Your SlideShare is downloading. ×
0
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Chapter14  -- networking security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Chapter14 -- networking security

1,458

Published on

Basic Networking Guide

Basic Networking Guide

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,458
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
64
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Chapter 14: Networking Security Network+ Guide to Networks
  • 2. Objectives <ul><li>Identify security risks in LANs and WANs and design security policies that minimize risks </li></ul><ul><li>Explain how physical security contributes to network security </li></ul><ul><li>Discuss hardware- and design-based security techniques </li></ul>
  • 3. Objectives (continued) <ul><li>Understand methods of encryption that can secure data in storage and in transit </li></ul><ul><li>Implement security methods unique to wireless networks </li></ul><ul><li>Use network operating system techniques to provide basic security </li></ul>
  • 4. In the early days <ul><li>Secured mainframes </li></ul><ul><li>Dumb Terminals </li></ul><ul><li>Limited rights </li></ul><ul><li>Network security was all but unassailable. </li></ul>
  • 5. Security Audits <ul><li>Before spending time and money </li></ul><ul><ul><li>Examine your network’s security risks </li></ul></ul><ul><ul><li>Learn about each risk </li></ul></ul><ul><ul><ul><li>loss of data </li></ul></ul></ul><ul><ul><ul><li>programs </li></ul></ul></ul><ul><ul><ul><li>Access </li></ul></ul></ul><ul><ul><li>Serious the potential consequences </li></ul></ul><ul><ul><ul><li>attention you will want to pay to the security of your network </li></ul></ul></ul>
  • 6. Security Risks <ul><li>With People </li></ul><ul><ul><li>Using social engineering or snooping </li></ul></ul><ul><ul><li>Incorrectly creating or configuring user IDs, groups, and their associated rights </li></ul></ul><ul><ul><li>Flaws in topology or hardware configuration </li></ul></ul><ul><ul><li>Flaws in the operating system or application configuration </li></ul></ul>
  • 7. Security Risks (continued) <ul><li>With People (continued) </li></ul><ul><ul><li>Lack of proper documentation and communication </li></ul></ul><ul><ul><li>Dishonest or disgruntled employees </li></ul></ul><ul><ul><li>Unused computer or terminal being left logged on </li></ul></ul><ul><ul><li>Easy-to-guess passwords </li></ul></ul>
  • 8. Security Risks (continued) <ul><li>With People (continued) </li></ul><ul><ul><li>Leaving computer room doors open or unlocked </li></ul></ul><ul><ul><li>Discarding disks or backup tapes in public waste containers </li></ul></ul><ul><ul><li>Neglecting to remove access and file rights for employees who have left the organization </li></ul></ul><ul><ul><li>Users writing their passwords in an easily accessible place </li></ul></ul>
  • 9. Security Risks (continued) <ul><li>Associated with Transmission and Hardware </li></ul><ul><ul><li>Transmissions can be intercepted </li></ul></ul><ul><ul><li>Leased public lines </li></ul></ul><ul><ul><li>Network hubs broadcast traffic over the entire segment </li></ul></ul><ul><ul><li>Unused hub, router, or server ports </li></ul></ul>
  • 10. Security Risks (continued) <ul><li>Associated with Transmission and Hardware (continued) </li></ul><ul><ul><li>Routers are not properly configured </li></ul></ul><ul><ul><li>Modems configured to accept incoming calls </li></ul></ul><ul><ul><li>Dial-in access servers not carefully secured and monitored </li></ul></ul><ul><ul><li>Computers hosting very sensitive on the same subnet with computers open to the general public. </li></ul></ul>
  • 11. Security Risks (continued) <ul><li>Associated with Transmission and Hardware (continued) </li></ul><ul><ul><li>Passwords for switches, routers, and other devices </li></ul></ul><ul><ul><ul><li>Not sufficiently difficult to guess </li></ul></ul></ul><ul><ul><ul><li>Not changed frequently </li></ul></ul></ul><ul><ul><ul><li>Left at their default value </li></ul></ul></ul>
  • 12. Security Risks (continued) <ul><li>Associated with Protocols and Software </li></ul><ul><ul><li>TCP/IP contains several security flaws. </li></ul></ul><ul><ul><li>Trust relationships between one server and another. </li></ul></ul><ul><ul><li>NOSs may contain “back doors” or security flaws </li></ul></ul><ul><ul><li>If the NOS allows server operators to exit to a command prompt </li></ul></ul>
  • 13. Security Risks (continued) <ul><li>Associated with Protocols and Software (continued) </li></ul><ul><ul><li>Default security options after installing an operating system or application. </li></ul></ul><ul><ul><li>Transactions that take place between applications, such as databases and Web-based forms, may be open to interception </li></ul></ul>
  • 14. Security Risks (continued) <ul><li>Associated with Internet Access </li></ul><ul><ul><li>Firewall configured improperly </li></ul></ul><ul><ul><li>User Telnets or FTPs to your site over the Internet </li></ul></ul><ul><ul><li>Your user ID from newsgroups, mailing lists, or forms you have filled out on the Web </li></ul></ul><ul><ul><li>Users remain logged on to Internet chat sessions </li></ul></ul>
  • 15. Security Risks (continued) <ul><li>Associated with Internet Access (continued) </li></ul><ul><ul><li>Denial-of-service attack </li></ul></ul>
  • 16. An Effective Security Policy <ul><li>Security Policy Goals </li></ul><ul><ul><li>Ensure that authorized users have appropriate access to the resources they need </li></ul></ul><ul><ul><li>Prevent unauthorized users from gaining access to the network, systems, programs, or data </li></ul></ul><ul><ul><li>Protect sensitive data from unauthorized access, both from within and from outside the organization </li></ul></ul>
  • 17. An Effective Security Policy (continued) <ul><ul><li>Prevent accidental damage to hardware or software </li></ul></ul><ul><ul><li>Prevent intentional damage to hardware or software </li></ul></ul><ul><ul><li>Create network and systems that withstand and quickly respond to and recover from any type of threat </li></ul></ul><ul><ul><li>Communicate each employee’s responsibilities with respect to maintaining data integrity and system security </li></ul></ul>
  • 18. An Effective Security Policy (continued) <ul><li>Security Policy Content </li></ul><ul><ul><li>Risks are identified </li></ul></ul><ul><ul><li>Responsibilities for managing them are assigned </li></ul></ul><ul><ul><li>Explain to users what they can and cannot do </li></ul></ul><ul><ul><li>Create a section that applies only to users </li></ul></ul><ul><ul><li>Define what “confidential” means </li></ul></ul>
  • 19. An Effective Security Policy (continued) <ul><li>Response Policy </li></ul><ul><ul><li>Identify the members of a response team </li></ul></ul><ul><ul><ul><li>Dispatcher—person on call </li></ul></ul></ul><ul><ul><ul><li>Manager—coordinates the resources </li></ul></ul></ul><ul><ul><ul><li>Technical support specialist—focuses on problem </li></ul></ul></ul><ul><ul><ul><li>Public relations specialist—official spokesperson </li></ul></ul></ul>
  • 20. Physical Security <ul><li>Restricting physical access </li></ul><ul><ul><li>Rooms </li></ul></ul><ul><ul><li>Points at which your systems or data could be compromised </li></ul></ul><ul><ul><ul><li>Hubs or switches </li></ul></ul></ul><ul><ul><ul><li>Unattended workstation </li></ul></ul></ul><ul><ul><ul><li>Stored archived data and backup tapes </li></ul></ul></ul><ul><ul><li>Locks may be either physical or electronic. </li></ul></ul>
  • 21. Physical Security (continued)
  • 22. Physical Security (continued) <ul><li>Planning by asking questions: </li></ul><ul><ul><li>Rooms contain critical systems or data </li></ul></ul><ul><ul><li>Means might intruders gain access </li></ul></ul><ul><ul><li>Authorized personnel granted entry </li></ul></ul><ul><ul><li>Employees instructed to ensure security </li></ul></ul><ul><ul><li>Authentication methods difficult to forge or circumvent </li></ul></ul>
  • 23. Physical Security (continued) <ul><li>Planning by asking questions: (continued) </li></ul><ul><ul><li>Supervisors or security personnel make periodic physical security checks </li></ul></ul><ul><ul><li>Combinations, codes, means protected at all times </li></ul></ul><ul><ul><li>Combinations changed frequently </li></ul></ul><ul><ul><li>Plan for documenting and responding to physical security breaches? </li></ul></ul>
  • 24. Security in Network Design <ul><li>Firewalls </li></ul><ul><ul><li>Specialized devices, or a computers installed with specialized software, that selectively filter or block traffic between networks </li></ul></ul>
  • 25. Security in Network Design (continued)
  • 26. Security in Network Design (continued)
  • 27. Security in Network Design (continued) <ul><li>Firewalls </li></ul><ul><ul><li>Packet-filtering firewalls </li></ul></ul><ul><ul><ul><li>Source and destination IP addresses </li></ul></ul></ul><ul><ul><ul><li>Source and destination ports </li></ul></ul></ul><ul><ul><ul><li>Flags set in the IP header </li></ul></ul></ul>
  • 28. Security in Network Design (continued) <ul><li>Firewalls (continued) </li></ul><ul><ul><li>Packet-filtering firewalls (continued) </li></ul></ul><ul><ul><ul><li>Transmissions that use UDP or ICMP protocols </li></ul></ul></ul><ul><ul><ul><li>Packet’s status as first packet in a new data stream or a subsequent packet </li></ul></ul></ul><ul><ul><ul><li>Packet’s status as inbound to or outbound from </li></ul></ul></ul>
  • 29. Security in Network Design (continued) <ul><li>Firewalls (continued) </li></ul><ul><ul><li>More complex factors </li></ul></ul><ul><ul><ul><li>Support for encryption </li></ul></ul></ul><ul><ul><ul><li>User authentication </li></ul></ul></ul><ul><ul><ul><li>Manage it centrally and through a standard interface </li></ul></ul></ul><ul><ul><ul><li>Establish rules for access to and from </li></ul></ul></ul>
  • 30. Security in Network Design (continued) <ul><li>Firewalls (continued) </li></ul><ul><ul><li>More complex factors (continued) </li></ul></ul><ul><ul><ul><li>Filtering at the highest layers of the OSI Mode </li></ul></ul></ul><ul><ul><ul><li>Logging and auditing, or alert capabilities </li></ul></ul></ul><ul><ul><ul><li>Protecting the identity of internal LAN addresses from the outside world </li></ul></ul></ul>
  • 31. Security in Network Design (continued) <ul><li>Proxy Servers </li></ul><ul><ul><li>Software application on a network host </li></ul></ul><ul><ul><ul><li>Intermediary between the external and internal networks screening all incoming and outgoing traffic </li></ul></ul></ul><ul><ul><li>Network host that runs the proxy service is known as a proxy server </li></ul></ul><ul><ul><li>Also called Application layer gateway, an application gateway, or simply, a proxy </li></ul></ul>
  • 32. Security in Network Design (continued)
  • 33. Security in Network Design (continued) <ul><li>Remote Access </li></ul><ul><ul><li>Remote Control </li></ul></ul><ul><ul><ul><li>User name and password requirement </li></ul></ul></ul><ul><ul><ul><li>Host system call back </li></ul></ul></ul><ul><ul><ul><li>Data encryption on transmissions </li></ul></ul></ul><ul><ul><ul><li>Host system’s screen blank </li></ul></ul></ul>
  • 34. Security in Network Design (continued) <ul><li>Remote Access (continued) </li></ul><ul><ul><li>Remote Control (continued) </li></ul></ul><ul><ul><ul><li>Disable the host system’s keyboard and mouse </li></ul></ul></ul><ul><ul><ul><li>Restart the host system when remote user disconnects </li></ul></ul></ul>
  • 35. Security in Network Design (continued) <ul><li>Remote Access (continued) </li></ul><ul><ul><li>Dial-up Networking </li></ul></ul><ul><ul><ul><li>User name and password authentication </li></ul></ul></ul><ul><ul><ul><li>Log all connections, sources, and connection times </li></ul></ul></ul><ul><ul><ul><li>Perform callbacks to users who initiate connections </li></ul></ul></ul><ul><ul><ul><li>Centralized management of dial-up users and their rights </li></ul></ul></ul>
  • 36. Security in Network Design (continued)
  • 37. Network Operating System Security (continued) <ul><li>Logon Restrictions </li></ul><ul><ul><li>Time of day </li></ul></ul><ul><ul><li>Total time logged on </li></ul></ul><ul><ul><li>Source address </li></ul></ul><ul><ul><li>Unsuccessful logon attempts </li></ul></ul>
  • 38. Network Operating System Security (continued) <ul><li>Passwords </li></ul><ul><ul><li>Change system default passwords </li></ul></ul><ul><ul><li>Do not use familiar information </li></ul></ul><ul><ul><li>Do not use any word in a dictionary </li></ul></ul><ul><ul><li>Make the password longer than eight characters </li></ul></ul>
  • 39. Network Operating System Security (continued) <ul><li>Passwords (continued) </li></ul><ul><ul><li>Choose a combination of letters and numbers </li></ul></ul><ul><ul><li>Do not write down your password or share it </li></ul></ul><ul><ul><li>Change your password at least every 60 days </li></ul></ul><ul><ul><li>Do not reuse passwords. </li></ul></ul>
  • 40. Encryption <ul><li>Encryption provides the following assurances: </li></ul><ul><ul><li>Data was not modified after transmitted and before picked up </li></ul></ul><ul><ul><li>Data can only be viewed by its intended recipient </li></ul></ul><ul><ul><li>Data received at the intended destination was truly issued by the stated sender and not forged by an intruder </li></ul></ul>
  • 41. Encryption (continued) <ul><li>Key Encryption </li></ul><ul><ul><li>Encryption algorithm weaves a key (a random string of characters) into the original data’s bits </li></ul></ul><ul><ul><li>Scrambled data block is known as ciphertext </li></ul></ul><ul><ul><li>Two categories </li></ul></ul><ul><ul><ul><li>Private Key </li></ul></ul></ul><ul><ul><ul><li>Public Key </li></ul></ul></ul>
  • 42. Encryption (continued)
  • 43. Encryption (continued) <ul><li>Key Encryption </li></ul><ul><ul><li>Private Key Encryption </li></ul></ul><ul><ul><ul><li>Data is encrypted using a single key that only the sender and the receiver know </li></ul></ul></ul><ul><ul><ul><li>Also known as symmetric encryption </li></ul></ul></ul>
  • 44. Encryption (continued)
  • 45. Encryption (continued) <ul><li>Key Encryption (continued) </li></ul><ul><ul><li>Public Key Encryption </li></ul></ul><ul><ul><ul><li>Data is encrypted using two keys </li></ul></ul></ul><ul><ul><ul><ul><li>Key known only to a user </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Public key associated with the user </li></ul></ul></ul></ul>
  • 46. Encryption (continued)
  • 47. Encryption (continued) <ul><li>Kerberos </li></ul><ul><ul><li>Cross-platform authentication protocol that uses key encryption </li></ul></ul><ul><li>Pretty Good Privacy (PGP) </li></ul><ul><ul><li>Public key encryption system that can verify the authenticity of an e-mail sender and encrypt e-mail data in transmission </li></ul></ul><ul><li>Secure Sockets Layer (SSL) </li></ul><ul><ul><li>Method of encrypting TCP/IP transmissions </li></ul></ul>
  • 48. Encryption (continued) <ul><li>Secure Shell (SSH) </li></ul><ul><ul><li>Securely log on to a host, execute commands on that host, and copy files to or from that host </li></ul></ul><ul><li>Internet Protocol Security (IPSec) </li></ul><ul><ul><li>Defines encryption, authentication, and key management for TCP/IP transmissions </li></ul></ul>
  • 49. Wireless Network Security <ul><li>Wired Equivalent Privacy (WEP) </li></ul><ul><ul><li>Key encryption technique that uses keys both to authenticate network clients and to encrypt data in transit </li></ul></ul><ul><li>Extensible Authentication Protocol (EAP) </li></ul><ul><ul><li>Does not perform encryption or authentication </li></ul></ul><ul><ul><li>Works in conjunction with other encryption and authentication schemes </li></ul></ul>
  • 50. Chapter Summary (continued) <ul><li>Conducting a security audit </li></ul><ul><li>Intruder access by social engineering </li></ul><ul><li>Risks a network administrator must guard against </li></ul><ul><li>Risks inherent in network transmission and design </li></ul><ul><li>Risks pertaining to networking protocols and software </li></ul>
  • 51. Chapter Summary (continued) <ul><li>Denial-of-service attack </li></ul><ul><li>Security policy identifies an organization’s security needs </li></ul><ul><li>Computer room access </li></ul><ul><li>Firewalls </li></ul><ul><li>Proxy service and proxy servers </li></ul>
  • 52. Chapter Summary (continued) <ul><li>Secure remote access server package </li></ul><ul><li>Remote Authentication Dial-In User Service (RADIUS) </li></ul><ul><li>NOS limit users’ access to files and directories on the network </li></ul><ul><li>Choosing secure passwords </li></ul><ul><li>Encryption </li></ul><ul><li>Wireless networks </li></ul>

×