Business Network with De-Militarized Zone (DMZ) <ul><li>Discuss Network Security Issues of a “typical” business </li></ul>...
Business Network with De-Militarized Zone (DMZ) External Router Level of Risk Highest Medium Lowest
Business Network with De-Militarized Zone (DMZ) External Router DMZ Firewall Level of Risk Highest Medium Lowest
Business Network with De-Militarized Zone (DMZ) External Router DMZ Firewall DMZ Router/ Switch Level of Risk Highest Medi...
Business Network with De-Militarized Zone (DMZ) External Router DMZ Firewall DMZ Router/ Switch Web/Application Servers Le...
Business Network with De-Militarized Zone (DMZ) DMZ Router/ Switch External Router DMZ Firewall Web/Application Servers DM...
Business Network with De-Militarized Zone (DMZ) External Router DMZ Firewall DMZ Router/ Switch Web/Application Servers DM...
Business Network with De-Militarized Zone (DMZ) DMZ Firewall External Router DMZ Firewall DMZ Router/ Switch Web/Applicati...
Business Network with De-Militarized Zone (DMZ) External Router DMZ Firewall DMZ Router/ Switch Web/Application Servers DM...
Upcoming SlideShare
Loading in...5
×

Network security

256

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
256
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • External Routers 1. The external router is the first line of defense against intruders The threat to this router is high because this device is completely unprotected The purpose of this device is to limit the number of protocols and addresses which gain access to the remainder of the network 2. Ensure that external routers are properly configured Minimum number of protocols necessary to connect to WWW Use Access Control Lists (ACLs) to minimize the number of external sources that are permitted to access the DMZ Use wildcards in ACL IP addresses only when necessary Delete/disable or change the passwords on all default accounts No remote logon to the External Router should be permitted - Network Admin should be required to sit at the External Router console to access this router 3. Consider Intrusion Detection Software (IDS) on this router
  • DMZ Firewall 1. This is the first line of defense against intruders for the DMZ The threat to this firewall is high because this device will take the brunt of any attack on the network 2. Ensure that the DMZ firewall is also properly configured Minimum number of protocols necessary to connect to WWW Use Access Control Lists (ACLs) to minimize the number of external sources that are permitted to access the DMZ Use wildcards in ACL IP addresses only when necessary Delete/disable or change the passwords on all default accounts No remote logon to the firewall should be permitted - Sys Admin should be required to sit at the firewall console to access the firewall 3. Consider Intrusion Detection Software (IDS) on the DMZ firewall if the firewall software permits
  • DMZ Router/Switch 1. This is the second line of defense against intruders for the DMZ Threat to this router is lower because the external router and firewall should be minimizing the amount of traffic/attacks to this device 2. Ensure that the DMZ router/switch is also properly configured Minimum number of protocols necessary to connect to WWW Use Access Control Lists (ACLs) to minimize the number of external sources that are permitted to access the DMZ Use wildcards in ACL IP addresses only when necessary Delete/disable or change the passwords on all default accounts No logon to the router should be permitted from the WWW only from the internal network 3. Consider Intrusion Detection Software (IDS) on the DMZ router/switch
  • Web/Applications Servers 1. These devices provide the WWW users with information about the company Threat to these servers is lower because the external router, firewall, and DMZ Router/switch should be minimizing the amount of traffic/attacks to this device 2. Ensure that the Web/Application Servers are also properly configured These servers MUST be hardened Minimum number of services/protocols necessary to allow the applications to perform their tasks Delete/disable or change the passwords on all default accounts Be aware that some software packages create userids on you systems validate the proper permissions are set on these accounts Keep track of security patches for your OS and software and stay up-to-date
  • DMZ Router/Switch 1. This is the first line of defense against intruders between the DMZ and the internal network Threat to this router is lower because the external routers and firewall should be minimizing the amount of traffic/attacks to this device 2. Ensure that the DMZ router/switch is also properly configured Minimum number of protocols necessary to connect to WWW and DMZ Use Access Control Lists (ACLs) to minimize the number of external sources that are permitted to access the DMZ Use wildcards in ACL IP addresses only when necessary Delete/disable or change the passwords on all default accounts No logon to the router should be permitted from the WWW only from the internal network 3. Consider Intrusion Detection Software (IDS) on the DMZ router/switch
  • DMZ Firewall 1. This is the last line of defense against intruders from the WWW attempting to access the internal network through the DMZ The threat to this firewall is medium because this device is protected by the switches, routers, and firewalls between the WWW and this firewall This device also lets internal users access data in the DMZ and the WWW 2. Ensure that the DMZ firewall is also properly configured Minimum number of protocols necessary to connect to WWW and DMZ Use Access Control Lists (ACLs) to minimize the number of external sources that are permitted to access the WWW and DMZ Use wildcards in ACL IP addresses only when necessary Delete/disable or change the passwords on all default accounts No remote logon to the firewall should be permitted - Sys Admin should be required to sit at the firewall console to access the firewall 3. Consider Intrusion Detection Software (IDS) on the DMZ firewall if the firewall software permits
  • Internal Router/Switch 1. This is the last line of defense against intruders from the WWW attempting to access the internal network through the DMZ Threat to this router is lowest because all of the external devices in the DMZ should be minimizing the amount of traffic/attacks to this device 2. Ensure that the Internal router/switch is also properly configured Minimum number of protocols necessary to connect to WWW and DMZ Use Access Control Lists (ACLs) to minimize the number of external sources that are permitted to access the WWW and DMZ Use wildcards in ACL IP addresses only when necessary Delete/disable or change the passwords on all default accounts No logon to the router should be permitted from the WWW or DMZ, only from the internal network 3. Consider Intrusion Detection Software (IDS) on the Internal router/switch
  • Internal Servers 1. These devices provide the internal users with necessary support to perform day-to-day task and provide information to the DMZ Web/Application servers Threat to these servers is lowest because the external router and the entire DMZ are there to block attacks from the WWW 2. Ensure that the Internal Servers are also properly configured These servers MAY be hardened on a case by case basis Minimum number of services/protocols necessary to allow the applications to perform their tasks Delete/disable or change the passwords on all default accounts Be aware that some software packages create userids on you systems validate the proper permissions are set on these accounts Keep track of security patches for your OS and software and stay up-to-date
  • Transcript of "Network security"

    1. 1. Business Network with De-Militarized Zone (DMZ) <ul><li>Discuss Network Security Issues of a “typical” business </li></ul><ul><ul><li>Business is connected to the WWW </li></ul></ul><ul><ul><li>Business provides on-line services to WWW customers </li></ul></ul><ul><li>Suggest methods to ensure network is secured </li></ul>
    2. 2. Business Network with De-Militarized Zone (DMZ) External Router Level of Risk Highest Medium Lowest
    3. 3. Business Network with De-Militarized Zone (DMZ) External Router DMZ Firewall Level of Risk Highest Medium Lowest
    4. 4. Business Network with De-Militarized Zone (DMZ) External Router DMZ Firewall DMZ Router/ Switch Level of Risk Highest Medium Lowest
    5. 5. Business Network with De-Militarized Zone (DMZ) External Router DMZ Firewall DMZ Router/ Switch Web/Application Servers Level of Risk Highest Medium Lowest
    6. 6. Business Network with De-Militarized Zone (DMZ) DMZ Router/ Switch External Router DMZ Firewall Web/Application Servers DMZ Router/ Switch Level of Risk Highest Medium Lowest
    7. 7. Business Network with De-Militarized Zone (DMZ) External Router DMZ Firewall DMZ Router/ Switch Web/Application Servers DMZ Firewall DMZ Router/ Switch Level of Risk Highest Medium Lowest
    8. 8. Business Network with De-Militarized Zone (DMZ) DMZ Firewall External Router DMZ Firewall DMZ Router/ Switch Web/Application Servers Internal Router/ Switch DMZ Router/ Switch Level of Risk Highest Medium Lowest
    9. 9. Business Network with De-Militarized Zone (DMZ) External Router DMZ Firewall DMZ Router/ Switch Web/Application Servers DMZ Firewall Internal Router/ Switch Internal Business Servers DMZ Router/ Switch Level of Risk Highest Medium Lowest
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×