pace-it, security+1.2: secure network administration concepts

Secure network administration concepts.

Instructor, PACE-IT Program – Edmonds Community College

Areas of expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Secure network administration concepts.PACE-IT.

– Rule-based management.

– Additional secure network administration concepts.

Rule-based management.Secure network administration concepts.


– Rule-based management defined.

» The implementation of rules at the technology level, used to create a secure network environment. Rule-based management should be designed and tested to ensure that the rules function as expected.

– Firewall rules.» The firewall rules should be configured in such a

way that only the required traffic is allowed to pass through.

• Whenever possible, the default rule should be to deny traffic.

• Exceptions are then created to allow the required traffic.

» The last rule on any firewall should be an implicit deny statement.

• Unless explicitly allowed, the traffic is denied entry into the network.


– Access control list (ACL).» Should be implemented wherever possible.

• Firewall rules are often called ACLs.» Files and folders can have ACLs placed on them

through the use of permissions.» Routers can have two ACLs per network interface.

• One ACL is on the inbound side of the interface.• The other ACL is on the outbound side of the

interface.» All ACLs end with an implicit deny statement.

• If not explicitly allowed in the ACL, the traffic or request is denied.

» Once created, the ACL should be tested for functionality.

• To ensure that required actions are allowed.• To ensure that non-required actions are not

allowed.

Additional secure network administration concepts.Secure network administration concepts.


Secure router configuration.Locking the front door to the network.

Put active ACLs in place. Disable default usernames and passwords. Require passwords for all access to the router. Whenever possible, use only secure protocols for access.

Port security.

Locking a back door to the network.

Enable security on all switch ports. This limits the ability of an attacker to gain access through a switch. MAC filtering is the security method that is most commonly used.

Network separation.Putting the eggs in more than one basket.

Separate and group network resources by function and security needs. This can create more secure areas within a network. Separation can be achieved through VLAN management.


VLAN management.

Keeping the fox out of the hen house.

Change default management VLANs. Proper VLAN management keeps network traffic where it belongs. To allow inter-VLAN communication, the traffic has to pass through a router.

Flood guards.

Blocking the most common of attacks.

The most common network attack is the denial of service (DoS) attack. The attacker floods the network with traffic to block legitimate traffic. Flood guards can recognize the pattern and halt the attack before the damage is done.

Loop protection.Preventing unnecessary network traffic.

Redundant routes can create routing loops. Routers use a time-to-live (TTL) value and split horizon to combat these. Redundant links on switches can also create loops. Spanning Tree Protocol (STP) will negate the loops.


802.1xKnow exactly who has access to resources.

802.1x is an authentication protocol used on wired and wireless networks. It requires users to authenticate (prove who they are) against a central database before access to the network is granted.

Unified threat management.Multiple security measures in one device.

Unified threat management (UTM) is a possible all-in-one security solution. UTM systems provide multiple security functions (e.g., firewall and antivirus) in a single network appliance.

Log analysis.Know what is happening all the time.

Security, system, and application logs should be reviewed on a regular basis. All too often they are only reviewed after a problem has occurred, when the signs were present in the log files all along.

What was covered.Secure network administration concepts.

Rules-based management is the implementation of rules at the technology level, to create a secure network environment. Rules should be implemented at the firewall to limit traffic to just what is required. An ACL should be used wherever possible to restrict access and actions to only those that are absolutely required on the network.

Topic

Rule-based management.

Summary

Security needs to be considered from multiple aspects and angles in order to ensure a secure network. Possible administrative strategies include secure router configuration, port security, network separation, VLAN management, flood guards, loop protection, 802.1x, UTM, and log analysis.

Additional secure network administration concepts.

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.