Book Image

Untangle Network Security

By : Abd El Monem A Mohamed El Bawab
Book Image

Untangle Network Security

By: Abd El Monem A Mohamed El Bawab

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Untangle Network Security
Abd El Monem A Mohamed El Bawab
Oct, 2014 | 368 pages
No titles found
Table of Contents (21 chapters)
Untangle Network Security
Untangle Network Security
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Untangle
Introduction to Untangle
Introducing Untangle, Inc.
An overview on information security
Introducing Untangle NGFW
Reviewing the change log
Summary
2
Installing Untangle
Installing Untangle
Understanding the hardware requirements of Untangle NGFW
Setting up your lab
Getting Untangle
Writing your image
Untangle NGFW installation guide
Summary
3
The Initial Configuration of Untangle
The Initial Configuration of Untangle
Understanding the boot options
The initial configuration wizard
Registering your server
Reviewing the GUI
Untangle NGFW administration options
Summary
4
Untangle Advanced Configuration
Untangle Advanced Configuration
Untangle placement options
Understanding the architecture of Untangle NGFW
Managing Untangle NGFW interfaces
Configuring Untangle NGFW high availability
Configuring the Untangle NGFW hostname
Configuring Untangle NGFW Services ports
Untangle NGFW network services
Configuring advanced network options
Understanding Untangle NGFW rules
Troubleshooting
Summary
5
Advanced Administration Settings
Advanced Administration Settings
Configuring the administration settings
Managing Untangle SSL certificates
Configuring the e-mail settings of Untangle NGFW
Upgrading Untangle
Backing up and restoring
Monitoring your Untangle NGFW
Reviewing system information and license details
Summary
6
Untangle Blockers
Untangle Blockers
Dealing with Untangle NGFW modules
Protect your network from viruses
Spam!!…It's something from the past
No more phishing
Utilizing Untangle Ad Blocker
Summary
7
Preventing External Attacks
Preventing External Attacks
Protecting against DoS attacks
Intrusion prevention using Untangle NGFW
Understanding Untangle's Firewall application
Summary
8
Untangle Filters
Untangle Filters
Untangle Web Filter
Utilizing HTTPS Inspector
Untangle Application Control
Summary
9
Optimizing Network Traffic
Optimizing Network Traffic
Bandwidth Control
Web Cache
Summary
10
Untangle Network Policy
Untangle Network Policy
Directory Connector
Untangle's Captive Portal
Untangle's Policy Manager
Summary
11
Untangle WAN Services
Untangle WAN Services
WAN Failover
WAN Balancer
Troubleshooting
Summary
12
Untangle VPN Services
Untangle VPN Services
Understanding VPN
OpenVPN
IPsec VPN
Summary
13
Untangle Administrative Services
Untangle Administrative Services
Untangle's Reports
Branding Manager
Live Support
Configuration backup
Summary
14
Untangle in the Real World
Untangle in the Real World
Understanding the IT regulatory compliance
Untangle in real life
Summary
Index
Index

An overview on information security

If you have a public IP, you and your company may be the next victim of the cybercrime business. 75 percent of Internet traffic is malicious (https://wiki.cac.washington.edu/download/attachments/7479159/White_Paper_6-Feb26-round2-AS-BE+DRAFT.doc) and the cybercrime business value equals 105 USD billion, which surpasses the value of the illegal drug trade worldwide. In addition, most of the cybercrime attacks are determined, not just opportunistic, and they include the theft of IDs, trade secrets, research and development, and so on. So, you must be ready.

The CIA triad

Your role as a security administrator is to protect the information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. The CIA triad is explained as follows:

  • Confidentiality: Ensuring that the data or an information system is accessed by only an authorized person

  • Integrity: This means protecting data from modification or deletion by unauthorized parties

  • Availability: Ensuring that data and information systems are available when required

Types of attacks

The attacker's target is to compromise one or more attributes of the CIA triad, which will allow him to gain access to confidential data and steal it. He may be interested in manipulating data by deleting or modifying some parts of it. Also, his target may be to reduce or interrupt the availability of your services, which could highly impact your reputation. Common methods and attacks that are used by attackers are as follows:

  • Malware: This is a short name for malicious software. This is used or created to disrupt computer operations, gather sensitive information, or gain access to private computer systems. Some malware types are as follows:

    • Virus: This attaches itself to legitimate applications. Viruses can be used to cause direct damage such as prevent the computer from booting or to open some ports and services, which can be used by the attacker to gain access or steal data. They can replicate themselves and spread from one computer to another.

    • Worm: This is a standalone malware program that has the same damage properties of the viruses. However, unlike viruses, it does not need to attach itself to an existing program.

    • Rootkit: This is a program or a set of programs that usually have kernel level access and effectively can hide from antivirus programs.

    • Spyware: This collects information about what the user is doing and what data is on the user's computer and feeds it to the remote party, which could take advantage of this information. The spyware programs usually change the default search engine and the default home page.

    • Keylogger: This records the key stroke entered by the user. This can be used by the attacker to capture the user's login credentials.

    • Backdoor: This allows the attacker to bypass normal authentication and get remote control of the victim's computer, while attempting to remain undetected.

    • Trojan horses: This type of malware masquerades as a legitimate file or helpful program but the real purpose is to grant unauthorized access to a computer to the hacker. For example, you may download and install a screensaver that will install backdoors to your system.

    • Botnet: This is a collection of Internet-connected computers whose security defenses have been breached and controlled by a malicious party. The set of breached computers could be used to initiate huge attacks.

    • Adware: This is a software installed on the user's computer that will periodically pop up an advertisement that encourage users to buy some products, which is considered to be an annoying and disturbing action.

  • Phishing: The act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an e-communication. For example, you may receive a fake e-mail (which looks like it was from your bank) informing you that your password has expired and asking you to change it by logging to the bank using a link that will redirect you to a malicious website (which also looks like as the original bank website). The fake website will capture your login credentials.

  • Spear-phishing: This is a phishing attempt directed at specific individuals or companies.

  • Whaling: This is a phishing attempt directed to a company's executives.

  • Spam: This is an unwanted e-mail that usually includes advertisements, malicious attachments with malware, and phishing links.

  • Denial of Service (DoS) attack: The attacker tries to make the server unable to respond to customer requests by overloading the server with many requests. The same is also true for applications/services hosted by this server as the attacker may be interested in disabling certain application not the whole server. For example, attacking an Apache HTTP server that's hosting the web service.

  • Distributed Denial of Service (DDoS) attack: This is the incitation of a DoS attack from multiple computers instead of only one machine. The DDoS attack usually includes the usage of a botnet.

  • Smurf attack: An example of a smurf attack is when the attacker sends a broadcast ping request to your network. If the attacker did address spoofing, your network devices will send the ping replies to the spoofed address, which will lead to a DDoS attack.

  • Man-in-the-middle attack: In this attack, traffic between two devices is passed through a rouge device controlled by the attacker. Thus, the attacker can get the original traffic and read the data if the communication is unencrypted, even he may inject malware to the traffic.

  • Privileges escalation: The attacker will use vulnerability in the operating system or applications to get higher access privileges (for example, root access).

  • Xmas attack: This is used to get more information from the network scan. So instead of the normal ping and port scans, the xmas attack can analyze the TCP response of the target systems and get more detailed information such as the operating system version and the services running.

  • Typo squatting / URL hijacking: As a result of typing an error, a user may go to a malicious website. For example, the user may type http://www.goggle.com instead of http://www.google.com.

Types of controls

The following are three different types of controls we need to implement to keep our network and systems safe:

  • Technical: This includes the use of technology (that is, software and devices) to reduce vulnerabilities; common technical controls include the usage of security software and devices, access control systems, authentication systems, and encryption.

  • Management: This is also known as administrative controls. This includes the assessment of risks and vulnerabilities, planning, and writing a security policy.

  • Operational: This deals with day-to-day procedures and policies that the users should follow. An example of operational controls is change management.

    Note

    A list of 20 critical security controls can be found at http://www.sans.org/critical-security-controls/.

Defense in depth

We should use the defense in depth concept in which multiple layers of security controls (defenses) are placed through our network. Some of defense in depth techniques are as follows:

  • Layered defense: This sets your defense at multiple stages (such as network edge and individual PCs) instead of using only one layer of defense. If that one layer of defense fails, you will be an easy victim for attackers. So, use an antivirus at network edge to protect against downloaded threats and a desktop antivirus to mainly protect against threats coming through the internal network.

  • Multiple tools: These make the attacker's job harder by using firewalls, antivirus programs, intrusion detection systems, intrusion prevention systems, and so on instead of using only one tool.

  • Update all your systems and programs: It's important to update all your systems to prevent the exploitation of any discovered vulnerability; only updating your operating system will not block the threat as the attacker may have privileged access from unpatched program such as Java or Flash Player.

  • Don't use the administrator account for daily activities: As the attacker's goal is to gain privileged access over your network, his job will be easier if you run malware using the administrator account.

  • Read and learn: Attacker techniques always change and evolve; you need to be always aware of the new techniques and how you can fight these techniques.

  • Think like an attacker: This will help you to discover your network's weak points.

  • Follow up: Always review the event logs to be aware of the threat's sources and work on preventing these threats.

Previous Section
End of Section 3
Next Section