.
Key Components of a VPN
1.Encryption: This ensures that data transmitted over the VPN is unreadable
to anyone who intercepts it. Common encryption protocols include IPsec,
SSL/TLS, and AES.
2.Authentication: This verifies the identity of users and devices before
allowing access to the VPN. Methods include passwords, digital
certificates, and multi-factor authentication.
3.Tunneling: This involves encapsulating data packets within other packets
to create a secure “tunnel” through the internet. Protocols like PPTP, L2TP/
IPsec, and OpenVPN are used for tunneling.
4.VPN Server: This is the endpoint that users connect to. It handles the
encryption and decryption of data and routes traffic between the user and
the internet.
5.VPN Client: This is the software or hardware on the user’s device that
connects to the VPN server and manages the encryption and tunneling
processes.
Technologies Used in VPNs
•IPsec (Internet Protocol Security): Provides secure communication by
authenticating and encrypting each IP packet in a communication session.

•SSL/TLS (Secure Sockets Layer/Transport Layer Security): Often used for


securing web-based communications, such as accessing a secure
website.

•OpenVPN: An open-source VPN protocol that uses SSL/TLS for key


exchange and can traverse firewalls and network address translators
(NATs).

•PPTP (Point-to-Point Tunneling Protocol): One of the oldest VPN


protocols, known for its ease of setup but considered less secure than
newer protocols.
Types of VPNs
1.Remote Access VPN: This allows individual users to
connect to a private network from a remote location. It’s
commonly used by employees to access their company’s
network securely from home or while traveling.
2.Site-to-Site VPN: This connects entire networks to each
other, such as linking a company’s main office with its
branch offices. It uses dedicated equipment to maintain
the connection.
3.Mobile VPN: This is designed for mobile devices,
maintaining a secure connection even as the device
moves between different networks.
VPN Client Configuration
1.Install VPN Client Software: Choose a VPN client compatible with your operating system (e.g., OpenVPN,
Cisco AnyConnect).
2.Import Configuration Files: Obtain the necessary configuration files from your VPN provider or network
administrator.
3.Configure Connection Settings: Input the server address, authentication details, and any specific settings
required (e.g., encryption protocols).
4.Connect to the VPN: Use the client software to establish a connection, ensuring that all settings are
correctly applied.
Site-to-Site VPN Deployment
1.Create Virtual Networks: Define the virtual networks on both ends of the VPN connection. Ensure there are no
overlapping IP address ranges.
2.Configure VPN Gateways: Set up VPN gateways on both sites. This involves creating gateway subnets and assigning
public IP addresses.
3.Establish VPN Tunnels: Configure the VPN tunnels using protocols like IPsec. This includes setting up IKE (Internet
Key Exchange) and IPsec policies.
4.Routing Configuration: Define the routing rules to ensure traffic is correctly routed between the sites. This can involve
static or dynamic routing protocols like OSPF.
5.Test the Connection: Verify the VPN connection by testing the communication between the two sites.
Common Wireless Network Threats
1.Piggybacking: Unauthorized users connect to your network, potentially conducting illegal activities or stealing data.
2.Wardriving: Attackers drive around searching for unsecured networks to exploit1.
3.Evil Twin Attacks: Attackers set up a fake access point to trick users into connecting, allowing them to intercept
sensitive data.
4.Wireless Sniffing: Attackers use tools to capture unencrypted data transmitted over the network.
5.Denial of Service (DoS): Attackers flood the network with traffic, causing disruptions2.
6.Rogue Access Points: Unauthorized access points set up within the network to bypass security measures.
Countermeasures
1.Strong Encryption: Use WPA3 encryption to secure data transmissions.
2.Network Segmentation: Separate critical systems from less secure areas of the network.
3.Regular Updates: Keep firmware and software up to date to protect against known vulnerabilities.
4.Intrusion Detection Systems (IDS): Implement IDS to monitor and alert on suspicious activities.
5.Access Control: Use strong passwords and multi-factor authentication to restrict access.
6.Physical Security: Secure access points physically to prevent tampering.
7.User Education: Train users to recognize and avoid potential threats, such as connecting to unknown networks.

You might also like