Network security
Download
1 / 67

- PowerPoint PPT Presentation


  • 214 Views
  • Uploaded on

Raval • Fichadia John Wiley & Sons, Inc. 2007. Network Security. Chapter Eleven Prepared by: Raval, Fichadia. Chapter Eleven Objectives. Learn the basic concepts of networks and associated terminology. Understand the risks that impact networks and the controls to mitigate them.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - lorin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Network security l.jpg

Raval • Fichadia

John Wiley & Sons, Inc. 2007

Network Security

Chapter Eleven

Prepared by: Raval, Fichadia


Chapter eleven objectives l.jpg
Chapter Eleven Objectives

  • Learn the basic concepts of networks and associated terminology.

  • Understand the risks that impact networks and the controls to mitigate them.

  • Gain the skills to assess the security posture of a networks and make management recommendations.

  • Apply security principles and best practices to a network.


The big picture l.jpg
The Big Picture

Elements of a network.

Some risks that impact networks.


Network primer l.jpg
Network primer

Networks: A series of interconnected nodes that can communicate with each other.

  • Networks allow computers to talk to each other for functionality (e-mails, B2B), sharing work load (client-server), for specialization (printers print).

  • Communication occurs via agreed upon protocols such as TCP/IP, SNA, etc.

  • Internet is THE network – interconnecting millions of computers. Internal company networks are often called Intranets.


Network primer5 l.jpg
Network primer

Networks: OSI model defines the conceptual framework for putting together a network.

  • Open Systems Interconnect (OSI) proposes a network stack with seven layers.

  • The layers are: application, presentation, session, transport, network, datalink, and physical.

  • Layers numbering in descending order – i.e., application layer is layer 7 and physical layer is layer 1.

  • Each layer plays a specific task and is independent of the others.


Network primer6 l.jpg
Network primer

Networks: Seven layers of OSI model.

  • Application layer: Provides different network services to user applications.

  • Presentation layer: Deals with the syntax and semantics of transmitted data. It converts presentation format for incoming and outgoing data.

  • Session layer: Sets up, manages, and terminate conversations between the applications. Deals with session and connection coordination.

  • Transport layer: Manages complete data transfer by providing end-to-end communication control and error checking.


Network primer7 l.jpg
Network primer

Networks: Seven layers of OSI model contd.

  • Network layer: Deals with addressing and routing data on the network.

  • Data link layer: Deals with proper framing of data bits on the physical media and ensures error control between adjacent nodes.

  • Physical layer: Deals with transmission of bits over the physical media. Provides connectivity of the node to the transmission media.

  • Useful pneumonic: All People Seem To Need Data Processing.


Network primer8 l.jpg
Network primer

Networks: Encapsulation/decapsulation of data.

  • Data has to be passed from application layer to application layer on a network.

  • Each layer adds a header and passes the data to the lower layer. This process is called encapsulation.

  • Physical layer, the lower most layer, sends the data over the physical medium to the destination.

  • Upon reaching destination physical layer, data is passed up the stack.

  • Each destination layer strips appropriate header off and passes it on to upper layer. This process is called decapsulation.


Network primer9 l.jpg
Network primer

Networks: Encapsulation/decapsulation of data.

  • The headers contain information for corresponding layer on the receiving end.


Network primer10 l.jpg
Network primer

Networks: TCP/IP model defines specifications of network layers.

  • TCP/IP model is similar to the OSI model – however has only four layers.

  • The layers are: application, transport, internetwork, and network access.

  • Layers numbering in descending order – i.e., application layer is layer 4 and network layer is layer 1.

  • Each layer plays a specific task and is independent of the others.


Network primer11 l.jpg
Network primer

Networks: TCP/IP model defines specifications of network layers.

  • Model provides actual specifications via various protocol definitions (unlike OSI model).

  • Model specifies several dozen protocols, but is named after two of its most famous protocols – TCP and IP.

  • Similar to OSI model, TCP/IP model goes through the process of encapsulation and decapsulation.


Network primer12 l.jpg
Network primer

Networks: Four layers of TCP/IP model.

  • Application layer: Corresponds to the first three layers of the OSI model. Protocols at this layer include STMP (e-mails), HTTP (web), and FTP (file transfers).

  • Transport layer: Corresponds to layer 4 (Transport) of the OSI model. Protocols include TCP and UDP.

  • Internetwork layer: Corresponds to layer 3 (network) of the OSI model. Protocols include IP and ICMP.

  • Network access layer: Corresponds to layers 1 and 2 (physical and data link) of the OSI model. Works with Ethernet/token ring type of technologies.

    (Some refer to Internetwork layer as Network layer and Network access layer to Data link layer)


Network primer13 l.jpg
Network primer

Networks: Role of four layers of TCP/IP model.

  • Application layer: End user applications use protocols at this layer to communicate. For example, web browser uses the HTTP protocol.

  • Transport layer: Uses protocols like TCP to open connection with destination and to ensure data sent is indeed received.

  • Internetwork layer: Uses protocols like IP to route the data packets across the Internet to its destination IP address.

  • Network access layer: Deals with getting data from destination router to the appropriate computer on the network.


Network primer14 l.jpg
Network primer

Networks: Encapsulation/decapsulation of data on TCP/IP network.

  • Data has to be passed from application layer to application layer on a network.

  • Each layer adds a header and passes the data to the lower layer. This process is called encapsulation.

  • Physical layer, the lower most layer, sends the data over the physical medium to the destination.

  • Upon reaching destination physical layer, data is passed up the stack.

  • Each destination layer strips appropriate header off and passes it on to upper layer. This process is called decapsulation.


Network primer15 l.jpg
Network primer

Networks: Encapsulation/decapsulation of data on TCP/IP network.

  • The headers contain information for corresponding layer on the receiving end.


Network primer16 l.jpg
Network primer

Networks: End to end journey of data across TCP/IP network.

  • Internetwork layer needs IP addresses to route data to destination network (not destination computer).

    • IP addresses contain a network address and a host (computer address).

    • Routers use the network address portion for getting data packets to the destination network.

  • Data reaches the right computer after reaching the destination network is typically via ARP protocol.

  • Port numbers are used to get the data to the right application on the destination computer.

  • Transport layer ensures data reaches destination – else retransmits it.


Network primer17 l.jpg
Network primer

Networks: IP address scheme.

  • Current version of IP addresses is IP version 4.

  • IPv4 defines IP address with 32 bits organized in four octets (8 bits in each). IP version 6 has 128 bits.

  • Decimal values of the bits in each octet are separated by dots while writing an IP address.

    • E.g. 69.58.201.25

  • Certain bits from the left correspond to the network address (69.58.201) and the remaining correspond to define the computer (host) on the network (25).

  • Subnet mask defines boundary between network portion and the host portion of the IP address.


Network primer18 l.jpg
Network primer

Networks: Ports.

  • Ports define the unique application/service on a computer that sends or receives the data.

    • E.g. Port 80 is used by Web Server software to receive requests from browsers.

  • Port numbers can range from 0 through 65,356.

  • IANA designates “well-known” ports (0-1023) for specific purposes.

    • E.g. port 80 is for web traffic, port 25 is for e-mail traffic.


Management concerns l.jpg
Management concerns

Concerns about operating system security typically include the following:

  • Ensuring the availability of the networks for web traffic, e-commerce/EDI EDI transactions, and e-mails.

  • Maintaining the confidentiality & integrity of data flowing over the networks (from home and within company).

  • Building networks with business partners to aid with B2B transactions without compromising security.

  • Having an effective backup, recovery, business resumption and a disaster recovery plan.


Risks and controls l.jpg
Risks and controls

Clear-text transmissions: Data that goes over the network in an unencrypted fashion.

  • Networks are shared by multiple computers.

  • These computers place nice and read only those packets on the network that are addressed to them. They ignore data packets that aren’t meant for them.

  • A “sniffer” computer can read packets that aren’t meant for it by putting its network card into “promiscuous” mode – thereby by accessing unauthorized data.

  • Intruders often user sniffers to capture user IDs, passwords, and other sensitive data.


Risks and controls21 l.jpg
Risks and controls

Clear-text transmissions: Data that goes over the network in an unencrypted fashion.

  • Sniffers can capture data belonging to others.


Risks and controls22 l.jpg
Risks and controls

Clear-text transmission risks:

  • Disclosure of sensitive information.

    Controls:

  • Employ encryption for sensitive data.

  • Limit access to physical networks.


Risks and controls23 l.jpg
Risks and controls

Modems: Devices that allow users to connect to the Internet.

  • Modems can be dial-up modems or cable modems.

  • Dial-up modems installed in computers communicate via analog phone lines to modems within company networks or with the Internet Service Providers (ISP).

  • Cable-modems are highly popular now and connect over cable lines with the cable companies that provide Internet connectivity.

  • Cable-modems offer much faster speeds than dial-up modems.


Risks and controls24 l.jpg
Risks and controls

Modems: Devices that allow users to connect to the Internet.

  • Cable modems are lot more popular than dial-up modems.


Risks and controls25 l.jpg
Risks and controls

Dial-up modem risks:

  • Intruders use war-dialers to identify company modems and crack the passwords to get in. A single insecure modem can undo the security offered by a million-dollar firewall.

    Controls:

  • Company should war-dial itself to identify unauthorized modems and disable them.

  • Authorized modems should offer no login banners or information that helps intruders fingerprint the modem.

  • Employ intruder lockouts and strong user ID and password management routines.


Risks and controls26 l.jpg
Risks and controls

Controlscontd.

  • Consider using modems with two-factor authentication (something you know and something you have).

  • Consider using callback modems that return calls to prespecified numbers upon a connection request.


Risks and controls27 l.jpg
Risks and controls

Cable modem risks:

  • Cable modems provide a static target to attackers often with the same IP address.

  • Cable modems may allow users to sniff neighbor’s data.

    Controls:

  • Turn off cable-modems when not required.

  • Employ personal firewalls on machines behind a cable modem.

  • Secure the machines via operating system security practices.


Risks and controls28 l.jpg
Risks and controls

Virtual Private Networks: Allows for securing traffic sent via the Internet to company networks.

  • Remote users often dialed into company modems via toll-free numbers to connect to company networks.

  • Dedicated modems lines and toll-free numbers was expensive for companies.

  • VPNs solved the problem by encrypting and sending data over the public network (Internet).

  • Remote users just needed a connection to their ISP and a VPN client that connected to a VPN server on the company end.


Risks and controls29 l.jpg
Risks and controls

Virtual Private Networks: Devices that allow users to connect to the Internet.

  • Modem banks and dedicated toll-free lines were required for remote connectivity before VPNs.


Risks and controls30 l.jpg
Risks and controls

Virtual Private Networks: Devices that allow users to connect to the Internet.

  • VPNs allowed companies to lower cost by securely tunneling data to company network via the Internet.


Risks and controls31 l.jpg
Risks and controls

Virtual Private Networks: There are three popular tunneling protocols used for VPNs.

  • Point-to-Point Tunneling protocol (PPTP) by Microsoft works at layer 2 of OSI model and is natively supported by Windows.

  • Layer 2 Tunneling Protocol (L2TP) by Cisco also works at layer 2 of OSI model and combines features of L2F and PPTP.

  • IPSec protocol by IETF works at layer 3 of the OSI model and generally provides for stronger encryption and data integrity via digital certificates.


Risks and controls32 l.jpg
Risks and controls

VPN risks:

  • VPN may employ weak authentication mechanisms (when compared against the risk of sending traffic over the Internet).

  • Insecure end user machine may allow intruders to bridge into the company network.

  • Encryption protocols may be weak.

    Controls:

  • Use stronger authentication means such as digital certificates or two-factor authentications.


Risks and controls33 l.jpg
Risks and controls

Controls contd:

  • Ensure VPN solution uses strong encryption means.

  • Employ personal firewalls on machines behind a cable modem.

  • Secure the machines via operating system security practices.


Risks and controls34 l.jpg
Risks and controls

Firewalls (FWs): Devices that control traffic entering and exiting a company network.

  • Firewalls act as perimeter sentries for a network.

  • All incoming & outgoing traffic goes through the firewall.

  • Firewalls has rulesets (policies) that decide what type of passes and what doesn’t. For example:

    • Outsiders can access Company web pages and can send e-mails, but can’t connect to other company servers.

    • Inside employees can connect to external servers, but can’t to peer-to-peer networks.

  • In addition to filtering, some firewalls can provide additional functionality like authentication, virus scanning, intrusion detection, spam filtering etc.


Risks and controls35 l.jpg
Risks and controls

Firewalls: There are three main types of firewalls.

  • Packet filter (PF) FWs filter based on source & destination IP addresses and/or source & destination port numbers.


Risks and controls36 l.jpg
Risks and controls

Firewalls: There are three main types of firewalls.

  • Stateful packet inspection (SPI) FWs build on packet-filtering FWs by looking at the content of the packet.

  • In addition, SPI FWs look at the state of the packet. This ensures that packet that is incoming, but wasn’t a response to a previous outgoing request will be dropped.


Risks and controls37 l.jpg
Risks and controls

Firewalls: There are three main types of firewalls.

  • Application-level/proxy FWs are conceptually different in that they broker all transactions between the sender and receiver by providing a proxy service to both sides.

  • No other traffic can pass since proxy software for that traffic isn’t present on the FW.


Risks and controls38 l.jpg
Risks and controls

Firewalls: Firewall placement in network has security ramifications. Some sample placements include:

  • Screening router setup wherein packet filter/SPI firewalls separate trusted networks from the untrusted networks (Internet).


Risks and controls39 l.jpg
Risks and controls

Firewalls: Firewall placement in network has security ramifications. Some sample placements include:

  • Dual-homed host setup wherein a “bastion” host with proxy FW separates trusted networks from the untrusted networks (Internet).


Risks and controls40 l.jpg
Risks and controls

Firewalls: Firewall placement in network has security ramifications. Some sample placements include:

  • Screened host setup is a combination of a screening router setup (with packet fitler/SPI FW) and a “bastion” host inside the trusted network with a proxy FW.


Risks and controls41 l.jpg
Risks and controls

Firewalls: Firewall placement in network has security ramifications. Some sample placements include:

  • Screened subnet setup wherein an extra screening router (with packet filter/SPI FW) is added and a “bastion” host (with proxy FW) is moved outside the company network in the DeMilitarized Zone (DMZ).


Risks and controls42 l.jpg
Risks and controls

Firewall risks:

  • Properly configured FW has no risk. However, the rulesets can get complicated fast.

  • Firewalls don’t protect against malicious internal users.

  • Firewalls can be undone by rogue modems/wireless APs.

    Controls:

  • Audit FW rulesets to ensure policies are correctly implemented.

  • Use anti-virus, intrusion detection, etc. in addition to firewalls.

  • Prevent rogue modems and/or wireless APs.


Risks and controls43 l.jpg
Risks and controls

Denial of Service (DoS): Attacks on a network aimed at disrupting service to users of a network.

  • Attack not aimed at steal data or compromising security, rather denying legitimate users access to a resource.

  • Occurs mostly at the network, although DoS against operating systems and applications are also possible.

  • There are several types of DoS/DDoS attacks.


Risks and controls44 l.jpg
Risks and controls

Denial of Service (DoS): Types of DoS attacks on networks.

  • Network connectivity resource consumption attack

    • Attacker consumes network connectivity resources denying users the ability to connect to the network.

    • Example includes SYN flood attack that exploits TCP handshake for establishing connection as shown below.


Risks and controls45 l.jpg
Risks and controls

Denial of Service (DoS): Types of DoS attacks on networks.

  • Network connectivity resource consumption attack contd.

    • Attacker sends spoofed SYN packets asking for a connection, however, the victim never receives ACK packets back and keeps waiting. As spoofed SYN packets increase, the victim runs out of resources for valid users to connect.


Risks and controls46 l.jpg
Risks and controls

Denial of Service (DoS): Types of DoS attacks on networks.

  • Bandwidth consumption attack

    • Attacker consumes all network bandwidth denying users a place on the network. Attackers magnify their traffic multiple-fold to flood the victim’s network via “magnification attacks.”

    • Example includes smurf attack that exploits ICMP broadcast feature to generate loads of traffic.

    • Attacker finds susceptible routers on the web that allow broadcast pings (one ping to the router causes ping responses to all computers on the network). These are the “amplifiers” sites.

    • Attacker sends spoofed ICMP pings purporting itself to be the victim to these amplifiers sites, who all respond back to the victim, flooding the victim’s network.


Risks and controls47 l.jpg
Risks and controls

Denial of Service (DoS): Types of DoS attacks on networks.

  • Bandwidth consumption attack contd.

    • Attacker thus leverages unsuspecting routers on the Internet to attack a victim.


Risks and controls48 l.jpg
Risks and controls

Denial of Service (DoS): Types of DoS attacks on networks.

  • Distributed DoS attack.

    • Single sources of attack can be often be filtered out. Hence attacker leverage several compromised machines – “zombies” – to generate a distributed victim. These “zombies” come alive by a single command from attacker and attack the victim.


Risks and controls49 l.jpg
Risks and controls

DoS risks:

  • Risks include loss of revenue, decline in customer faith.

    Controls:

  • Increase number of connections & decrease ACK time-outs to mitigate network resource consumption attacks.

  • Disable ICMP broadcasts for routers.

  • DDoS attacks are difficult to prevent.

    • Receiving routers can’t easily identify spoofed packets coming in. Plus, they are bogged down under attack.

    • However, sending routers can detect spoofed packets being generated. Also, them may not be bogged down.

    • Hence, it is easier to prevent DDoS attack at closer to source than at a victim’s site.


Risks and controls50 l.jpg
Risks and controls

Wireless networks: Popular networking wherein data is passed over the air instead of a physical (wired) media.

  • Bluetooth/IEEE 802.11 networks are being rapidly adopted because of the convenience it offers.

  • Bluetooth works over small distances (few feet) where-as 802.11 networks work over several hundred feet.

  • Chapter focuses on 802.11 based wireless networks.

  • While 802.11(b) is the most widely adopted Wireless LAN (WLAN) standard, 802.11(a) and (g) are gaining popularity because of higher transmission speeds.


Risks and controls51 l.jpg
Risks and controls

Wireless networks: Popular networking wherein data is passed over the air instead of a physical (wired) media.

  • Access points (AP) and wireless cards are required.


Risks and controls52 l.jpg
Risks and controls

Wireless networks: Security mechanisms for wireless networks include the following.

  • Shared secret: Devices needs to know the AP’s Service Set identifier (SSID) to join the network.

  • Address based restrictions: APs point can be configured to accept transmissions only from network cards with predefined MAC addresses.

  • Encryption: 802.11b networks allow the option of encrypting all transmissions using the wired equivalent privacy (WEP) encryption scheme.


Risks and controls53 l.jpg
Risks and controls

Wireless network risks:

  • Transmissions can’t be limited to company premises.

  • Security mechanisms aren’t strong enough

    • SSID is often broadcast in the clear for anyone to read.

    • MAC addresses can be changed/spoofed.

    • WEP encryption scheme is flawed and hence can be cracked.

  • Default password may not be changed.

  • SNMP services may be enabled.

  • Unauthorized APs can undo firewall security and compromise a company network.


Risks and controls54 l.jpg
Risks and controls

Controls:

  • Don’t use wireless networks if not required.

  • Change default passwords, disable SNMP.

  • Disable SSID broadcast.

  • Adopt newer APs that support 802.11i security standard (marketed was WiFi Protected Access – WPA) instead of WEP if possible. If not, use 128-bit WEP encryption.

  • Consider using digital-certificate-based authentication.

  • Scan internal network to identify unauthorized APs.

  • Don’t consider wireless clients trusted. Force them to use techniques like VPN to join company network.


Risks and controls55 l.jpg
Risks and controls

Intrusion Detection System (IDS): System that provides warning and/or takes actions against intrusion attempts on networks and/or computers.

  • Two key types of IDS: Network and Host-based

  • Network IDS

    • Sniffs data on network segments via special sensors

    • Sends it to a centralized console for identifying attacks

  • Host-based IDS.

    • Resides on individual computers (hosts)

    • Monitors files and process activity to identify attacks (similar to anti-virus solutions on PCs)

  • Responses can be active (e.g. close ports, stop service) or passive (send alerts via pagers, e-mails).


Risks and controls56 l.jpg
Risks and controls

Intrusion Detection System (IDS): Network IDS

  • Advantages:

    • Can monitor vast expanses of networks

    • Has global view of attacks (alerts on “doorknob rattling”)

    • Don’t need any changes to individual computers

    • NIDS devices can be made extremely secure

  • Disadvantages:

    • Can’t work in encrypted environments

    • May not work in a switched network topology

    • May not be able to handle all traffic on a busy network


Risks and controls57 l.jpg
Risks and controls

Intrusion Detection System (IDS): Host IDS

  • Advantages:

    • Fewer false positives in assessment

    • May work in encrypted environments

    • Works in all network topologies

    • Better at impact assessment

  • Disadvantages:

    • More intrusive to the computer

    • Has only local view of attacks

    • More administrative overhead since installed on all machines


Risks and controls58 l.jpg
Risks and controls

Intrusion Detection System (IDS): Analysis methods.

  • Two key methods are used for analyzing data: attack signature-based analysis and baseline-based analysis.

  • Attack-signature-based analysis

    • Analysis involves matching network data against a bank of known attack patterns (signatures) (similar to virus definition signatures used by anti-virus software)

    • Provides fairly reliable means of attack identification.

    • Can’t assess new unknown attacks

  • Baseline-based analysis (anomaly detection)

    • Compares network data against established baselines.

    • May detect newer attacks, but higher degree of false positives.


Risks and controls59 l.jpg
Risks and controls

Simple Network Management Protocol (SNMP): Allows reading or altering of configuration of network devices.

  • Popular protocol that is very lightweight and versatile.

  • Allows users to remotely administer network devices (routers, printers, computers) by reading and/or modifying their configurations. Can poll devices too.

  • Client-server architecture. SNMP software on devices report to a (typically centralized) SNMP manager.

  • Clients and managers exchange messages called Protocol Data Units (PDUs).


Risks and controls60 l.jpg
Risks and controls

Simple Network Management Protocol (SNMP): Allows reading or altering of configuration of network devices.

  • PDU exchange requires authentication via “community strings” – which essentially act as passphrases.

  • Two types of community strings exist – a read-only string and one that allows reads and writes.

  • Four types of PDUs exist:

    • get request

    • get-next request

    • set request

    • trap message


Risks and controls61 l.jpg
Risks and controls

Simple Network Management Protocol (SNMP): Allows reading or altering of configuration of network devices.

  • “get request” PDU for getting a specific value from device’s information table (called MIB – management information base)

  • “get next request” PDU for getting value of the next MIB variable subsequent to previous get/get next request.

  • “set request” PDU to set a particular MIB variable. Allows for changing of device configuration.

  • “trap message” PDU to send messages/alerts (“traps”) to SNMP managers.


Risks and controls62 l.jpg
Risks and controls

Simple Network Management Protocol (SNMP): Allows reading or altering of configuration of network devices.

  • Four types of PDUs are used to exchange messages.


Risks and controls63 l.jpg
Risks and controls

SNMP risks:

  • SNMP version 1 (most common) sends community strings in clear-text and hence can be sniffed.

  • Default community names (“public” and “private”) are often unchanged.

  • Often installed, but ignored by administrators.

  • Preferred tool by intruders to footprint an environment. Reveals OS, patches, administrator names, etc.

  • Can be used by intruders to cause DoS attacks.

    Controls:

  • Disable SNMP if not required.


Risks and controls64 l.jpg
Risks and controls

Controls contd.:

  • Filter incoming SNMP traffic via firewalls.

  • Change default community names to stronger values. Periodically change the values.

  • Use SNMP version 2, if possible since it allow for some encryption.

  • Define trusted hosts only which can receive SNMP messages.

  • Apply SNMP patches.


Assurance considerations l.jpg
Assurance considerations

An audit to assess network security should include the following:

  • Ensure the company’s network perimeter is well-defined and documented.

  • Determine the legitimacy and the business needs for of trust relationships among networks.

  • Review the use of firewalls to segregate networks and to protect the computers within a network.

  • Audit the firewall rules for filtering traffic and the use of layered topology for protecting the network.

  • Ensure that the network security is not undone by use of unauthorized modems and/or wireless access points.


Assurance considerations66 l.jpg
Assurance considerations

  • Evaluate the use of encryption to protect data in transit.

  • Determine if controls like personal firewalls are used to protect remote users’ machines.

  • Determine if an intrusion detection system is in place.

  • Ensure insecure network services such as SNMP, tftp, telnet, etc. are either not used or have been secured.

  • Determine if network devices and software are patched.

  • Evaluate the security of wireless networks.

  • Ensure that functional plans for backup and recovery, business resumption, disaster recovery are in place.



ad