1 / 15

Infrastructure Security & Network Fundamentals

Infrastructure Security & Network Fundamentals. Chapter 10. LANs, MANs, and WANs (cont’d.). Applying the OSI Model. Table 2-1 Functions of the OSI layers. Courtesy Course Technology/Cengage Learning. Securing a Workstation. Keep the operating system (OS) patched and up to date.

kalliyan-pach
Download Presentation

Infrastructure Security & Network Fundamentals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Infrastructure Security & Network Fundamentals Chapter 10

  2. LANs, MANs, and WANs (cont’d.)

  3. Applying the OSI Model Table 2-1 Functions of the OSI layers Courtesy Course Technology/Cengage Learning Network+ Guide to Networks, 6th Edition

  4. Network+ Guide to Networks, 6th Edition

  5. Securing a Workstation Keep the operating system (OS) patched and up to date. Remove all shares that are not necessary. Rename the administrator account, securing it with a strong password. Install an antivirus program and keep abreast of updates. If no corporate firewall exists between the machine and the Internet, install a firewall.

  6. Servers Servers are the computers in a network that host applications and data for everyone to share. The key management issue behind running a secure server setup is to identify the specific needs of a server for its proper operation and enable only items necessary for those functions.

  7. Antivirus Software For workstations, this type of software is still a necessary component, particularly to prevent a PC from becoming part of a botnet. For servers, this type of software is most useful when users are allowed to place files on the machine. SDRC diagram

  8. Switches Can operate at either the data link or network layers of the OSI model. Creates separate collision domains for each port. A sniffer can only see traffic for the connected port. Can be attacked due to vulnerabilities in both SNMP and Telnet. Subject to ARP poisoning and MAC flooding.

  9. Routers Operates at the network layer of the OSI model Connects different network segments together Uses routing protocols to determine optimal paths across a network Forms the backbone of the Internet Can also be attacked due to vulnerabilities in both SNMP and Telnet

  10. Firewalls Can be hardware, software, or a combination. Enforce network security policies across network connections. Different security policies will apply across the network, based on need. Security policies are rules that define what traffic is permissible and what traffic is to be blocked or denied. Security policies should follow the principle of least access. It is necessary to have a complete understanding of your network to develop a comprehensive security policy.

  11. Other Firewall Techniques Basic packet filtering Checks each packet against rules pre-defined on the firewall Fairly simple, fast, and efficient Doesn’t detect and catch all undesired packets Stateful packet filtering The firewall maintains the context of a conversation More likely to detect and catch undesired packets Due to overhead, network efficiency is reduced

  12. VPN Provides a secure channel between users even though their signal is traveling on public networks Employs one of two types of encryption Data encryption can be sniffed en route, but the contents cannot be read Packet encryption uses tunneling and protects the data and the identities of the communicating parties Often done using IPsec

  13. Intrusion Detection Systems Detects, logs, and responds to unauthorized network or host use Can operate in real-time or after the fact Two categories Network-based systems Host-based systems

More Related