SlideShare une entreprise Scribd logo

Net essentials6e ch10

Télécharger en tant que PPT, PDF
APSU
APSU

Chapter 10

FormationTechnologie
1  sur  46
Guide to Networking Essentials, 6th Edition Chapter 10: Introduction to Network Security
Copyright © 2012 Cengage Learning. All rights reserved. 2 Objectives 2 • Develop a network security policy • Secure physical access to network equipment • Secure network data • Use tools to find network security weaknesses
Copyright © 2012 Cengage Learning. All rights reserved. 3 Network Security Overview and Policies • Network security should be as unobtrusive as possible – Allowing network users to concentrate on the tasks they want to accomplish rather than how to get to the data they need to perform those tasks • Having a secure network enables an organization to go about its business confidently and efficiently • A company that can demonstrate its information systems are secure is more likely to attract customers, partners, and investors
Copyright © 2012 Cengage Learning. All rights reserved. 4 Developing a Network Security Policy • A network security policy is a document that describes the rules governing access to a company’s information resources, enforcement of these rules, and steps taken if rules are breached • A security policy should: – Be easy for ordinary users to understand and reasonably comply with – Be enforceable. Example: You shouldn’t forbid Internet use during a certain time of day unless you have a method of monitoring or restricting this use – Clearly state the objective of each policy so that everyone understands its purpose
Copyright © 2012 Cengage Learning. All rights reserved. 5 Determining Elements of a Network Security Policy • Basic items needed in order to start writing your security policy: – Privacy policy: Describes what staff, customers, and business partners can expect for monitoring and reporting – Acceptable use policy: Explains for what purposes network resources can be used – Authentication policy: Describes how users identify themselves to gain access to network resources – Internet use policy: Explains what constitutes proper or improper use of Internet resources
Copyright © 2012 Cengage Learning. All rights reserved. 6 Determining Elements of a Network Security Policy • Basic items needed in order to start writing your security policy (continued): – Access policy: Specifies how and when users are allowed to access network resources – Auditing policy: Explains the manner in which security compliance or violations can be verified and the consequences for violations – Data protection: Outlines the policies for backup procedures, virus protection, and disaster recovery
Understanding Levels of Security • Before determining the level of security your network needs, answer these questions: – What must be protected? – From whom should data be protected? – What costs are associated with security being breached and data being lost or stolen? – How likely is it that a threat will actually occur? – Are the costs to implement security and train personnel to use a secure network outweighed by the need to create an efficient, user-friendly environment? • Depending on your answers, you’ll likely implement one of the levels of security on the following slides Copyright © 2012 Cengage Learning. All rights reserved. 7
Copyright © 2012 Cengage Learning. All rights reserved. 8 Understanding Levels of Security • Highly Restrictive Security Policies – Include features such as data encryption, complex password requirements, detailed auditing and monitoring of computer and network access, intricate authentication methods, and policies governing use of the Internet and e-mail – Expensive to implement and support • Moderately Restrictive Security Policies – Require passwords for each user but not overly complex – Auditing is geared toward detecting unauthorized logon attempts, misuse of network resources, and network attacker activity – Can use moderately priced off-the-shelf hardware and software, such as firewalls and access control lists
Copyright © 2012 Cengage Learning. All rights reserved. 9 Understanding Levels of Security • Open Security Policies – Consist of simple or no passwords, unrestricted access to resources, and probably no monitoring and auditing – Might make sense for a small company with the main goal of making access to network resources easy – Sensitive data might be kept on workstations that are backed up regularly and physically inaccessible to other employees • No matter which type of policy a company uses, some common elements should be present: – Virus and other malware protection for servers and desktops – Backup procedures – Physical security of servers and network devices
Copyright © 2012 Cengage Learning. All rights reserved. 10 Securing Physical Access to the Network  Best practices to secure your network from physical assault:  Ensure that rooms are available to house servers and equipment. These rooms should have locks, adequate power receptacles, adequate cooling measures, and an EMI-free environment  If a suitable room is not available, locking cabinets can be purchased to house servers and equipment in public areas  Wiring from workstations to wiring cabinets should be inaccessible to eavesdropping equipment  Your physical security plan should include procedures for recovery from natural disasters such as fire or floods
Physical Security of Servers • Servers can generate a substantial amount of heat and need adequate cooling – Lack of cooling can damage hard drives, cause CPUs to shut down or malfunction, and damage power supplies • Power to the server should be on a separate circuit from other electrical devices – Enough power outlets should be installed to eliminate the need for extension cords – Verify power requirements for UPSs. Some UPSs require special twist-lock outlet plugs rated for high currents • If you’re forced to place servers in a public access area, locking cabinets are a must Copyright © 2012 Cengage Learning. All rights reserved. 11
Copyright © 2012 Cengage Learning. All rights reserved. 12 Security of Internetworking Devices • Routers and switches contain critical configuration information – A user with physical access to these devices needs only a laptop or handheld computer to get into the router or switch • Configuration changes made to routers and switches can have disastrous results • A room with a lock is the best place for internetworking devices – A wall-mounted enclosure with a lock is the next best thing – Some cabinets have a built-in fan or a mounting hole for a fan – Most racks also come with channels to run wiring
Copyright © 2012 Cengage Learning. All rights reserved. 13 Securing Access to Data • Securing data on a network: – Authentication and authorization – Encryption – Virtual private networks (VPNs) – Firewalls – Virus and worm protection – Spyware protection – Wireless security
Copyright © 2012 Cengage Learning. All rights reserved. 14 Implementing Secure Authentication and Authorization • Allow administrators to control who has access to the network (authentication) and what users can do after they are logged on to the network (authorization) • Network OSs include tools that enable administrators to specify options and restrictions on how and when users can log on to the network • File system access controls and user permission settings determine what a user can access on a network – Also controls what actions a user can perform on the network, such as installing software or shutting down a system
Copyright © 2012 Cengage Learning. All rights reserved. 15 Configuring Password Requirements in a Windows Environment • Windows 7 allows passwords up to 128 characters – Minimum of five to eight characters is typical • Other password options include: – Maximum password age – Minimum password age – Enforce password history: Determines how many different passwords must be used before a password can be used again • Password policies for Windows 7 or Windows Server 2008 can be set in the Local Security Policy console found in Administrative Tools
Copyright © 2012 Cengage Learning. All rights reserved. 16 Configuring Password Requirements in a Windows Environment Password policy settings in Windows 7
Copyright © 2012 Cengage Learning. All rights reserved. 17 Configuring Password Requirements in a Linux Environment • Linux password configuration can be done globally or on a user-by-user basis • Like Windows, Linux has a number of password options that can be configured – For these password options to be available, the Linux system must be using shadow passwords, a secure method of storing user passwords on a Linux system • Password options can be set by editing the /etc/login.defs configuration file • Other password options can be configured by using Pluggable Authentication Modules (PAM)
Copyright © 2012 Cengage Learning. All rights reserved. 18 Reviewing Password Dos and Don’ts • Do use a combination of uppercase letters, lowercase letters, and numbers • Do include one or more special characters • Do consider using a phrase, such as NetW@ork1ng! sC001 • Don’t use passwords based on your logon name, your family members’ or pets’ names • Don’t use common dictionary words unless they are part of a phrase • Don’t make your password so complex that you forget it
Copyright © 2012 Cengage Learning. All rights reserved. 19 Restricting Logon Hours and Logon Location • Both Windows and Linux have solutions to restrict logon by time of day, day of week, and location • In Windows, the default settings allow logon 24 hours a day, seven days a week • A common use of restricting logon hours is to disallow logon during a system backup • Users can be restricted to logging on only from particular workstations – If a user who has access to sensitive data logs on at a workstation in a coworker’s office and then walks away, the coworker now has access to sensitive data
Copyright © 2012 Cengage Learning. All rights reserved. 20 Authorizing Access to Files and Folders • Windows OSs have two options for file security: sharing permissions and NTFS permissions • Sharing permissions are applied to folders (files in a shared folder inherit the same permission) • NTFS permissions can be applied to files as well as folders • File and folder permissions are a necessary tool administrators use to make network resources secure
Securing Data with Encryption • Encryption prevents people from using eavesdropping technology—such as a packet sniffer —to capture packets • The most widely used method for encrypting data is using IP Security (IPSec) • Preshared key - series of letters, numbers, and special characters that two devices use to authenticate each other’s identity (administrator enters the same key in the IPSec settings on both devices) • Kerberos authentication - also uses keys, but the OS generates the keys Copyright © 2012 Cengage Learning. All rights reserved. 21
Securing Data with Encryption • Digital certificates - involves a certification authority (CA) – Someone wanting to send encrypted data must apply for a digital certificate from a CA, which is responsible for verifying the applicant’s authenticity – Public CAs, such as Verisign, sell certificates to companies wanting to have secure communication sessions across public networks • On Linux systems, a simple method for encrypting files is using gpg (Gnu Privacy Guard), a command-line program – This program uses a password the user enters to encrypt the file specified as an argument to the gpg command Copyright © 2012 Cengage Learning. All rights reserved. 22
Securing Data on Disk Drives • If someone gains access to the hard disk where data is stored, your data could be vulnerable • In Windows OSs, Encrypting File System (EFS) is used to encrypt files or folders • EFS works in one of three modes: – Transparent mode: Requires hardware with trusted platform module (TPM) support and protects the system if someone tries to boot with a different OS – USB key mode: An encryption key is stored on a USB drive that the user inserts before starting the system – User authentication mode: The system requires a user password before it decrypts the OS files and boots Copyright © 2012 Cengage Learning. All rights reserved. 23
Securing Communication with Virtual Private Networks • A virtual private network (VPN) is a network connection that uses the Internet to give users or branch offices secure access to a company’s network resources • VPNs use encryption technology to ensure the communication is secure while traveling through the public Internet – A “tunnel” is created between the VPN client and VPN server • VPN servers can be configured on server OSs or they can be in the form of a dedicated device with the sole purpose of handling VPN connections Copyright © 2012 Cengage Learning. All rights reserved. 24
Securing Communication with Virtual Private Networks A typical VPN connection Copyright © 2012 Cengage Learning. All rights reserved. 25
Copyright © 2012 Cengage Learning. All rights reserved. 26 VPNs in a Windows Environment • Windows server OSs include a VPN server solution with Routing and Remote Access (RRAS) • Windows 2008 supports three implementations of VPN: – Point-to-Point Tunneling Protocol (PPTP): A commonly used VPN protocol in Windows OSs with client support for Linux and Mac OS X – Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec): Provides a higher level of security than PPTP. Provides data integrity as well as identity verification – Secure Socket Tunneling Protocol (SSTP): Works behind most firewalls without firewall administrators needing to configure the firewall to allow VPN • All three implementations are enabled by default when you configure Windows Server 2008 as a VPN server
VPNs in Other OS Environments • Linux OSs also support VPN client and VPN server applications (typically use PPTP or L2TP/IPSec) – A popular VPN solution for Linux is a free package called OpenSwan) • Mac OS X supports VPN client connections to Windows servers by using PPTP or IPSec • Mac OS X Server has a VPN server service that allows Mac OS X, Windows, and UNIX/Linux clients to connect to a corporate LAN through the Mac OS X VPN server Copyright © 2012 Cengage Learning. All rights reserved. 27
VPN Benefits • VPN benefits include the following: – Enable mobile users to connect with corporate networks securely wherever an Internet connection is available – Allow multiple sites to maintain permanent secure connections via the Internet instead of using expensive WAN links – Can reduce costs by using the ISP’s support services instead of paying for more expensive WAN support – Eliminate the need to support dial-up remote access Copyright © 2012 Cengage Learning. All rights reserved. 28
Protecting Networks with Firewalls • A firewall is a hardware device or software program that inspects packets going into or out of a network or computer, then discards or forwards these packets based on a set of rules • A hardware firewall is configured with two or more network interfaces, typically placed between a corporate LAN and the WAN connection • A software firewall is installed in an OS and inspects all packets coming into or leaving the computer – Based on predefined rules, the packets are discarded or forwarded for further processing Copyright © 2012 Cengage Learning. All rights reserved. 29
Protecting Networks with Firewalls • Firewalls protect against outside attempts to access resources and protect against malicious packets intended to disable a network and its resources – Firewalls can also be used to restrict users’ access to Internet resources • After installed, the administrator must build rules that allow only certain packets to enter or exit the network – Can be based on source and destination addresses, protocols such as IP, TCP, ICMP, and HTTP • Firewalls can also attempt to determine a packet’s context (process called stateful packet inspection) – SPI helps ensure that a packet is denied if it’s not part of an ongoing legitimate conversation Copyright © 2012 Cengage Learning. All rights reserved. 30
Protecting Networks with Firewalls Copyright © 2012 Cengage Learning. All rights reserved. 31
Protecting Networks with Firewalls • Routers can be used as firewalls • Network administrators can create rules, called access control lists (ACLs), that deny certain types of packets – ACLs can examine many of the same packet properties that firewalls can • An intrusion detection system (IDS) usually works with a firewall or router – Detects an attempted security breach and notifies the administrator – In some cases an IDS can take countermeasures like resetting the connection between source and destination devices Copyright © 2012 Cengage Learning. All rights reserved. 32
Protecting Networks with Firewalls • Because most networks use Network Address Translation (NAT) with private IP addresses, devices configured with private IP addresses can’t be accessed directly from outside the network • When NAT is used, an external device can’t initiate a network conversation with an internal device Copyright © 2012 Cengage Learning. All rights reserved. 33
Protecting a Network from Worms, Viruses, and Rootkits • A virus is a program that spreads by replicating itself into other programs or documents – Purpose is to disrupt computer or network operation by deleting or corrupting files, formatting disks, or using large amounts of computer resources • A worm is similar to a virus but a worm doesn’t attach itself to another program – Can create a backdoor, which is a program installed on a computer that permits access to the computer, bypassing normal authentication process • Rootkits are a form of a Trojan program that can monitor traffic to and from a computer (capturing passwords and other important information) Copyright © 2012 Cengage Learning. All rights reserved. 34
Protecting a Network from Worms, Viruses, and Rootkits • Viruses, worm, and rootkits are part of a broader category of software called malware, which is any software designed to cause harm or disruption • Every desktop and server should have virus-scanning software running – Most virus-protection software is also designed to detect and prevent worms • Virus and worm protection can be expensive but perhaps worth it if loss of data and productivity can be avoided – Virus software must be updated because developers of viruses and worm software are always looking for new ways to wreak havoc Copyright © 2012 Cengage Learning. All rights reserved. 35
Protecting a Network from Spyware and Spam • Spyware is a type of malware that monitors or controls part of your computer at the expense of your privacy – Spyware usually decreases your computer’s performance and increases pop-up Internet messages and spam • Many antispyware programs are available – some are bundled with antivirus programs • Spam is more of a nuisance than a threat to your computer – Unsolicited e-mail that takes up e-mail storage space, network bandwidth and people’s time Copyright © 2012 Cengage Learning. All rights reserved. 36
Implementing Wireless Security • An attacker does not need physical access to your network cabling to compromise the network – Anyone with a wireless scanner and some software can intercept data or access wireless devices • Wireless security must be enabled on all your devices by using one or more of the following methods: – Service set identifier (SSID) – An SSID is an alphanumeric label configured on the access point – each client must configure its wireless NIC for that SSID to connect to that access point Copyright © 2012 Cengage Learning. All rights reserved. 37
Implementing Wireless Security • Wireless security options (continued): – MAC address filtering: If network is small, you can use the MAC address filtering feature on APs to restrict network access to computers with specific MAC addresses – Wired Equivalency Protocol (WEP): Provides data encryption so that a casual attacker who gains access sees only encrypted data – Wi-Fi Protected Access (WPA): Similar to WEP, only has enhancements that make cracking the encryption code more difficult – 802.11i : Usually referred to as WPA2 because it incorporates much of the WPA standard – advantage over WPA is that it uses more advanced encryption standards and a more secure method of handing encryption keys Copyright © 2012 Cengage Learning. All rights reserved. 38
Using an Attacker’s Tools to Stop Network Attacks • The terms black hats and white hats are sometimes used to describe an individual skilled at breaking into a network – Black hats are the bad guys, white hats are the good guys • White hats use the term penetration tester for their consulting services – A certification has been developed for white hats called Certified Ethical Hacker (CEH) – White hats try to hack into a network to see what types of holes exist in a network’s security and close them Copyright © 2012 Cengage Learning. All rights reserved. 39
Discovering Network Resources • Attackers use command-line utilities to discover as much about your network as they can – Ping, Traceroute Finger, and Nslookup are some utilities used • A ping scanner is an automated method for pinging a range of IP addresses • A port scanner determines which TCP and UDP ports are available on a particular computer or device – By determining which ports are active, a port scanner can tell you what services are enabled on a computer Copyright © 2012 Cengage Learning. All rights reserved. 40
Discovering Network Resources • Protocol analyzers allow you to capture packets and determine which protocol services are running – Require access to the network media • The use of the Finger utility can be disabled by turning it off on all UNIX, Linux servers and routers – A port scan should be run on all network devices to see what services are on, and then services that aren’t necessary should be turned off • To protect against the use of protocol analyzers, all hubs and switches should be secured in a locked room or cabinet Copyright © 2012 Cengage Learning. All rights reserved. 41
Gaining Access to Network Resources • After an attacker has discovered the resources available, the next step might be gaining access – Will try to gain access via devices that have no password set • Finger can be used to discover usernames • Linux and Windows servers have default administrator names that are often left unchanged – An attacker with a password-cracking tool can easily exploit • Using a password-cracking tool on your own system is recommended to see whether your passwords are complex enough Copyright © 2012 Cengage Learning. All rights reserved. 42
Disabling Network Resources • A denial-of-service (DoS) attack is an attacker’s attempt to tie up network bandwidth or network services – Three common types of DoS attacks focus on typing up a server or network service • Packet storms: use the UDP protocol to send UDP packets that have a spoofed (made up) host address, causing the host to be unavailable to respond to other packets • Half-open SYN attacks: use the TCP three-way handshake to tie up a server with invalid TCP sessions • A ping flood sends a large number of ping packets to a host – they cause the host to reply, typing up CPU cycles and bandwidth Copyright © 2012 Cengage Learning. All rights reserved. 43
Copyright © 2012 Cengage Learning. All rights reserved. 44 Chapter Summary • A network security policy is a document that describes the rules governing access to a company’s information resources • A security policy should contain these types of policies: privacy policy, acceptable use policy, authentication policy, Internet use policy, auditing policy, and data protection policy • Securing physical access to network resources is paramount • Securing access to data includes authentication and authorization, encryption/decryption, VPNs, firewalls, virus and worm protection, spyware protection and wireless security
Copyright © 2012 Cengage Learning. All rights reserved. 45 Chapter Summary • VPNs are an important aspect of network security because they provide secure remote access to a private network via the Internet • Firewalls, a key component of any network security plan, filter packets and permit or deny packets based on a set of defined rules • Malware encompasses viruses, worms, Trojan programs, and rootkits • Wireless security involves attention to configuring a wireless network’s SSID correctly and configuring and using one of several wireless security protocols, such as WEP, WPA, or 802.11i
Chapter Summary • Tools that attackers use to compromise a network can also be used to determine whether a network is secure. • Denial of service is one method attackers use to disrupt network operation. Three types of DoS attacks include half- open SYN attacks, ping floods, and packet storms. Copyright © 2012 Cengage Learning. All rights reserved. 46

Recommandé

Net essentials6e ch11
Net essentials6e ch11Net essentials6e ch11
Net essentials6e ch11APSU
 
Net essentials6e ch1
Net essentials6e ch1Net essentials6e ch1
Net essentials6e ch1APSU
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9APSU
 
Net essentials6e ch8
Net essentials6e ch8Net essentials6e ch8
Net essentials6e ch8APSU
 
Net essentials6e ch13
Net essentials6e ch13Net essentials6e ch13
Net essentials6e ch13APSU
 
Net essentials6e ch5
Net essentials6e ch5Net essentials6e ch5
Net essentials6e ch5APSU
 
Net essentials6e ch4
Net essentials6e ch4Net essentials6e ch4
Net essentials6e ch4APSU
 
Net essentials6e ch2
Net essentials6e ch2Net essentials6e ch2
Net essentials6e ch2APSU
 

Recommandé

Net essentials6e ch11
Net essentials6e ch11Net essentials6e ch11
Net essentials6e ch11APSU
 
Net essentials6e ch1
Net essentials6e ch1Net essentials6e ch1
Net essentials6e ch1APSU
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9APSU
 
Net essentials6e ch8
Net essentials6e ch8Net essentials6e ch8
Net essentials6e ch8APSU
 
Net essentials6e ch13
Net essentials6e ch13Net essentials6e ch13
Net essentials6e ch13APSU
 
Net essentials6e ch5
Net essentials6e ch5Net essentials6e ch5
Net essentials6e ch5APSU
 
Net essentials6e ch4
Net essentials6e ch4Net essentials6e ch4
Net essentials6e ch4APSU
 
Net essentials6e ch2
Net essentials6e ch2Net essentials6e ch2
Net essentials6e ch2APSU
 
Net essentials6e ch6
Net essentials6e ch6Net essentials6e ch6
Net essentials6e ch6APSU
 
Net+, 6th Ed. CH. 1
Net+, 6th Ed. CH. 1Net+, 6th Ed. CH. 1
Net+, 6th Ed. CH. 1WedgeB
 
Net essentials6e ch12
Net essentials6e ch12Net essentials6e ch12
Net essentials6e ch12APSU
 
Net essentials6e ch7
Net essentials6e ch7Net essentials6e ch7
Net essentials6e ch7APSU
 
Net essentials6e ch3
Net essentials6e ch3Net essentials6e ch3
Net essentials6e ch3APSU
 
9781111306366 ppt ch8
9781111306366 ppt ch89781111306366 ppt ch8
9781111306366 ppt ch8Dr. Ahmed Al Zaidy
 
Isd&d networks
Isd&d networksIsd&d networks
Isd&d networksslidersharer14
 
networking hypherlink Group 2 presentation
networking hypherlink Group 2 presentationnetworking hypherlink Group 2 presentation
networking hypherlink Group 2 presentationHerson Franz Ugale
 
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructureMuhammad Ahad
 
ppt ch15
ppt ch15ppt ch15
ppt ch15sadejoseph
 
08. networking-part-2
08. networking-part-208. networking-part-2
08. networking-part-2Muhammad Ahad
 
Case mis ch06
Case mis ch06Case mis ch06
Case mis ch06Sanghyeok Park
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer networkSudhriti Gupta
 
Ch 15 .networks and communications
Ch 15 .networks and communicationsCh 15 .networks and communications
Ch 15 .networks and communicationsKhan Yousafzai
 
E-Management, Archival and Retrieval of documents/Office Networking System
E-Management, Archival and Retrieval of documents/Office Networking SystemE-Management, Archival and Retrieval of documents/Office Networking System
E-Management, Archival and Retrieval of documents/Office Networking SystemVaughan Olufemi ACIB, AICEN, ANIM
 
07. datacenters
07. datacenters07. datacenters
07. datacentersMuhammad Ahad
 
Configuring Network Clients
Configuring Network ClientsConfiguring Network Clients
Configuring Network Clientszaisahil
 
System and Network Administration/ SNA
System and Network Administration/ SNASystem and Network Administration/ SNA
System and Network Administration/ SNAFaisalMashood
 
WAN Design Project
WAN Design ProjectWAN Design Project
WAN Design ProjectD Ther Htun
 
Introduction to Computer Networks Lecture slides ppt
Introduction to Computer Networks Lecture slides pptIntroduction to Computer Networks Lecture slides ppt
Introduction to Computer Networks Lecture slides pptOsama Yousaf
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptxAmanSoni665879
 
Information Security
Information SecurityInformation Security
Information Securitysonykhan3
 

Contenu connexe

Tendances

Net essentials6e ch6
Net essentials6e ch6Net essentials6e ch6
Net essentials6e ch6APSU
 
Net+, 6th Ed. CH. 1
Net+, 6th Ed. CH. 1Net+, 6th Ed. CH. 1
Net+, 6th Ed. CH. 1WedgeB
 
Net essentials6e ch12
Net essentials6e ch12Net essentials6e ch12
Net essentials6e ch12APSU
 
Net essentials6e ch7
Net essentials6e ch7Net essentials6e ch7
Net essentials6e ch7APSU
 
Net essentials6e ch3
Net essentials6e ch3Net essentials6e ch3
Net essentials6e ch3APSU
 
networking hypherlink Group 2 presentation
networking hypherlink Group 2 presentationnetworking hypherlink Group 2 presentation
networking hypherlink Group 2 presentationHerson Franz Ugale
 
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructureMuhammad Ahad
 
08. networking-part-2
08. networking-part-208. networking-part-2
08. networking-part-2Muhammad Ahad
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer networkSudhriti Gupta
 
Ch 15 .networks and communications
Ch 15 .networks and communicationsCh 15 .networks and communications
Ch 15 .networks and communicationsKhan Yousafzai
 
E-Management, Archival and Retrieval of documents/Office Networking System
E-Management, Archival and Retrieval of documents/Office Networking SystemE-Management, Archival and Retrieval of documents/Office Networking System
E-Management, Archival and Retrieval of documents/Office Networking SystemVaughan Olufemi ACIB, AICEN, ANIM
 
Configuring Network Clients
Configuring Network ClientsConfiguring Network Clients
Configuring Network Clientszaisahil
 
System and Network Administration/ SNA
System and Network Administration/ SNASystem and Network Administration/ SNA
System and Network Administration/ SNAFaisalMashood
 
WAN Design Project
WAN Design ProjectWAN Design Project
WAN Design ProjectD Ther Htun
 
Introduction to Computer Networks Lecture slides ppt
Introduction to Computer Networks Lecture slides pptIntroduction to Computer Networks Lecture slides ppt
Introduction to Computer Networks Lecture slides pptOsama Yousaf
 

Tendances (20)

Net essentials6e ch6
Net essentials6e ch6Net essentials6e ch6
Net essentials6e ch6
 
Net+, 6th Ed. CH. 1
Net+, 6th Ed. CH. 1Net+, 6th Ed. CH. 1
Net+, 6th Ed. CH. 1
 
Net essentials6e ch12
Net essentials6e ch12Net essentials6e ch12
Net essentials6e ch12
 
Net essentials6e ch7
Net essentials6e ch7Net essentials6e ch7
Net essentials6e ch7
 
Net essentials6e ch3
Net essentials6e ch3Net essentials6e ch3
Net essentials6e ch3
 
9781111306366 ppt ch8
9781111306366 ppt ch89781111306366 ppt ch8
9781111306366 ppt ch8
 
Isd&d networks
Isd&d networksIsd&d networks
Isd&d networks
 
networking hypherlink Group 2 presentation
networking hypherlink Group 2 presentationnetworking hypherlink Group 2 presentation
networking hypherlink Group 2 presentation
 
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure
 
ppt ch15
ppt ch15ppt ch15
ppt ch15
 
08. networking-part-2
08. networking-part-208. networking-part-2
08. networking-part-2
 
Case mis ch06
Case mis ch06Case mis ch06
Case mis ch06
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer network
 
Ch 15 .networks and communications
Ch 15 .networks and communicationsCh 15 .networks and communications
Ch 15 .networks and communications
 
E-Management, Archival and Retrieval of documents/Office Networking System
E-Management, Archival and Retrieval of documents/Office Networking SystemE-Management, Archival and Retrieval of documents/Office Networking System
E-Management, Archival and Retrieval of documents/Office Networking System
 
07. datacenters
07. datacenters07. datacenters
07. datacenters
 
Configuring Network Clients
Configuring Network ClientsConfiguring Network Clients
Configuring Network Clients
 
System and Network Administration/ SNA
System and Network Administration/ SNASystem and Network Administration/ SNA
System and Network Administration/ SNA
 
WAN Design Project
WAN Design ProjectWAN Design Project
WAN Design Project
 
Introduction to Computer Networks Lecture slides ppt
Introduction to Computer Networks Lecture slides pptIntroduction to Computer Networks Lecture slides ppt
Introduction to Computer Networks Lecture slides ppt
 

Similaire à Net essentials6e ch10

Information Security
Information SecurityInformation Security
Information Securitysonykhan3
 
Principles for Secure Design and Software Security
Principles for Secure Design and Software Security Principles for Secure Design and Software Security
Principles for Secure Design and Software Security Mona Rajput
 
Fundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptxFundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptxKelvinDube4
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Security & Privacy - Lecture D
Security & Privacy - Lecture DSecurity & Privacy - Lecture D
Security & Privacy - Lecture DCMDLearning
 
Domains of network security
Domains of network securityDomains of network security
Domains of network securityKeithThai1
 
Computer Networks 4
Computer Networks 4Computer Networks 4
Computer Networks 4Mr Smith
 
It nv51 instructor_ppt_ch11
It nv51 instructor_ppt_ch11It nv51 instructor_ppt_ch11
It nv51 instructor_ppt_ch11newbie2019
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Maintenance of Hospital Information System
Maintenance of Hospital Information SystemMaintenance of Hospital Information System
Maintenance of Hospital Information SystemDr Jasbeer Singh
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposalDale White
 
Unit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxUnit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxSakshiGawde6
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatanceKudzi Chikwatu
 

Similaire à Net essentials6e ch10 (20)

ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
 
Information Security
Information SecurityInformation Security
Information Security
 
9780840024220 ppt ch05
9780840024220 ppt ch059780840024220 ppt ch05
9780840024220 ppt ch05
 
9780840024220 ppt ch09
9780840024220 ppt ch099780840024220 ppt ch09
9780840024220 ppt ch09
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
Principles for Secure Design and Software Security
Principles for Secure Design and Software Security Principles for Secure Design and Software Security
Principles for Secure Design and Software Security
 
Fundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptxFundamental_Security_Design_Principles.pptx
Fundamental_Security_Design_Principles.pptx
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Security & Privacy - Lecture D
Security & Privacy - Lecture DSecurity & Privacy - Lecture D
Security & Privacy - Lecture D
 
Domains of network security
Domains of network securityDomains of network security
Domains of network security
 
Computer Networks 4
Computer Networks 4Computer Networks 4
Computer Networks 4
 
It nv51 instructor_ppt_ch11
It nv51 instructor_ppt_ch11It nv51 instructor_ppt_ch11
It nv51 instructor_ppt_ch11
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Maintenance of Hospital Information System
Maintenance of Hospital Information SystemMaintenance of Hospital Information System
Maintenance of Hospital Information System
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposal
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Unit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxUnit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptx
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
 

Plus de APSU

Module 2 patient transfers
Module 2 patient transfersModule 2 patient transfers
Module 2 patient transfersAPSU
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9APSU
 
Chapter 9.access to judicial review
Chapter 9.access to judicial reviewChapter 9.access to judicial review
Chapter 9.access to judicial reviewAPSU
 
Chapter 8.administrative agency hearings
Chapter 8.administrative agency hearingsChapter 8.administrative agency hearings
Chapter 8.administrative agency hearingsAPSU
 
Chapter 7.informal proceedings
Chapter 7.informal proceedingsChapter 7.informal proceedings
Chapter 7.informal proceedingsAPSU
 
Chapter 6.investigations and information planning
Chapter 6.investigations and information planningChapter 6.investigations and information planning
Chapter 6.investigations and information planningAPSU
 
Chapter 5.agency rules and regulations(1)
Chapter 5.agency rules and regulations(1)Chapter 5.agency rules and regulations(1)
Chapter 5.agency rules and regulations(1)APSU
 
Chapter 4 pp
Chapter 4 ppChapter 4 pp
Chapter 4 ppAPSU
 
Chapter 3.agency discretion
Chapter 3.agency discretionChapter 3.agency discretion
Chapter 3.agency discretionAPSU
 
Chapter2.development of administrative law
Chapter2.development of administrative lawChapter2.development of administrative law
Chapter2.development of administrative lawAPSU
 
Chapter1.admin law&adminagency
Chapter1.admin law&adminagencyChapter1.admin law&adminagency
Chapter1.admin law&adminagencyAPSU
 
Chapter1
Chapter1Chapter1
Chapter1APSU
 
Logi pp 1
Logi pp 1Logi pp 1
Logi pp 1APSU
 
Unit 1
Unit 1Unit 1
Unit 1APSU
 
Time management
Time managementTime management
Time managementAPSU
 
Research
ResearchResearch
ResearchAPSU
 
21st century learner
21st century learner21st century learner
21st century learnerAPSU
 
21st century learner
21st century learner21st century learner
21st century learnerAPSU
 

Plus de APSU (18)

Module 2 patient transfers
Module 2 patient transfersModule 2 patient transfers
Module 2 patient transfers
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
 
Chapter 9.access to judicial review
Chapter 9.access to judicial reviewChapter 9.access to judicial review
Chapter 9.access to judicial review
 
Chapter 8.administrative agency hearings
Chapter 8.administrative agency hearingsChapter 8.administrative agency hearings
Chapter 8.administrative agency hearings
 
Chapter 7.informal proceedings
Chapter 7.informal proceedingsChapter 7.informal proceedings
Chapter 7.informal proceedings
 
Chapter 6.investigations and information planning
Chapter 6.investigations and information planningChapter 6.investigations and information planning
Chapter 6.investigations and information planning
 
Chapter 5.agency rules and regulations(1)
Chapter 5.agency rules and regulations(1)Chapter 5.agency rules and regulations(1)
Chapter 5.agency rules and regulations(1)
 
Chapter 4 pp
Chapter 4 ppChapter 4 pp
Chapter 4 pp
 
Chapter 3.agency discretion
Chapter 3.agency discretionChapter 3.agency discretion
Chapter 3.agency discretion
 
Chapter2.development of administrative law
Chapter2.development of administrative lawChapter2.development of administrative law
Chapter2.development of administrative law
 
Chapter1.admin law&adminagency
Chapter1.admin law&adminagencyChapter1.admin law&adminagency
Chapter1.admin law&adminagency
 
Chapter1
Chapter1Chapter1
Chapter1
 
Logi pp 1
Logi pp 1Logi pp 1
Logi pp 1
 
Unit 1
Unit 1Unit 1
Unit 1
 
Time management
Time managementTime management
Time management
 
Research
ResearchResearch
Research
 
21st century learner
21st century learner21st century learner
21st century learner
 
21st century learner
21st century learner21st century learner
21st century learner
 

Dernier

Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxPoojaSen20
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 

Dernier (20)

Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 

Net essentials6e ch10

  • 1. Guide to Networking Essentials, 6th Edition Chapter 10: Introduction to Network Security
  • 2. Copyright © 2012 Cengage Learning. All rights reserved. 2 Objectives 2 • Develop a network security policy • Secure physical access to network equipment • Secure network data • Use tools to find network security weaknesses
  • 3. Copyright © 2012 Cengage Learning. All rights reserved. 3 Network Security Overview and Policies • Network security should be as unobtrusive as possible – Allowing network users to concentrate on the tasks they want to accomplish rather than how to get to the data they need to perform those tasks • Having a secure network enables an organization to go about its business confidently and efficiently • A company that can demonstrate its information systems are secure is more likely to attract customers, partners, and investors
  • 4. Copyright © 2012 Cengage Learning. All rights reserved. 4 Developing a Network Security Policy • A network security policy is a document that describes the rules governing access to a company’s information resources, enforcement of these rules, and steps taken if rules are breached • A security policy should: – Be easy for ordinary users to understand and reasonably comply with – Be enforceable. Example: You shouldn’t forbid Internet use during a certain time of day unless you have a method of monitoring or restricting this use – Clearly state the objective of each policy so that everyone understands its purpose
  • 5. Copyright © 2012 Cengage Learning. All rights reserved. 5 Determining Elements of a Network Security Policy • Basic items needed in order to start writing your security policy: – Privacy policy: Describes what staff, customers, and business partners can expect for monitoring and reporting – Acceptable use policy: Explains for what purposes network resources can be used – Authentication policy: Describes how users identify themselves to gain access to network resources – Internet use policy: Explains what constitutes proper or improper use of Internet resources
  • 6. Copyright © 2012 Cengage Learning. All rights reserved. 6 Determining Elements of a Network Security Policy • Basic items needed in order to start writing your security policy (continued): – Access policy: Specifies how and when users are allowed to access network resources – Auditing policy: Explains the manner in which security compliance or violations can be verified and the consequences for violations – Data protection: Outlines the policies for backup procedures, virus protection, and disaster recovery
  • 7. Understanding Levels of Security • Before determining the level of security your network needs, answer these questions: – What must be protected? – From whom should data be protected? – What costs are associated with security being breached and data being lost or stolen? – How likely is it that a threat will actually occur? – Are the costs to implement security and train personnel to use a secure network outweighed by the need to create an efficient, user-friendly environment? • Depending on your answers, you’ll likely implement one of the levels of security on the following slides Copyright © 2012 Cengage Learning. All rights reserved. 7
  • 8. Copyright © 2012 Cengage Learning. All rights reserved. 8 Understanding Levels of Security • Highly Restrictive Security Policies – Include features such as data encryption, complex password requirements, detailed auditing and monitoring of computer and network access, intricate authentication methods, and policies governing use of the Internet and e-mail – Expensive to implement and support • Moderately Restrictive Security Policies – Require passwords for each user but not overly complex – Auditing is geared toward detecting unauthorized logon attempts, misuse of network resources, and network attacker activity – Can use moderately priced off-the-shelf hardware and software, such as firewalls and access control lists
  • 9. Copyright © 2012 Cengage Learning. All rights reserved. 9 Understanding Levels of Security • Open Security Policies – Consist of simple or no passwords, unrestricted access to resources, and probably no monitoring and auditing – Might make sense for a small company with the main goal of making access to network resources easy – Sensitive data might be kept on workstations that are backed up regularly and physically inaccessible to other employees • No matter which type of policy a company uses, some common elements should be present: – Virus and other malware protection for servers and desktops – Backup procedures – Physical security of servers and network devices
  • 10. Copyright © 2012 Cengage Learning. All rights reserved. 10 Securing Physical Access to the Network  Best practices to secure your network from physical assault:  Ensure that rooms are available to house servers and equipment. These rooms should have locks, adequate power receptacles, adequate cooling measures, and an EMI-free environment  If a suitable room is not available, locking cabinets can be purchased to house servers and equipment in public areas  Wiring from workstations to wiring cabinets should be inaccessible to eavesdropping equipment  Your physical security plan should include procedures for recovery from natural disasters such as fire or floods
  • 11. Physical Security of Servers • Servers can generate a substantial amount of heat and need adequate cooling – Lack of cooling can damage hard drives, cause CPUs to shut down or malfunction, and damage power supplies • Power to the server should be on a separate circuit from other electrical devices – Enough power outlets should be installed to eliminate the need for extension cords – Verify power requirements for UPSs. Some UPSs require special twist-lock outlet plugs rated for high currents • If you’re forced to place servers in a public access area, locking cabinets are a must Copyright © 2012 Cengage Learning. All rights reserved. 11
  • 12. Copyright © 2012 Cengage Learning. All rights reserved. 12 Security of Internetworking Devices • Routers and switches contain critical configuration information – A user with physical access to these devices needs only a laptop or handheld computer to get into the router or switch • Configuration changes made to routers and switches can have disastrous results • A room with a lock is the best place for internetworking devices – A wall-mounted enclosure with a lock is the next best thing – Some cabinets have a built-in fan or a mounting hole for a fan – Most racks also come with channels to run wiring
  • 13. Copyright © 2012 Cengage Learning. All rights reserved. 13 Securing Access to Data • Securing data on a network: – Authentication and authorization – Encryption – Virtual private networks (VPNs) – Firewalls – Virus and worm protection – Spyware protection – Wireless security
  • 14. Copyright © 2012 Cengage Learning. All rights reserved. 14 Implementing Secure Authentication and Authorization • Allow administrators to control who has access to the network (authentication) and what users can do after they are logged on to the network (authorization) • Network OSs include tools that enable administrators to specify options and restrictions on how and when users can log on to the network • File system access controls and user permission settings determine what a user can access on a network – Also controls what actions a user can perform on the network, such as installing software or shutting down a system
  • 15. Copyright © 2012 Cengage Learning. All rights reserved. 15 Configuring Password Requirements in a Windows Environment • Windows 7 allows passwords up to 128 characters – Minimum of five to eight characters is typical • Other password options include: – Maximum password age – Minimum password age – Enforce password history: Determines how many different passwords must be used before a password can be used again • Password policies for Windows 7 or Windows Server 2008 can be set in the Local Security Policy console found in Administrative Tools
  • 16. Copyright © 2012 Cengage Learning. All rights reserved. 16 Configuring Password Requirements in a Windows Environment Password policy settings in Windows 7
  • 17. Copyright © 2012 Cengage Learning. All rights reserved. 17 Configuring Password Requirements in a Linux Environment • Linux password configuration can be done globally or on a user-by-user basis • Like Windows, Linux has a number of password options that can be configured – For these password options to be available, the Linux system must be using shadow passwords, a secure method of storing user passwords on a Linux system • Password options can be set by editing the /etc/login.defs configuration file • Other password options can be configured by using Pluggable Authentication Modules (PAM)
  • 18. Copyright © 2012 Cengage Learning. All rights reserved. 18 Reviewing Password Dos and Don’ts • Do use a combination of uppercase letters, lowercase letters, and numbers • Do include one or more special characters • Do consider using a phrase, such as NetW@ork1ng! sC001 • Don’t use passwords based on your logon name, your family members’ or pets’ names • Don’t use common dictionary words unless they are part of a phrase • Don’t make your password so complex that you forget it
  • 19. Copyright © 2012 Cengage Learning. All rights reserved. 19 Restricting Logon Hours and Logon Location • Both Windows and Linux have solutions to restrict logon by time of day, day of week, and location • In Windows, the default settings allow logon 24 hours a day, seven days a week • A common use of restricting logon hours is to disallow logon during a system backup • Users can be restricted to logging on only from particular workstations – If a user who has access to sensitive data logs on at a workstation in a coworker’s office and then walks away, the coworker now has access to sensitive data
  • 20. Copyright © 2012 Cengage Learning. All rights reserved. 20 Authorizing Access to Files and Folders • Windows OSs have two options for file security: sharing permissions and NTFS permissions • Sharing permissions are applied to folders (files in a shared folder inherit the same permission) • NTFS permissions can be applied to files as well as folders • File and folder permissions are a necessary tool administrators use to make network resources secure
  • 21. Securing Data with Encryption • Encryption prevents people from using eavesdropping technology—such as a packet sniffer —to capture packets • The most widely used method for encrypting data is using IP Security (IPSec) • Preshared key - series of letters, numbers, and special characters that two devices use to authenticate each other’s identity (administrator enters the same key in the IPSec settings on both devices) • Kerberos authentication - also uses keys, but the OS generates the keys Copyright © 2012 Cengage Learning. All rights reserved. 21
  • 22. Securing Data with Encryption • Digital certificates - involves a certification authority (CA) – Someone wanting to send encrypted data must apply for a digital certificate from a CA, which is responsible for verifying the applicant’s authenticity – Public CAs, such as Verisign, sell certificates to companies wanting to have secure communication sessions across public networks • On Linux systems, a simple method for encrypting files is using gpg (Gnu Privacy Guard), a command-line program – This program uses a password the user enters to encrypt the file specified as an argument to the gpg command Copyright © 2012 Cengage Learning. All rights reserved. 22
  • 23. Securing Data on Disk Drives • If someone gains access to the hard disk where data is stored, your data could be vulnerable • In Windows OSs, Encrypting File System (EFS) is used to encrypt files or folders • EFS works in one of three modes: – Transparent mode: Requires hardware with trusted platform module (TPM) support and protects the system if someone tries to boot with a different OS – USB key mode: An encryption key is stored on a USB drive that the user inserts before starting the system – User authentication mode: The system requires a user password before it decrypts the OS files and boots Copyright © 2012 Cengage Learning. All rights reserved. 23
  • 24. Securing Communication with Virtual Private Networks • A virtual private network (VPN) is a network connection that uses the Internet to give users or branch offices secure access to a company’s network resources • VPNs use encryption technology to ensure the communication is secure while traveling through the public Internet – A “tunnel” is created between the VPN client and VPN server • VPN servers can be configured on server OSs or they can be in the form of a dedicated device with the sole purpose of handling VPN connections Copyright © 2012 Cengage Learning. All rights reserved. 24
  • 25. Securing Communication with Virtual Private Networks A typical VPN connection Copyright © 2012 Cengage Learning. All rights reserved. 25
  • 26. Copyright © 2012 Cengage Learning. All rights reserved. 26 VPNs in a Windows Environment • Windows server OSs include a VPN server solution with Routing and Remote Access (RRAS) • Windows 2008 supports three implementations of VPN: – Point-to-Point Tunneling Protocol (PPTP): A commonly used VPN protocol in Windows OSs with client support for Linux and Mac OS X – Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec): Provides a higher level of security than PPTP. Provides data integrity as well as identity verification – Secure Socket Tunneling Protocol (SSTP): Works behind most firewalls without firewall administrators needing to configure the firewall to allow VPN • All three implementations are enabled by default when you configure Windows Server 2008 as a VPN server
  • 27. VPNs in Other OS Environments • Linux OSs also support VPN client and VPN server applications (typically use PPTP or L2TP/IPSec) – A popular VPN solution for Linux is a free package called OpenSwan) • Mac OS X supports VPN client connections to Windows servers by using PPTP or IPSec • Mac OS X Server has a VPN server service that allows Mac OS X, Windows, and UNIX/Linux clients to connect to a corporate LAN through the Mac OS X VPN server Copyright © 2012 Cengage Learning. All rights reserved. 27
  • 28. VPN Benefits • VPN benefits include the following: – Enable mobile users to connect with corporate networks securely wherever an Internet connection is available – Allow multiple sites to maintain permanent secure connections via the Internet instead of using expensive WAN links – Can reduce costs by using the ISP’s support services instead of paying for more expensive WAN support – Eliminate the need to support dial-up remote access Copyright © 2012 Cengage Learning. All rights reserved. 28
  • 29. Protecting Networks with Firewalls • A firewall is a hardware device or software program that inspects packets going into or out of a network or computer, then discards or forwards these packets based on a set of rules • A hardware firewall is configured with two or more network interfaces, typically placed between a corporate LAN and the WAN connection • A software firewall is installed in an OS and inspects all packets coming into or leaving the computer – Based on predefined rules, the packets are discarded or forwarded for further processing Copyright © 2012 Cengage Learning. All rights reserved. 29
  • 30. Protecting Networks with Firewalls • Firewalls protect against outside attempts to access resources and protect against malicious packets intended to disable a network and its resources – Firewalls can also be used to restrict users’ access to Internet resources • After installed, the administrator must build rules that allow only certain packets to enter or exit the network – Can be based on source and destination addresses, protocols such as IP, TCP, ICMP, and HTTP • Firewalls can also attempt to determine a packet’s context (process called stateful packet inspection) – SPI helps ensure that a packet is denied if it’s not part of an ongoing legitimate conversation Copyright © 2012 Cengage Learning. All rights reserved. 30
  • 31. Protecting Networks with Firewalls Copyright © 2012 Cengage Learning. All rights reserved. 31
  • 32. Protecting Networks with Firewalls • Routers can be used as firewalls • Network administrators can create rules, called access control lists (ACLs), that deny certain types of packets – ACLs can examine many of the same packet properties that firewalls can • An intrusion detection system (IDS) usually works with a firewall or router – Detects an attempted security breach and notifies the administrator – In some cases an IDS can take countermeasures like resetting the connection between source and destination devices Copyright © 2012 Cengage Learning. All rights reserved. 32
  • 33. Protecting Networks with Firewalls • Because most networks use Network Address Translation (NAT) with private IP addresses, devices configured with private IP addresses can’t be accessed directly from outside the network • When NAT is used, an external device can’t initiate a network conversation with an internal device Copyright © 2012 Cengage Learning. All rights reserved. 33
  • 34. Protecting a Network from Worms, Viruses, and Rootkits • A virus is a program that spreads by replicating itself into other programs or documents – Purpose is to disrupt computer or network operation by deleting or corrupting files, formatting disks, or using large amounts of computer resources • A worm is similar to a virus but a worm doesn’t attach itself to another program – Can create a backdoor, which is a program installed on a computer that permits access to the computer, bypassing normal authentication process • Rootkits are a form of a Trojan program that can monitor traffic to and from a computer (capturing passwords and other important information) Copyright © 2012 Cengage Learning. All rights reserved. 34
  • 35. Protecting a Network from Worms, Viruses, and Rootkits • Viruses, worm, and rootkits are part of a broader category of software called malware, which is any software designed to cause harm or disruption • Every desktop and server should have virus-scanning software running – Most virus-protection software is also designed to detect and prevent worms • Virus and worm protection can be expensive but perhaps worth it if loss of data and productivity can be avoided – Virus software must be updated because developers of viruses and worm software are always looking for new ways to wreak havoc Copyright © 2012 Cengage Learning. All rights reserved. 35
  • 36. Protecting a Network from Spyware and Spam • Spyware is a type of malware that monitors or controls part of your computer at the expense of your privacy – Spyware usually decreases your computer’s performance and increases pop-up Internet messages and spam • Many antispyware programs are available – some are bundled with antivirus programs • Spam is more of a nuisance than a threat to your computer – Unsolicited e-mail that takes up e-mail storage space, network bandwidth and people’s time Copyright © 2012 Cengage Learning. All rights reserved. 36
  • 37. Implementing Wireless Security • An attacker does not need physical access to your network cabling to compromise the network – Anyone with a wireless scanner and some software can intercept data or access wireless devices • Wireless security must be enabled on all your devices by using one or more of the following methods: – Service set identifier (SSID) – An SSID is an alphanumeric label configured on the access point – each client must configure its wireless NIC for that SSID to connect to that access point Copyright © 2012 Cengage Learning. All rights reserved. 37
  • 38. Implementing Wireless Security • Wireless security options (continued): – MAC address filtering: If network is small, you can use the MAC address filtering feature on APs to restrict network access to computers with specific MAC addresses – Wired Equivalency Protocol (WEP): Provides data encryption so that a casual attacker who gains access sees only encrypted data – Wi-Fi Protected Access (WPA): Similar to WEP, only has enhancements that make cracking the encryption code more difficult – 802.11i : Usually referred to as WPA2 because it incorporates much of the WPA standard – advantage over WPA is that it uses more advanced encryption standards and a more secure method of handing encryption keys Copyright © 2012 Cengage Learning. All rights reserved. 38
  • 39. Using an Attacker’s Tools to Stop Network Attacks • The terms black hats and white hats are sometimes used to describe an individual skilled at breaking into a network – Black hats are the bad guys, white hats are the good guys • White hats use the term penetration tester for their consulting services – A certification has been developed for white hats called Certified Ethical Hacker (CEH) – White hats try to hack into a network to see what types of holes exist in a network’s security and close them Copyright © 2012 Cengage Learning. All rights reserved. 39
  • 40. Discovering Network Resources • Attackers use command-line utilities to discover as much about your network as they can – Ping, Traceroute Finger, and Nslookup are some utilities used • A ping scanner is an automated method for pinging a range of IP addresses • A port scanner determines which TCP and UDP ports are available on a particular computer or device – By determining which ports are active, a port scanner can tell you what services are enabled on a computer Copyright © 2012 Cengage Learning. All rights reserved. 40
  • 41. Discovering Network Resources • Protocol analyzers allow you to capture packets and determine which protocol services are running – Require access to the network media • The use of the Finger utility can be disabled by turning it off on all UNIX, Linux servers and routers – A port scan should be run on all network devices to see what services are on, and then services that aren’t necessary should be turned off • To protect against the use of protocol analyzers, all hubs and switches should be secured in a locked room or cabinet Copyright © 2012 Cengage Learning. All rights reserved. 41
  • 42. Gaining Access to Network Resources • After an attacker has discovered the resources available, the next step might be gaining access – Will try to gain access via devices that have no password set • Finger can be used to discover usernames • Linux and Windows servers have default administrator names that are often left unchanged – An attacker with a password-cracking tool can easily exploit • Using a password-cracking tool on your own system is recommended to see whether your passwords are complex enough Copyright © 2012 Cengage Learning. All rights reserved. 42
  • 43. Disabling Network Resources • A denial-of-service (DoS) attack is an attacker’s attempt to tie up network bandwidth or network services – Three common types of DoS attacks focus on typing up a server or network service • Packet storms: use the UDP protocol to send UDP packets that have a spoofed (made up) host address, causing the host to be unavailable to respond to other packets • Half-open SYN attacks: use the TCP three-way handshake to tie up a server with invalid TCP sessions • A ping flood sends a large number of ping packets to a host – they cause the host to reply, typing up CPU cycles and bandwidth Copyright © 2012 Cengage Learning. All rights reserved. 43
  • 44. Copyright © 2012 Cengage Learning. All rights reserved. 44 Chapter Summary • A network security policy is a document that describes the rules governing access to a company’s information resources • A security policy should contain these types of policies: privacy policy, acceptable use policy, authentication policy, Internet use policy, auditing policy, and data protection policy • Securing physical access to network resources is paramount • Securing access to data includes authentication and authorization, encryption/decryption, VPNs, firewalls, virus and worm protection, spyware protection and wireless security
  • 45. Copyright © 2012 Cengage Learning. All rights reserved. 45 Chapter Summary • VPNs are an important aspect of network security because they provide secure remote access to a private network via the Internet • Firewalls, a key component of any network security plan, filter packets and permit or deny packets based on a set of defined rules • Malware encompasses viruses, worms, Trojan programs, and rootkits • Wireless security involves attention to configuring a wireless network’s SSID correctly and configuring and using one of several wireless security protocols, such as WEP, WPA, or 802.11i
  • 46. Chapter Summary • Tools that attackers use to compromise a network can also be used to determine whether a network is secure. • Denial of service is one method attackers use to disrupt network operation. Three types of DoS attacks include half- open SYN attacks, ping floods, and packet storms. Copyright © 2012 Cengage Learning. All rights reserved. 46