Chapter 5: Securing the Network Infrastructure Security+ Guide to Network Security Fundamentals Second Edition
Objectives <ul><li>Work with the network cable plant </li></ul><ul><li>Secure removable media </li></ul><ul><li>Harden net...
Working with the Network  Cable Plant <ul><li>Cable plant: physical infrastructure of a network (wire, connectors, and cab...
Coaxial Cables <ul><li>Coaxial cable was main type of copper cabling used in computer networks for many years </li></ul><u...
Coaxial Cables (continued) <ul><li>Thin coaxial cable looks similar to the cable that carries a cable TV signal </li></ul>...
Coaxial Cables (continued)
Twisted-Pair Cables <ul><li>Standard for copper cabling used in computer networks today, replacing thin coaxial cable  </l...
Twisted-Pair Cables (continued) <ul><li>Shielded twisted-pair (STP) cables have a foil shielding on the inside of the jack...
Fiber-Optic Cables <ul><li>Coaxial and twisted-pair cables have copper wire at the center that conducts an electrical sign...
Fiber-Optic Cables (continued) <ul><li>Classified by the diameter of the core and the diameter of the cladding </li></ul><...
Securing the Cable Plant <ul><li>Securing cabling outside the protected network is not the primary security issue for most...
Securing the Cable Plant (continued) <ul><li>The attacker can capture packets as they travel through the network by sniffi...
Securing Removable Media <ul><li>Securing critical information stored on a file server can be achieved through strong pass...
Magnetic Media <ul><li>Record information by changing the magnetic direction of particles on a platter </li></ul><ul><li>F...
Optical Media <ul><li>Optical media use a principle for recording information different from magnetic media  </li></ul><ul...
Optical Media (continued) <ul><li>A Compact Disc-Rewriteable (CD-RW) disc can be used to record data, erase it, and record...
Electronic Media <ul><li>Electronic media use flash memory for storage </li></ul><ul><ul><li>Flash memory is a solid state...
Electronic Media (continued) <ul><li>CompactFlash card  </li></ul><ul><ul><li>Consists of a small circuit board with flash...
Keeping Removable Media Secure <ul><li>Protecting removable media involves making sure that antivirus and other security s...
Hardening Network Devices <ul><li>Each device that is connected to a network is a potential target of an attack and must b...
Hardening Standard Network Devices <ul><li>A standard network device is a typical piece of equipment that is found on almo...
Workstations and Servers <ul><li>Workstation: personal computer attached to a network (also called a client) </li></ul><ul...
Switches and Routers <ul><li>Switch </li></ul><ul><ul><li>Most commonly used in Ethernet LANs </li></ul></ul><ul><ul><li>R...
Switches and Routers (continued) <ul><li>Switches and routers must also be protected against attacks </li></ul><ul><li>Swi...
Switches and Routers (continued) <ul><li>Each agent monitors network traffic and stores that information in its management...
Hardening Communication Devices <ul><li>A second category of network devices are those that communicate over longer distan...
Modems <ul><li>Most common communication device </li></ul><ul><li>Broadband is increasing in popularity and can create net...
Modems (continued)  <ul><li>A computer connects to a cable modem, which is connected to the coaxial cable that brings cabl...
Remote Access Servers <ul><li>Set of technologies that allows a remote user to connect to a network through the Internet o...
Remote Access Servers (continued)
Remote Access Servers (continued) <ul><li>Remote access clients can run almost all network-based applications without modi...
Telecom/PBX Systems <ul><li>Term used to describe a Private Branch eXchange </li></ul><ul><li>The definition of a PBX come...
Mobile Devices <ul><li>As cellular phones and personal digital assistants (PDAs) have become increasingly popular, they ha...
Hardening Network Security Devices <ul><li>The final category of network devices includes those designed and used strictly...
Firewalls <ul><li>Typically used to filter packets </li></ul><ul><li>Designed to prevent malicious packets from entering t...
Firewalls (continued) <ul><li>Software firewall runs as a program on a local computer (sometimes known as a personal firew...
Firewalls (continued) <ul><li>Filter packets in one of two ways: </li></ul><ul><ul><li>Stateless packet filtering: permits...
Firewalls (continued) <ul><li>An application layer firewall can defend against worms better than other kinds of firewalls ...
Intrusion-Detection Systems (IDSs) <ul><li>Devices that establish and maintain network security </li></ul><ul><li>Active I...
Intrusion-Detection Systems (IDSs) (continued) <ul><li>Host-based IDS monitors critical operating system files and compute...
Network Monitoring and  Diagnostic Devices <ul><li>SNMP enables network administrators to: </li></ul><ul><ul><li>Monitor n...
Designing Network Topologies <ul><li>Topology: physical layout of the network devices, how they are interconnected, and ho...
Security Zones <ul><li>One of the keys to mapping the topology of a network is to separate secure users from outsiders thr...
Demilitarized Zones (DMZs) <ul><li>Separate networks that sit outside the secure network perimeter </li></ul><ul><li>Outsi...
Demilitarized Zones (DMZs)  (continued)
Intranets <ul><li>Networks that use the same protocols as the public Internet, but are only accessible to trusted inside u...
Extranets <ul><li>Sometimes called a cross between the Internet and an intranet </li></ul><ul><li>Accessible to users that...
Network Address Translation (NAT) <ul><li>“You cannot attack what you do not see” is the philosophy behind Network Address...
Network Address Translation  (NAT) (continued) <ul><li>These IP addresses are not assigned to any specific user or organiz...
Honeypots <ul><li>Computers located in a DMZ loaded with software and data files that appear to be authentic </li></ul><ul...
Honeypots (continued)
Virtual LANs (VLANs) <ul><li>Segment a network with switches to divide the network into a hierarchy </li></ul><ul><li>Core...
Virtual LANs (VLANs)  (continued)
Virtual LANs (VLANs)  (continued) <ul><li>Segment a network by grouping similar users together </li></ul><ul><li>Instead o...
Summary <ul><li>Cable plant: physical infrastructure (wire, connectors, and cables that carry data communication signals b...
Summary (continued) <ul><li>Network devices (workstations, servers, switches, and routers) should all be hardened to repel...
Upcoming SlideShare
Loading in …5
×

Securing the Network Infrastructure

856 views

Published on

  • Be the first to comment

  • Be the first to like this

Securing the Network Infrastructure

  1. 1. Chapter 5: Securing the Network Infrastructure Security+ Guide to Network Security Fundamentals Second Edition
  2. 2. Objectives <ul><li>Work with the network cable plant </li></ul><ul><li>Secure removable media </li></ul><ul><li>Harden network devices </li></ul><ul><li>Design network topologies </li></ul>
  3. 3. Working with the Network Cable Plant <ul><li>Cable plant: physical infrastructure of a network (wire, connectors, and cables) used to carry data communication signals between equipment </li></ul><ul><li>Three types of transmission media: </li></ul><ul><ul><li>Coaxial cables </li></ul></ul><ul><ul><li>Twisted-pair cables </li></ul></ul><ul><ul><li>Fiber-optic cables </li></ul></ul>
  4. 4. Coaxial Cables <ul><li>Coaxial cable was main type of copper cabling used in computer networks for many years </li></ul><ul><li>Has a single copper wire at its center surrounded by insulation and shielding </li></ul><ul><li>Called “coaxial” because it houses two (co) axes or shafts ― the copper wire and the shielding </li></ul><ul><li>Thick coaxial cable has a copper wire in center surrounded by a thick layer of insulation that is covered with braided metal shielding </li></ul>
  5. 5. Coaxial Cables (continued) <ul><li>Thin coaxial cable looks similar to the cable that carries a cable TV signal </li></ul><ul><li>A braided copper mesh channel surrounds the insulation and everything is covered by an outer shield of insulation for the cable itself </li></ul><ul><li>The copper mesh channel protects the core from interference </li></ul><ul><li>BNC connectors: connectors used on the ends of a thin coaxial cable </li></ul>
  6. 6. Coaxial Cables (continued)
  7. 7. Twisted-Pair Cables <ul><li>Standard for copper cabling used in computer networks today, replacing thin coaxial cable </li></ul><ul><li>Composed of two insulated copper wires twisted around each other and bundled together with other pairs in a jacket </li></ul>
  8. 8. Twisted-Pair Cables (continued) <ul><li>Shielded twisted-pair (STP) cables have a foil shielding on the inside of the jacket to reduce interference </li></ul><ul><li>Unshielded twisted-pair (UTP) cables do not have any shielding </li></ul><ul><li>Twisted-pair cables have RJ-45 connectors </li></ul>
  9. 9. Fiber-Optic Cables <ul><li>Coaxial and twisted-pair cables have copper wire at the center that conducts an electrical signal </li></ul><ul><li>Fiber-optic cable uses a very thin cylinder of glass (core) at its center instead of copper that transmit light impulses </li></ul><ul><li>A glass tube (cladding) surrounds the core </li></ul><ul><li>The core and cladding are protected by a jacket </li></ul>
  10. 10. Fiber-Optic Cables (continued) <ul><li>Classified by the diameter of the core and the diameter of the cladding </li></ul><ul><ul><li>Diameters are measured in microns, each is about 1/25,000 of an inch or one-millionth of a meter </li></ul></ul><ul><li>Two types: </li></ul><ul><ul><li>Single-mode fiber cables: used when data must be transmitted over long distances </li></ul></ul><ul><ul><li>Multimode cable: supports many simultaneous light transmissions, generated by light-emitting diodes </li></ul></ul>
  11. 11. Securing the Cable Plant <ul><li>Securing cabling outside the protected network is not the primary security issue for most organizations </li></ul><ul><li>Focus is on protecting access to the cable plant in the internal network </li></ul><ul><li>An attacker who can access the internal network directly through the cable plant has effectively bypassed the network security perimeter and can launch his attacks at will </li></ul>
  12. 12. Securing the Cable Plant (continued) <ul><li>The attacker can capture packets as they travel through the network by sniffing </li></ul><ul><ul><li>The hardware or software that performs such functions is called a sniffer </li></ul></ul><ul><li>Physical security </li></ul><ul><ul><li>First line of defense </li></ul></ul><ul><ul><li>Protects the equipment and infrastructure itself </li></ul></ul><ul><ul><li>Has one primary goal: to prevent unauthorized users from reaching the equipment or cable plant in order to use, steal, or vandalize it </li></ul></ul>
  13. 13. Securing Removable Media <ul><li>Securing critical information stored on a file server can be achieved through strong passwords, network security devices, antivirus software, and door locks </li></ul><ul><li>An employee copying data to a floppy disk or CD and carrying it home poses two risks: </li></ul><ul><ul><li>Storage media could be lost or stolen, compromising the information </li></ul></ul><ul><ul><li>A worm or virus could be introduced to the media, potentially damaging the stored information and infecting the network </li></ul></ul>
  14. 14. Magnetic Media <ul><li>Record information by changing the magnetic direction of particles on a platter </li></ul><ul><li>Floppy disks were some of the first magnetic media developed </li></ul><ul><li>The capacity of today’s 3 1/2-inch disks are 14 MB </li></ul><ul><li>Hard drives contain several platters stacked in a closed unit, each platter having its own head or apparatus to read and write information </li></ul><ul><li>Magnetic tape drives record information in a serial fashion </li></ul>
  15. 15. Optical Media <ul><li>Optical media use a principle for recording information different from magnetic media </li></ul><ul><li>A high-intensity laser burns a tiny pit into the surface of an optical disc to record a one, but does nothing to record a zero </li></ul><ul><li>Capacity of optical discs varies by type </li></ul><ul><li>A Compact Disc-Recordable (CD-R) disc can record up to 650 MB of data </li></ul><ul><li>Data cannot be changed once recorded </li></ul>
  16. 16. Optical Media (continued) <ul><li>A Compact Disc-Rewriteable (CD-RW) disc can be used to record data, erase it, and record again </li></ul><ul><li>A Digital Versatile Disc (DVD) can store much larger amounts of data </li></ul><ul><ul><li>DVD formats include Digital Versatile Disc-Recordable (DVD-R), which can record once up to 395 GB on a single-sided disc and 79 GB on a double-sided disc </li></ul></ul>
  17. 17. Electronic Media <ul><li>Electronic media use flash memory for storage </li></ul><ul><ul><li>Flash memory is a solid state storage device ― everything is electronic, with no moving or mechanical parts </li></ul></ul><ul><li>SmartMedia cards range in capacity from 2 MB to 128 MB </li></ul><ul><li>The card itself is only 45 mm long, 37 mm wide, and less than 1 mm thick </li></ul>
  18. 18. Electronic Media (continued) <ul><li>CompactFlash card </li></ul><ul><ul><li>Consists of a small circuit board with flash memory chips and a dedicated controller chip encased in a shell </li></ul></ul><ul><ul><li>Come in 33 mm and 55 mm thicknesses and store between 8MB and 192 MB of data </li></ul></ul><ul><li>USB memory stick is becoming very popular </li></ul><ul><ul><li>Can hold between 8 MB and 1 GB of memory </li></ul></ul>
  19. 19. Keeping Removable Media Secure <ul><li>Protecting removable media involves making sure that antivirus and other security software are installed on all systems that may receive a removable media device, including employee home computers </li></ul>
  20. 20. Hardening Network Devices <ul><li>Each device that is connected to a network is a potential target of an attack and must be properly protected </li></ul><ul><li>Network devices to be hardened categorized as: </li></ul><ul><ul><li>Standard network devices </li></ul></ul><ul><ul><li>Communication devices </li></ul></ul><ul><ul><li>Network security devices </li></ul></ul>
  21. 21. Hardening Standard Network Devices <ul><li>A standard network device is a typical piece of equipment that is found on almost every network, such as a workstation, server, switch, or router </li></ul><ul><li>This equipment has basic security features that you can use to harden the devices </li></ul>
  22. 22. Workstations and Servers <ul><li>Workstation: personal computer attached to a network (also called a client) </li></ul><ul><ul><li>Connected to a LAN and shares resources with other workstations and network equipment </li></ul></ul><ul><ul><li>Can be used independently of the network and can have their own applications installed </li></ul></ul><ul><li>Server: computer on a network dedicated to managing and controlling the network </li></ul><ul><li>Basic steps to harden these systems are outlined on page 152 </li></ul>
  23. 23. Switches and Routers <ul><li>Switch </li></ul><ul><ul><li>Most commonly used in Ethernet LANs </li></ul></ul><ul><ul><li>Receives a packet from one network device and sends it to the destination device only </li></ul></ul><ul><ul><li>Limits the collision domain (part of network on which multiple devices may attempt to send packets simultaneously) </li></ul></ul><ul><li>A switch is used within a single network </li></ul><ul><li>Routers connect two or more single networks to form a larger network </li></ul>
  24. 24. Switches and Routers (continued) <ul><li>Switches and routers must also be protected against attacks </li></ul><ul><li>Switches and routers can be managed using the Simple Network Management Protocol (SNMP), part of the TCP/IP protocol suite </li></ul><ul><li>Software agents are loaded onto each network device to be managed </li></ul>
  25. 25. Switches and Routers (continued) <ul><li>Each agent monitors network traffic and stores that information in its management information base (MIB) </li></ul><ul><li>A computer with SNMP management software (SNMP management station) communicates with software agents on each network device and collects the data stored in the MIBs </li></ul><ul><li>Page 154 lists defensive controls that can be set for switches and routers </li></ul>
  26. 26. Hardening Communication Devices <ul><li>A second category of network devices are those that communicate over longer distances </li></ul><ul><li>Include: </li></ul><ul><ul><li>Modems </li></ul></ul><ul><ul><li>Remote access servers </li></ul></ul><ul><ul><li>Telecom/PBX Systems </li></ul></ul><ul><ul><li>Mobile devices </li></ul></ul>
  27. 27. Modems <ul><li>Most common communication device </li></ul><ul><li>Broadband is increasing in popularity and can create network connection speeds of 15 Mbps and higher </li></ul><ul><li>Two popular broadband technologies: </li></ul><ul><ul><li>Digital Subscriber Line (DSL) transmits data at 15 Mbps over regular telephone lines </li></ul></ul><ul><ul><li>Another broadband technology uses the local cable television system </li></ul></ul>
  28. 28. Modems (continued) <ul><li>A computer connects to a cable modem, which is connected to the coaxial cable that brings cable TV signals to the home </li></ul><ul><li>Because cable connectivity is shared in a neighborhood, other users can use a sniffer to view traffic </li></ul><ul><li>Another risk with DSL and cable modem connections is that broadband connections are charged at a set monthly rate, not by the minute of connect time </li></ul>
  29. 29. Remote Access Servers <ul><li>Set of technologies that allows a remote user to connect to a network through the Internet or a wide area network (WAN) </li></ul><ul><li>Users run remote access client software and initiate a connection to a Remote Access Server (RAS), which authenticates users and passes service requests to the network </li></ul>
  30. 30. Remote Access Servers (continued)
  31. 31. Remote Access Servers (continued) <ul><li>Remote access clients can run almost all network-based applications without modification </li></ul><ul><ul><li>Possible because remote access technology supports both drive letters and universal naming convention (UNC) names </li></ul></ul><ul><li>Minimum security features are listed on page 158 </li></ul>
  32. 32. Telecom/PBX Systems <ul><li>Term used to describe a Private Branch eXchange </li></ul><ul><li>The definition of a PBX comes from the words that make up its name: </li></ul><ul><ul><li>Private </li></ul></ul><ul><ul><li>Branch </li></ul></ul><ul><ul><li>eXchange </li></ul></ul>
  33. 33. Mobile Devices <ul><li>As cellular phones and personal digital assistants (PDAs) have become increasingly popular, they have become the target of attackers </li></ul><ul><li>Some defenses against attacks on these devices use real-time data encryption and passwords to protect the system so that an intruder cannot “beam” a virus through a wireless connection </li></ul>
  34. 34. Hardening Network Security Devices <ul><li>The final category of network devices includes those designed and used strictly to protect the network </li></ul><ul><li>Include: </li></ul><ul><ul><li>Firewalls </li></ul></ul><ul><ul><li>Intrusion-detection systems </li></ul></ul><ul><ul><li>Network monitoring and diagnostic devices </li></ul></ul>
  35. 35. Firewalls <ul><li>Typically used to filter packets </li></ul><ul><li>Designed to prevent malicious packets from entering the network or its computers (sometimes called a packet filter) </li></ul><ul><li>Typically located outside the network security perimeter as first line of defense </li></ul><ul><li>Can be software or hardware configurations </li></ul>
  36. 36. Firewalls (continued) <ul><li>Software firewall runs as a program on a local computer (sometimes known as a personal firewall) </li></ul><ul><ul><li>Enterprise firewalls are software firewalls designed to run on a dedicated device and protect a network instead of only one computer </li></ul></ul><ul><ul><li>One disadvantage is that it is only as strong as the operating system of the computer </li></ul></ul>
  37. 37. Firewalls (continued) <ul><li>Filter packets in one of two ways: </li></ul><ul><ul><li>Stateless packet filtering: permits or denies each packet based strictly on the rule base </li></ul></ul><ul><ul><li>Stateful packet filtering: records state of a connection between an internal computer and an external server; makes decisions based on connection and rule base </li></ul></ul><ul><li>Can perform content filtering to block access to undesirable Web sites </li></ul>
  38. 38. Firewalls (continued) <ul><li>An application layer firewall can defend against worms better than other kinds of firewalls </li></ul><ul><ul><li>Reassembles and analyzes packet streams instead of examining individual packets </li></ul></ul>
  39. 39. Intrusion-Detection Systems (IDSs) <ul><li>Devices that establish and maintain network security </li></ul><ul><li>Active IDS (or reactive IDS) performs a specific function when it senses an attack, such as dropping packets or tracing the attack back to a source </li></ul><ul><ul><li>Installed on the server or, in some instances, on all computers on the network </li></ul></ul><ul><li>Passive IDS sends information about what happened, but does not take action </li></ul>
  40. 40. Intrusion-Detection Systems (IDSs) (continued) <ul><li>Host-based IDS monitors critical operating system files and computer’s processor activity and memory; scans event logs for signs of suspicious activity </li></ul><ul><li>Network-based IDS monitors all network traffic instead of only the activity on a computer </li></ul><ul><ul><li>Typically located just behind the firewall </li></ul></ul><ul><li>Other IDS systems are based on behavior: </li></ul><ul><ul><li>W atch network activity and report abnormal behavior </li></ul></ul><ul><ul><li>Result in many false alarms </li></ul></ul>
  41. 41. Network Monitoring and Diagnostic Devices <ul><li>SNMP enables network administrators to: </li></ul><ul><ul><li>Monitor network performance </li></ul></ul><ul><ul><li>Find and solve network problems </li></ul></ul><ul><ul><li>Plan for network growth </li></ul></ul><ul><li>Managed device: </li></ul><ul><ul><li>Network device that contains an SNMP agent </li></ul></ul><ul><ul><li>Collects and stores management information and makes it available to SNMP </li></ul></ul>
  42. 42. Designing Network Topologies <ul><li>Topology: physical layout of the network devices, how they are interconnected, and how they communicate </li></ul><ul><li>Essential to establishing its security </li></ul><ul><li>Although network topologies can be modified for security reasons, the network still must reflect the needs of the organization and users </li></ul>
  43. 43. Security Zones <ul><li>One of the keys to mapping the topology of a network is to separate secure users from outsiders through: </li></ul><ul><ul><li>Demilitarized Zones (DMZs) </li></ul></ul><ul><ul><li>Intranets </li></ul></ul><ul><ul><li>Extranets </li></ul></ul>
  44. 44. Demilitarized Zones (DMZs) <ul><li>Separate networks that sit outside the secure network perimeter </li></ul><ul><li>Outside users can access the DMZ, but cannot enter the secure network </li></ul><ul><li>For extra security, some networks use a DMZ with two firewalls </li></ul><ul><li>The types of servers that should be located in the DMZ include: </li></ul><ul><ul><li>Web servers – E-mail servers </li></ul></ul><ul><ul><li>Remote access servers – FTP servers </li></ul></ul>
  45. 45. Demilitarized Zones (DMZs) (continued)
  46. 46. Intranets <ul><li>Networks that use the same protocols as the public Internet, but are only accessible to trusted inside users </li></ul><ul><li>Disadvantage is that it does not allow remote trusted users access to information </li></ul>
  47. 47. Extranets <ul><li>Sometimes called a cross between the Internet and an intranet </li></ul><ul><li>Accessible to users that are not trusted internal users, but trusted external users </li></ul><ul><li>Not accessible to the general public, but allows vendors and business partners to access a company Web site </li></ul>
  48. 48. Network Address Translation (NAT) <ul><li>“You cannot attack what you do not see” is the philosophy behind Network Address Translation (NAT) systems </li></ul><ul><li>Hides the IP addresses of network devices from attackers </li></ul><ul><li>Computers are assigned special IP addresses (known as private addresses) </li></ul>
  49. 49. Network Address Translation (NAT) (continued) <ul><li>These IP addresses are not assigned to any specific user or organization; anyone can use them on their own private internal network </li></ul><ul><li>Port address translation (PAT) is a variation of NAT </li></ul><ul><li>Each packet is given the same IP address, but a different TCP port number </li></ul>
  50. 50. Honeypots <ul><li>Computers located in a DMZ loaded with software and data files that appear to be authentic </li></ul><ul><li>Intended to trap or trick attackers </li></ul><ul><li>Two-fold purpose: </li></ul><ul><ul><li>To direct attacker’s attention away from real servers on the network </li></ul></ul><ul><ul><li>To examine techniques used by attackers </li></ul></ul>
  51. 51. Honeypots (continued)
  52. 52. Virtual LANs (VLANs) <ul><li>Segment a network with switches to divide the network into a hierarchy </li></ul><ul><li>Core switches reside at the top of the hierarchy and carry traffic between switches </li></ul><ul><li>Workgroup switches are connected directly to the devices on the network </li></ul><ul><li>Core switches must work faster than workgroup switches because core switches must handle the traffic of several workgroup switches </li></ul>
  53. 53. Virtual LANs (VLANs) (continued)
  54. 54. Virtual LANs (VLANs) (continued) <ul><li>Segment a network by grouping similar users together </li></ul><ul><li>Instead of segmenting by user, you can segment a network by separating devices into logical groups (known as creating a VLAN) </li></ul>
  55. 55. Summary <ul><li>Cable plant: physical infrastructure (wire, connectors, and cables that carry data communication signals between equipment) </li></ul><ul><li>Removable media used to store information include: </li></ul><ul><ul><li>Magnetic storage (removable disks, hard drives) </li></ul></ul><ul><ul><li>Optical storage (CD and DVD) </li></ul></ul><ul><ul><li>Electronic storage (USB memory sticks, FlashCards) </li></ul></ul>
  56. 56. Summary (continued) <ul><li>Network devices (workstations, servers, switches, and routers) should all be hardened to repel attackers </li></ul><ul><li>A network’s topology plays a critical role in resisting attackers </li></ul><ul><li>Hiding the IP address of a network device can help disguise it so that an attacker cannot find it </li></ul>

×