Comp tia n+_session_08

CompTIA N+ Certification: Wide AreaUsing Attended Installation
Installing Windows XP Professional Network (WAN) Infrastructure and
Network Security
Objectives

In this session, you will learn to:
Identify the major WAN switching technologies.
Identify the major transmission technologies for WANs.
Identify the major WAN connectivity methods.
Identify major Voice over Data systems.
Identify the major categories of network threats.
Identify the elements of a virus protection plan.
Identify the components of local network security.

Ver. 1.0 Session 8 Slide 1 of 60

Network Security
WAN Switching Technologies

In Wide Area Network (WAN) data can move using a
number of different switching techniques, such as:
Circuit Switching Networks
Virtual Circuits
Packet Switching Networks
Cell Switching Networks
These switching methods can have a great effect on
network characteristics such as performance and reliability.


Network Security
Circuit Switching Networks

• In circuit switching networks, a single path from one
endpoint to another is built when a connection is needed.

Modem Modem

Path built when
circuit is established


Network Security
Virtual Circuits

• Virtual circuits are a routing technique that connects
endpoints logically through a provider’s network.

Logical
connections

Permanent virtual circuits: Switched virtual circuits: Provider
Provider network always on network connects when needed


Network Security
Packet Switching Networks

• Packet switching networks move data through the
network packet by packet.
• Each packet takes the best route available at any given time
rather than following an established circuit.

1

2

3

Each packet finds
its own route


Network Security
Cell Switching Networks

• Cell switching networks data is divided into fixed-length
cells instead of variable-length packets.
• The advantage of cell switching over packet switching is its
predictability.


Network Security
WAN Transmission Technologies

Transmission technologies are another component of a
WAN implementation.
The transmission method of WAN affects overall network
performance.


Network Security
Dial-Up Connections

• Dial-up lines are local loop Public Switched Telephone
Network (PSTN) that:
Use modems
Use Existing phone lines
Provide Low-bandwidth WAN connectivity
Provide Remote network access
PSTN


Network Security
Dedicated and Leased Data Lines

• Dedicated lines and leased lines provide a dedicated
connection between two endpoints.
• These are lines are used by companies to provide a high-
quality connection between two locations.

Telco network

Leased data lines


Network Security
Integrated Services Digital Network (ISDN)

• ISDN is a digital circuit switching technology that carries
both voice and data over digital phone lines or PSTN wires.

Subscriber Telco

Packet
data network

Switched
data network

Private
line network
ISDN adapter ISDN switch


Network Security
Cable Access

• Cable Internet access uses a cable television connection
and a cable modem to provide high-speed Internet access
to homes and small businesses.

Cable modem

ISP
TV signal

Cable TV feed


Network Security
Digital Subscriber Line (DSL)

• DSL is a broadband Internet connection method that
transmits digital signals over existing phone lines.

Customer
Telco

Local loop
phone line Voice
PSTN

Multiplexer
DSL modem
Digital


Network Security
X.25 Switched Networks

• X.25 is a legacy packet switching network technology to
move data across the less-than-reliable long-distance public
carriers available at that time.
Customer network
Data Terminal
Equipment (DTE)

X.25 backbone

Data Circuit
Equipment
(DCE)

Packet Switching
Equipment
(PSE)


Network Security
Frame Relay

• Frame relay is a packet switching implementation first
offered in 1992 by AT&T and Sprint as a more efficient
alternative to X.25. It was originally developed to support
PRI-ISDN networks.
Customer
network Clean carrier networks
DTE Less error checking required

DCE

Frame Relay
Bearer Services
(FRBS)


Network Security
Asynchronous Transfer Mode (ATM)

• Asynchronous Transfer Mode (ATM) is a versatile, cell
switching network technology designed for deployment in
LANs, WANs, and telephone networks.

Private ATM LAN Public ATM network

Data

Voice ATM switch

Video

Endpoints


Network Security
T-Carrier Systems

• The T-Carrier system was designed to carry multiplexed
telephone connections. T1 and T3 are the two most
common T-service levels.
T-Carrier circuit

T1: 24 channels
T3: 672 channels


Network Security
Synchronous Optical Network (SONET)

• SONET is a standard with the following features:
Synchronous data transport over fiber optic cable
Excellent bandwidth
Built-in fault recovery
Speeds up to 2.48 GBps
Optical Carrier (OC) and Synchronous Transport Signal (STS)
specifications
Self-healing dual-fiber ring


Network Security
SONET Network Components

A SONET network is divided into three areas:
Broadband backbone network
Regional network
Collector ring Routes between
regional networks


Joins multiple
collector rings

Integrated management Regional network

DCS to place
customer’s signal on
ring
Collector ring

LAN


Network Security
Unbounded WAN Media

• Unbounded media such as satellite linkups are employed
for truly long-range WAN transmission.

T1
T1
LAN LAN


Network Security
Activity 10-2

Activity on Installing a Modem


Network Security
Activity 10-3

Activity on Creating a
Dial-Up Connection


Network Security
WAN Connectivity Methods

WAN connectivity methods help transmit WAN data.
The various WAN connectivity methods are:
Multiplexers in WAN Connectivity
Channel Service Unit/Data Service Unit (CSU/DSU)
Telephone Modem Standards
Internet Connection Sharing (ICS)


Network Security
Multiplexers in WAN Connectivity

• A multiplexer (mux) is used to combine multiple data
signals onto WAN transmission media.

LAN

T-1
LAN

T-1 mux

ISP

PBX


Network Security
Channel Service Unit/Data Service Unit (CSU/DSU)

• CSU/DSU is a combination of two WAN connectivity
devices that work together to terminate the ends of a digital
T1 or T3 line from a telephone company network.

LAN

Router (DTE)

DSU
Telco network

CSU


Network Security
Telephone Modem Standards

• Current modem standards known as V Dot Standards are
set by the International Telecommunications Union (ITU).
• The following table lists some of the most common
standards:
ITU Standard Speed

V.32 9,600 bps synchronous; 4,800 bps asynchronous

V.32 bis 14.4 Kbps synchronous and asynchronous

V.34 28.8 Kbps

V.34 bis 33.6 Kbps

V.42 57.6 Kbps; specifies standards for error checking

V.42 bis 57.6 Kbps; specifies standards for compression

V.90 56 Kbps upstream; 33.6 Kbps downstream because downstream data is modulated


Network Security
Internet Connection Sharing (ICS)

• ICS is a WAN connectivity method for Windows computer
systems that connects multiple computers to the Internet by
using a single Internet connection.

ICS host
ISP


Network Security
Activity 10-4

Activity on Examining ICS
Configuration on
Windows Server 2003


Network Security
Voice Over Data Systems

• Voice over Data systems are communications systems
that transmit analog voice communications over digital WAN
networking technologies.
PBX

Voice agent

LAN
Voice agent Voice agent

Fax Machine

Voice agent

PC with
dial out


Network Security
Voice Over IP ( VoIP)

• VoIP is a Voice over Data implementation in which voice
signals are transmitted over IP networks.
PBX

VoIP
Interface

VoIP-compatible
fax machine


Network Security
Network Threats

Network security can be obtained by protecting the network
from network threats.
The different types of network threats that can affect the
network are:
Unauthorized Access
Data Theft
Password Attacks
Brute Force Password Attacks
Trojan Horse Attacks
Data Protection Methods


Network Security
Network Threats (Contd.)

The Spoofing Process
Session Hijacking Attacks
Man-in-the-Middle Attacks
Denial of Service (DoS) Attacks
Distributed Denial of Service (DDoS) Attacks
Viruses
Social Engineering Attacks


Network Security
Unauthorized Access

• Unauthorized access is any type of network or data access that is
not explicitly approved by the organization.

Attacker
Deliberate attack
by outsider

Intentional or
unintentional
misuse


Network Security
Data Theft

• Data theft is a type of attack in which unauthorized access
is used to obtain protected network information.
Files on server

Data in transit

Attacker


Network Security
Password Attacks

• A password attack is any type of unauthorized effort to
discover a user’s valid password.

User01 Attacker
easy password

Steal or
guess password


Network Security
Brute Force Password Attacks

• A brute force password attack is a method of guessing
passwords by using software that systematically generates
password combinations until a valid one is found.

xxxxxxxxx
xPxxxxxxx
xPassxxxx
xPass1234
!Pass1234

User Attacker


Network Security
Trojan Horse Attacks

• A Trojan horse attack is an attempt to gain unauthorized
access through the use of a Trojan horse program, which
masquerades as valid software.
Program performs
unauthorized
functions

Attacker

Attacker sends valid-
looking program


Network Security
Spoofing Attacks

• A spoofing attack is a type of attack in which a device
outside the network uses an internal network address to
masquerade as a device inside the network.

Real IP address:
10.10.10.25

Source IP address: 192.168.0.10
Destination IP address: 192.168.0.77

IP Packet

Attacker

Target
192.168.0.77


Network Security
The Spoofing Process

• Spoofing process consists of following steps:
1. Identify target
2. Identify trusted host
3. Disable trusted host
4. Steal trusted host’s identity
5. Redirect data from target
Real IP address:
10.10.10.25

2
Source IP address: 192.168.0.10
Destination IP address: 192.168.0.77 3
4
Trusted host
192.168.0.10

IP Packet

Attacker 5 1

Target
192.168.0.77


Network Security
Session Hijacking Attacks

• Session hijacking is a type of spoofing in which the
attacker takes over an existing network communication
session between two devices after the session has already
been authenticated.

Client Attacker Server


Network Security
Man-in-the-Middle Attacks

• A man-in-the-middle attack is a data-theft technique in
which the attacker interposes a device between two
legitimate hosts to gain access to their data transmissions.

Server Client

Attacker


Network Security
Denial of Service (DoS) Attacks

• DoS attack is an attack that is mounted for the purpose of
disabling systems that provide network services, rather than
to steal data or inflict damage.

Ping

Ping

Ping

Ping

Attacker


Network Security
Distributed Denial of Service (DDoS) Attacks

• DDoS attack is a type of DoS attack that uses multiple
computers on disparate networks to launch the attack from
many simultaneous sources.

Ping

Ping

Ping

Ping

Attacker
Ping

Ping

Drones


Network Security
Viruses

• A virus is a self-propagating unauthorized software
program.
• Virus attacks do not have a specific target or goal.

Attacker


Network Security
Social Engineering Attacks

• A social engineering attack is a non-technical attack in
which the attacker attempts to obtain information directly
from network users by employing deception and trickery.

1
User name
Password

2
Attacker

Target


Network Security

To protect the data on your network, you need to:
Monitor for unauthorized software.
Limit physical access to network.
Require strong passwords.
Employ strong authentication and encryption on stored data.
Use multiple forms of authentication between devices.
Encrypt data during transmission.
Conceal network address information.
Train users to recognize and deter social engineering attacks.


Network Security
Virus Infection Methods

Virus are the most common network threats, so a good
defense plan is necessary of securing the network
Virus can propagate through the following methods:
Attaching to media
Attaching to file Attach to media

Attaching to email

Attach to file

Attach to email


Network Security
Virus Types

Types of Viruses are:
Boot sector: Writes itself into the boot sector of a floppy disk
File infecting: Infects executable programs and uses OS
resources to propagate itself
Macro: Uses other programs macro engines to propagate or
dump its payload
Mailer and mass mailer: Sends itself to other users using e-
mail systems
Polymorphic: Changes as it moves around
Script: Runs code using the Windows scripting host
Stealth: Moves and attempts to conceal itself until it
propagates
Worm: Detects connections and establishes communication
with other devices on its own


Network Security
Antivirus Software

• Antivirus software is an application that scans files for
executable code that matches patterns, known as
signatures or definitions.

Antivirus perimeter

Antivirus deployed
at clients


Network Security
Updating Virus Definitions

Antivirus software vendors maintain and update the libraries
of virus definitions
Customers must periodically update the definitions on all
systems where the software is installed.

Antivirus Antivirus
software vendor server

Antivirus clients


Network Security
Internet Email Virus Protection

• Internet email is a source of serious virus threats.
• Internet email virus protection by deploying antivirus:
On mail connector
On Internet gateway
At desktop

Antivirus deployed
on mail connector

Antivirus deployed
on Internet gateway

Antivirus deployed at desktop


Network Security
Local Security

Security is implemented in a local network using a security
plan.
To ensure security for its users, systems, and data, security
measures are implemented on different levels and on
different components of the network.


Network Security
Share-Level and User-Level Security

Two primary models for implementing security in local area
network are:
Share-level security
User-level security

User logs on
Password1

Authentication
Password2 User gets access token server

Password3

User presents token
to access resources Resource
server

Share level User level


Network Security
Rights

• A right is a security setting that controls whether or not a
user can perform a system wide function such as shutting
down a computer or logging on to a server.

Shut down the system

Log on locally

User01

Change system time


Network Security
Permissions

• A permission is a security setting that determines the level of
access a user or group account has to a particular resource.

Administrators: Full access

User01: Read-only access

Marketing
documents

Contractors: No access


Network Security
The NTFS File System

NTFS File system provides five-levels of security to the
drives.
NTFS permissions can be applied either to folders or to
individual files.

NTFS


Network Security
Users and Groups

Rights and permissions can be assigned to individual user
accounts or to group of users.

Combine into group Grant access
to resources

Users with similar
security needs


Network Security
Effective Permissions

• When a user is a member of multiple groups that each have
permissions to a resource, the user’s total effective
permission is the combination of all the separate permission
assignments.

Managers
Write Access Read and
Write Access

User01

Sales
Read Access


Network Security
Share and File System Permissions

• When you share a folder for network use, you can assign a
separate set of permissions to the shared folder.
• The share permissions on Windows systems are Read,
Change, and Full Control.
Access on local computer:
File system permissions apply

Access through network:
Share and file system permissions apply


Network Security
Activity 11-3

Activity on Implementing
Local Security


Network Security
Summary

In this session, you learned that:
In Wide Area Network (WAN), data can move using a number
of different switching techniques.
To implement WAN, different transmission technologies are
used that affect the network performance.
To transmit WAN, data WAN connectivity models are used.
There are different categories of network threats that affect the
security of the network.
There are different type of data protection techniques used to
protect the network from the network threats.
The security in a local network can be implemented at different
levels on different components of the network.


Comp tia n+_session_08

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (19)

Similar to Comp tia n+_session_08

Similar to Comp tia n+_session_08 (20)

More from Niit Care

More from Niit Care (20)

Recently uploaded

Recently uploaded (20)

Comp tia n+_session_08

Editor's Notes