Chapter14 -- networking security

  • View
    1.444

  • Download
    1

Embed Size (px)

DESCRIPTION

Basic Networking Guide

Text of Chapter14 -- networking security

  • 1.Chapter 14:Networking Security Network+ Guide to Networks

2. Objectives

  • Identify security risks in LANs and WANs and design security policies that minimize risks
  • Explain how physical security contributes to network security
  • Discuss hardware- and design-based security techniques

3. Objectives (continued)

  • Understand methods of encryption that can secure data in storage and in transit
  • Implement security methods unique to wireless networks
  • Use network operating system techniques to provide basic security

4. In the early days

  • Secured mainframes
  • Dumb Terminals
  • Limited rights
  • Network security was all but unassailable.

5. Security Audits

  • Before spending time and money
    • Examine your networks security risks
    • Learn about each risk
      • loss of data
      • programs
      • Access
    • Serious the potential consequences
      • attention you will want to pay to the security of your network

6. Security Risks

  • With People
    • Using social engineering or snooping
    • Incorrectly creating or configuring user IDs, groups, and their associated rights
    • Flaws in topology or hardware configuration
    • Flaws in the operating system or application configuration

7. Security Risks (continued)

  • With People (continued)
    • Lack of proper documentation and communication
    • Dishonest or disgruntled employees
    • Unused computer or terminal being left logged on
    • Easy-to-guess passwords

8. Security Risks (continued)

  • With People (continued)
    • Leaving computer room doors open or unlocked
    • Discarding disks or backup tapes in public waste containers
    • Neglecting to remove access and file rights for employees who have left the organization
    • Users writing their passwords in an easily accessible place

9. Security Risks (continued)

  • Associated with Transmission and Hardware
    • Transmissions can be intercepted
    • Leased public lines
    • Network hubs broadcast traffic over the entire segment
    • Unused hub, router, or server ports

10. Security Risks (continued)

  • Associated with Transmission and Hardware (continued)
    • Routers are not properly configured
    • Modems configured to accept incoming calls
    • Dial-in access servers not carefully secured and monitored
    • Computers hosting very sensitive on the same subnet with computers open to the general public.

11. Security Risks (continued)

  • Associated with Transmission and Hardware (continued)
    • Passwords for switches, routers, and other devices
      • Not sufficiently difficult to guess
      • Not changed frequently
      • Left at their default value

12. Security Risks (continued)

  • Associated with Protocols and Software
    • TCP/IP contains several security flaws.
    • Trust relationships between one server and another.
    • NOSs may contain back doors or security flaws
    • If the NOS allows server operators to exit to a command prompt

13. Security Risks (continued)

  • Associated with Protocols and Software (continued)
    • Default security options after installing an operating system or application.
    • Transactions that take place between applications, such as databases and Web-based forms, may be open to interception

14. Security Risks (continued)

  • Associated with Internet Access
    • Firewall configured improperly
    • User Telnets or FTPs to your site over the Internet
    • Your user ID from newsgroups, mailing lists, or forms you have filled out on the Web
    • Users remain logged on to Internet chat sessions

15. Security Risks (continued)

  • Associated with Internet Access (continued)
    • Denial-of-service attack

16. An Effective Security Policy

  • Security Policy Goals
    • Ensure that authorized users have appropriate access to the resources they need
    • Prevent unauthorized users from gaining access to the network, systems, programs, or data
    • Protect sensitive data from unauthorized access, both from within and from outside the organization

17. An Effective Security Policy (continued)

    • Prevent accidental damage to hardware or software
    • Prevent intentional damage to hardware or software
    • Create network and systems that withstand and quickly respond to and recover from any type of threat
    • Communicate each employees responsibilities with respect to maintaining data integrity and system security

18. An Effective Security Policy (continued)

  • Security Policy Content
    • Risks are identified
    • Responsibilities for managing them are assigned
    • Explain to users what they can and cannot do
    • Create a section that applies only to users
    • Define what confidential means

19. An Effective Security Policy (continued)

  • Response Policy
    • Identify the members of a response team
      • Dispatcherperson on call
      • Managercoordinates the resources
      • Technical support specialistfocuses on problem
      • Public relations specialistofficial spokesperson

20. Physical Security

  • Restricting physical access
    • Rooms
    • Points at which your systems or data could be compromised
      • Hubs or switches
      • Unattended workstation
      • Stored archived data and backup tapes
    • Locks may be either physical or electronic.

21. Physical Security (continued) 22. Physical Security (continued)

  • Planning by asking questions:
    • Rooms contain critical systems or data
    • Means might intruders gain access
    • Authorized personnel granted entry
    • Employees instructed to ensure security
    • Authentication methods difficult to forge or circumvent

23. Physical Security (continued)

  • Planning by asking questions: (continued)
    • Supervisors or security personnel make periodic physical security checks
    • Combinations, codes, means protected at all times
    • Combinations changed frequently
    • Plan for documenting and responding to physical security breaches?

24. Security in Network Design

  • Firewalls
    • Specialized devices, or a computers installed with specialized software, that selectively filter or block traffic between networks

25. Security in Network Design (continued) 26. Security in Network Design (continued) 27. Security in Network Design (continued)

  • Firewalls
    • Packet-filtering firewalls
      • Source and destination IP addresses
      • Source and destination ports
      • Flags set in the IP header

28. Security in Network Design (continued)

  • Firewalls (continued)
    • Packet-filte