Eicon Networks S92 Manuel d'utilisateur

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 1 CHAKTI N_YU_ G CFW.PDF SAN S G CFW P R A C T I C AL A SS I G N M E N TYuChakTinmicha

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 10Forperformancereason,aminimumoftwointernetlinksaredeployed,withonedevotedto

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 100AnInterfaceConfigurationExample:Asmentionedbefore,VisNetichasitsrulesconfigure

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 101n “In”definestrafficfromRemotetoLocaln “Out”definestrafficfromLocaltoRemot

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 102Settheactionto“Allow”forthisrule,andconfigurethefirewalltologalltheitems.

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 103LocalInterfaceConfiguration:AtVisNetic_1,wearetryingtoprotectthefollowingtrus

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 104n DISALLOWAny<IN&OUT,Any >AnyAnotherinterfacewhichrequiresfilter

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 105ConfiguringtheProxyServerRefertot he“ProductsPreparation”section forinformation

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 106SecurityPolicy:1. Provideproxyserviceforinternalclientsaccessingtheinternet.P

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 107ISAServerConfiguration:ISA_CacheisaMicrosoftISAserverbasedcachingsolution.It

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 108Internal_Admin,Internal_Dev),shouldbeconfiguredas“internal”.PresstheConstructTa

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 109Theinternalclientsshouldbeproperlydefinedasclientsets.Theseclientsincludeall

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 11q SSLanddigitalcertificatesaredeployedbytheecommercewebsite.Suchcapabilities

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 110ProtocolRules:ProtocolrulesinISAServerdeterminewhichprotocolsclientscanuseto

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 111n DNSn NNTPFirewallConfigurationOptions:AlthoughISA_Cacheisprimarilyresponsibl

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 112Forpacketfiltering,thesinglemostimportantsettingistodenyanyrequeststowardst

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 113SincetheinternalclientsmaybeactingasremoteVPNclientsforaccessingthepartners

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 114transformedintoanotherformatwhentherequestsareprocessedbyISAserver.HTTP/SSLs

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 115ISAServersupportstwomajortypesofcaching:HTTPandFTP.Thereisalwaysatradeoff

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 116Asmentionedbefore,cachedobjectsmaybeoutdated.Forcertainobjects thatinvolvedyn

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 117TheconfiguredISA_CacheserverwilllistenonTCPport8080aswellasSSLport8443(SS

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 118supposedtohandleincomingtraffic.BasicTesting: n FromInternal_Clients,accessan

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 119ConfiguringtheVPNServerRefertoAssignment1 forinformationonWindows2000hardening

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 12 à InternalstaffsasVPNclientsaccessingexternalpartners’securesitesviaPPTPRAS:

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 120VPNModel:A routertorouterVPNmodelisnotdeployedprimarilybecausethevolumeofu

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 121SecurityPolicy:Thesecuritypoliciestobeenforcedhereare:1. OnlyPPTPconnections

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 122serverfortheremoteusersaccordingly.Sincetheexternalpartnersandsuppliersareus

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 123Weshouldthen configureW2K_VPNtoaccept11 incomingPPTP connections. Thenumberofco

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 124Wealsowanttologasmuchinformationabouttheconnectionsaspossible.VPNProtocol:

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 125PPTP iseasyandinexpensivetoimplement.”26PPTPisconsideredasreasonablysecure.

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 126ConfiguretheVPNportsandthestatic route:Bydefault,RRASallocates5portsforPPT

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 127PPTP inputpacketfiltersareconfiguredontheadapterthatisonthesideof theIntern

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 128Foradditionalprotection,wewanttosetthefilterstoallowconnectionsonlyfromthe

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 129ConfiguringBasicFiltersonRouter_Eiconcard:Router_Eiconcardistherouterforinterne

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 13Thereasonstousemultipledevicesare:1,Onatrulysecurenetwork,multiplelayersof

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 130WithEiconcardConnectionsforWindows2000,allpacketsareforwardedforaconnectionf

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 131headerssothatitappearsthatthepacketsarecomingfromthathost.”30Detailedinfor

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 132shouldbeallowedtopassthroughatRouter_Eiconcard.n Inspectthelogfile.Indepth

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 133ConfiguringtheR ASServerTheRAS_NetRASserverisa“backdoor”tothenetwork. Itall

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 134theOnlineDocumentationprovidedbyMicrosoft,“InWindows2000,authorizationisgrante

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 135Moreindepthtestingshouldbeperformedattheauditstage.

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 136SpecialConsideration theEm ailServerEmailsecurityisamajorissueinnowadaysse

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 137Assignment3TheSecurity Audit

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 138Overview“Firewallsaregreatforrestrictingaccesstoyournetwork,butfirewallscanno

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 139n anyvulnerabilityexistinthesecuritydevicesn whetherthesecuritypoliciesarep

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 14simplicityasthekeytosuccessfulfirewallimplementation1.Inordertomakesimpleru

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 140Eachnetworkshouldbetestedfrom theinternal usernetworks toensurethatsafetyexist

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 141NumberofStaff:n 3Timebudget:n 1dayforPhrase0n 1dayforPhrase1n 1dayf

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 142ToolsoftheTradeToperform an auditagainstthefirewallsystems,weneedthehelpof

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 143comprehensivereportofeachscan.”(fromwww.eEye.com37)Retinaisusedinourproject

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 144CHAMinitsownvulnerabilityresearcheffortsandhasbeeninvaluableinenhancingitsc

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 145Selectalltheauditoptions.SuperScan“ApowerfulconnectbasedTCPportscanner,pinge

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 146NetBrute“NetBruteallowsyoutoscanasinglecomputerormultipleIPaddressesforavai

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 147A Trojanisadestructiveprogramthatmasqueradesasabenignapplication.Accordingto

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 148UDPFlood“AUDPpacketsender.ItsendsoutUDPpacketstothespecifiedIPandportata

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 149Assessment–froman“Insider”perspectiveSincetherearetimeandresourceconstraints,

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 15Subnets:TheGIACnetwork issegmentedintothefollowingsubnets:n Core_Net:thisisth

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 150Testscenarios:

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 151ScenarioOne:Segmentsinvolved:Core_Net(192.168.16.0), Internal_Servers(192.168.18.0)

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 152Scanfrom Target(s) Tool Ports/SharesdiscoveredIntrusionloggedComments/Recommend

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 153blockedviatheinterface’sportfilter,sinceweneverknowwhenanewvulnerabilitywil

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 154RulebaseassessmentAsanexternalpartner,connectasavalidVPNclientandaccessall

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 155ScenarioTwo:Involvedsegments:Core_Net(192.168.16.0), Internal_Clients(192.168.17.0)

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 156Scanfrom Target(s) Tool Ports/SharesdiscoveredIntrusionloggedComments/Recommend

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 157192.168.16.99Norton2_IDS Retina Nil*OScannotbedetected.Yes ThefactthattheOS

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 158192.168.16.99192.168.20.0NetBrute Nil Yes192.168.16.99Norton3_IDSShareScannerNil

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 159ScenarioThree:Segmentsinvolved:Core_Net(192.168.16.0),Public_Services(192.168.8.0)

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 16IPSettings:TheIP addressschemeinthisprojectissimplifiedforillustratingtheconn

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 160Scanfrom Target(s) Tool Ports/SharesdiscoveredIntrusionloggedComments/Recommend

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 161n nonHTTP/HTTPStrafficfromInternal_Clients.n nonHTTP/HTTPStrafficfromRAS_Net.

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 162“NSLOOKUP canbeusedtotransferanentirezonebyusingthelscommand.Thisisuseful

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 163recommendedin thebook“HackProofingyourECommerceSite”48.48PublishedbySyngres

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 164Scanfrom Target Tools Ports/SharesdiscoveredIntrusionloggedComments/Recommended

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 165Therefore,theservershouldbeinvestigatedsuchthattheservicesusingtheseportsare

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 166n TheRASphonenumbershouldalwaysbekeptconfidential.n Itistechnicallypossible

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 167Assessmentfroman“Outsider”perspectiveAgain,weneedtofirstidentifythepossible

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 168ScenarioOne:Remarks:Therouterisconfiguredwithonlyonetypeoffilter–filteraga

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 169Scanfrom Target(s) Tool Ports/SharesdiscoveredIntrusionloggedComments/Recommend

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 17n Ext_DNS– 192.168.8.4(NAT >192.168.7.9)n Ext_SMTP – 192.168.8.5(NAT >192.

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 170nothingelse.Theexistenceofanyactiveportmustbeinvestigatedtodetermineifthey

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 171OtherassessmentmethodsAnattackinghostwithitsIPaddressdeliberatelysettoan“in

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 172ScenarioTwo:Segmentsinvolved:Outsideworld,Public_Services(realaddress192.168.8.0

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 173asrecommendedinthebook“HackProofingyourECommerceSite”50.Scanfrom Target(s)

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 174OutsideFW1_B2CSub_Net Nil YesOutside192.168.7.0(publishedaddresses)Sub_Net Nil

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 175Firstofall,abaselineisobtainedbyrunningstresstestsagainstthewebserverdirec

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 176

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 177ScenarioThree:Segmentsinvolved:Outsideworld,Core_Net(192.168.16.0)Remarks:n Thi

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 178Scanfrom Target(s) Tool Ports/SharesdiscoveredIntrusionloggedComments/Recommend

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 1791723/tcpPPTP8080/tcpproxy8080/udpproxyThefunctionofW2K_VPNisservicingremotea

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 18LayersofProtection:Intermsofsecurity,thegoalistoensurethatcritical internal r

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 180OutsideW2K_VPNNetBrute Nil N/AOutside192.168.16.0NetBrute Nil N/AOutsideW2K_VP

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 181ScenarioFour:Segmentsinvolved:Outsideworld,Internal_Clients(192.168.17.0), Interna

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 182Scanfrom Target(s) Tool Ports/SharesdiscoveredIntrusionloggedComments/Recommend

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 183ScannerOutside192.168.19.0ShareScannerNil YesOutside192.168.20.0ShareScannerNi

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 184AdministrativeSecurityAssessmentForeveryfirewallandrouterinuse,determinethefo

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 185AuditReportAuditoftheGIACnetworksecurityarchitecturewasperformedfrom4thApri

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 186businesscriticalapplicationsandendusers.FloodGate1canbedeployedwithVPN1®/Fir

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 187Recommendatio nFiveItisrecommendedthatanauditbeperformedonthepartner/supplier

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 188Assignment4Designunderfire

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 189AttackTargetVincentBerk’sdesignathttp://www.sans.org/y2k/practical/Vince_Berk_GCFW.

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 19n RoutingandtrafficinspectionareCPUintensive.Dualprocessorsystemisalwaysrecom

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 190FirewallAttackInformationGathering:VisitthetargetGIACwebsite.Studyitthoroughl

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 191Sincewejusttalkedaboutthedefaultports,onethingwecan try istoexplorevulnerab

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 192DNSserverthroughthefirewall.Iftheresultispositive,wecanstructureanattackba

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 193Attacking–theIPFragmentroute:ThisattackallowsustobogdownFW1.CheckPointha

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 194is changed to another one than your's, no packets get back. Dest: Is the destinatio

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 195DoSattackTheDoSattackthatIwilluseisaSmurfattack.AccordingtoSymantec,Smurf

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 196Intheory,wecan pingaroundtheinternettofindoutwhocanbeusedasamplifiers.Thi

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 1972,Retrieveandusethelistof existingamplifiers:Tools fortheAttackWhattoolssho

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 198TribeFloodNetwork UDP,ICMP,SYN.SmurfStacheldrachtandvariants UDP,ICMP,SYN.Sm

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 199andSmurfstyleattacks,aswellasprovidingan"ondemand"rootshellboundt

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 2TableofContentsAssignment1 ...

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 20Router_Eiconcard:n Borderrouterforboth theB2ClinkandtheB2Blinkn Platform:Pla

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 200stepsbelow:1. Writeasimpleprogramthatallowsustosetthenumberofpingattempts

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 201tradeoffsinlife.Still,theaboveapproachdoesnotsolvetheproblemoftrafficconges

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 202CompromisingInternalSys temsWhenIreviewthedifferentpostedpracticalassignments,

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 203Viathenonemailroute:IfGIAChasanantivirussolutionrunning,theemailattachment

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 204executable.Thistendstobehiddenfrom theuser,whoexpectsadocumenttobedatatha

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 205“MailScan isworld'sfirst'RealTime'ContentSecuritySoftwarethatper

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 206ListofReferences(inalphabeticalorder)HackProofingYourEcommerceSite,ISBN:192

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 207http://www.enteract.com/~lspitz/rules.htmlhttp://www.foundstone.com/knowledge/proddesc/s

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 208http://www.webopedia.com/TERM/P/proxy_server.htmlhttp://www.webopedia.com/TERM/s/spoof.h

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 209

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 21EiconcardS92dualWANportsadaptor andthree 100BaseTNICs.n Hardware:DualPentium3

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 22Norton2_IDS:n FirewallprotectionforInternal_Adminn IntrusionDetectionn Platform:

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 23VisNetic_1:n FirewallprotectionforInternal_Servers,RAS_NetandCritical_Resourcesn

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 24n Platform:x86basedWindows2000Servern Hardware:SinglePentium3500MHZ,256MBRAM

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 25Equipments’ IPSettings:TheIPaddressschemeinthisprojectissimplifiedforillustrat

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 26n 192.168.6.1(to W2K_VPN)n 192.168.7.1(toFW1_B2C)W2K_VPN:n 192.168.6.2(toRouter

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 27n 192.168.22.2(toRAS_Net)EquipmentFaultToleranceandRedundancy:Althoughitisposs

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 28NOT goingonlineatthesametime.Remember,thestandbysystem shouldbeallowedtogoon

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 29Assignment2DefinetheGIACSecurityPolicySecurityStepbystepTutorial

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 3ACleanFW1Installation...

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 30DesignPrincipleAsmentionedbyLanceSpitznerinhisarticle“BuildingYourFirewallRul

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 31OverallPolicyObjectivesFor theGIACproject,theoverall policyobjectivesaredefined

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 32n PolicyObjective7: Allinternalusers,aswellasallserversfrom theInternal_Server

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 33componentsthatareoftenoverlookedaspotentialthreats3.<Anythingnotexplicitly

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 34

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 35LocalPolicyE nforcementPoliciesatRouter_Ei concard1. Performroutingonthethreet

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 364,IDS:n TheIDScanalertInternal_AdminviaSMTP.n Snort(http://www.snort.org/)is

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 375. RASuserswhoconnectviaRAS_NetcanaccesstheInternal_Serverssegmentwithanypro

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 38segment.2. Outboundaccessrequestsmadeby Internal_Dev arenotrestrictedbythisfire

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 39ProductsPreparationTopresentacompletepictureofthesecurityarchitectureimplementa

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 4ConfiguringtheNorton1_IDSFirewall:...

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 40inspectiontechnology.Aformofdynamicpacketfiltering,statefulinspectionworksatth

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 41Asofthetimeofthiswriting,thelatestservicepackavailableforNTServer4isversi

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 42n RPCConfigurationn ServerFW1canfunctionperfectlyevenwithouttheseservices.On

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 43Step4Removeunusedandpotential lydangerouscomponents.The“dangerous”componentsa

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 44Administratorsgroup.WindowsNTServer, likeotheroperatingsystems,allowsprivileged

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 45enhancedsecurityagainst"passwordguessing" or "dictionaryattacks"

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 46ACleanFW1InstallationAcleanFW1installationgivesagoodstart.Forourproject,e

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 47n 20001101: CheckPointFirewall1ValidUsernameVulnerabilityn 20000815:  Chec

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 48HardenedWindows2000PerfectingtheWindow s2000 InstallationFirstofall,installthe

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 49Step1Removeunusednetworkservices.TCP/IPshouldbetheonlynetworkserviceattache

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 5ProxyFilters ...

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 50Forsecurityreason,wewanttologasmuchinformationonRIPaspossible.Also,weshoul

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 51n RoutingandRemoteAccessn Workstationn ServerThereasonweneedtokeeptheWorks

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 52Step6Removeunusedandpotential lydangerouscomponents.TheOS2andPosixsubsystems

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 53n net.exen netstat.exen NSLOOKUP.exen ping.exen ping.exen posix.exen qbasic.e

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 54filesarenotaccessiblefromotheroperatingsystemssuchasDOS.”(fromwebopedia.com14

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 55Formaximumprotection,thefirewallshouldbeconfiguredtorunautomaticallyatsystems

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 56peaceofmindthroughcomprehensiveintrusionprotection.”16VisNeticisdesignedforbus

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 57Whenrunning,thefirewallmustbeintheFilterstate.Whenthefirewallserviceisnotr

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 58VulnerabilitiesSameasforNortonFirewall,wehavenotbeenabletoidentifyanyvulnera

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 59datacrossingthefirewall,controlofaccesspolicy,androuting oftraffic.Thecachei

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 6Testscenarios:...

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 60Availableathttp://www.microsoft.com/isaserver/downloads/sp1.asp,"InternetSecurity

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 61ISAServerVuln erabilitiesAccordingtoSamCostelloofIDGNewsService,“MicrosoftFrid

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 62TheH.323GatekeeperandProxyServiceflawswerediscoveredbyPeterGrundl.Thescriptin

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 63DefaultPortAssignmentsforCommonServicesonaWindows2000NetworkSinceGIAC’snetwor

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 64LDAP(SSL) 636MTA X.400overTCP/IP 102POP3 110POP3(S SL) 995RPC 135SMTP 25

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 65Macintosh,FileServices(AFP/IP) 548MembershipDPA 568MembershipMSN 569MicrosoftC

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 66Radiusaccounting(RoutingandRemoteAccess)1646or1813Radiusauthentication(Routing

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 67PRIMARYFirewallConfigurationTutorial–Che ckPointFW1ConfiguringtheR ulebasefor

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 684. PropertiesmarkedBEFORELASTintheSecurityPolicyProperties5. RuleBaselastrul

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 69NetworkObjects:Beforewesetupanyrule,alltherelevantnetworkobjectsmustbebuilt

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 7CounterMeasures...

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 70DNSn TheDNSservern Theserver’saddressinthenetworkis192.168.8.4.n Theserver

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 71Emailn TheSMTPservern Theserver’saddressinthenetworkis192.168.8.5.n Theser

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 72SELFn FW1_B2Citselfn Totheoutside:192.168.7.2n Totheinside:192.168.8.2

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 73Rules:1,Removeall thedefaults(forsecuritypurpose) EXCEPTthe“AcceptOutgoingPacke

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 74Theoption“ApplyGatewayRulestoInterfaceDirection”isrelatedtotheconceptofinter

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 75Keepinmind,SYNGatewayisresourceintensive.Itdoesproducenegativeperformanceimpa

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 764,Verifytherules.ClickPolicy – Verifytocheckandensurethattheserulesareerror

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 77IfforsomereasonsthePolicywassuccessfullyverifiedbuterroroccursduringinstallat

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 78ThepossiblestatusesoftheFirewall1Daemonare:n INSTALLED,meaningthedaemonisru

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 79TotesttheDNSqueryrule,dothefollowing:n Fromtheoutside,useNSLOOKUPtoinitial

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 8Assignment1DefineasecurityarchitectureforGIACEnterprise,anebusinesswhichconduc

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 80Notethatthereare3typesoflog:theStandardLog,theAccountingLogandtheActiveLo

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 81Bydefault,thelogincludestoomanycolumns.WecanselectthecolumnstoviewviatheS

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 82Ifthelogfilegrowstoobig(thisispossibleinabusynetwork),considertostartane

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 83n TheIDScanalertInternal_AdminviaSMTP.n Snort(http://www.snort.org/)isanideal

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 84n InternaltothefirewallWWWn TheEcommercewebservern Theserver’saddressinthe

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 852,DonotenabletheSynDefenderGateway option.ItisnotlikelytoseeSynfloodattacks

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 86ReviewthelogviatheLogViewer.BasicTesting: n FromInternal_Clients,useNSLOOKUP

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 87ConfiguringtheOtherDevicesConfiguringtheN orton1_IDSFirewall:Refertot he“Produc

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 88n Inournetwork, Internal_Clients(192.168.17.0)canfreelyaccessInternal_Servers(192

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 89ConfiguretheAdvancedOptions:IntheAdvancedOptionssection,enablethefollowingopti

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 9IntroductionAsecurityarchitectureenforcesanorganization’ssecuritypolicies.Todevel

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 90ConfigureIntrusionDetection:NortonFirewallcandetectportscanattemptsandautomatic

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 91BasicTesting: n FromInternal_Clients,accessafileshareinInternal_Servers.Thereq

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 92ConfiguringtheN orton2_IDSFirewall:Refertot he“ProductsPreparation”section forin

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 93ConfiguretheSecurityLevel:Weneedthehighestpossiblelevelofsecurityhere.Toset

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 94FurtherindepthtestingshouldbeconductedattheAuditstage.

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 95ConfiguringtheN orton3_IDSFirewall:Refertot he“ProductsPreparation”section forin

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 96Internal_Servers(192.168.18.0)configuredasTrusted.ConfiguretheSecurityLevel:Wene

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 97requestshouldsucceed.n FromRAS_Net,accessafileshareinInternal_Dev.Therequest

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 98ConfiguringtheVisNetic _1Firewall:Refertot he“ProductsPreparation”section forinf

YuChakTinMichael‘sGIACGCFWProjectAssignmentPage 99FW1.DefiningtheInterfaces:VisNetichasitsrulesconfiguredonaperinterfacebasis.