• Like
Chapter14  -- networking security
Upcoming SlideShare
Loading in...5
×

Chapter14 -- networking security

  • 1,373 views
Uploaded on

Basic Networking Guide

Basic Networking Guide

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,373
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
58
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Chapter 14: Networking Security Network+ Guide to Networks
  • 2. Objectives
    • Identify security risks in LANs and WANs and design security policies that minimize risks
    • Explain how physical security contributes to network security
    • Discuss hardware- and design-based security techniques
  • 3. Objectives (continued)
    • Understand methods of encryption that can secure data in storage and in transit
    • Implement security methods unique to wireless networks
    • Use network operating system techniques to provide basic security
  • 4. In the early days
    • Secured mainframes
    • Dumb Terminals
    • Limited rights
    • Network security was all but unassailable.
  • 5. Security Audits
    • Before spending time and money
      • Examine your network’s security risks
      • Learn about each risk
        • loss of data
        • programs
        • Access
      • Serious the potential consequences
        • attention you will want to pay to the security of your network
  • 6. Security Risks
    • With People
      • Using social engineering or snooping
      • Incorrectly creating or configuring user IDs, groups, and their associated rights
      • Flaws in topology or hardware configuration
      • Flaws in the operating system or application configuration
  • 7. Security Risks (continued)
    • With People (continued)
      • Lack of proper documentation and communication
      • Dishonest or disgruntled employees
      • Unused computer or terminal being left logged on
      • Easy-to-guess passwords
  • 8. Security Risks (continued)
    • With People (continued)
      • Leaving computer room doors open or unlocked
      • Discarding disks or backup tapes in public waste containers
      • Neglecting to remove access and file rights for employees who have left the organization
      • Users writing their passwords in an easily accessible place
  • 9. Security Risks (continued)
    • Associated with Transmission and Hardware
      • Transmissions can be intercepted
      • Leased public lines
      • Network hubs broadcast traffic over the entire segment
      • Unused hub, router, or server ports
  • 10. Security Risks (continued)
    • Associated with Transmission and Hardware (continued)
      • Routers are not properly configured
      • Modems configured to accept incoming calls
      • Dial-in access servers not carefully secured and monitored
      • Computers hosting very sensitive on the same subnet with computers open to the general public.
  • 11. Security Risks (continued)
    • Associated with Transmission and Hardware (continued)
      • Passwords for switches, routers, and other devices
        • Not sufficiently difficult to guess
        • Not changed frequently
        • Left at their default value
  • 12. Security Risks (continued)
    • Associated with Protocols and Software
      • TCP/IP contains several security flaws.
      • Trust relationships between one server and another.
      • NOSs may contain “back doors” or security flaws
      • If the NOS allows server operators to exit to a command prompt
  • 13. Security Risks (continued)
    • Associated with Protocols and Software (continued)
      • Default security options after installing an operating system or application.
      • Transactions that take place between applications, such as databases and Web-based forms, may be open to interception
  • 14. Security Risks (continued)
    • Associated with Internet Access
      • Firewall configured improperly
      • User Telnets or FTPs to your site over the Internet
      • Your user ID from newsgroups, mailing lists, or forms you have filled out on the Web
      • Users remain logged on to Internet chat sessions
  • 15. Security Risks (continued)
    • Associated with Internet Access (continued)
      • Denial-of-service attack
  • 16. An Effective Security Policy
    • Security Policy Goals
      • Ensure that authorized users have appropriate access to the resources they need
      • Prevent unauthorized users from gaining access to the network, systems, programs, or data
      • Protect sensitive data from unauthorized access, both from within and from outside the organization
  • 17. An Effective Security Policy (continued)
      • Prevent accidental damage to hardware or software
      • Prevent intentional damage to hardware or software
      • Create network and systems that withstand and quickly respond to and recover from any type of threat
      • Communicate each employee’s responsibilities with respect to maintaining data integrity and system security
  • 18. An Effective Security Policy (continued)
    • Security Policy Content
      • Risks are identified
      • Responsibilities for managing them are assigned
      • Explain to users what they can and cannot do
      • Create a section that applies only to users
      • Define what “confidential” means
  • 19. An Effective Security Policy (continued)
    • Response Policy
      • Identify the members of a response team
        • Dispatcher—person on call
        • Manager—coordinates the resources
        • Technical support specialist—focuses on problem
        • Public relations specialist—official spokesperson
  • 20. Physical Security
    • Restricting physical access
      • Rooms
      • Points at which your systems or data could be compromised
        • Hubs or switches
        • Unattended workstation
        • Stored archived data and backup tapes
      • Locks may be either physical or electronic.
  • 21. Physical Security (continued)
  • 22. Physical Security (continued)
    • Planning by asking questions:
      • Rooms contain critical systems or data
      • Means might intruders gain access
      • Authorized personnel granted entry
      • Employees instructed to ensure security
      • Authentication methods difficult to forge or circumvent
  • 23. Physical Security (continued)
    • Planning by asking questions: (continued)
      • Supervisors or security personnel make periodic physical security checks
      • Combinations, codes, means protected at all times
      • Combinations changed frequently
      • Plan for documenting and responding to physical security breaches?
  • 24. Security in Network Design
    • Firewalls
      • Specialized devices, or a computers installed with specialized software, that selectively filter or block traffic between networks
  • 25. Security in Network Design (continued)
  • 26. Security in Network Design (continued)
  • 27. Security in Network Design (continued)
    • Firewalls
      • Packet-filtering firewalls
        • Source and destination IP addresses
        • Source and destination ports
        • Flags set in the IP header
  • 28. Security in Network Design (continued)
    • Firewalls (continued)
      • Packet-filtering firewalls (continued)
        • Transmissions that use UDP or ICMP protocols
        • Packet’s status as first packet in a new data stream or a subsequent packet
        • Packet’s status as inbound to or outbound from
  • 29. Security in Network Design (continued)
    • Firewalls (continued)
      • More complex factors
        • Support for encryption
        • User authentication
        • Manage it centrally and through a standard interface
        • Establish rules for access to and from
  • 30. Security in Network Design (continued)
    • Firewalls (continued)
      • More complex factors (continued)
        • Filtering at the highest layers of the OSI Mode
        • Logging and auditing, or alert capabilities
        • Protecting the identity of internal LAN addresses from the outside world
  • 31. Security in Network Design (continued)
    • Proxy Servers
      • Software application on a network host
        • Intermediary between the external and internal networks screening all incoming and outgoing traffic
      • Network host that runs the proxy service is known as a proxy server
      • Also called Application layer gateway, an application gateway, or simply, a proxy
  • 32. Security in Network Design (continued)
  • 33. Security in Network Design (continued)
    • Remote Access
      • Remote Control
        • User name and password requirement
        • Host system call back
        • Data encryption on transmissions
        • Host system’s screen blank
  • 34. Security in Network Design (continued)
    • Remote Access (continued)
      • Remote Control (continued)
        • Disable the host system’s keyboard and mouse
        • Restart the host system when remote user disconnects
  • 35. Security in Network Design (continued)
    • Remote Access (continued)
      • Dial-up Networking
        • User name and password authentication
        • Log all connections, sources, and connection times
        • Perform callbacks to users who initiate connections
        • Centralized management of dial-up users and their rights
  • 36. Security in Network Design (continued)
  • 37. Network Operating System Security (continued)
    • Logon Restrictions
      • Time of day
      • Total time logged on
      • Source address
      • Unsuccessful logon attempts
  • 38. Network Operating System Security (continued)
    • Passwords
      • Change system default passwords
      • Do not use familiar information
      • Do not use any word in a dictionary
      • Make the password longer than eight characters
  • 39. Network Operating System Security (continued)
    • Passwords (continued)
      • Choose a combination of letters and numbers
      • Do not write down your password or share it
      • Change your password at least every 60 days
      • Do not reuse passwords.
  • 40. Encryption
    • Encryption provides the following assurances:
      • Data was not modified after transmitted and before picked up
      • Data can only be viewed by its intended recipient
      • Data received at the intended destination was truly issued by the stated sender and not forged by an intruder
  • 41. Encryption (continued)
    • Key Encryption
      • Encryption algorithm weaves a key (a random string of characters) into the original data’s bits
      • Scrambled data block is known as ciphertext
      • Two categories
        • Private Key
        • Public Key
  • 42. Encryption (continued)
  • 43. Encryption (continued)
    • Key Encryption
      • Private Key Encryption
        • Data is encrypted using a single key that only the sender and the receiver know
        • Also known as symmetric encryption
  • 44. Encryption (continued)
  • 45. Encryption (continued)
    • Key Encryption (continued)
      • Public Key Encryption
        • Data is encrypted using two keys
          • Key known only to a user
          • Public key associated with the user
  • 46. Encryption (continued)
  • 47. Encryption (continued)
    • Kerberos
      • Cross-platform authentication protocol that uses key encryption
    • Pretty Good Privacy (PGP)
      • Public key encryption system that can verify the authenticity of an e-mail sender and encrypt e-mail data in transmission
    • Secure Sockets Layer (SSL)
      • Method of encrypting TCP/IP transmissions
  • 48. Encryption (continued)
    • Secure Shell (SSH)
      • Securely log on to a host, execute commands on that host, and copy files to or from that host
    • Internet Protocol Security (IPSec)
      • Defines encryption, authentication, and key management for TCP/IP transmissions
  • 49. Wireless Network Security
    • Wired Equivalent Privacy (WEP)
      • Key encryption technique that uses keys both to authenticate network clients and to encrypt data in transit
    • Extensible Authentication Protocol (EAP)
      • Does not perform encryption or authentication
      • Works in conjunction with other encryption and authentication schemes
  • 50. Chapter Summary (continued)
    • Conducting a security audit
    • Intruder access by social engineering
    • Risks a network administrator must guard against
    • Risks inherent in network transmission and design
    • Risks pertaining to networking protocols and software
  • 51. Chapter Summary (continued)
    • Denial-of-service attack
    • Security policy identifies an organization’s security needs
    • Computer room access
    • Firewalls
    • Proxy service and proxy servers
  • 52. Chapter Summary (continued)
    • Secure remote access server package
    • Remote Authentication Dial-In User Service (RADIUS)
    • NOS limit users’ access to files and directories on the network
    • Choosing secure passwords
    • Encryption
    • Wireless networks