* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
Good day, I'm Brian Ferrill, and welcome to PACE-IT's session on network hardening techniques part I. Today, I'm going to discuss using secure protocols, using anti-malware software, and I'm going to conclude with implementing switch and router security. There is a whole lot of information to impart, but not a whole lot of time, so let's go ahead and begin this session. Of course I'm going to begin by talking about using secure protocols. Network security is always an ongoing process because the threats to it keep changing. Although security threats are continually evolving, administrators can use some techniques to harden the base network structure to help ease the ever shifting security landscape. These hardening techniques establish a good security foundation that can be further built upon making the network that much harder to crack. One of these hardening techniques is to use secure protocols whenever possible. Let's discuss some of those protocols. First up is Secure Shell or SSH. It's a protocol that is used to create an encrypted communications session between devices. It's commonly used to create a secure virtual terminal session. It should be used in place of Telnet whenever possible. Then there is SNMP version 3, that's Simple Network Management Protocol version 3. It's a protocol that is used to manage and configure devices remotely on the network. It's more secure than the prior two versions because it supports encryption. Secure File Transfer Protocol, or SFTP, should always be used in place of FTP. It's a protocol that's used to transfer data in managed file structures in a secure manner through the use of an SSH session. As I said just a moment ago, it is a better option than FTP, which requires user authentication but does not encrypt their communication. SFTP encrypts the whole process. Then there is TLS, or Transport Layer Security. It's a cryptographic protocol that is used to encrypt online communications. It uses certificates and asymmetrical cryptography to authenticate hosts and exchange security keys. It is a better option than SSL, or Secure Socket Layer, which functions in a similar manner. When performing sensitive online business, you should use HTTPS, Hypertext Transfer Protocol Secure. It's a protocol that is used to secure the communications channel between a Web browser and a Web server. HTTPS uses either TLS or SSL technology. IPsec is a network layer IP security protocol suite that can use multiple methods to mutually authentic both ends of the communication channel. It also will encrypt all data transmissions. Unlike most other protocols, it can provide end-to-end security for any application. Let's move to using anti-malware software. Anti-malware applications help to protect networks and network resources against malware intrusions as in spyware, viruses, and worms. There are three main options for using antimalware applications. There is post based anti-malware. The application is installed on the individual machines and only protects those nodes on which it resides. It's easily tuned to the needs of the individual host, but requires that the user keep it up to date. Then there is network based anti-malware. The application is installed within the local network and served to the individual clients that require it. It is easily administered, but harder to tune for the individual host. But the network administrator can ensure that it remains up to date. Finally, there is cloud based anti-malware. The application resides in the cloud; it is outside of the local network and it is served to the clients inside the local network, as needed. This service has a very small footprint on the local machine and tends to be kept more current than the other options, but it is an added cost that must be evaluated. Let's conclude with talking about implementing switch and router security. When is using a password not secure? The answer is when the password is kept in clear text. One solution to this is to save passwords and other sensitive information as hashes. Hashing is a cryptographic process that uses an algorithm to derive a set value (also known as the hash value) from the sensitive data. A hash can be used to verify that data is coming from where it is supposed to and that it has not been intercepted or changed in transit. The most popular hashing algorithms are MD5 and S-H-A, or SHA. Of the two, SHA is the more secure. And the wise network administrator makes sure that all passwords and usernames are kept as hash values. Under implementing switch security measures, switch port security measures are vital. First off, switch port security should be enabled. All enterprise switches are capable of having security measures enabled at the port level and that should happen. Also, the native VLAN should be changed from its default value. All active ports should be assigned to non-native VLANs. All non-active switch ports should be assigned to an unused non-native VLAN. Also VLANs should be created to clearly segment the network into logical secure areas. A switch port security measure that should be considered is MAC address filtering. This will only allow specific MAC addresses to connect to specific ports. DHCP snooping should be enabled. This will only allow DHCP responses from an administrator defined switch port. This means that all DHCP responses will come from the same port. In addition to DHCP snooping, dynamic ARP inspection, or DAI, should also be enabled. This process is combined with DHCP snooping to restrict to the opportunity for ARP cache poisoning to occur. All address resolution protocol requests are compared against the ARP table contained in the administratively defined DHCP server. Implementing these measures will greatly increase the security of your switches. Let's move on to router security measures. Each interface on a router should have an access control list, or ACL, in place to control and filter traffic. Each interface can actually have two ACLs, one ACL on the inbound side of the interface and one ACL on the outbound side of the interface. An ACL is a set of rules that is used to govern and filter the flow of network traffic into and out of a network. The ACL examines packets against its established rules, beginning from the first rule at the top of the list and continuing down through all the rules. The rules either allow or deny that packet from continuing. Once the packet matches a rule, the rule is enforced and the ACL process is exited. ACL rules can be based on protocols and ports, IP addresses, source addresses, destination addresses, etc. All ACLs end with an implicit deny statement, meaning that, if it isn't specifically allowed, then the packet is discarded. The ACL can be time based, as in day of the week or time of day, and it can fulfill a specific function based on the reason that it is created, as in an ACL can be used to filter out websites or Web content. That concludes this session on network hardening techniques part I. I talked about using secure protocols, then we moved on to using anti-malware software, and we concluded with a brief discussion on implementing switch and router security. On behalf of PACE-IT, thank you for watching this session, and I hope to do another one soon.