Host Perimeter Defense

Most of us have a problem. We are under attack. At this very moment, our internet-connectedcomputer systems are being subjected to a surprising number of probes, penetration attempts, andother malicious attention.In this talk, we will discuss the types of attacks that are being used against our computers, and how todefend against these attacks.
Nội dung trích xuất từ tài liệu:
Host Perimeter Defense Host Perimeter Defense Security Essentials The SANS Institute Host Perimeter Defense - SANS ©2001 1Most of us have a problem. We are under attack. At this very moment, our internet-connectedcomputer systems are being subjected to a surprising number of probes, penetration attempts, andother malicious attention.In this talk, we will discuss the types of attacks that are being used against our computers, and how todefend against these attacks. You will learn about both free and commercial software products thatwill help you improve the security of your systems. These products present a variety of solutions,ranging from easy-to-configure, “hassle-free” products that provide a reasonable level of security, tomore complex solutions that provide more stringent measures for high-value assets. 6-1 Agenda • Do we have a problem? • Who is vulnerable? • Threats and types of protection • Features to look for • Summary Host Perimeter Defense - SANS ©2001 2We will begin this talk by examining the scope of the problem, and you will learn about the types ofsystems that are vulnerable and that may require protection.The main portion of this talk will focus on the various threats to your host’s security, and the types ofprotection (including specific tools) that can be used to defend against these threats.Finally, we will discuss some features to look for when choosing a host perimeter solution. Asummary of important information will round out the talk. At the end of the webcast, you will beable to recommend and implement utilities and policies for host perimeter defense. 6-2 Host Perimeter Defense • Defends the borders of your computer • Complements network perimeter defense – Additional layer of protection • May also be first line of defense Host Perimeter Defense - SANS ©2001 3Host perimeter defense is just what it sounds like: Defending the perimeter of the host itself - theborders of your computer.Most security-conscious organizations protect the borders of their network with tools such asfirewalls or packet-filtering routers. In this situation, host perimeter defense complements networkperimeter defense by adding a second layer of security. Even if an intruder is able to penetrate yournetwork, he or she will then have to penetrate any host-based security to access protected hosts onyour network.There are also instances when host perimeter defense may be your first line of defense. This is true,of course, if there is no network protection. This would be the case, for instance, where yournetwork security is bypassed - for example, through a connection to a dial-up server inside yourfirewall. It is also the case for systems that are not on a standard network - such as home computers-which nevertheless connect to the Internet through an Internet Service Provider (ISP). 6-3 Who is Vulnerable? • Any host that is: – Directly connected to the internet – “Protected” behind a firewall – Networked with any other hosts (even if not connected to the internet) – Connected via modem, cable modem, ISDN, DSL, etc. Host Perimeter Defense - SANS ©2001 4Any networked host may be a candidate for protection using host perimeter defense solutions,including:• computers directly connected to the Internet. Any host directly connected to the Internet is visibleto (and potentially vulnerable to!) any one of the several million other Internet users around theglobe. Essentially, anyone from Russia to Brazil to the person next door can “see” your computer -and may be able to compromise it.• computers “protected” by a firewall. A firewall is not a bulletproof solution to your securityproblems. Dial-up connections may bypass your firewall’s security completely. “Legitimate” trafficallowed through the firewall may contain dangerous code, such as malicious Java applets in HTTPtraffic, or Trojan executables in electronic mail (SMTP) traffic. Users may install unauthorizedsoftware or modems that create security holes.• hosts on a private network. Even if you are completely disconnected from the Internet, you mayneed to protect your hosts from each other. A large number of security breaches come from inside anorganization. Employees trying to steal information for a competitor, or disgruntled employees whomight want to damage or destroy information, present a real threat.The information on threats and defenses in the following slides can be applied to any of the abovescenarios. However, for the purpose of this course, we will focus on one scenario in particular that isoften overlooked. 6-4 Impact of the Problem • Personal information – Financial records – Account names/passwords • Business information – Home-based business – Telecommuters – Connect to corporate LAN from home Host Perimeter Defense - SANS ©2001 5This problem can be a s ...