This document discusses network security and provides definitions for common attacks, technical solutions, and objectives. It begins with an overview of the challenges of network security and stages of a cyber operation. Specific attacks covered include denial of service, man-in-the-middle, SQL injection, and password cracking. Defenses such as firewalls, intrusion detection/prevention systems, and encryption techniques are also defined. The objectives are to understand these concepts and apply security best practices like layered defenses and network segmentation.

1. Network Security
Attacks
Technical Solutions

2. Acknowledgments
Material is sourced from:
 CISA® Review Manual 2011, © 2010, ISACA. All rights reserved. Used by
permission.
 CISM® Review Manual 2012, © 2011, ISACA. All rights reserved. Used by
permission.
 Many other Network Security sources
 http://www.csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf
Author: Susan J Lincke, PhD
Univ. of Wisconsin-Parkside
Reviewers/Contributors: Todd Burri, Kahili Cheng
Funded by National Science Foundation (NSF) Course, Curriculum and
Laboratory Improvement (CCLI) grant 0837574: Information Security: Audit,
Case Study, and Service Learning.
Any opinions, findings, and conclusions or recommendations expressed in this
material are those of the author(s) and/or source(s) and do not necessarily
reflect the views of the National Science Foundation.

3. Objectives
The student should be able to:
Define attacks: script kiddy, social engineering, logic bomb, Trojan horse,
phishing, pharming, war driving, war dialing, man-in-the-middle attack, SQL
injection, virus, worm, root kit, dictionary attack, brute force attack, DOS, DDOS,
botnet, spoofing, packet reply.
Describe defenses: defense in depth, bastion host, content filter, packet filter,
stateful inspection, circuit-level firewall, application-level firewall, de-militarized
zone, multi-homed firewall, IDS, IPS, NIDS, HIDS, signature-based IDS,
statistical-based IDS, neural network, VPN, network access server
(RADIUS/TACACS), honeypot, honeynet, hash, secret key encryption, public key
encryption, digital signature, PKI, vulnerability assessment
Identify techniques (what they do): SHA1/SHA2, MD2/MD4/MD5, DES, AES,
RSA, ECC.
Describe and define security goals: confidentiality, authenticity, integrity, non-
repudiation
Define service’s & server’s data in the correct sensitivity class and roles with
access
Define services that can enter and leave a network
Draw network Diagram with proper zones and security equipment

4. The Problem of Network Security
The Internet allows an
attacker to attack from
anywhere in the world
from their home desk.
They just need to find one
vulnerability: a security
analyst need to close
every vulnerability.
Solution: Layered defense

5. Stages of a
Cyber-Operation
Target Identification
 Opportunistic Attack:
focuses on any easy-to-
break-into site
 Targeted Attack: specific
victim in mind
 Searches for a vulnerability
that will work.

6. Hacking Networks
Reconnaissance Stage
 Physical Break-In
 Dumpster Diving
 Google, Newsgroups,
Web sites
 Social Engineering
 Phishing: fake email
 Pharming: fake web pages
 WhoIs Database &
arin.net
 Domain Name Server
Interrogations
Registrant:
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
US
Domain name: MICROSOFT.COM
Administrative Contact:
Administrator, Domain domains@microsoft.com
One Microsoft Way
Redmond, WA 98052
US
+1.4258828080
Technical Contact:
Hostmaster, MSN msnhst@microsoft.com
One Microsoft Way
Redmond, WA 98052 US
+1.4258828080
Registration Service Provider:
DBMS VeriSign, dbms-support@verisign.com
800-579-2848 x4
Please contact DBMS VeriSign for domain updates,
DNS/Nameserver
changes, and general domain support questions.
Registrar of Record: TUCOWS, INC.
Record last updated on 27-Aug-2006.
Record expires on 03-May-2014.
Record created on 02-May-1991.
Domain servers in listed order:
NS3.MSFT.NET 213.199.144.151
NS1.MSFT.NET 207.68.160.190
NS4.MSFT.NET 207.46.66.126
NS2.MSFT.NET 65.54.240.126
NS5.MSFT.NET 65.55.238.126

7. Hacking Networks
Reconnaissance Stage
War Driving: Can I find a wireless network?
War Dialing: Can I find a modem to connect to?
Network Scanning: What IP addresses, open ports,
applications exist?
Protocol Sniffing: What is being sent over
communications lines?

8. Passive Attacks
Eavesdropping: Listen to
packets from other
parties = Sniffing
Traffic Analysis: Learn
about network from
observing traffic patterns
Footprinting: Test to
determine software
installed on system =
Network Mapping
B
PacketA
C
Bob
Jennie
Carl
Login: Ginger Password: Snap

9. Hacking Networks:
Gaining Access Stage
Network Attacks:
 IP Address Spoofing
 Man-in-the-Middle
System Attacks:
 Buffer Overflow
 Password Cracking
 SQL Injection
 Web Protocol Abuse
 Watering Hole Attack
 Trap Door
 Virus, Worm, Trojan
horse
a
aa
ab
ac
…
ba
bb
…
aaa
aab
aac
…

10. Some Active Attacks
Denial of Service: Message
did not make it; or service
could not run
Masquerading or Spoofing:
The actual sender is not
the claimed sender
Message Modification: The
message was modified in
transmission
Packet Replay: A past packet
is transmitted again in
order to gain access or
otherwise cause damage
Denial of Service
Joe
Ann
Bill
Spoofing
Joe (Actually Bill)
Ann
Bill
Message
Modification
Joe
Ann
Packet Replay
Joe
Ann
Bill
Bill

11. Man-in-the-Middle Attack
10.1.1.1
10.1.1.2
10.1.1.3
(1) Login
(3) Password
(2) Login
(4) Password

12. SQL Injection
 Java Original: “SELECT * FROM
users_table WHERE username=” + “’” +
username + “’” + “ AND password = “ + “’” +
password + “’”;
 Inserted Password: Aa’ OR ‘’=’
 Java Result: “SELECT * FROM
users_table WHERE username=’anyname’
AND password = ‘Aa’ OR ‘ ‘ = ‘ ‘;
 Inserted Password: foo’;DELETE FROM
users_table WHERE username LIKE ‘%
 Java Result: “SELECT * FROM
users_table WHERE username=’anyname’
AND password = ‘foo’; DELETE FROM
users_table WHERE username LIKE ‘%’
 Inserted entry: ‘|shell(“cmd /c echo “ &
char(124) & “format c:”)|’
Login:
Password:
Welcome to My System

13. NIST SP 800-118 Draft
Password Cracking:
Dictionary Attack & Brute Force
Pattern Calculation Result Time to Guess
(2.6x1018
/month)
Personal Info: interests, relatives 20 Manual 5 minutes
Social Engineering 1 Manual 2 minutes
American Dictionary 80,000 < 1 second
4 chars: lower case alpha 264
5x105
8 chars: lower case alpha 268
2x1011
8 chars: alpha 528
5x1013
8 chars: alphanumeric 628
2x1014
3.4 min.
8 chars alphanumeric +10 728
7x1014
12 min.
8 chars: all keyboard 958
7x1015
2 hours
12 chars: alphanumeric 6212
3x1021
96 years
12 chars: alphanumeric + 10 7212
2x1022
500 years
12 chars: all keyboard 9512
5x1023
16 chars: alphanumeric 6216
5x1028

14. Hacking Networks:
Hiding Presence; Establishing Persistence
Backdoor
Trojan Horse
Spyware/Adware
Command & Control
User-Level Rootkit
Kernel-Level
Rootkit
Replaces system
executables: e.g.
Login, ls, du
Replaces OS kernel:
e.g. process or file
control to hide
Control system:
system commands,
log keystrokes, pswd
Useful utility actually
creates a backdoor.
Slave forwards/performs
commands;
Spyware: Keystroke logger
collects info: passwords,
collect credit card #s,
AdWare: insert ads,
filter search results
Spread & infect,
list email addrs,
DDOS attacks
Bot

15. Distributed Denial of Service
Zombies
VictimAttacker Handler
Can barrage a victim
server with requests,
causing the network
to fail to respond to anyone
Russia Bulgaria United
States
Zombies

16. Question
An attack where multiple computers send
connection packets to a server simultaneously
to slow the firewall is known as:
1. Spoofing
2. DDOS
3. Worm
4. Rootkit

17. Question
A man in the middle attack is
implementing which additional type of
attack:
1. Spoofing
2. DoS
3. Phishing
4. Pharming

18. Network Security
Network Defense
Encryption

19. Security: Defense in Depth
Border Router
Perimeter firewall
Internal firewall
Intrusion Detection System
Policies & Procedures & Audits
Authentication
Access Controls

20. Bastion Host
Computer fortified
against attackers
 Applications turned
off
 Operating system
patched
 Security configuration
tightened

21. Attacking the Network
What ways do you see of getting in?
The Internet
De-Militarized
Zone
Private Network
Border Router/Firewall
Commercial Network
Internal FirewallWLAN

22. Filters: Firewalls & Routers
Route Filter: Verifies source/destination IP addresses
Packet Filter: Scans headers of packets
Content Filter: Scans contents of packet (e.g., IPS)
Default Deny: Any packet not explicitly permitted is
rejected
Fail Safe or Fail Secure: If router fails, it fails shut
The good, the bad &
the ugly…
Filter
The bad &
the ugly
The Good

23. Packet Filter Firewall
Web Request
Ping Request
FTP request
Email Connect Request
Web Response
Telnet Request
Email Response
SSH Connect Request
DNS Request
Email Response
Web
Response
Illegal Source IP Address
Illegal Dest IP Address
Microsoft NetBIOS Name Service

24. Campus
Desire2Lear
n
Lab
Health
Services
Register
Library
Students &
Instructors
Students &
Instructors
Nurses
Public
Web
Public:
Potential Students
Graduates
Login
Confidential
Private
Public
Legend
Advisors &
Registrars
Informal Path of Logical Access
PoS
Staff

25. Step 1: Determine Services:
Who, What, Where?
Workbook
Service
(e.g., web, sales
database)
Source
(e.g., home, world, local
computer)
Destination
(local server, home,
world, etc.)
Registration,
Desire2Learn
Students and Instructors:
Anywhere in the World
Computer Service
Servers
Registration Registrars and Advisers:
On campus
Computer Service
Servers
Library databases On campus students and
staff.
Off-campus requires login
Specific off-site
library facilities
Health Services On campus: nurses office Computer Service
Servers
External
(Internet) web
services
On campus: Campus labs,
dorms, faculty offices
Anywhere in the
world

26. Step 2: Determine
Sensitivity of Services
Workbook
Service Name
(E.g., web,
email)
Sensitivity Class
(E.g.,
Confidential)
Roles
(E.g., sales, engineering)
Server
(*=Virtual)
Desire2-
Learn
Private Current Students,
Instructors
Student_
Scholastic
Registration Confidential Current Students,
Registration, Accounting,
Advising, Instructors
Student_
Register
Health
Service
Confidential Nurses Health_Servi
ces
Web Pages:
activities,
news,
departments
, …
Public Students, Employees, Public Web_Services
*

27. Isolation &
Compartmentalization
 Compartmentalize network
 by Sensitivity Class & Role
 Segment Network into Regions = Zones
 E.g., DMZ, wireless, Payment Card
 Isolate Apps on Servers:
 physical vs. virtual (e.g. VMware)
 Virtual Servers combine onto one Physical server.
 has own OS and limited section of disk.
 Hypervisor software is interface between virtual system’s
OS and real computer’s OS.

28. External
DNS
Web
Server
E-Commerce Email
Server
Protected Internal
Network
Zone
Database/File
Servers
Internet
Multi-Homed Firewall:
Separate Zones
Demilitarized Zone
Screened
Host
The router serves as a screen for the
Firewall, preventing Denial of Service
attacks to the Firewall.
Screening
Device:
Router
Private
Payment Card
Zone IPS
IDS

29. Step 3: Allocate Network Zones
Workbook
Zone Services
Zone Description
(You may delete or add rows as necessary)
Internet This zone is external to the organization.
De-Militar-
ized Zone
Web,
Email, DNS
This zone houses services the public are allowed to access in our
network.
Wireless
Network
Wireless local
employees
This zone connects wireless/laptop employees/students (and
crackers) to our internal network. They have wide access.
Private
Server Zone
Databases This zone hosts our student learning databases, faculty
servers, and student servers.
Confidential
Zone
Payment
card, health,
grades info
This highly-secure zone hosts databases with payment and
other confidential (protected by law) information.
Private user
Zone
Wired staff/
students
This zone hosts our wired/fixed employee/classroom computer
terminals. They have wide univ. & external access.
Student Lab
Zone
Student labs This zone hosts our student lab computers, which are highly
vulnerable to malware. They have wide access

30. Step 4: Define Controls
Workbook
Zone Server
(*=Virtual)
Service Required Controls
(Conf., Integrity, Auth., Nonrepud., with tools: e.g.,
Encryption/VPN, hashing, IPS)
De-
Militarized
Zone
Web_
Services*,
Email_Server
DNS_Server
Web,
Email,
DNS
Hacking: Intrusion Prevention System,
Monitor alarm logs, Anti-virus software within
Email package.
Wireless
Network
Wireless local
users
Confidentiality: WPA2 Encryption
Authentication: WPA2 Authentication
Private
Server Zone
StudentSch
olastic
Student_Fil
es
Faculty_File
s
Classroom
software,
Faculty &
student
storage.
Confidentiality: Secure Web (HTTPS), Secure
Protocols (SSH, SFTP).
Authentication: Single Sign-on through
TACACS
Hacking: Monitor logs

31. Data Privacy
 Confidentiality: Unauthorized
parties cannot access
information (->Secret Key
Encryption
 Authenticity: Ensuring that
the actual sender is the
claimed sender. (->Public Key
Encryption)
 Integrity: Ensuring that the
message was not modified in
transmission. (->Hashing)
 Nonrepudiation: Ensuring
that sender cannot deny
sending a message at a later
time. (->Digital Signature)
Confidentiality
Joe
Ann
Bill
Authenticity
Joe (Actually Bill)
Ann
Bill
Integrity
Joe
Ann
Non-Repudiation
Joe
Ann
Bill

32. Confidentiality:
Encryption – Secret Key
Examples: DES, AES
Encrypt
Ksecret
Decrypt
Ksecret
plaintext
ciphertext
plaintext
Sender, Receiver have IDENTICAL keys
Plaintext = Decrypt(Ksecret, Encrypt(Ksecret,Plaintext))
NIST Recommended: 3DES w. CBC
AES 128 Bit

33. Confidentiality, Authentication, Non-Repudiation
Public Key Encryption
Examples: RSA, ECC, Quantum
Encrypt
Kpublic
Decrypt
Kprivate
Key ownerJoe
Encryption
(e.g., RCS)
Decrypt
Kpublic
Encrypt
Kprivate
Message,
private key
Digital
Signature
Key
owner
Authentication,
Non-repudiationJoe
Sender, Receiver have Complimentary Keys
Plaintext = Decrypt(kPRIV, Encrypt(kPUB,Plaintext))
Plaintext = Decrypt(kPUB, Encrypt(kPRIV,Plaintext))
NIST Recommended:
2011: RSA 2048 bit

34. Confidentiality:
Remote Access Security
Virtual Private Network (VPN) often implemented with
IPSec
 Can authenticate and encrypt data through Internet (red line)
 Easy to use and inexpensive
 Difficult to troubleshoot
 Susceptible to malicious software and unauthorized actions
 Often router or firewall is the VPN endpoint
The Internet
Firewall
VPN
Concentrator

35. Integrity:
Secure Hash Functions
Examples: HMAC, SHA-2, SHA-3
Message
H
K Message H
MessageK H H
Compare
Secure Hash
Message
H
Message Message
H
H H H
H
Compare
HMAC
K K
Ensures the message was not modified during transmission
NIST Recommended: SHA-2, SHA-3
H
Transmitted Hash

36. Encrypted
K(Sender’s Private)
Non-Repudiation:
Digital Signature
 Electronic Signature
 Uses public key
algorithm
 Verifies integrity of
data
 Verifies identity of
sender: non-
repudiation
Message
Msg Digest

37. Authentication:
Public Key Infrastructure (PKI)
Digital
Certificate
User: Sue
Public Key:
2456
1. Sue registers with
CA through RA
Certificate Authority
(CA)
Register(Owner, Public Key) 2. Registration Authority
(RA) verifies owners
3. Send approved
Digital Certificates
5. Tom requests Sue’s DC 
6. CA sends Sue’s DC 
Sue
Tom
4. Sue sends
Tom message
signed with
Digital Signature
7. Tom confirms
Sue’s DS

38. Hacking Defense:
Intrusion Detection/Prevention
Systems (IDS or IPS)
Network IDS=NIDS
 Examines packets for attacks
 Can find worms, viruses, or
defined attacks
 Warns administrator of attack
 IPS=Packets are routed
through IPS
Host IDS=HIDS
 Examines actions or resources
for attacks
 Recognize unusual or
inappropriate behavior
 E.g., Detect modification or
deletion of special files
Router
Firewall
IDS

39. IDS/IPS Intelligence Systems
Signature-Based:
 Specific patterns are recognized
as attacks
Statistical-Based:
 The expected behavior of the
system is understood
 If variations occur, they may be
attacks (or maybe not)
Neural Networks:
 Statistical-Based with self-learning
(or artificial intelligence)
 Recognizes patterns
Attacks:
NastyVirus
BlastWorm
NastyVirus
NIDS:
ALARM!!!
0
10
20
30
40
50
60
70
80
90
Mon. Tues. Wed. Thurs.
Sales
Personnel
Factory
Normal

40. Hacking Defense:
Evaluating Applications
 Unified Threat Management =
SuperFirewall = firewall + IPS + anti-virus
+ VPN capabilities
Concerns are redundancy and bandwidth.
 Blacklist= restrict access to particular
web sites, e.g., social and email sites
 Whitelist= permit access to only a limited
set of web sites.

41. Hacking Defense:
Honeypot & Honeynet
Honeypot: A system with a special software application
which appears easy to break into
Honeynet: A network which appears easy to break into
 Purpose: Catch attackers
 All traffic going to honeypot/net is suspicious
 If successfully penetrated, can launch further attacks
 Must be carefully monitored
External
DNS
IDS Web
Server
E-Commerce VPN
Server
Firewall
Honey
Pot

42. Hacking Defense:
Vulnerability Assessment
 Scan servers, work stations, and control
devices for vulnerabilities
Open services, patching, configuration
weaknesses
 Testing controls for effectiveness
Adherence to policy & standards
 Penetration testing

43. Router
External
DNS
Email Public
Web
Server
E-Commerce
Firewall
Zone 1:
Student
Labs &
Files
Internet
Step 5: Draw Network Diagram
Workbook
Demilitarized Zone
Zone 2:
Faculty
Labs &
Files
Student
Records
Student
Billing
Transcripts
Student
Scholastic
Student
History
Zone 3:Confidential Data
Student
Billing

44. Path of Logical Access
How would access control be improved?
The Internet
De-Militarized
Zone
Private Network
Border Router/
Firewall
Router/Firewall
WLAN

45. Protecting the Network
The Internet
De-Militarized
Zone
Private Network
Border Router: Packet Filter
Bastion Hosts
Proxy server firewall
WLAN

46. University Scenario:
Dual in-line Firewalls

47. Writing Rules
Policies Network Filter Capabilities
Write Rules
Protected Network
Audit Failures
Corrections
Fail-Safe: If the filter fails, it fails closed
Default Deny: If a specific rule does not apply,
The packet is dropped.

48. Firewall
Configurations
A A
terminal
firewall
host
Router Packet Filtering:
Packet header is inspected
Single packet attacks caught
Very little overhead in firewall: very quick
High volume filter
A A
terminal
firewall
host
A
Stateful Inspection
State retained in firewall memory
Most multi-packet attacks caught
More fields in packet header inspected
Little overhead in firewall: quick

49. Firewall
Configurations
A B
terminal
firewall
host
Circuit-Level Firewall:
Packet session terminated and recreated
via a Proxy Server
All multi-packet attacks caught
Packet header completely inspected
High overhead in firewall: slow
A B
terminal
firewall
host
A
Application-Level Firewall
Packet session terminated and recreated
via a Proxy Server
Packet header completely inspected
Most or all of application inspected
Highest overhead: slow & low volume
A B
B

50. Web Page Security
SQL Filtering: Filtering of web input for SQL
Injection
Encryption/Authentication: Ensuring
Confidentiality, Integrity, Authenticity, Non-
repudiation
Web Protocol Protection: Protection of
State

51. Summary of Controls
Conf-
ident.
Integ-
rity
Authen.
Non-
repud.
Anti-
Hack
Encryption Protocols: S-HTTP, HTTPS,
SSL, SSH2, PGP, S/MIME
x ? ?
Virtual Private Network (VPN): IPsec x x x
Wireless: WPA2, TKIP, IEEE 802.11i x x x
Hashing: HMAC, SHA, MD5 x
Digital Signature x x
Public Key Infrastructure x x x
Centralized Access Control: RADIUS,
TACACS
x
Kerberos x x
Authentication: biometric, flash drive, token x

52. Conf-
ident.
Integ-
rity
Authen.
Non-
repud.
Anti-
Hack
Firewall, App. or web firewall x
Mobile device mgmt x
Antivirus, Endpoint Security x
Event Logs/SIEM x
Intrusion Detection/Prevention Systems x
Unified Threat Mgmt x
Vulnerability Assessment x
Risk, Policy Mgmt x
Honeypot/Honeynet x
Email security mgmt x x
Bastion host x

53. Question
A map of the network that shows where service
requests enter and are processed
1. Is called the Path of Physical Access
2. Is primarily used in developing security policies
3. Can be used to determine whether sufficient
Defense in Depth is implemented
4. Helps to determine where antivirus software
should be installed

54. Question
The filter with the most extensive filtering
capability is the
1. Packet filter
2. Application-level firewall
3. Circuit-level firewall
4. State Inspection

55. Question
The technique which implements non-
repudiation is:
1. Hash
2. Secret Key Encryption
3. Digital Signature
4. IDS

56. Question
Anti-virus software typically implements
which type of defensive software:
1. Neural Network
2. Statistical-based
3. Signature-based
4. Packet filter

57. Question
MD5 is an example of what type of
software:
1. Public Key Encryption
2. Secret Key Encryption
3. Message Authentication
4. PKI

58. Question
A personal firewall implemented as part
of the OS or antivirus software qualifies
as a:
1. Dual-homed firewall
2. Packet filter
3. Screened host
4. Bastion host

59. HEALTH FIRST CASE STUDY
Designing Network Security
Jamie Ramon MD
Doctor
Chris Ramon RD
Dietician
Terry
Licensed
Practicing Nurse
Pat
Software Consultant

60. Defining Services which can
Enter and Leave the Network
Service Source
(e.g., home,
world, local
computer)
Destination
(local server,
home, world,
etc.)

61. Defining Services and Servers
Workbook
Service
(e.g., web, sales
database)
Source
(e.g., home, world, local
computer)
Destination
(local server, home,
world, etc.)
Registration,
Desire2Learn
Students and Instructors:
Anywhere in the World
Computer Service
Servers
Registration Registrars and Advisers:
On campus
Computer Service
Servers
Library databases On campus students and
staff.
Off-campus requires login
Specific off-site
library facilities
Health Services On campus: nurses office Computer Service
Servers
External
(Internet) web
services
On campus: Campus labs,
dorms, faculty offices
Anywhere in the
world

62. Define Services & Servers
 Which data can be grouped together by
role and sensitivity/criticality?
Service
Name
Sensitivity
Class.
Roles with
Access
Server Name
Confidential –
Management
Public –
Web Pages
Privileged –
Contracts

63. Evaluating Service Classes & Roles
Workbook
Service Name
(E.g., web,
email)
Sensitivity Class
(E.g.,
Confidential)
Roles
(E.g., sales, engineering)
Server
(*=Virtual)
Desire2-
Learn
Private Current Students,
Instructors
Student_
Scholastic
Registration Confidential Current Students,
Registration, Accounting,
Advising, Instructors
Student_
Register
Health
Service
Confidential Nurses Health_Servi
ces
Web Pages:
activities,
news,
departments
, …
Public Students, Employees, Public Web_Services
*

64. Defining Zones and Controls
Compartmentalization:
Zone = Region (E.g., DMZ, wireless,
internet)
Servers can be physical or virtual
Zone Service Server Required Controls
(Conf., Integrity, Auth., Nonrepud.,
with tools: e.g., Encryption/VPN)

65. Defining Zones
Workbook
Zone Services
Zone Description
(You may delete or add rows as necessary)
Internet This zone is external to the organization.
De-Militar-
ized Zone
Web,
Email, DNS
This zone houses services the public are allowed to access in our
network.
Wireless
Network
Wireless local
employees
This zone connects wireless/laptop employees/students (and
crackers) to our internal network. They have wide access.
Private
Server Zone
Databases This zone hosts our student learning databases, faculty
servers, and student servers.
Confidential
Zone
Payment
card, health,
grades info
This highly-secure zone hosts databases with payment and
other confidential (protected by law) information.
Private user
Zone
Wired staff/
students
This zone hosts our wired/fixed employee/classroom computer
terminals. They have wide univ. & external access.
Student Lab
Zone
Student labs This zone hosts our student lab computers, which are highly
vulnerable to malware. They have wide access

66. Defining Controls for Services
Workbook
Zone Server
(*=Virtual)
Service Required Controls
(Conf., Integrity, Auth., Nonrepud., with tools: e.g.,
Encryption/VPN, hashing, IPS)
De-
Militarized
Zone
Web_
Services*,
Email_Server
DNS_Server
Web,
Email,
DNS
Hacking: Intrusion Prevention System,
Monitor alarm logs, Anti-virus software within
Email package.
Wireless
Network
Wireless local
users
Confidentiality: WPA2 Encryption
Authentication: WPA2 Authentication
Private
Server Zone
StudentSch
olastic
Student_Fil
es
Faculty_File
s
Classroom
software,
Faculty &
student
storage.
Confidentiality: Secure Web (HTTPS), Secure
Protocols (SSH, SFTP).
Authentication: Single Sign-on through
TACACS
Hacking: Monitor logs

67. Router
External
DNS
Email Public
Web
Server
E-Commerce
Firewall
Zone 1:
Student
Labs &
Files
Internet
Draw the Network Diagram
Demilitarized Zone
Zone 2:
Faculty
Labs &
Files
Student
Records
Student
Billing
Transcripts
Student
Scholastic
Student
History
Zone 3:Student Data
Student
Billing

68. MS
Visio
Diagram

69. Reference
Slide # Slide Title Source of Information
7 Passive Attacks CISA: page 331,333, 352
9 Some Active Attacks CISA: page 330, 332, 352
10 Man-in-the –Middle Attack CISA: page 331
12 Password Cracking: dictionary Attack & Brute Force CISA: page 330
14 Botnets CISA: page 330
15 Distributed Denial of Service CISA: page 330
23 Packet Filter Firewall CISA: page 353, 354
24 Firewall Configurations CISA: page 353 – 355
25 Firewall Configurations CISA: page 354
26 Multi-Homed Firewall: Separate Zones CISA: page 355
33 Intrusion Detection Systems (IDS)
Intrusion Prevention System (IPS)
CISA: page 355, 356
34 IDS Intelligence Systems CISA: page 356
35 Honeypot & Honeynet CISA: page 356, 357
37 Encryption – Secret Key CISA: page 357
38 Public Key Encryption CISA: page 357, 358
39 Remote Access Security CISA: page 361
40 Secure Hash Functions CISA: page 359, 361, 362
41 Digital Signature CISA: page 359
42 Public Key Infrastructure (PKI) CISA: page 359, 360