IP Security

Course Overview

The Internet has become an integral part of day-to-day communication and its use is growing all the time. At the same time, the number of threats to the security of users' data is increasing, with new methods to mount attacks against Internet Protocol (IP) networks constantly evolving. It is therefore of vital importance that engineers involved in IP network operation are aware of the types of attacks that can occur and how these can be prevented and managed. This broad course covers the most important aspects of managing security in IP networks. Topics include the techniques used by attackers and preventative measures such as firewalls and intrusion detection systems. There is also an important section on viruses and the means that can be used to protect against them. IP security protocols are covered in the later part of the course, including IPSec, Internet Key Exchange (IKE), Public Key Infrastructure (PKIX), Secure Sockets Layer (SSL) and Transport Layer Secuirty (TSL).

Audience

This course is primarily designed for engineering managers, crosstraining engineers, network architects, designers, planners, product managers, operational support staff and those who need an understanding of the security issues within IP networks.

This course is also very useful for engineers and scientists working in areas related to IP network operation. This includes those working within service delivery, service developers, billing, Government security or forensic work, technical support staff and those in technical management roles or those who need an understanding of the broad range of security issues within IP networks and how to protect against such threats.

Skills Gained

On completion of this course the student will be able to:

• explain the concepts of security risks, threats, vulnerabilities and countermeasures and name devices that protect against attack
• discuss the aims of attackers and their methods of targeting networks and systems
• describe network vulnerabilities and list common tools used for fingerprinting, scanning and enumeration of IP networks
• describe the four main types of firewall device currently deployed in networks
• compare and describe the four main types of IDS device currently deployed in networks
• identify different types of malware, state reasons for the proliferation of viruses and differentiate between viruses, worms and trojans
• discuss techniques used to detect viruses
• identify the main goals, components and technologies of a security framework
• describe the importance and operation of the IP Security Protocol (IPSec) and Internet Key Exchange (IKE)
• identify remote authentication protocols and describe their roles and key requirements
• explain the role and main componntes of the Public Key Infrastructure (PKI) in public and enterprise networks
• state the importance of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) and identify where TLS/SSL is used

Examinations

N/A

Prerequisites

An understanding of IP networks is beneficial, or previous attendance on Course IP2300 (IP Engineering Overview).

Course Outline

Introduction to Security in IP Networks

• Opening the network to security risks
• Threats, vulnerabilities and countermeasures
• Risk analysis and security policy
• Proportionality of countermeasures
• BS7799 and ISO17799
• NSA IAM
• CESG CHECK

Techniques Used By Attackers

• Techniques used by attackers
• Attacker objectives and processes
• Footprinting and scanning
• Enumeration
• Further stages in attacking a system

Testing Tools and Vulnerabilities

• Testing tools
• Ping and traceroute
• Nslookup, host and dig
• Ethernet sniffing
• Network mapper (Nmap)
• Nessus
• Kismet and AirSnort
• Cryptanalytical tools
• Vulnerabilities

Firewalls

• Stateless and stateful firewalls
• Cisco access lists
• Circuit level gateways
• Application-Level Gateway (ALG)
• Platform hardening
• Enterprise firewall architectures
• Border router security

Intrusion Detection Systems (IDS)

• IDS types and capabilities
• Snort NIDS and Tripwire HIDS
• Design and deployment of network-based sensors

Virus Scanning

• Virus scanning and detection
• Proliferation of viruses and malware
• Virus intentions and the arms race
• Virus actions and trojan actions
• Hiding strategies
• Detection of suspicious behaviour
• Proactive measures
• Protection and countermeasures

Introduction to Security Protocols

• Security framework
• Zones
• Encryption
• Key management techniques
• Authentication protocols
• Secure message authentication
• Session keys

IP Security Protocol (IPSec) and Internet Key Exchange (IKE)

• IP Security (IPSec)
• Virtual Private Networks (VPNs) and IPSec
• Security Association (SA)
• Transport and tunnel mode encapsulation
• Traffic security protocols
• Internet Key Exchange (IKE)
• ISAKMP policy
• Products Supporting IPSec

Remote Authentication Protocols

• Remote authentication
• Point-to-Point Protocol (PPP)
• Simple password authentication and PAP
• Challenge response password authentication and CHAP
• One-time passwords and S/KEY
• Trusted third parties and Kerberos
• Digital-certificate-based schemes and EAP
• Authentication databases and RADIUS
• EAP, RADIUS and DIAMETER

Public Key Infrastructure (PKIX)

• Public Key Infrastructure (PKIX)
• Secret key, public private key, and PKI
• Digital certificates
• CA certificates and trust paths
• Certificate revocation lists
• CRL architectures
• Registration authorities
• Certificate requests and responses
• Certification authorities and CA architectures

Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

• TLS objectives
• TLS record protocol
• TLS handshake protocol
• SSL/TLS basic phases
• TLS operation
• Handshake protocol operation
• Example decode of SSLv3
• Example decode of Transport Layer Security v1 (TLSv1)
• The Record Protocol
• TLS/SSL security measures

Follow On Courses

Those wishing to increase their knowledge base should consider the IP Backbone Traffic Engineering course. Those wanting a general overview of TCP/IP operation would benefit from the TCP/IP Protocol Suite. Students requiring knowledge of quality of service in IP networks should consider IP QoS, and for IP addressing issues IPv6 may be of interest