SlideShare a Scribd company logo
http://www.enterprisegrc.com
Networking and Communications Security – Network Architecture
Design Principles
CISSP Study Notes –
prepared by Robin Basham, CISSP, CISA, CRISC, CGEIT, CRP, VRP
http://www.enterprisegrc.com
Data Sources
All slides are a summary of information directly located in the study sources for the CISSP or
CISCO, Windows certified online technet training; The majority is directly summarized
CISSP® (ISC)2® Certified Information Systems Security Professional Official Study Guide
Seventh Edition CISSP Certified Information Systems Security Professional Study Guide,
7th Edition has completely been updated for the latest 2015 CISSP Body of Knowledge.
This Sybex Study Guide covers 100% of all exam objectives. You'll prepare for the exam
smarter and faster with Sybex thanks to expert content, real-world examples, advice on
passing each section of the exam, access to the Sybex online interactive learning
environment, and much more. Reinforce what you've learned with key topic exam
essentials and chapter review questions.
Coverage of all of the exam topics in the book means you'll be ready for Access Control,
Application Development Security, Business Continuity and Disaster Recovery Planning,
Cryptography, Information Security Governance and Risk Management, Legal,
Regulations, Investigations and Compliance, Operations Security, Physical
(Environmental) Security, Security Architecture and Design, and Telecommunications and
Network Security.
MGT414: SANS Training Program for CISSP Certification (A04_3877)
MGT414: SANS Training Program for CISSP Certification (A04_3877) The SANS Institute was established in 1989
as a cooperative research and education organization. Its programs now reach more than 165,000 security
professionals around the world. A range of individuals from auditors and network administrators, to chief
information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges
they face. At the heart of SANS are the many security practitioners in varied global organizations from
corporations to universities working together to help the entire information security community.
SANS is the most trusted and by far the largest source for information security training and security
certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of
research documents about various aspects of information security, and it operates the Internet's early warning
system - the Internet Storm Center.
Remember the ISO Open System Interconnect OSI REFERENCE Model
http://www.enterprisegrc.com
Encapsulation
OSI Conceptually explains movement of information
• Process of moving information down the
stack and up the stack
• Each layer communicates with
corresponding layer just below in the
stack.
• Data encapsulation is the process in which
information from one packet is wrapped
around or attached to the data of another
packet.
OSI Layers - Encapsulation appends header footer across 7 layers
Strippingofftheheader
Protocols = data “language” managed generated here
 Application : HTTP, FTP, LPD, SMTP, Telnet, TFTP, EDI, POP3, IMAP,
SNMP, NNTP, S-RPC, and SET
 Presentation: Encryption protocols and format types, such as ASCII,
EBCDICM, TIFF, JPEG, MPEG, and MIDI
 Session: NFS, SQL, and RPC
 Transport: SPX, SSL, TLS, TCP, and UDP
 Network: ICMP, RIP, OSPF, BGP, IGMP, IP, IPSec, IPX, NAT, ARP and SKIP
 Data Link: SLIP, PPP, ARP, RARP, L2F, L2TP, PPTP, FDDI, ISDN
 Physical: EIA/TIA-232, EIA/TIA-449, X.21, HSSI, SONET, V.24, and V.35
Actual transmission across physical media
How do we hand off and what do we peel off?
SENDINGPROCESS
Encapsulation
Application (Layer 7) “data stream”
Presentation (layer 6) still “data stream”
Session (layer 5) still “data stream”
Transport (layer 4) becomes “segment” if
TCP “datagram” if UDP
Network (layer 3) becomes “packet”
Data link (layer 2) becomes a “frame”
Physical (layer 1) converted into “bits”
for transmission
Application (Layer 7) “data stream”
Presentation (layer 6) still “data stream”
Session (layer 5) still “data stream”
Transport (layer 4) becomes “segment” if
TCP “datagram” if UDP
Network (layer 3) becomes “packet”
Data link (layer 2) becomes a “frame”
Physical (layer 1) converted into “bits”
for transmission
AH DATA
DATA
PH AH DATA
SH PH AH DATA
TH SH PH AH DATA
TH SH PH AH DATANH
DH TH SH PH AH DATANH
DH TH SH PH AH DATANH
Client A -SENDING PROCESS Client B RECIEVING PROCESS
Application Protocol + Application Header
Presentation Layer Protocol + Header
Session Layer Protocol + Header
Transport Layer Protocol + Header
Network Layer Pro. + Header
Data Link Lay. Pro. + Hr
BITS
RECEIVINGPROCESS
De-Encapsulation-strippingofftheheader
DATA
-DH
-NH
-TH
-SH
-PH
-AH
Encapsulation
Encapsulation appends header footer across 7 layers
 OSI is the conceptual model, however, TCP/IP is the
implementation model.
TCP/IP
Is 4 Layer Implementation
of protocols
Application (Ap, Pre, Ses)
Transport (TCP) (Transport)
Internet IP (Network)
Network (Phys/Data)
TCP/IP DARPA or DOD model – example SSH
OSI TCP/IP Protocols Description
7 Application
Application Layer 4
HTTP SMTP
Consists of the applications and processes
that use the network.
6 Presentation
5 Session
4 Transport
Transport Layer 3
Host to Host
TCP and UDP
Provides end-to-end data delivery service to
the Application Layer.
3 Network Internet Layer 2
IP IPv4 IPv6 ICMP ICMPv6 ECN IGMP
IPSec, ARP, RARP
Defines the IP datagram and handles the
routing of data across networks.
2 Data link
Link Layer 1
Network Access
ARP NDP OSPF Tunnels L2TP PPP MAC
Ethernet DSL ISDN FDDI
Consists of routines for accessing physical
networks and the electrical connection.
1 Physical
TCP/IP DARPA or DOD model = Internet protocol suite
Application layer includes protocols from the Application Layer of the Internet
Protocol Suite as well as the protocols of OSI Layer 7. The Application Layer of
the Internet Protocol Suite includes Session Layer protocols and Presentation
Layer protocols from OSI.
 BGP DHCP DNS FTP HTTP IMAP LDAP MGCP NNTP NTP POP ONC/RPC RTP
RTSP RIP SIP SMTP SNMP SSH Telnet TLS/SSL XMPP
Transport layer is a conceptual division of methods in the layered architecture
of protocols in the network stack in the Internet Protocol Suite and the Open
Systems Interconnection (OSI). The protocols of the layer provide host-to-host
communication services for applications. It provides services such as
connection-oriented data stream support, reliability, flow control, and
multiplexing.
 TCP UDP DCCP SCTP RSVP
TCP/IP DARPA or DOD model = Internet protocol suite
Internet layer is a group of internetworking methods, protocols, and specifications in the Internet protocol
suite that are used to transport datagrams (packets) from the originating host across network boundaries, if
necessary, to the destination host specified by a network address (IP address) which is defined for this
purpose by the Internet Protocol (IP). The internet layer derives its name from internetworking, which is the
concept of connecting multiple networks with each other through gateways.
Internet-layer protocols use IP-based packets. The internet layer does not include the protocols that define
communication between local (on-link) network nodes which fulfill the purpose of maintaining link states
between the local nodes, such as the local network topology, and that usually use protocols that are based on
the framing of packets specific to the link types. Such protocols belong to the link layer.
A common design aspect in the internet layer is the robustness principle: "Be liberal in what you accept, and
conservative in what you send“ as a misbehaving host can deny Internet service to many other users.
 IP IPv4 IPv6 ICMP ICMPv6 ECN IGMP IPsec
Link layer
 ARP NDP OSPF Tunnels L2TP PPP MAC Ethernet DSL ISDN FDDI
Encapsulation
Hardware changes across 7 layers
Don’t confuse TCP/IP
Implementation model organizing as:
Application (Ap, Pre, Ses) - Transport (TCP) (Transport) - Internet IP
(Network) - Network (Phys/Data)
802.1x NAC layer 2 authentication
Unknown system connects to 802.1x enabled
port – Extensible Authentication Protocol over
LAN EAPOL can pass but TCP and UDP are
blocked. Local 802.x software authenticates
client supplicant. Authenticator running on
switch negotiates EAP, passing supplied
credentials to RADIUS or DIAMETER
Application Data Stream – Application specific
protocols
 Security: Confidentiality,
authentication, data integrity, non-
repudiation
 Technology: gateways
 Protocols: FTP, SMB, TELNET, TFTP,
SMTP, HTTP, NNTP, CDP, GOPHER,
SNMP, NDS, AFP, SAP, NCP, SET
Application is
protocols responsible
for interfacing or
transmitting files,
message exchange,
connect to remote
terminals.
TCP/IP
Application Layer 4
Do not set your
credit card on a
server and
leave it out on
the application
layer
Application specific protocols LAYER 7 PROTOCOLS
LAYER 7 PROTOCOLS
 Hypertext Transfer Protocol HTTP 80
 SECURE Hypertext Transfer Protocol HTTPS 443
 File Transfer Protocol FTP 20/21
 Line Print Daemon LPD
 Simple Mail Transfer Protocol SMTP 25
 Telecommunications Network Protocol Telnet 23
 Trivial File Transfer Protocol TFTP
 Electronic Data Interchange EDI
 Post Office Protocol V3 POP3
 Internet Message Access Protocol IMAP
 Simple Network Management Protocol SNMP
 Network News Transport Protocol NNTP
 Secure Remote Procedure Call S-RPC
 Secure Electronic Transaction SET
 Session Initiation Protocol SIP
 Server Message Block Protocol SMB
Application is protocols responsible
for interfacing or transmitting files,
message exchange, connect to remote
terminals.
TCP/IP
Application Layer 4
Presentation Layer 6 - Machine Dependent 2 Machine
Independent format – File and Data
EBDIC to ASCII Encryption
Compression; Extended Binary Coded Decimal
Interchange Code (EBCDIC) is an 8-bit character
encoding used mainly on IBM mainframe and IBM
midrange computer operating systems.
How data may enter the network
TCP/IP
Application Layer 4
Presentation Layer 6 - Takes Machine Dependent Info
2 Machine Independent format – file and data
Security: confidentiality,
authentication,
encryption
Technology: gateway
Protocols: ASCII,
EBCDIC, POSTSCRIPT,
JPEG, MPEG, GIF
How data may
enter the
network
LAYER 6 PROTOCOLS
• American Standard Code For Information
Interchange ASCII
• Extended Binary Coded Decimal Interchange Mod
EBCDICM
• Tagged Image File Format TIFF
• Joint Photographic Experts Group JPEG
• Moving Pictures Experts Group MPEG
• Musical Instrument Digital Interface MIDI
TCP/IP
Application Layer 4
Session layer 5 formats data for transfer
Sets up links, maintains the link, and link tear-down between
applications
TCP/IP
Application Layer 4
Session layer 5 formats data for transfer
LAYER 5 PROTOCOLS
 Network File System NFS
 Structured Query Language SQL
 Remote Procedure Call RPC
 RADIUS (using L4 UDP) TACACS (using L4 TCP)
 Responsible for the setup of the links, maintaining of the link, and the link tear-down between applications.
TCP/IP
Application Layer 4
(includes Application,
Presentation and
Session)
Transport layer 4
Ensures end to end
delivery; addressing
Security: Confidentiality,
authentication, integrity
Technology: gateways
Protocols: TCP, UDP, SSL, SSH-2,
SPX, ATP.
Responsible for the guaranteed
delivery of user information. It is
also responsible for error
detection, correction, and flow
control. User information at this
layer is called datagrams.
TCP/IP
Transport Layer 3
Host to Host (TCP/UDP)
Introduction to Transport Layer 4
TCPIP Joke – Syn Synack Ack 3 Way
TCP/IP
Internet Layer 2
IP, ARP, RARP, ICMP
Datagrams
Transport layer 4
LAYER 4 PROTOCOLS
• Transmission Control Protocol TCP
• User Datagram Protocol UDP
• Secure Socket Layer SSL
• Transport Layer Security TLS
• Secure Shell + SFTP Protocol SSH-2*
• Sequenced Packet Exchange SPX
• Stream Control Transmission Protocol
SCTP
• AppleTalk Transaction Protocol ATP
• Fiber Channel Protocol FCP
• Reliable Datagram Protocol RDP
• Security: Confidentiality, authentication,
integrity
• Technology: gateways
• * The program SSH (Secure Shell)
provides an encrypted channel for
logging into another computer over a
network, executing commands on a
remote computer, and moving files from
one computer to another. SSH provides
strong host-to-host and user
authentication as well as secure
encrypted communications over the
Internet. SSH2 is a more secure,
efficient, and portable version of SSH
that includes SFTP, which is functionally
similar to FTP, but is SSH2 encrypted.
TCP/IP
Transport Layer 3
Host to Host (TCP/UDP)
Network Layer 3 - Packets
Based on routing tables, Routs this package according to
shortest or best path
Security: confidentiality,
authentication, data integrity
Technology: virtual circuits (ATM),
routers
Protocols: IP, IPX, ICMP, OSPF, IGRP,
EIGRP, RIP, BOOTP, DHCP, ISIS, ZIP,
DDP, X.25
Responsible for the routing of user
data from one node to another
through the network including the
path selection. Logical addresses are
used at this layer. User information
maintained at this layer is called
packets.
TCP/IP
Internet Layer 2
IP, ARP, RARP, ICMP
Datagrams
Just give me the &*() address and
I’ll pick the shortest path.
Just make sure its fast, secure, and we get their in one piece.
And I’ll tell you if we’re lost mister.
Security: confidentiality,
authentication, data integrity
Technology: virtual circuits (ATM),
routers
Network: Distance Vector DV and Link State LS Routing Protocols
LAYER 3 PROTOCOLS
• Internet Protocol IP
• Routing Information Protocol RIP DV
• Network Address Translation NAT
• Internet Protocol Security IPSec
• Internet Packet Exchange IPX
• Internet Control Message Protocol ICMP
• Open Shortest Path first Protocol OSPF LS
• Internet Gateway Routing Protocol IGRP DV
• Border Gateway Protocol BGP path
• Enhanced Interior Gateway Protocol EIGRP
• Routing Information Protocol RIP DV
• Bootstrap Protocol BOOTP
• Dynamic Host Configuration Protocol DHCP
• Intermediate System - Intermediate System ISIS
• Zone Information Protocol ZIP
• Distributed Data Protocol DDP
• X.25 Protocol - ITU-T standard protocol suite for
packet switched wide area network (WAN)
communication. An X.25 WAN consists of packet-
switching exchange (PSE) nodes as the
networking hardware, and leased lines, plain old
telephone service connections or
ISDN connections as physical links.
• NON IP PROTOCOLS: IPX, AppleTalk, NetBEUI aka
NetBios
TCP/IP
Internet Layer 2
IP, ARP, RARP, ICMP
Datagrams
Network Layer 3 Functions
 Logical Addressing: a logical address, sometimes called a layer three address. On the Internet, the Internet Protocol (IP)
is the network layer protocol and every machine has an IP address.
 Addressing is done at the data link layer as well, but those addresses refer to local physical devices. In contrast, logical addresses are
independent of particular hardware and must be unique across an entire internetwork.
 Routing: Moving data across a series of interconnected networks, it is the job of the devices and software routines that
function at the network layer to handle incoming packets from various sources, determine their final destination, and
figure out where they need to be sent to get them where they are supposed to go
 Datagram Encapsulation: The network layer normally encapsulates messages received from higher layers by placing
them into datagrams (also called packets) with a network layer header.
 Fragmentation and Reassembly: The network layer must send messages down to the data link layer for transmission.
Some data link layer technologies have limits on the length of any message that can be sent. If the packet that the
network layer wants to send is too large, the network layer must split the packet up, send each piece to the data link
layer, and then have pieces reassembled once they arrive at the network layer on the destination machine. A good
example is how this is done by the Internet Protocol.
 Error Handling and Diagnostics: Special protocols are used at the network layer to allow devices that are logically
connected, or that are trying to route traffic, to exchange information about the status of hosts on the network or the
devices themselves.
TCP/IP
Internet Layer 2
IP, ARP, RARP, ICMP, Datagrams
(paraphrased from http://www.tcpipguide.com/free/t_NetworkLayerLayer3.htm
Data Link Layer 2
Security: confidentiality,
Technology: bridges, switch
Protocols: L2F, PPTP, L2TP, PPP, SLIP, ARP,
RARP, SLARP, IARP, SNAP, BAP, CHAP, LCP, LZS,
MLP, Frame Relay, Annex A, Annex D, HDLC,
BPDU, LAPD, ISL, MAC, Ethernet, Token Ring,
FDDI (protocol, not media)
TCP/IP
Link Layer 1
Network Access
routines for accessing
physical networks and
the electrical connection
Data Link Layer 2 - frames
LAYER 2 PROTOCOLS
 Medium Access Control Protocol MAC
 Ethernet, Token Ring, StarLan
 Spanning Tree Protocol STP using BPDU
 Fiber Distributed Data Interface FDDI
 Layer 2 Forwarding Protocol L2F
 Point to Point Tunneling Protocol PPTP
 Layer 2 Tunneling Protocol L2TP
 Link Control Protocol LCP forms part PPP
 Point to Point Protocol PPP
 Address Resolution Protocol ARP
 Reverse Address Resolution Protocol RARP
 Serial Line Address Resolution Protocol
SLARP
 Protocol IARP
 Protocol SNAP
 Protocol BAP
 Challenge handshake authentication
Protocol CHAP RFC 1994
 LZS-DCP Compression Protocol LZS
 Integrated Services Digital Network Protocol
ISDN
 Asynchronous Transfer Mode ATM
 Protocol Frame Relay
 High Level Data Link Control HDLC
 Synchronous Data Link Control SDLC
 Link Access Procedures, D channel Protocol
LAPD
 Protocol ISL
Responsible for the physical addressing of the network via MAC addresses. There
are two sublevels to the Data-Link layer. MAC and LLC. The Data-Link layer has
error detection, frame ordering, and flow control. User information maintained at
this layer is called frames.
TCP/IP
Link Layer 1 Network Access - routines for accessing physical
networks and the electrical connection
How 802.1x authentication works
 Three-component architecture features a supplicant, access device (switch, access point)
and authentication server (RADIUS). This architecture leverages the decentralized access
devices to provide scalable, but computationally expensive, encryption to many supplicants
while at the same time centralizing the control of access to a few authentication servers.
This latter feature makes 802.1x authentication manageable in large installations.
 When EAP is run over a LAN, EAP packets are encapsulated by EAP over LAN (EAPOL)
messages. The format of EAPOL packets is defined in the 802.1x specification. EAPOL
communication occurs between the end-user station (supplicant) and the wireless access
point (authenticator). The RADIUS protocol is used for communication between the
authenticator and the RADIUS server.
 The authentication process begins when the end user attempts to connect to the WLAN.
The authenticator receives the request and creates a virtual port with the supplicant. The
authenticator acts as a proxy for the end user passing authentication information to and
from the authentication server on its behalf. The authenticator limits traffic to
authentication data to the server.
What are the steps in negotiation?
1. The client may send an EAP-start message.
2. The access point sends an EAP-request identity message.
3. The client's EAP-response packet with the client's identity is "proxied" to the
authentication server by the authenticator.
4. The authentication server challenges the client to prove themselves and may send its
credentials to prove itself to the client (if using mutual authentication).
5. The client checks the server's credentials (if using mutual authentication) and then
sends its credentials to the server to prove itself.
6. The authentication server accepts or rejects the client's request for connection.
7. If the end user was accepted, the authenticator changes the virtual port with the end
user to an authorized state allowing full network access to that end user.
8. At log-off, the client virtual port is changed back to the unauthorized state.
Physical Layer 1
Herearemy
Rawbinarydata
Repeaters – amplify signal, no
added intelligence, no filtering –
Hubs – used to connect multiple
LAN devices, no added
intelligence
Give me your
bits
TCP/IP
Link Layer 1
Network Access
routines for accessing physical networks
and the electrical connection
Fiber Distributed Data Interface – FDDI - Dual token ring LAN at 100 MBps on Fiber
Copper Distributed Data Interface - CDDI – can be used with UTP cable but subject to
interference and length issues associated with Copper.
Physical Layer 1 Protocols
LAYER 1 PROTOCOLS
The Physical Layer receives data from the data link Layer and
transmits it to the wire. The physical layer controls the electrical and
mechanical functions related to the transmission and receipt of a
communications signal including encoding and decoding of data
contained within the modulated signal.
Note that for two devices to communicate, they must be connected
to the same type of physical medium (wiring). 802.3 Ethernet to
802.3 Ethernet, FDDI to FDDI, serial to serial etc.
 RS-232 (Recommend Standard number 232) is standard
communication protocol for linking computer and its peripheral
devices to allow serial data exchange RS232
 Synchronous Optical Network SONET
 High-Speed Serial Interface HSSI used between devices that are
within fifty feet of each other and achieves data rates up to
52 Mbps
 Interface specification for differential communications, X.21 a 15-
pin D-Sub connector running full-duplex data transmissions. X.21
 Digital subscriber line DSL
 Integrated Services Digital Network (ISDN)
 EIA-422, EIA-423, RS-449, RS-485
 10BASE-T, 10BASE2, 10BASE5, 100BASE-TX, 100BASE-FX, 100BASE-
T, 1000BASE-T, 1000BASE-SX
TCP/IP
Link Layer 1
Network Access
routines for accessing physical networks and the electrical
connection
OSI Security - 6 Security Services
A security service is a collection of security mechanisms, files,
and procedures that help protect the network.
 Authentication
 Access control
 Data confidentiality
 Data integrity
 Non-repudiation
 Logging and monitoring
OSI Security - 8 Security Mechanisms
A security mechanism is a control that is implemented in
order to provide the 6 basic security services.
 Encipherment
 Digital signature
 Access Control
 Data Integrity
 Authentication
 Traffic Padding
 Routing Control
 Notarization
Insecure TCP/IP Protocols Telnet, FTP, TFTP, SMTP
 Telnet
 File Transfer Protocol – FTP Port 20/21
 Trivial File Transfer Protocol
 Simple Mail Transfer Protocol - SMTP
http://map.norsecorp.com/
Multi-layer Protocol
 DNP3 Distributed Network Protocol – open protocol
that supports the Smart Grid computing
 Provides interoperability between vendor SCADA
systems
 IEEE standard 2010
 IEEE 1815-2012 is current standard and supports PKI
Software Defined Networks SDN
 Isolates control plane from data plane
 Control plane: data sent to/from a router such as protocol updates
OSPF BGP
 Data plane: data sent through router, such as routed packets
 Routing decisions are made remotely
 The open source OpenFlow protocol is used for remote management
of data plane in Software Defined Networks
 OpenFlow is a TCP protocol that uses TLS encryption
Content Distribution Networks
Improves performance and availability by bringing data closer to
users
 Also called Content Delivery Networks
 Uses a series of distributed caching servers
 Determines servers closest to end user
Notable CDNs include Akamai, Amazon CoudFront and CloudFlare
 Many ISPs are also CDNs
• transport segment from sending to receiving
host
• on sending side encapsulates segments into
datagrams
• on rcving side, delivers segments to transport
layer
• network layer protocols in every host, router
• Router examines header fields in all IP
datagrams passing through it
Circuit vs. Packet Switching
http://www.enterprisegrc.com
Remote Access and Secure Communications
Channels
IPSec IETF open standard RFC 2401 (Layer 3)
 Enables encrypted communication between users and devices
 Implemented transparently into network infrastructure
 Scales
 Commonly implemented (most VPN are IPSec compliant)
Type of VPN
 Client to site VPN (Transport)
Encrypts the DATA
 Example: Laptop dial up connection to
remove access server at HQ
 Site to site VPN (Tunnel) Encrypts
the entire packet
 Example: L.A. office connection to D.C.
office location
Tunnel means
encrypt the
entire packet
Transport
means encrypt
the data
Encryption can stop us from seeing our adversary
 Bypassing firewalls, IDS, virus scanners, web filters
 Trusting the other end – home and bad actors
 Encrypted content prevents eavesdropping but
prevent Intrusion Detection Systems IDS from seeing
outbound malicious content.
Types of IPSec Headers
AH - Data Integrity
No modification of
data in transit
Origin authentication:
Identifies where data
originated; non
repudiation, integrity
and authentication
No Confidentiality
ESP - Data Integrity
No modification of
data in transit
Origin
authentication:
Identifies where
data originated
Confidentiality: All
data encrypted
AHAuthenticationHeader
EncapsulationSecurityPayloadESP
IPSec site between Layer 3 and 4
 Layer 4 and higher is encrypted
 ESP in transport mode impacts the firewall
 You can only do layer 3 filtering
 In tunnel mode, source and destination are private addresses, so are un-routable – has
to be tunneled over the internet
Remote Access Security Management
 Securing external connections VPNs SSL SSH
 Data Access, screen scrapers, virtual desktops
 Remote-access authentication systems (Radius and TACACS)
 Remote node authentication protocols such as PAP and CHAP
 A password authentication protocol (PAP) is an authentication
protocol that uses a password.
 PAP is used by Point to Point Protocol to validate users before allowing
them access to server resources. Almost all network operating system
remote servers support PAP.
BAGN – 802.11 Wireless
 802.11 supports infrared and Radio Frequency (FHSS and
DSSS)
 B + G only 2.4 GHZ
 B approved first was only 11 Mbps, then everything else is 54
till n at 144
 Only N can have either 2.4 or 5 and is what is see today
 Digital Signal Level 0 (DS-0) Partial T1; 64 Kbps up to 1.544 Mbps
 Digital Signal Level 1 (DS-1) T1; 1.544 Mbps
 Digital Signal Level 3 (DS-3) T3; 44.736 Mbps
 European digital transmission format 1 El; 2.108 Mbps
 European digital transmission format 3 E3; 34.368 Mbps
 Cable modem or cable routers 10+ Mbps
Firewalls
 Packet filtering
 Stateful
 Proxy
 Next Generation Firewalls
(NGFW)
Firewall Topologies-
"Where should the firewall be placed?"
 Bastion host
 Screened subnet
 Dual-firewall architectures
The next decision to be made, after the topology
chosen, is where to place individual firewall
systems in it. At this point, there are several
types to consider, such as bastion host, screened
subnet and multi-homed firewalls.
Packet Filtering Firewalls - physical, data-link and network
 Examines each packet independently and determines whether packets
should pass or be dropped
 Has no idea of what traffic came before it
 Very fast, but not very secure
 Referred to as access control lists (ACL) on some devices
 Several types of attacks can be used to bypass these firewalls. Packet filtering
firewalls complement detailed defense in depth policies
 Effective at layer 3, ineffective at layer 4
 Because they treat each packet in isolation, this makes them vulnerable to
spoofing attacks and also limits their ability to make more complex decisions
based on what stage communications between hosts are at.
NGFW Next Gen Firewall
 Replacing Stateful Inspection SI at each hardware refresh cycle
 They should compliment, not replace
Network layer firewalls
 Makes decisions based on the source address, destination
address and ports in individual IP packets. A simple router is the
traditional network layer firewall, since it is not able to make
particularly complicated decisions about what a packet is
actually talking to or where it actually came from.
 One important distinction many network layer firewalls possess
is that they route traffic directly through them, which means in
order to use one, you either need to have a validly assigned IP
address block or a private Internet address block. Network layer
firewalls tend to be very fast and almost transparent to their
users.
Proxy Firewall - Application layer firewalls
 Application layer firewalls are hosts that run proxy servers,
which permit no traffic directly between networks, and they
perform elaborate logging and examination of traffic passing
through them. Since proxy applications are simply software
running on the firewall, it is a good place to do logging and
access control. Application layer firewalls can be used as
network address translators, since traffic goes in one side and
out the other after having passed through an application that
effectively masks the origin of the initiating connection.
 Application layer firewalls offer Layer 7 security on a more
granular level, and may even help organizations get more out of
existing network devices.
Host Based Firewalls
 Host Based Firewalls are software that runs on protected host
 Additional defense in depth layer when combined with network
firewalls
 Examples include:
 Windows Firewall
 IPtables (Linux/Unix)
 IPFilter(Linux/Unix)
 Application Firewall (Mac OS X)
 McAfee Personal Firewall (Mac OS X)
 ZoneAlarm (Windows)
Stateful Packet Inspection Firewall
 Keeps a state table of all traffic
going across the network
 Uses the state table to determine
whether a packet should pass or
be dropped
 More secure, but slower than a
packet filtering firewall
Network Intrusion Protection System NIPS and Network
Intrusion Detection System NIDS
 NIPS hardware and software systems that protect computer networks from
unauthorized access and malicious activity.
-hardware: dedicated Network Intrusion Detection System (NIDS) device, an Intrusion
Prevention System (IPS), or a combination of the two such as an Intrusion Prevention
and Detection System (IPDS).
 NIDS can only detect intrusions
 IPS can pro-actively stop an attack by following established rules, such as changing
firewall settings, blocking particular Internet protocol (IP) addresses or dropping
certain packets entirely.
Network Intrusion Protection System NIPS and Network
Intrusion Detection System NIDS
 The software firewall, sniffer and antivirus tools, dashboards and
other data visualization tools.
NIPS continually monitors networks for abnormal traffic patterns,
generate event logs, alerting system administrators to significant
events and stopping potential intrusions when possible.
 NIPS are useful for internal security auditing and provide
documentation for compliance regulations.
 NIPS is part of a layered combination of security systems working
together is necessary to protect computer networks from
compromise.
 A NIPS in some form is vital for any computer network that can be
accessed by unauthorized persons.
 Computers holding sensitive data always need protection; however,
even seemingly insignificant networks can be hijacked for use
in botnet attacks.
Kerberos Ticket authentication mechanism
 Kerberos offers a single sign-on solution for users and provides protection for
logon credentials. The current version, Kerberos 5, relies on symmetric-key
cryptography (also known as secret-key cryptography) using the Advanced
Encryption Standard (AES) symmetric encryption protocol. Kerberos provides
confidentiality and integrity for authentication traffic using end-to-end
security and helps prevent against eavesdropping and replay attacks. It uses
several different elements that are important to understand:
 Key Distribution Center The key distribution center (KDC) is the trusted third
party that provides authentication services. Kerberos uses symmetric-key
cryptography to authenticate clients to servers. All clients and servers are
registered with the KDC, and it maintains the secret keys for all network
members.
Kerberos Ticket authentication mechanism
 Kerberos Authentication Server The authentication server hosts the functions of the
KDC:
 a ticket-granting service (TGS), and an authentication service (AS). However, it is possible to host the
ticket-granting service on another server. The authentication service verifies or rejects the
authenticity and timeliness of tickets. This server is often called the KDC.
 Ticket-Granting Ticket (TGT) provides proof that a subject has authenticated through
a KDC and is authorized to request tickets to access other objects.
 A TGT is encrypted and includes a symmetric key, an expiration time, and the user’s IP address.
Subjects present the TGT when requesting tickets to access objects.
 Ticket A ticket is an encrypted message that provides proof that a subject is
authorized to access an object. It is sometimes called a service ticket (ST).
 Subjects request tickets to access objects, and if they have authenticated and are authorized to access
the object, Kerberos issues them a ticket. Kerberos tickets have specific lifetimes and usage
parameters. Once a ticket expires, a client must request a renewal or a new ticket to continue
communications with any server.
https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/csec_kerb_auth_explain.html
http://www.enterprisegrc.com
The Kerberos logon process works as follows:
1. The user types a username and password into the client.
2. The client encrypts the username with AES for transmission to the KDC.
3. The KDC verifies the username against a database of known credentials.
4. The KDC generates a symmetric key that will be used by the client and
the Kerberos server. It encrypts this with a hash of the user’s password.
The KDC also generates an encrypted time-stamped TGT.
5. The KDC then transmits the encrypted symmetric key and the encrypted
time-stamped TGT to the client.
6. The client installs the TGT for use until it expires. The client also decrypts
the symmetric key using a hash of the user’s password.
Kerberos is a versatile authentication mechanism that works over local LANs, remote access, and
client-server resource requests. However, Kerberos presents a single point of failure—the KDC. If the
KDC is compromised, the secret key for every system on the network is also compromised. Also, if a
KDC goes offline, no subject authentication can occur.
https://technet.microsoft.com/en-us/library/bb463152.aspx
Client wants to access an object, such as a resource hosted on
the network, it must request a ticket through the Kerberos
server
1. The client sends its TGT back to the KDC with a request for access to
the resource.
2. The KDC verifies that the TGT is valid and checks its access control
matrix to verify that the user has sufficient privileges to access the
requested resource.
3. The KDC generates a service ticket and sends it to the client.
4. The client sends the ticket to the server or service hosting the
resource.
5. The server or service hosting the resource verifies the validity of the
ticket with the KDC.
6. Once identity and authorization is verified, Kerberos activity is
complete. The server or service host then opens a session with the
client and begins communications or data transmission.
It also has strict time requirements and the default
configuration requires that all systems be time-
synchronized within five minutes of each other. If a
system is not synchronized or the time is changed, a
previously issued TGT will no longer be valid and the
system will not be able receive any new tickets. In
effect, the client will be denied access to any
protected network resources.
https://technet.microsoft.com/en-us/library/bb463152.aspx
Ports that are important to spot visually as their number
 Telnet, TCP Port 23 This is a terminal emulation network application that supports remote
connectivity for executing commands and running applications but does not support transfer of fi les.
 File Transfer Protocol (FTP), TCP Ports 20 and 21 This is a network application that supports an
exchange of fi les that requires anonymous or specific authentication.
 Trivial File Transfer Protocol (TFTP), UDP Port 69 This is a network application that supports an
exchange of fi les that does not require authentication.
 Simple Mail Transfer Protocol (SMTP), TCP Port 25 This is a protocol used to transmit email messages
from a client to an email server and from one email server to another.
 Post Office Protocol (POP3), TCP Port 110 This is a protocol used to pull email messages from an
inbox on an email server down to an email client.
 Internet Message Access Protocol (IMAP), TCP Port 143 This is a protocol used to pull email messages
from an inbox on an email server down to an email client. IMAP is more secure than POP3 and offers
the ability to pull headers down from the email server as well as to delete messages directly off the
email server without having to download to the local client first.
 Dynamic Host Configuration Protocol (DHCP), UDP Ports 67 and 68 DHCP uses port 67 for server
point-to-point response and port 68 for client request broadcasts. It is used to assign TCP/IP
configuration settings to systems upon bootup. DHCP enables centralized control of network
addressing.
Ports that are important to spot visually as their number
 Hypertext Transport Protocol (HTTP), TCP Port 80 This is the protocol used to transmit web page
elements from a web server to web browsers.
 Secure Sockets Layer (SSL), TCP Port 443 (for HTTP Encryption) This is a VPN-like security
protocol that operates at the Transport layer. SSL was originally designed to support secured web
communications (HTTPS) but is capable of securing any Application layer protocol
communications.
 Line Print Daemon (LPD), TCP Port 515 This is a network service that is used to spool print jobs
and to send print jobs to printers.
 X Window, TCP Ports 6000–6063 This is a GUI API for command-line operating systems.
 Bootstrap Protocol (BootP)/Dynamic Host Configuration Protocol (DHCP), UDP Ports 67 and 68
This is a protocol used to connect diskless workstations to a network through auto assignment of
IP configuration and download of basic OS elements. BootP is the forerunner to Dynamic Host
Configuration Protocol (DHCP).
 Network File System (NFS), TCP Port 2049 This is a network service used to support file sharing
between dissimilar systems.
 Simple Network Management Protocol (SNMP), UDP Port 161 (UDP Port 162 for Trap
Messages) This is a network service used to collect network health and status information by
polling monitoring devices from a central monitoring station.

More Related Content

What's hot

Cloud computing final show
Cloud computing final   showCloud computing final   show
Cloud computing final show
ahmad abdelhafeez
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...
Twinkle Sebastian
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research Challenges
Dr. Rajesh P Barnwal
 
Importance of Using Firewall for Threat Protection
Importance of Using Firewall for Threat ProtectionImportance of Using Firewall for Threat Protection
Importance of Using Firewall for Threat Protection
HTS Hosting
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security Certification
Vskills
 
Wireless security report
Wireless security reportWireless security report
Wireless security report
Marynol Cahinde
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Prevention
dkaya
 
Can Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network SecurityCan Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network Security
EC-Council
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide Deck
Cisco Security
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
GulshanAra14
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Rahul Neel Mani
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation  Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation  Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
EC-Council
 
International Journal of Computer Science and Security Volume (1) Issue (3)
International Journal of Computer Science and Security Volume (1) Issue (3)International Journal of Computer Science and Security Volume (1) Issue (3)
International Journal of Computer Science and Security Volume (1) Issue (3)
CSCJournals
 
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computingLinux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Seo Tss
 
Trend Internet of Things
Trend Internet of ThingsTrend Internet of Things
Trend Internet of Things
Deris Stiawan
 
Chapter 3, Data Protection vs Ransomware
Chapter 3, Data Protection vs RansomwareChapter 3, Data Protection vs Ransomware
Chapter 3, Data Protection vs Ransomware
Adi Saputra
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
LinkedIn
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Dr. Amarjeet Singh
 

What's hot (20)

Cloud computing final show
Cloud computing final   showCloud computing final   show
Cloud computing final show
 
Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...Network infrastructure security management solution - A holistic approach in ...
Network infrastructure security management solution - A holistic approach in ...
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research Challenges
 
Importance of Using Firewall for Threat Protection
Importance of Using Firewall for Threat ProtectionImportance of Using Firewall for Threat Protection
Importance of Using Firewall for Threat Protection
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security Certification
 
Wireless security report
Wireless security reportWireless security report
Wireless security report
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Prevention
 
Can Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network SecurityCan Cloud Solutions Transform Network Security
Can Cloud Solutions Transform Network Security
 
Cisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide DeckCisco 2015 Midyear Security Report Slide Deck
Cisco 2015 Midyear Security Report Slide Deck
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation  Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation  Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
International Journal of Computer Science and Security Volume (1) Issue (3)
International Journal of Computer Science and Security Volume (1) Issue (3)International Journal of Computer Science and Security Volume (1) Issue (3)
International Journal of Computer Science and Security Volume (1) Issue (3)
 
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computingLinux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
 
Trend Internet of Things
Trend Internet of ThingsTrend Internet of Things
Trend Internet of Things
 
Chapter 3, Data Protection vs Ransomware
Chapter 3, Data Protection vs RansomwareChapter 3, Data Protection vs Ransomware
Chapter 3, Data Protection vs Ransomware
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2Cisco SAFE_Wireless LAN Security in Depth v2
Cisco SAFE_Wireless LAN Security in Depth v2
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
 

Viewers also liked

Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
EnterpriseGRC Solutions, Inc.
 
The value of our data
The value of our dataThe value of our data
The value of our data
EnterpriseGRC Solutions, Inc.
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
EnterpriseGRC Solutions, Inc.
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
EnterpriseGRC Solutions, Inc.
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
EnterpriseGRC Solutions, Inc.
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
EnterpriseGRC Solutions, Inc.
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
EnterpriseGRC Solutions, Inc.
 
Notes prep guide
Notes prep guideNotes prep guide
Notes prep guide
Elkanouni Mohamed
 
2012 Summer Conference Brochure
2012 Summer Conference Brochure2012 Summer Conference Brochure
2012 Summer Conference Brochure
EnterpriseGRC Solutions, Inc.
 
Divya
DivyaDivya
Divya
diva23
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networking
anita maharjan
 
CCNA ppt Day 2
CCNA ppt Day 2CCNA ppt Day 2
CCNA ppt Day 2
VISHNU N
 
Secure Communication
Secure CommunicationSecure Communication
Secure Communication
Koen Van Impe
 
Open Data: a brief introduction
Open Data:  a brief introductionOpen Data:  a brief introduction
Open Data: a brief introduction
Maurizio Napolitano
 
wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013
wolfSSL
 
Computer Network - Introduction to Networks
Computer Network - Introduction to NetworksComputer Network - Introduction to Networks
Computer Network - Introduction to Networks
Swapnil Agrawal
 
Secure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLSSecure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLS
wolfSSL
 
MISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISPMISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISP
Koen Van Impe
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1
VISHNU N
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial  systemsCybersecurity for modern industrial  systems
Cybersecurity for modern industrial systems
Itex Solutions
 

Viewers also liked (20)

Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
 
The value of our data
The value of our dataThe value of our data
The value of our data
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
 
Notes prep guide
Notes prep guideNotes prep guide
Notes prep guide
 
2012 Summer Conference Brochure
2012 Summer Conference Brochure2012 Summer Conference Brochure
2012 Summer Conference Brochure
 
Divya
DivyaDivya
Divya
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networking
 
CCNA ppt Day 2
CCNA ppt Day 2CCNA ppt Day 2
CCNA ppt Day 2
 
Secure Communication
Secure CommunicationSecure Communication
Secure Communication
 
Open Data: a brief introduction
Open Data:  a brief introductionOpen Data:  a brief introduction
Open Data: a brief introduction
 
wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013
 
Computer Network - Introduction to Networks
Computer Network - Introduction to NetworksComputer Network - Introduction to Networks
Computer Network - Introduction to Networks
 
Secure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLSSecure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLS
 
MISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISPMISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISP
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial  systemsCybersecurity for modern industrial  systems
Cybersecurity for modern industrial systems
 

Similar to Networking and communications security – network architecture design

Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
Edureka!
 
Ccna introduction
Ccna introductionCcna introduction
Ccna introduction
Mukesh Gautam
 
Learn basics of ip addressing
Learn basics of  ip addressingLearn basics of  ip addressing
Learn basics of ip addressing
Bobby Agustinus Ginting
 
0 presentacion de introduccion
0 presentacion de introduccion0 presentacion de introduccion
0 presentacion de introduccion
Ronald Gutierrez
 
computer network and chapter 7 OSI layers.pptx
computer network and chapter 7 OSI layers.pptxcomputer network and chapter 7 OSI layers.pptx
computer network and chapter 7 OSI layers.pptx
gadisaAdamu
 
chapter 4.pptx
chapter 4.pptxchapter 4.pptx
chapter 4.pptx
shucaybcabdi
 
pppppppppppppppppjjjjjjjjjjjpppppppp.pptx
pppppppppppppppppjjjjjjjjjjjpppppppp.pptxpppppppppppppppppjjjjjjjjjjjpppppppp.pptx
pppppppppppppppppjjjjjjjjjjjpppppppp.pptx
zeyadosama505
 
OSI model.pptx
OSI model.pptxOSI model.pptx
OSI model.pptx
SmtArunaAsafAliGovtP
 
640 802-study-guide-sample
640 802-study-guide-sample640 802-study-guide-sample
640 802-study-guide-sample
rickybcool
 
protocol architecture
 protocol architecture protocol architecture
protocol architecture
Srinivasa Rao
 
osi and tcpip.ppt
osi and tcpip.pptosi and tcpip.ppt
osi and tcpip.ppt
KowsalyaJayakumar2
 
Osi and tcpip
Osi and tcpipOsi and tcpip
Osi and tcpip
chetnaindaurkar
 
layering.ppt
layering.pptlayering.ppt
layering.ppt
Rashmin Tanna
 
Class Note 02
Class Note 02Class Note 02
Class Note 02
Ridhy Chandro Modak
 
The TCP/IP and OSI models
The TCP/IP and OSI modelsThe TCP/IP and OSI models
The TCP/IP and OSI models
Jake Weaver
 
SYBSC IT COMPUTER NETWORKS UNIT I Network Models
SYBSC IT COMPUTER NETWORKS UNIT I Network ModelsSYBSC IT COMPUTER NETWORKS UNIT I Network Models
SYBSC IT COMPUTER NETWORKS UNIT I Network Models
Arti Parab Academics
 
Internet1
Internet1Internet1
Internet1
Joseph Lagod
 
Ccent notes part 1
Ccent notes part 1Ccent notes part 1
Ccent notes part 1
ahmady
 
Bcs 052 solved assignment
Bcs 052 solved assignmentBcs 052 solved assignment
Network layers
Network layersNetwork layers
Network layers
GermaineGenove
 

Similar to Networking and communications security – network architecture design (20)

Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
 
Ccna introduction
Ccna introductionCcna introduction
Ccna introduction
 
Learn basics of ip addressing
Learn basics of  ip addressingLearn basics of  ip addressing
Learn basics of ip addressing
 
0 presentacion de introduccion
0 presentacion de introduccion0 presentacion de introduccion
0 presentacion de introduccion
 
computer network and chapter 7 OSI layers.pptx
computer network and chapter 7 OSI layers.pptxcomputer network and chapter 7 OSI layers.pptx
computer network and chapter 7 OSI layers.pptx
 
chapter 4.pptx
chapter 4.pptxchapter 4.pptx
chapter 4.pptx
 
pppppppppppppppppjjjjjjjjjjjpppppppp.pptx
pppppppppppppppppjjjjjjjjjjjpppppppp.pptxpppppppppppppppppjjjjjjjjjjjpppppppp.pptx
pppppppppppppppppjjjjjjjjjjjpppppppp.pptx
 
OSI model.pptx
OSI model.pptxOSI model.pptx
OSI model.pptx
 
640 802-study-guide-sample
640 802-study-guide-sample640 802-study-guide-sample
640 802-study-guide-sample
 
protocol architecture
 protocol architecture protocol architecture
protocol architecture
 
osi and tcpip.ppt
osi and tcpip.pptosi and tcpip.ppt
osi and tcpip.ppt
 
Osi and tcpip
Osi and tcpipOsi and tcpip
Osi and tcpip
 
layering.ppt
layering.pptlayering.ppt
layering.ppt
 
Class Note 02
Class Note 02Class Note 02
Class Note 02
 
The TCP/IP and OSI models
The TCP/IP and OSI modelsThe TCP/IP and OSI models
The TCP/IP and OSI models
 
SYBSC IT COMPUTER NETWORKS UNIT I Network Models
SYBSC IT COMPUTER NETWORKS UNIT I Network ModelsSYBSC IT COMPUTER NETWORKS UNIT I Network Models
SYBSC IT COMPUTER NETWORKS UNIT I Network Models
 
Internet1
Internet1Internet1
Internet1
 
Ccent notes part 1
Ccent notes part 1Ccent notes part 1
Ccent notes part 1
 
Bcs 052 solved assignment
Bcs 052 solved assignmentBcs 052 solved assignment
Bcs 052 solved assignment
 
Network layers
Network layersNetwork layers
Network layers
 

More from EnterpriseGRC Solutions, Inc.

ISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference BrochureISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference Brochure
EnterpriseGRC Solutions, Inc.
 
2011 Summer Conference Brochure
2011 Summer Conference Brochure2011 Summer Conference Brochure
2011 Summer Conference Brochure
EnterpriseGRC Solutions, Inc.
 
The Perils of Mount Must Read
The Perils of Mount Must ReadThe Perils of Mount Must Read
The Perils of Mount Must Read
EnterpriseGRC Solutions, Inc.
 
Procedures and Controls Documentation Guidelines
Procedures and Controls Documentation GuidelinesProcedures and Controls Documentation Guidelines
Procedures and Controls Documentation Guidelines
EnterpriseGRC Solutions, Inc.
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
EnterpriseGRC Solutions, Inc.
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
EnterpriseGRC Solutions, Inc.
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
EnterpriseGRC Solutions, Inc.
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
EnterpriseGRC Solutions, Inc.
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin   enterprise gr-cv3Virtualization and cloud impact overview auditor spin   enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
EnterpriseGRC Solutions, Inc.
 
Green Tech
Green TechGreen Tech

More from EnterpriseGRC Solutions, Inc. (10)

ISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference BrochureISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference Brochure
 
2011 Summer Conference Brochure
2011 Summer Conference Brochure2011 Summer Conference Brochure
2011 Summer Conference Brochure
 
The Perils of Mount Must Read
The Perils of Mount Must ReadThe Perils of Mount Must Read
The Perils of Mount Must Read
 
Procedures and Controls Documentation Guidelines
Procedures and Controls Documentation GuidelinesProcedures and Controls Documentation Guidelines
Procedures and Controls Documentation Guidelines
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin   enterprise gr-cv3Virtualization and cloud impact overview auditor spin   enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
Green Tech
Green TechGreen Tech
Green Tech
 

Recently uploaded

The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
Tobias Schneck
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Ukraine
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 

Recently uploaded (20)

The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 

Networking and communications security – network architecture design

  • 1. http://www.enterprisegrc.com Networking and Communications Security – Network Architecture Design Principles CISSP Study Notes – prepared by Robin Basham, CISSP, CISA, CRISC, CGEIT, CRP, VRP
  • 2. http://www.enterprisegrc.com Data Sources All slides are a summary of information directly located in the study sources for the CISSP or CISCO, Windows certified online technet training; The majority is directly summarized CISSP® (ISC)2® Certified Information Systems Security Professional Official Study Guide Seventh Edition CISSP Certified Information Systems Security Professional Study Guide, 7th Edition has completely been updated for the latest 2015 CISSP Body of Knowledge. This Sybex Study Guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. Coverage of all of the exam topics in the book means you'll be ready for Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, Cryptography, Information Security Governance and Risk Management, Legal, Regulations, Investigations and Compliance, Operations Security, Physical (Environmental) Security, Security Architecture and Design, and Telecommunications and Network Security. MGT414: SANS Training Program for CISSP Certification (A04_3877) MGT414: SANS Training Program for CISSP Certification (A04_3877) The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
  • 3. Remember the ISO Open System Interconnect OSI REFERENCE Model
  • 4. http://www.enterprisegrc.com Encapsulation OSI Conceptually explains movement of information • Process of moving information down the stack and up the stack • Each layer communicates with corresponding layer just below in the stack. • Data encapsulation is the process in which information from one packet is wrapped around or attached to the data of another packet. OSI Layers - Encapsulation appends header footer across 7 layers Strippingofftheheader
  • 5. Protocols = data “language” managed generated here  Application : HTTP, FTP, LPD, SMTP, Telnet, TFTP, EDI, POP3, IMAP, SNMP, NNTP, S-RPC, and SET  Presentation: Encryption protocols and format types, such as ASCII, EBCDICM, TIFF, JPEG, MPEG, and MIDI  Session: NFS, SQL, and RPC  Transport: SPX, SSL, TLS, TCP, and UDP  Network: ICMP, RIP, OSPF, BGP, IGMP, IP, IPSec, IPX, NAT, ARP and SKIP  Data Link: SLIP, PPP, ARP, RARP, L2F, L2TP, PPTP, FDDI, ISDN  Physical: EIA/TIA-232, EIA/TIA-449, X.21, HSSI, SONET, V.24, and V.35
  • 6. Actual transmission across physical media How do we hand off and what do we peel off? SENDINGPROCESS Encapsulation Application (Layer 7) “data stream” Presentation (layer 6) still “data stream” Session (layer 5) still “data stream” Transport (layer 4) becomes “segment” if TCP “datagram” if UDP Network (layer 3) becomes “packet” Data link (layer 2) becomes a “frame” Physical (layer 1) converted into “bits” for transmission Application (Layer 7) “data stream” Presentation (layer 6) still “data stream” Session (layer 5) still “data stream” Transport (layer 4) becomes “segment” if TCP “datagram” if UDP Network (layer 3) becomes “packet” Data link (layer 2) becomes a “frame” Physical (layer 1) converted into “bits” for transmission AH DATA DATA PH AH DATA SH PH AH DATA TH SH PH AH DATA TH SH PH AH DATANH DH TH SH PH AH DATANH DH TH SH PH AH DATANH Client A -SENDING PROCESS Client B RECIEVING PROCESS Application Protocol + Application Header Presentation Layer Protocol + Header Session Layer Protocol + Header Transport Layer Protocol + Header Network Layer Pro. + Header Data Link Lay. Pro. + Hr BITS RECEIVINGPROCESS De-Encapsulation-strippingofftheheader DATA -DH -NH -TH -SH -PH -AH
  • 7. Encapsulation Encapsulation appends header footer across 7 layers  OSI is the conceptual model, however, TCP/IP is the implementation model. TCP/IP Is 4 Layer Implementation of protocols Application (Ap, Pre, Ses) Transport (TCP) (Transport) Internet IP (Network) Network (Phys/Data)
  • 8. TCP/IP DARPA or DOD model – example SSH OSI TCP/IP Protocols Description 7 Application Application Layer 4 HTTP SMTP Consists of the applications and processes that use the network. 6 Presentation 5 Session 4 Transport Transport Layer 3 Host to Host TCP and UDP Provides end-to-end data delivery service to the Application Layer. 3 Network Internet Layer 2 IP IPv4 IPv6 ICMP ICMPv6 ECN IGMP IPSec, ARP, RARP Defines the IP datagram and handles the routing of data across networks. 2 Data link Link Layer 1 Network Access ARP NDP OSPF Tunnels L2TP PPP MAC Ethernet DSL ISDN FDDI Consists of routines for accessing physical networks and the electrical connection. 1 Physical
  • 9. TCP/IP DARPA or DOD model = Internet protocol suite Application layer includes protocols from the Application Layer of the Internet Protocol Suite as well as the protocols of OSI Layer 7. The Application Layer of the Internet Protocol Suite includes Session Layer protocols and Presentation Layer protocols from OSI.  BGP DHCP DNS FTP HTTP IMAP LDAP MGCP NNTP NTP POP ONC/RPC RTP RTSP RIP SIP SMTP SNMP SSH Telnet TLS/SSL XMPP Transport layer is a conceptual division of methods in the layered architecture of protocols in the network stack in the Internet Protocol Suite and the Open Systems Interconnection (OSI). The protocols of the layer provide host-to-host communication services for applications. It provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing.  TCP UDP DCCP SCTP RSVP
  • 10. TCP/IP DARPA or DOD model = Internet protocol suite Internet layer is a group of internetworking methods, protocols, and specifications in the Internet protocol suite that are used to transport datagrams (packets) from the originating host across network boundaries, if necessary, to the destination host specified by a network address (IP address) which is defined for this purpose by the Internet Protocol (IP). The internet layer derives its name from internetworking, which is the concept of connecting multiple networks with each other through gateways. Internet-layer protocols use IP-based packets. The internet layer does not include the protocols that define communication between local (on-link) network nodes which fulfill the purpose of maintaining link states between the local nodes, such as the local network topology, and that usually use protocols that are based on the framing of packets specific to the link types. Such protocols belong to the link layer. A common design aspect in the internet layer is the robustness principle: "Be liberal in what you accept, and conservative in what you send“ as a misbehaving host can deny Internet service to many other users.  IP IPv4 IPv6 ICMP ICMPv6 ECN IGMP IPsec Link layer  ARP NDP OSPF Tunnels L2TP PPP MAC Ethernet DSL ISDN FDDI
  • 11. Encapsulation Hardware changes across 7 layers Don’t confuse TCP/IP Implementation model organizing as: Application (Ap, Pre, Ses) - Transport (TCP) (Transport) - Internet IP (Network) - Network (Phys/Data) 802.1x NAC layer 2 authentication Unknown system connects to 802.1x enabled port – Extensible Authentication Protocol over LAN EAPOL can pass but TCP and UDP are blocked. Local 802.x software authenticates client supplicant. Authenticator running on switch negotiates EAP, passing supplied credentials to RADIUS or DIAMETER
  • 12. Application Data Stream – Application specific protocols  Security: Confidentiality, authentication, data integrity, non- repudiation  Technology: gateways  Protocols: FTP, SMB, TELNET, TFTP, SMTP, HTTP, NNTP, CDP, GOPHER, SNMP, NDS, AFP, SAP, NCP, SET Application is protocols responsible for interfacing or transmitting files, message exchange, connect to remote terminals. TCP/IP Application Layer 4
  • 13. Do not set your credit card on a server and leave it out on the application layer Application specific protocols LAYER 7 PROTOCOLS LAYER 7 PROTOCOLS  Hypertext Transfer Protocol HTTP 80  SECURE Hypertext Transfer Protocol HTTPS 443  File Transfer Protocol FTP 20/21  Line Print Daemon LPD  Simple Mail Transfer Protocol SMTP 25  Telecommunications Network Protocol Telnet 23  Trivial File Transfer Protocol TFTP  Electronic Data Interchange EDI  Post Office Protocol V3 POP3  Internet Message Access Protocol IMAP  Simple Network Management Protocol SNMP  Network News Transport Protocol NNTP  Secure Remote Procedure Call S-RPC  Secure Electronic Transaction SET  Session Initiation Protocol SIP  Server Message Block Protocol SMB Application is protocols responsible for interfacing or transmitting files, message exchange, connect to remote terminals. TCP/IP Application Layer 4
  • 14. Presentation Layer 6 - Machine Dependent 2 Machine Independent format – File and Data EBDIC to ASCII Encryption Compression; Extended Binary Coded Decimal Interchange Code (EBCDIC) is an 8-bit character encoding used mainly on IBM mainframe and IBM midrange computer operating systems. How data may enter the network TCP/IP Application Layer 4
  • 15. Presentation Layer 6 - Takes Machine Dependent Info 2 Machine Independent format – file and data Security: confidentiality, authentication, encryption Technology: gateway Protocols: ASCII, EBCDIC, POSTSCRIPT, JPEG, MPEG, GIF How data may enter the network LAYER 6 PROTOCOLS • American Standard Code For Information Interchange ASCII • Extended Binary Coded Decimal Interchange Mod EBCDICM • Tagged Image File Format TIFF • Joint Photographic Experts Group JPEG • Moving Pictures Experts Group MPEG • Musical Instrument Digital Interface MIDI TCP/IP Application Layer 4
  • 16. Session layer 5 formats data for transfer Sets up links, maintains the link, and link tear-down between applications TCP/IP Application Layer 4
  • 17. Session layer 5 formats data for transfer LAYER 5 PROTOCOLS  Network File System NFS  Structured Query Language SQL  Remote Procedure Call RPC  RADIUS (using L4 UDP) TACACS (using L4 TCP)  Responsible for the setup of the links, maintaining of the link, and the link tear-down between applications. TCP/IP Application Layer 4 (includes Application, Presentation and Session)
  • 18. Transport layer 4 Ensures end to end delivery; addressing Security: Confidentiality, authentication, integrity Technology: gateways Protocols: TCP, UDP, SSL, SSH-2, SPX, ATP. Responsible for the guaranteed delivery of user information. It is also responsible for error detection, correction, and flow control. User information at this layer is called datagrams. TCP/IP Transport Layer 3 Host to Host (TCP/UDP)
  • 19. Introduction to Transport Layer 4 TCPIP Joke – Syn Synack Ack 3 Way TCP/IP Internet Layer 2 IP, ARP, RARP, ICMP Datagrams
  • 20. Transport layer 4 LAYER 4 PROTOCOLS • Transmission Control Protocol TCP • User Datagram Protocol UDP • Secure Socket Layer SSL • Transport Layer Security TLS • Secure Shell + SFTP Protocol SSH-2* • Sequenced Packet Exchange SPX • Stream Control Transmission Protocol SCTP • AppleTalk Transaction Protocol ATP • Fiber Channel Protocol FCP • Reliable Datagram Protocol RDP • Security: Confidentiality, authentication, integrity • Technology: gateways • * The program SSH (Secure Shell) provides an encrypted channel for logging into another computer over a network, executing commands on a remote computer, and moving files from one computer to another. SSH provides strong host-to-host and user authentication as well as secure encrypted communications over the Internet. SSH2 is a more secure, efficient, and portable version of SSH that includes SFTP, which is functionally similar to FTP, but is SSH2 encrypted. TCP/IP Transport Layer 3 Host to Host (TCP/UDP)
  • 21. Network Layer 3 - Packets Based on routing tables, Routs this package according to shortest or best path Security: confidentiality, authentication, data integrity Technology: virtual circuits (ATM), routers Protocols: IP, IPX, ICMP, OSPF, IGRP, EIGRP, RIP, BOOTP, DHCP, ISIS, ZIP, DDP, X.25 Responsible for the routing of user data from one node to another through the network including the path selection. Logical addresses are used at this layer. User information maintained at this layer is called packets. TCP/IP Internet Layer 2 IP, ARP, RARP, ICMP Datagrams
  • 22. Just give me the &*() address and I’ll pick the shortest path. Just make sure its fast, secure, and we get their in one piece. And I’ll tell you if we’re lost mister. Security: confidentiality, authentication, data integrity Technology: virtual circuits (ATM), routers Network: Distance Vector DV and Link State LS Routing Protocols LAYER 3 PROTOCOLS • Internet Protocol IP • Routing Information Protocol RIP DV • Network Address Translation NAT • Internet Protocol Security IPSec • Internet Packet Exchange IPX • Internet Control Message Protocol ICMP • Open Shortest Path first Protocol OSPF LS • Internet Gateway Routing Protocol IGRP DV • Border Gateway Protocol BGP path • Enhanced Interior Gateway Protocol EIGRP • Routing Information Protocol RIP DV • Bootstrap Protocol BOOTP • Dynamic Host Configuration Protocol DHCP • Intermediate System - Intermediate System ISIS • Zone Information Protocol ZIP • Distributed Data Protocol DDP • X.25 Protocol - ITU-T standard protocol suite for packet switched wide area network (WAN) communication. An X.25 WAN consists of packet- switching exchange (PSE) nodes as the networking hardware, and leased lines, plain old telephone service connections or ISDN connections as physical links. • NON IP PROTOCOLS: IPX, AppleTalk, NetBEUI aka NetBios TCP/IP Internet Layer 2 IP, ARP, RARP, ICMP Datagrams
  • 23. Network Layer 3 Functions  Logical Addressing: a logical address, sometimes called a layer three address. On the Internet, the Internet Protocol (IP) is the network layer protocol and every machine has an IP address.  Addressing is done at the data link layer as well, but those addresses refer to local physical devices. In contrast, logical addresses are independent of particular hardware and must be unique across an entire internetwork.  Routing: Moving data across a series of interconnected networks, it is the job of the devices and software routines that function at the network layer to handle incoming packets from various sources, determine their final destination, and figure out where they need to be sent to get them where they are supposed to go  Datagram Encapsulation: The network layer normally encapsulates messages received from higher layers by placing them into datagrams (also called packets) with a network layer header.  Fragmentation and Reassembly: The network layer must send messages down to the data link layer for transmission. Some data link layer technologies have limits on the length of any message that can be sent. If the packet that the network layer wants to send is too large, the network layer must split the packet up, send each piece to the data link layer, and then have pieces reassembled once they arrive at the network layer on the destination machine. A good example is how this is done by the Internet Protocol.  Error Handling and Diagnostics: Special protocols are used at the network layer to allow devices that are logically connected, or that are trying to route traffic, to exchange information about the status of hosts on the network or the devices themselves. TCP/IP Internet Layer 2 IP, ARP, RARP, ICMP, Datagrams (paraphrased from http://www.tcpipguide.com/free/t_NetworkLayerLayer3.htm
  • 24. Data Link Layer 2 Security: confidentiality, Technology: bridges, switch Protocols: L2F, PPTP, L2TP, PPP, SLIP, ARP, RARP, SLARP, IARP, SNAP, BAP, CHAP, LCP, LZS, MLP, Frame Relay, Annex A, Annex D, HDLC, BPDU, LAPD, ISL, MAC, Ethernet, Token Ring, FDDI (protocol, not media) TCP/IP Link Layer 1 Network Access routines for accessing physical networks and the electrical connection
  • 25. Data Link Layer 2 - frames LAYER 2 PROTOCOLS  Medium Access Control Protocol MAC  Ethernet, Token Ring, StarLan  Spanning Tree Protocol STP using BPDU  Fiber Distributed Data Interface FDDI  Layer 2 Forwarding Protocol L2F  Point to Point Tunneling Protocol PPTP  Layer 2 Tunneling Protocol L2TP  Link Control Protocol LCP forms part PPP  Point to Point Protocol PPP  Address Resolution Protocol ARP  Reverse Address Resolution Protocol RARP  Serial Line Address Resolution Protocol SLARP  Protocol IARP  Protocol SNAP  Protocol BAP  Challenge handshake authentication Protocol CHAP RFC 1994  LZS-DCP Compression Protocol LZS  Integrated Services Digital Network Protocol ISDN  Asynchronous Transfer Mode ATM  Protocol Frame Relay  High Level Data Link Control HDLC  Synchronous Data Link Control SDLC  Link Access Procedures, D channel Protocol LAPD  Protocol ISL Responsible for the physical addressing of the network via MAC addresses. There are two sublevels to the Data-Link layer. MAC and LLC. The Data-Link layer has error detection, frame ordering, and flow control. User information maintained at this layer is called frames. TCP/IP Link Layer 1 Network Access - routines for accessing physical networks and the electrical connection
  • 26. How 802.1x authentication works  Three-component architecture features a supplicant, access device (switch, access point) and authentication server (RADIUS). This architecture leverages the decentralized access devices to provide scalable, but computationally expensive, encryption to many supplicants while at the same time centralizing the control of access to a few authentication servers. This latter feature makes 802.1x authentication manageable in large installations.  When EAP is run over a LAN, EAP packets are encapsulated by EAP over LAN (EAPOL) messages. The format of EAPOL packets is defined in the 802.1x specification. EAPOL communication occurs between the end-user station (supplicant) and the wireless access point (authenticator). The RADIUS protocol is used for communication between the authenticator and the RADIUS server.  The authentication process begins when the end user attempts to connect to the WLAN. The authenticator receives the request and creates a virtual port with the supplicant. The authenticator acts as a proxy for the end user passing authentication information to and from the authentication server on its behalf. The authenticator limits traffic to authentication data to the server.
  • 27. What are the steps in negotiation? 1. The client may send an EAP-start message. 2. The access point sends an EAP-request identity message. 3. The client's EAP-response packet with the client's identity is "proxied" to the authentication server by the authenticator. 4. The authentication server challenges the client to prove themselves and may send its credentials to prove itself to the client (if using mutual authentication). 5. The client checks the server's credentials (if using mutual authentication) and then sends its credentials to the server to prove itself. 6. The authentication server accepts or rejects the client's request for connection. 7. If the end user was accepted, the authenticator changes the virtual port with the end user to an authorized state allowing full network access to that end user. 8. At log-off, the client virtual port is changed back to the unauthorized state.
  • 28. Physical Layer 1 Herearemy Rawbinarydata Repeaters – amplify signal, no added intelligence, no filtering – Hubs – used to connect multiple LAN devices, no added intelligence Give me your bits TCP/IP Link Layer 1 Network Access routines for accessing physical networks and the electrical connection Fiber Distributed Data Interface – FDDI - Dual token ring LAN at 100 MBps on Fiber Copper Distributed Data Interface - CDDI – can be used with UTP cable but subject to interference and length issues associated with Copper.
  • 29. Physical Layer 1 Protocols LAYER 1 PROTOCOLS The Physical Layer receives data from the data link Layer and transmits it to the wire. The physical layer controls the electrical and mechanical functions related to the transmission and receipt of a communications signal including encoding and decoding of data contained within the modulated signal. Note that for two devices to communicate, they must be connected to the same type of physical medium (wiring). 802.3 Ethernet to 802.3 Ethernet, FDDI to FDDI, serial to serial etc.  RS-232 (Recommend Standard number 232) is standard communication protocol for linking computer and its peripheral devices to allow serial data exchange RS232  Synchronous Optical Network SONET  High-Speed Serial Interface HSSI used between devices that are within fifty feet of each other and achieves data rates up to 52 Mbps  Interface specification for differential communications, X.21 a 15- pin D-Sub connector running full-duplex data transmissions. X.21  Digital subscriber line DSL  Integrated Services Digital Network (ISDN)  EIA-422, EIA-423, RS-449, RS-485  10BASE-T, 10BASE2, 10BASE5, 100BASE-TX, 100BASE-FX, 100BASE- T, 1000BASE-T, 1000BASE-SX TCP/IP Link Layer 1 Network Access routines for accessing physical networks and the electrical connection
  • 30. OSI Security - 6 Security Services A security service is a collection of security mechanisms, files, and procedures that help protect the network.  Authentication  Access control  Data confidentiality  Data integrity  Non-repudiation  Logging and monitoring
  • 31. OSI Security - 8 Security Mechanisms A security mechanism is a control that is implemented in order to provide the 6 basic security services.  Encipherment  Digital signature  Access Control  Data Integrity  Authentication  Traffic Padding  Routing Control  Notarization
  • 32. Insecure TCP/IP Protocols Telnet, FTP, TFTP, SMTP  Telnet  File Transfer Protocol – FTP Port 20/21  Trivial File Transfer Protocol  Simple Mail Transfer Protocol - SMTP http://map.norsecorp.com/
  • 33. Multi-layer Protocol  DNP3 Distributed Network Protocol – open protocol that supports the Smart Grid computing  Provides interoperability between vendor SCADA systems  IEEE standard 2010  IEEE 1815-2012 is current standard and supports PKI
  • 34. Software Defined Networks SDN  Isolates control plane from data plane  Control plane: data sent to/from a router such as protocol updates OSPF BGP  Data plane: data sent through router, such as routed packets  Routing decisions are made remotely  The open source OpenFlow protocol is used for remote management of data plane in Software Defined Networks  OpenFlow is a TCP protocol that uses TLS encryption
  • 35. Content Distribution Networks Improves performance and availability by bringing data closer to users  Also called Content Delivery Networks  Uses a series of distributed caching servers  Determines servers closest to end user Notable CDNs include Akamai, Amazon CoudFront and CloudFlare  Many ISPs are also CDNs
  • 36. • transport segment from sending to receiving host • on sending side encapsulates segments into datagrams • on rcving side, delivers segments to transport layer • network layer protocols in every host, router • Router examines header fields in all IP datagrams passing through it Circuit vs. Packet Switching
  • 37. http://www.enterprisegrc.com Remote Access and Secure Communications Channels
  • 38. IPSec IETF open standard RFC 2401 (Layer 3)  Enables encrypted communication between users and devices  Implemented transparently into network infrastructure  Scales  Commonly implemented (most VPN are IPSec compliant)
  • 39. Type of VPN  Client to site VPN (Transport) Encrypts the DATA  Example: Laptop dial up connection to remove access server at HQ  Site to site VPN (Tunnel) Encrypts the entire packet  Example: L.A. office connection to D.C. office location Tunnel means encrypt the entire packet Transport means encrypt the data
  • 40. Encryption can stop us from seeing our adversary  Bypassing firewalls, IDS, virus scanners, web filters  Trusting the other end – home and bad actors  Encrypted content prevents eavesdropping but prevent Intrusion Detection Systems IDS from seeing outbound malicious content.
  • 41. Types of IPSec Headers AH - Data Integrity No modification of data in transit Origin authentication: Identifies where data originated; non repudiation, integrity and authentication No Confidentiality ESP - Data Integrity No modification of data in transit Origin authentication: Identifies where data originated Confidentiality: All data encrypted AHAuthenticationHeader EncapsulationSecurityPayloadESP
  • 42. IPSec site between Layer 3 and 4  Layer 4 and higher is encrypted  ESP in transport mode impacts the firewall  You can only do layer 3 filtering  In tunnel mode, source and destination are private addresses, so are un-routable – has to be tunneled over the internet
  • 43. Remote Access Security Management  Securing external connections VPNs SSL SSH  Data Access, screen scrapers, virtual desktops  Remote-access authentication systems (Radius and TACACS)  Remote node authentication protocols such as PAP and CHAP  A password authentication protocol (PAP) is an authentication protocol that uses a password.  PAP is used by Point to Point Protocol to validate users before allowing them access to server resources. Almost all network operating system remote servers support PAP.
  • 44. BAGN – 802.11 Wireless  802.11 supports infrared and Radio Frequency (FHSS and DSSS)  B + G only 2.4 GHZ  B approved first was only 11 Mbps, then everything else is 54 till n at 144  Only N can have either 2.4 or 5 and is what is see today
  • 45.  Digital Signal Level 0 (DS-0) Partial T1; 64 Kbps up to 1.544 Mbps  Digital Signal Level 1 (DS-1) T1; 1.544 Mbps  Digital Signal Level 3 (DS-3) T3; 44.736 Mbps  European digital transmission format 1 El; 2.108 Mbps  European digital transmission format 3 E3; 34.368 Mbps  Cable modem or cable routers 10+ Mbps
  • 46. Firewalls  Packet filtering  Stateful  Proxy  Next Generation Firewalls (NGFW)
  • 47. Firewall Topologies- "Where should the firewall be placed?"  Bastion host  Screened subnet  Dual-firewall architectures The next decision to be made, after the topology chosen, is where to place individual firewall systems in it. At this point, there are several types to consider, such as bastion host, screened subnet and multi-homed firewalls.
  • 48. Packet Filtering Firewalls - physical, data-link and network  Examines each packet independently and determines whether packets should pass or be dropped  Has no idea of what traffic came before it  Very fast, but not very secure  Referred to as access control lists (ACL) on some devices  Several types of attacks can be used to bypass these firewalls. Packet filtering firewalls complement detailed defense in depth policies  Effective at layer 3, ineffective at layer 4  Because they treat each packet in isolation, this makes them vulnerable to spoofing attacks and also limits their ability to make more complex decisions based on what stage communications between hosts are at.
  • 49. NGFW Next Gen Firewall  Replacing Stateful Inspection SI at each hardware refresh cycle  They should compliment, not replace
  • 50. Network layer firewalls  Makes decisions based on the source address, destination address and ports in individual IP packets. A simple router is the traditional network layer firewall, since it is not able to make particularly complicated decisions about what a packet is actually talking to or where it actually came from.  One important distinction many network layer firewalls possess is that they route traffic directly through them, which means in order to use one, you either need to have a validly assigned IP address block or a private Internet address block. Network layer firewalls tend to be very fast and almost transparent to their users.
  • 51. Proxy Firewall - Application layer firewalls  Application layer firewalls are hosts that run proxy servers, which permit no traffic directly between networks, and they perform elaborate logging and examination of traffic passing through them. Since proxy applications are simply software running on the firewall, it is a good place to do logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one side and out the other after having passed through an application that effectively masks the origin of the initiating connection.  Application layer firewalls offer Layer 7 security on a more granular level, and may even help organizations get more out of existing network devices.
  • 52. Host Based Firewalls  Host Based Firewalls are software that runs on protected host  Additional defense in depth layer when combined with network firewalls  Examples include:  Windows Firewall  IPtables (Linux/Unix)  IPFilter(Linux/Unix)  Application Firewall (Mac OS X)  McAfee Personal Firewall (Mac OS X)  ZoneAlarm (Windows)
  • 53. Stateful Packet Inspection Firewall  Keeps a state table of all traffic going across the network  Uses the state table to determine whether a packet should pass or be dropped  More secure, but slower than a packet filtering firewall
  • 54. Network Intrusion Protection System NIPS and Network Intrusion Detection System NIDS  NIPS hardware and software systems that protect computer networks from unauthorized access and malicious activity. -hardware: dedicated Network Intrusion Detection System (NIDS) device, an Intrusion Prevention System (IPS), or a combination of the two such as an Intrusion Prevention and Detection System (IPDS).  NIDS can only detect intrusions  IPS can pro-actively stop an attack by following established rules, such as changing firewall settings, blocking particular Internet protocol (IP) addresses or dropping certain packets entirely.
  • 55. Network Intrusion Protection System NIPS and Network Intrusion Detection System NIDS  The software firewall, sniffer and antivirus tools, dashboards and other data visualization tools. NIPS continually monitors networks for abnormal traffic patterns, generate event logs, alerting system administrators to significant events and stopping potential intrusions when possible.  NIPS are useful for internal security auditing and provide documentation for compliance regulations.  NIPS is part of a layered combination of security systems working together is necessary to protect computer networks from compromise.  A NIPS in some form is vital for any computer network that can be accessed by unauthorized persons.  Computers holding sensitive data always need protection; however, even seemingly insignificant networks can be hijacked for use in botnet attacks.
  • 56. Kerberos Ticket authentication mechanism  Kerberos offers a single sign-on solution for users and provides protection for logon credentials. The current version, Kerberos 5, relies on symmetric-key cryptography (also known as secret-key cryptography) using the Advanced Encryption Standard (AES) symmetric encryption protocol. Kerberos provides confidentiality and integrity for authentication traffic using end-to-end security and helps prevent against eavesdropping and replay attacks. It uses several different elements that are important to understand:  Key Distribution Center The key distribution center (KDC) is the trusted third party that provides authentication services. Kerberos uses symmetric-key cryptography to authenticate clients to servers. All clients and servers are registered with the KDC, and it maintains the secret keys for all network members.
  • 57. Kerberos Ticket authentication mechanism  Kerberos Authentication Server The authentication server hosts the functions of the KDC:  a ticket-granting service (TGS), and an authentication service (AS). However, it is possible to host the ticket-granting service on another server. The authentication service verifies or rejects the authenticity and timeliness of tickets. This server is often called the KDC.  Ticket-Granting Ticket (TGT) provides proof that a subject has authenticated through a KDC and is authorized to request tickets to access other objects.  A TGT is encrypted and includes a symmetric key, an expiration time, and the user’s IP address. Subjects present the TGT when requesting tickets to access objects.  Ticket A ticket is an encrypted message that provides proof that a subject is authorized to access an object. It is sometimes called a service ticket (ST).  Subjects request tickets to access objects, and if they have authenticated and are authorized to access the object, Kerberos issues them a ticket. Kerberos tickets have specific lifetimes and usage parameters. Once a ticket expires, a client must request a renewal or a new ticket to continue communications with any server. https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/csec_kerb_auth_explain.html
  • 58. http://www.enterprisegrc.com The Kerberos logon process works as follows: 1. The user types a username and password into the client. 2. The client encrypts the username with AES for transmission to the KDC. 3. The KDC verifies the username against a database of known credentials. 4. The KDC generates a symmetric key that will be used by the client and the Kerberos server. It encrypts this with a hash of the user’s password. The KDC also generates an encrypted time-stamped TGT. 5. The KDC then transmits the encrypted symmetric key and the encrypted time-stamped TGT to the client. 6. The client installs the TGT for use until it expires. The client also decrypts the symmetric key using a hash of the user’s password. Kerberos is a versatile authentication mechanism that works over local LANs, remote access, and client-server resource requests. However, Kerberos presents a single point of failure—the KDC. If the KDC is compromised, the secret key for every system on the network is also compromised. Also, if a KDC goes offline, no subject authentication can occur. https://technet.microsoft.com/en-us/library/bb463152.aspx
  • 59. Client wants to access an object, such as a resource hosted on the network, it must request a ticket through the Kerberos server 1. The client sends its TGT back to the KDC with a request for access to the resource. 2. The KDC verifies that the TGT is valid and checks its access control matrix to verify that the user has sufficient privileges to access the requested resource. 3. The KDC generates a service ticket and sends it to the client. 4. The client sends the ticket to the server or service hosting the resource. 5. The server or service hosting the resource verifies the validity of the ticket with the KDC. 6. Once identity and authorization is verified, Kerberos activity is complete. The server or service host then opens a session with the client and begins communications or data transmission. It also has strict time requirements and the default configuration requires that all systems be time- synchronized within five minutes of each other. If a system is not synchronized or the time is changed, a previously issued TGT will no longer be valid and the system will not be able receive any new tickets. In effect, the client will be denied access to any protected network resources. https://technet.microsoft.com/en-us/library/bb463152.aspx
  • 60. Ports that are important to spot visually as their number  Telnet, TCP Port 23 This is a terminal emulation network application that supports remote connectivity for executing commands and running applications but does not support transfer of fi les.  File Transfer Protocol (FTP), TCP Ports 20 and 21 This is a network application that supports an exchange of fi les that requires anonymous or specific authentication.  Trivial File Transfer Protocol (TFTP), UDP Port 69 This is a network application that supports an exchange of fi les that does not require authentication.  Simple Mail Transfer Protocol (SMTP), TCP Port 25 This is a protocol used to transmit email messages from a client to an email server and from one email server to another.  Post Office Protocol (POP3), TCP Port 110 This is a protocol used to pull email messages from an inbox on an email server down to an email client.  Internet Message Access Protocol (IMAP), TCP Port 143 This is a protocol used to pull email messages from an inbox on an email server down to an email client. IMAP is more secure than POP3 and offers the ability to pull headers down from the email server as well as to delete messages directly off the email server without having to download to the local client first.  Dynamic Host Configuration Protocol (DHCP), UDP Ports 67 and 68 DHCP uses port 67 for server point-to-point response and port 68 for client request broadcasts. It is used to assign TCP/IP configuration settings to systems upon bootup. DHCP enables centralized control of network addressing.
  • 61. Ports that are important to spot visually as their number  Hypertext Transport Protocol (HTTP), TCP Port 80 This is the protocol used to transmit web page elements from a web server to web browsers.  Secure Sockets Layer (SSL), TCP Port 443 (for HTTP Encryption) This is a VPN-like security protocol that operates at the Transport layer. SSL was originally designed to support secured web communications (HTTPS) but is capable of securing any Application layer protocol communications.  Line Print Daemon (LPD), TCP Port 515 This is a network service that is used to spool print jobs and to send print jobs to printers.  X Window, TCP Ports 6000–6063 This is a GUI API for command-line operating systems.  Bootstrap Protocol (BootP)/Dynamic Host Configuration Protocol (DHCP), UDP Ports 67 and 68 This is a protocol used to connect diskless workstations to a network through auto assignment of IP configuration and download of basic OS elements. BootP is the forerunner to Dynamic Host Configuration Protocol (DHCP).  Network File System (NFS), TCP Port 2049 This is a network service used to support file sharing between dissimilar systems.  Simple Network Management Protocol (SNMP), UDP Port 161 (UDP Port 162 for Trap Messages) This is a network service used to collect network health and status information by polling monitoring devices from a central monitoring station.