chapter14 -- networking security
DESCRIPTION
Basic Networking GuideTRANSCRIPT
![Page 1: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/1.jpg)
Chapter 14: Networking Security
Network+ Guide to Networks
![Page 2: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/2.jpg)
2
Objectives
Identify security risks in LANs and WANs and design security policies that minimize risks
Explain how physical security contributes to network security
Discuss hardware- and design-based security techniques
![Page 3: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/3.jpg)
3
Objectives (continued)
Understand methods of encryption that can secure data in storage and in transit
Implement security methods unique to wireless networks
Use network operating system techniques to provide basic security
![Page 4: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/4.jpg)
4
In the early days
• Secured mainframes
• Dumb Terminals
• Limited rights
• Network security was all but unassailable.
![Page 5: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/5.jpg)
5
Security Audits• Before spending time and money
• Examine your network’s security risks
• Learn about each risk
• loss of data
• programs
• Access
• Serious the potential consequences
• attention you will want to pay to the security of your network
![Page 6: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/6.jpg)
6
Security Risks
• With People
• Using social engineering or snooping
• Incorrectly creating or configuring user IDs, groups, and their associated rights
• Flaws in topology or hardware configuration
• Flaws in the operating system or application configuration
![Page 7: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/7.jpg)
7
Security Risks (continued)
• With People (continued)
• Lack of proper documentation and communication
• Dishonest or disgruntled employees
• Unused computer or terminal being left logged on
• Easy-to-guess passwords
![Page 8: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/8.jpg)
8
Security Risks (continued)• With People (continued)
• Leaving computer room doors open or unlocked
• Discarding disks or backup tapes in public waste containers
• Neglecting to remove access and file rights for employees who have left the organization
• Users writing their passwords in an easily accessible place
![Page 9: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/9.jpg)
9
Security Risks (continued)
• Associated with Transmission and Hardware• Transmissions can be intercepted
• Leased public lines
• Network hubs broadcast traffic over the entire segment
• Unused hub, router, or server ports
![Page 10: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/10.jpg)
10
Security Risks (continued)
• Associated with Transmission and Hardware (continued)• Routers are not properly configured
• Modems configured to accept incoming calls
• Dial-in access servers not carefully secured and monitored
• Computers hosting very sensitive on the same subnet with computers open to the general public.
![Page 11: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/11.jpg)
11
Security Risks (continued)
• Associated with Transmission and Hardware (continued)• Passwords for switches, routers, and other devices
• Not sufficiently difficult to guess
• Not changed frequently
• Left at their default value
![Page 12: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/12.jpg)
12
Security Risks (continued)
• Associated with Protocols and Software
• TCP/IP contains several security flaws.
• Trust relationships between one server and another.
• NOSs may contain “back doors” or security flaws
• If the NOS allows server operators to exit to a command prompt
![Page 13: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/13.jpg)
13
Security Risks (continued)
• Associated with Protocols and Software (continued)
• Default security options after installing an operating system or application.
• Transactions that take place between applications, such as databases and Web-based forms, may be open to interception
![Page 14: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/14.jpg)
14
Security Risks (continued)
• Associated with Internet Access
• Firewall configured improperly
• User Telnets or FTPs to your site over the Internet
• Your user ID from newsgroups, mailing lists, or forms you have filled out on the Web
• Users remain logged on to Internet chat sessions
![Page 15: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/15.jpg)
15
Security Risks (continued)
• Associated with Internet Access (continued)
• Denial-of-service attack
![Page 16: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/16.jpg)
16
An Effective Security Policy
• Security Policy Goals
• Ensure that authorized users have appropriate access to the resources they need
• Prevent unauthorized users from gaining access to the network, systems, programs, or data
• Protect sensitive data from unauthorized access, both from within and from outside the organization
![Page 17: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/17.jpg)
17
An Effective Security Policy (continued)
• Prevent accidental damage to hardware or software
• Prevent intentional damage to hardware or software
• Create network and systems that withstand and quickly respond to and recover from any type of threat
• Communicate each employee’s responsibilities with respect to maintaining data integrity and system security
![Page 18: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/18.jpg)
18
An Effective Security Policy (continued)
• Security Policy Content• Risks are identified
• Responsibilities for managing them are assigned
• Explain to users what they can and cannot do
• Create a section that applies only to users
• Define what “confidential” means
![Page 19: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/19.jpg)
19
An Effective Security Policy (continued)
• Response Policy• Identify the members of a response team
• Dispatcher—person on call
• Manager—coordinates the resources
• Technical support specialist—focuses on problem
• Public relations specialist—official spokesperson
![Page 20: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/20.jpg)
20
Physical Security
• Restricting physical access• Rooms
• Points at which your systems or data could be compromised
• Hubs or switches
• Unattended workstation
• Stored archived data and backup tapes
• Locks may be either physical or electronic.
![Page 21: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/21.jpg)
21
Physical Security (continued)
![Page 22: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/22.jpg)
22
Physical Security (continued)
• Planning by asking questions:
• Rooms contain critical systems or data
• Means might intruders gain access
• Authorized personnel granted entry
• Employees instructed to ensure security
• Authentication methods difficult to forge or circumvent
![Page 23: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/23.jpg)
23
Physical Security (continued)
• Planning by asking questions: (continued)
• Supervisors or security personnel make periodic physical security checks
• Combinations, codes, means protected at all times
• Combinations changed frequently
• Plan for documenting and responding to physical security breaches?
![Page 24: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/24.jpg)
24
Security in Network Design
• Firewalls
• Specialized devices, or a computers installed with specialized software, that selectively filter or block traffic between networks
![Page 25: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/25.jpg)
25
Security in Network Design (continued)
![Page 26: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/26.jpg)
26
Security in Network Design (continued)
![Page 27: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/27.jpg)
27
Security in Network Design (continued)
• Firewalls
• Packet-filtering firewalls
• Source and destination IP addresses
• Source and destination ports
• Flags set in the IP header
![Page 28: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/28.jpg)
28
Security in Network Design (continued)
• Firewalls (continued)
• Packet-filtering firewalls (continued)
• Transmissions that use UDP or ICMP protocols
• Packet’s status as first packet in a new data stream or a subsequent packet
• Packet’s status as inbound to or outbound from
![Page 29: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/29.jpg)
29
Security in Network Design (continued)
• Firewalls (continued)
• More complex factors
• Support for encryption
• User authentication
• Manage it centrally and through a standard interface
• Establish rules for access to and from
![Page 30: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/30.jpg)
30
Security in Network Design (continued)
• Firewalls (continued)
• More complex factors (continued)
• Filtering at the highest layers of the OSI Mode
• Logging and auditing, or alert capabilities
• Protecting the identity of internal LAN addresses from the outside world
![Page 31: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/31.jpg)
31
Security in Network Design (continued)
• Proxy Servers
• Software application on a network host
• Intermediary between the external and internal networks screening all incoming and outgoing traffic
• Network host that runs the proxy service is known as a proxy server
• Also called Application layer gateway, an application gateway, or simply, a proxy
![Page 32: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/32.jpg)
32
Security in Network Design (continued)
![Page 33: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/33.jpg)
33
Security in Network Design (continued)
• Remote Access
• Remote Control
• User name and password requirement
• Host system call back
• Data encryption on transmissions
• Host system’s screen blank
![Page 34: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/34.jpg)
34
Security in Network Design (continued)
• Remote Access (continued)
• Remote Control (continued)
• Disable the host system’s keyboard and mouse
• Restart the host system when remote user disconnects
![Page 35: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/35.jpg)
35
Security in Network Design (continued)
• Remote Access (continued)
• Dial-up Networking
• User name and password authentication
• Log all connections, sources, and connection times
• Perform callbacks to users who initiate connections
• Centralized management of dial-up users and their rights
![Page 36: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/36.jpg)
36
Security in Network Design (continued)
![Page 37: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/37.jpg)
37
Network Operating System Security (continued)
• Logon Restrictions
• Time of day
• Total time logged on
• Source address
• Unsuccessful logon attempts
![Page 38: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/38.jpg)
38
Network Operating System Security (continued)
• Passwords
• Change system default passwords
• Do not use familiar information
• Do not use any word in a dictionary
• Make the password longer than eight characters
![Page 39: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/39.jpg)
39
Network Operating System Security (continued)
• Passwords (continued)
• Choose a combination of letters and numbers
• Do not write down your password or share it
• Change your password at least every 60 days
• Do not reuse passwords.
![Page 40: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/40.jpg)
40
Encryption
• Encryption provides the following assurances:
• Data was not modified after transmitted and before picked up
• Data can only be viewed by its intended recipient
• Data received at the intended destination was truly issued by the stated sender and not forged by an intruder
![Page 41: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/41.jpg)
41
Encryption (continued)
• Key Encryption
• Encryption algorithm weaves a key (a random string of characters) into the original data’s bits
• Scrambled data block is known as ciphertext
• Two categories
• Private Key
• Public Key
![Page 42: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/42.jpg)
42
Encryption (continued)
![Page 43: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/43.jpg)
43
Encryption (continued)
• Key Encryption
• Private Key Encryption
• Data is encrypted using a single key that only the sender and the receiver know
• Also known as symmetric encryption
![Page 44: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/44.jpg)
44
Encryption (continued)
![Page 45: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/45.jpg)
45
Encryption (continued)
• Key Encryption (continued)
• Public Key Encryption
• Data is encrypted using two keys
• Key known only to a user
• Public key associated with the user
![Page 46: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/46.jpg)
46
Encryption (continued)
![Page 47: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/47.jpg)
47
Encryption (continued)
• Kerberos• Cross-platform authentication protocol that uses
key encryption
• Pretty Good Privacy (PGP)• Public key encryption system that can verify the
authenticity of an e-mail sender and encrypt e-mail data in transmission
• Secure Sockets Layer (SSL)• Method of encrypting TCP/IP transmissions
![Page 48: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/48.jpg)
48
Encryption (continued)
• Secure Shell (SSH)• Securely log on to a host, execute commands on
that host, and copy files to or from that host
• Internet Protocol Security (IPSec)• Defines encryption, authentication, and key
management for TCP/IP transmissions
![Page 49: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/49.jpg)
49
Wireless Network Security
• Wired Equivalent Privacy (WEP)• Key encryption technique that uses keys both to
authenticate network clients and to encrypt data in transit
• Extensible Authentication Protocol (EAP)• Does not perform encryption or authentication
• Works in conjunction with other encryption and authentication schemes
![Page 50: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/50.jpg)
50
Chapter Summary (continued)
• Conducting a security audit
• Intruder access by social engineering
• Risks a network administrator must guard against
• Risks inherent in network transmission and design
• Risks pertaining to networking protocols and software
![Page 51: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/51.jpg)
51
Chapter Summary (continued)
• Denial-of-service attack
• Security policy identifies an organization’s security needs
• Computer room access
• Firewalls
• Proxy service and proxy servers
![Page 52: Chapter14 -- networking security](https://reader030.vdocuments.site/reader030/viewer/2022012902/5550f1f5b4c905417d8b546b/html5/thumbnails/52.jpg)
52
Chapter Summary (continued)
• Secure remote access server package
• Remote Authentication Dial-In User Service (RADIUS)
• NOS limit users’ access to files and directories on the network
• Choosing secure passwords
• Encryption
• Wireless networks