Sei sulla pagina 1di 592

Tactical Perimeter Defense

Warren Peterson

Warren Peterson is the President of Security Certified Program, LLC and the founder of the Security Certified Program. Mr. Peterson regularly delivers standing-room only security presentations for government and corporate clients on subjects ranging from general security to the threats of Cyber terrorism. Mr. Peterson is an accomplished and experienced teacher who holds many industry certifications. His training methods have earned him the utmost respect and recognition from both his students and his peers. Even many years after courses have ended, many of Mr. Peterson’s students from around the world stay in touch with him.

Mr. Peterson has developed instructional curriculum for customized courses, such as courses for Microsoft, Cisco, CompTIA, and various security programs. In addition to writing for magazines, such as Certification Magazine, he is the lead author for the Security Certified Program courses, including: Network Security Fundamentals, Hardening the Infrastructure, Network Defense and Countermeasures, Tactical Perimeter Defense, Strategic Infrastructure Security, Advanced Security Implementation, and Enterprise Security Solutions.

Mr. Peterson includes the following personal thanks:

Thank you to my wife, Carin, you and our girls give me constant support, and I thank you for your devotion. You remind me daily

why teaching is so important. I love you deeply, and look forward to seeing you again now that this writing phase is over!

Thank you to Waleed, you have been the foundation behind more positive change than I can describe, knowing you and working with you has been a true pleasure. Thanks to Gene, for your trusted advice and mentoring; to Mark, for your passion and enthusiasm (go have another coffee!); to Tracy, for your loyalty and friendship, which are unmatched; to Joe, for your professionalism, and desire for the best; to Dave, for always being there, even early in the morning.

And, thanks to Charles, Shrinath, and Robert, time has moved us apart, but you have each made an impression on me, and I thank you for that.

Shrinath, and Robert, time has moved us apart, but you have each made an impression on

TACTICAL PERIMETER DEFENSE

Course Number: SCPTPD20 Course Edition: 2.0 For software version: N/A

ACKNOWLEDGEMENTS

Project Team

Curriculum and Technical Writers: Warren Peterson and Clay Scott Copy Editor: Carin Peterson Reviewing Editor: Sandy Castle-Rhoads Technical Editor: Tracy Richter Quality Assurance Analyst:

David Young Graphic Designer: Mark Patrick

Project Support

Development Assistance: Ben Tchoubineh

NOTICES

DISCLAIMER: While Security Certified Program LLC takes care to ensure the accuracy and quality of these materials, we cannot guarantee their accuracy, and all materials are provided without any warranty whatsoever, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. Any name used in the data files for this course is that of a fictitious company. Any resemblance to current or future companies is purely coincidental. We do not believe we have used anyone’s name in creating this course, but if we have, please notify us and we will change the name in the next revision of the course. Security Certified Program LLC is an independent developer of courseware and certification programs for individuals, businesses, educational institutions, and government agencies. Use of screenshots, photographs of another entity’s products, or another entity’s product name or service in this book is for editorial purposes only. No such use should be construed to imply sponsorship or endorsement of the book by, nor any affiliation of such entity with Security Certified Program LLC. This courseware may contain links to sites on the Internet that are owned and operated by third parties (the “External Sites”). Security Certified Program LLC is not responsible for the availability of, or the content located on or through, any External Site. Please contact Security Certified Program LLC if you have any concerns regarding such links or External Sites.

TRADEMARK NOTICES: The Security Certified Program, SCP, SCNS, SCNP, and SCNA are trademarks of The Security Certified Program, LLC in the U.S. and other countries; The Security Certified Program, SCP, SCNS, SCNP, products and services discussed or described may be trademarks of The Security Certified Program, LLC. All other product names and services used throughout this book may be common law or registered trademarks of their respective proprietors.

Copyright © 2007 Security Certified Program, LLC. All rights reserved. Screenshots used for illustrative purposes are the property of the software proprietor. This publication or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, storage in an information retrieval system, or otherwise, without express written permission of Security Certified Program LLC, 825 West State Street, Suite 204, Geneva, Illinois 60134, USA. (630) 208-5030. Security Certified Program LLC’s World Wide Web site is located at: www.SecurityCertified.Net.

This book conveys no rights in the software or other products about which it was written; all use or licensing of such software or other products is the responsibility of the user according to terms and conditions of the owner. Do not make illegal copies of books or software. If you believe that this book, related materials, or any other Security Certified Program LLC materials are being reproduced or transmitted without permission, please call 1-630-208-5030.

are being reproduced or transmitted without permission, please call 1-630-208-5030. ii Tactical Perimeter Defense

TACTICAL PERIMETER DEFENSE

About This Course

 

xvii

Lesson 1: Network Defense Fundamentals

1

Lesson 2: Advanced TCP/IP

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

31

Lesson 3: Routers and Access Control Lists

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

95

Lesson 4: Designing Firewalls

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

155

Lesson 5: Configuring Firewalls

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

189

Lesson 6: Implementing IPSec and VPNs

 

299

Lesson 7: Designing an Intrusion Detection System

 

369

Lesson 8: Configuring an

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

403

Lesson 9: Securing Wireless Networks .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

447

537

Index

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

543

. . . . . . . . . . . . . . . .

CONTENT

OVERVIEW

CONTENTS

TACTICAL PERIMETER DEFENSE

CONTENTS

About This Course

xvii

Course Setup Information

xxii

How To Use This

Book .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

xl

LESSON 1: NETWORK DEFENSE FUNDAMENTALS

 

Topic 1A Network Defense

2

Five Key Issues of Network Security

 

3

The Threats to Security

5

Defensive Strategies

6

Defensive Strategy Requirements

8

Task 1A-1

Identifying Non-repudiation Issues

 

10

Topic 1B

Defensive Technologies

 

10

The Castle Analogy

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

10

Attacking the Castle

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

11

The

The

Castle’s

Castle’s

. Intrusion Detection

Firewall

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

11

12

The

The

. Defense Technologies

Castle’s

Back

Doors.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

12

13

Task 1B-1

Describing the

Layers of a

Defended Network

 

14

Topic 1C

Objectives of Access

Control

.

.

.

.

.

.

.

.

.

.

15

Access

Control .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

15

Authentication

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

16

Authentication

16

Task 1C-1

Describing the Challenge Response

Token Process

 

20

Topic 1D

The Impact of Defense

 

21

Firewalls

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

21

Encryption .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

21

Passwords

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

22

Intrusion

Detection

Systems.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

22

Auditing.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

22

Task 1D-1

Describing the Problems of Additional Layers of

 

23

Topic 1E

Network

Auditing Concepts

 

23

Security Auditing Basics

23

Security Audits

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

24

Audit Trails

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

25

Handling and Preserving Audit

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

25

Legal

Considerations

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

25

Describing Network Auditing

 

26

Task 1E-1 Lesson Review 1

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

27

LESSON 2: ADVANCED TCP/IP

 

Topic 2A

RFCs .

TCP/IP Concepts .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

33

36

The

Function

of

IP.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

36

The

Subnet

Mask

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

40

Task

Routing

2A-1

.

.

.

.

Layering and

.

.

.

.

.

.

.

.

.

.

Address Conversions

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

42

42

. VLSM and CIDR

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

43

X-casting

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

44

Task 2A-2

Routers and

 

44

Topic 2B

Ports

.

Analyzing the Three-way Handshake . .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

46

48

50

Network

Monitor

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

52

Task

2B-1

Using Network Monitor

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

57

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

58

Task 2B-2

Installing

and Starting Wireshark

 

58

Wireshark

Overview

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

59

Task 2B-3

Using

Wireshark

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

62

TCP Connections

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

63

Task 2B-4

Analyzing

the Three-way

Handshake

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

63

The Session Teardown Process

 

64

Task 2B-5

Analyzing the Session Teardown

Process.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

65

Topic

2C

Capturing and Identifying IP Datagrams

 

65

Task 2C-1

Capturing and Identifying IP

 

67

Topic

2D Capturing and Identifying ICMP

68

Task 2D-1

Capturing and Identifying ICMP

69

Topic

2E

Capturing and Identifying TCP Headers

 

70

Task 2E-1

Capturing and Identifying TCP

 

72

Topic

2F

Capturing and Identifying UDP Headers

 

73

Task 2F-1

Working with UDP

 

73

Topic

2G

Analyzing Packet

 

74

Task 2G-1

Analyzing Fragmentation

 

75

CONTENTS

CONTENTS

Topic 2H

Analyzing an Entire Session

76

Task 2H-1 Performing a Complete ICMP Session

Analysis

 

76

Continuing the Complete Session Analysis

79

Task 2H-2 Performing a

Complete FTP Session

Analysis

.

.

.

.

.

.

.

.

.

.

.

.

.

80

Lesson Review 2

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

92

LESSON 3: ROUTERS AND ACCESS CONTROL LISTS

 

Topic 3A

Fundamental Cisco

96

Authentication and Authorization

98

Configuring Access

99

Task 3A-1

Configuring Passwords

100

Creating User Accounts

100

Implementing

Banners

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

101

Implementing

Cisco Banners

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

101

Task 3A-2

SSH

Overview.

Configuring Login

.

.

.

.

.

.

.

.

.

.

.

.

SSH

.

.

.

.