Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

PACE-IT, Security+1.2: Secure Network Administration Concepts


Published on

CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)

"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program:

Published in: Education
  • Be the first to comment

  • Be the first to like this

PACE-IT, Security+1.2: Secure Network Administration Concepts

  1. 1. Secure network administration concepts.
  2. 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of expertise Industry Certifications  PC Hardware  Network Administration  IT Project Management  Network Design  User Training  IT Troubleshooting Qualifications Summary Education  M.B.A., IT Management, Western Governor’s University  B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
  3. 3. Page 3 PACE-IT. – Rule-based management. – Additional secure network administration concepts.
  4. 4. Page 4 Secure network administration concepts.
  5. 5. Page 5 Secure network administration concepts. – Rule-based management defined. » The implementation of rules at the technology level, used to create a secure network environment. Rule-based management should be designed and tested to ensure that the rules function as expected. – Firewall rules. » The firewall rules should be configured in such a way that only the required traffic is allowed to pass through. • Whenever possible, the default rule should be to deny traffic. • Exceptions are then created to allow the required traffic. » The last rule on any firewall should be an implicit deny statement. • Unless explicitly allowed, the traffic is denied entry into the network.
  6. 6. Page 6 Secure network administration concepts. – Access control list (ACL). » Should be implemented wherever possible. • Firewall rules are often called ACLs. » Files and folders can have ACLs placed on them through the use of permissions. » Routers can have two ACLs per network interface. • One ACL is on the inbound side of the interface. • The other ACL is on the outbound side of the interface. » All ACLs end with an implicit deny statement. • If not explicitly allowed in the ACL, the traffic or request is denied. » Once created, the ACL should be tested for functionality. • To ensure that required actions are allowed. • To ensure that non-required actions are not allowed.
  7. 7. Page 7 Secure network administration concepts.
  8. 8. Page 8 Secure network administration concepts. Secure router configuration. Locking the front door to the network. Put active ACLs in place. Disable default usernames and passwords. Require passwords for all accessto the router. Wheneverpossible, use only secure protocols for access. Port security. Locking a back door to the network. Enable security on all switch ports. This limits the ability of an attacker to gain access through a switch. MAC filtering is the security method that is most commonly used. Network separation. Putting the eggs in more than one basket. Separate and group network resources by function and security needs. This can create more secure areas within a network. Separation can be achieved through VLAN management.
  9. 9. Page 9 Secure network administration concepts. VLAN management. Keeping the fox out of the hen house. Change default managementVLANs. Proper VLAN managementkeeps network trafficwhere it belongs. To allow inter-VLAN communication,the traffic has to pass through a router. Flood guards. Blocking the most common of attacks. The most common network attack is the denial of service (DoS) attack. The attacker floods the network with traffic to block legitimate traffic. Flood guards can recognize the pattern and halt the attack before the damage is done. Loop protection. Preventing unnecessary network traffic. Redundant routes can create routing loops. Routers use a time-to-live (TTL) value and split horizon to combat these. Redundant links on switches can also create loops. Spanning Tree Protocol (STP) will negate the loops.
  10. 10. Page 10 Secure network administration concepts. 802.1x Know exactly who has access to resources. 802.1x is an authenticationprotocol used on wired and wireless networks. It requires users to authenticate(prove who they are) against a central database beforeaccess to the network is granted. Unifiedthreatmanagement. Multiple security measures in one device. Unified threat management (UTM) is a possible all-in-one security solution. UTM systems provide multiple security functions (e.g., firewall and antivirus) in a single network appliance. Log analysis. Know what is happening all the time. Security, system, and application logs should be reviewed on a regular basis. All too often they are only reviewed after a problem has occurred, when the signs were present in the log files all along.
  11. 11. Page 11 Secure network administration concepts. Rules-based management is the implementation of rules at the technology level, to create a secure network environment. Rules should be implemented at the firewall to limit traffic to just what is required. An ACL should be used wherever possible to restrict access and actions to only those that are absolutely required on the network. Topic Rule-based management. Summary Security needs to be considered from multiple aspects and angles in order to ensure a secure network. Possible administrative strategies include secure router configuration, port security, network separation, VLAN management, flood guards, loop protection, 802.1x, UTM, and log analysis. Additional secure network administration concepts.
  12. 12. Page 12 THANK YOU!
  13. 13. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.