1 / 49

Security Awareness: Applying Practical Security in Your World, Second Edition

Security Awareness: Applying Practical Security in Your World, Second Edition. Chapter 5 Network Security. Objectives. Explain how a network functions Discuss how to defend against network attacks Describe the types of attacks that are launched against networks and network computers.

medwin
Download Presentation

Security Awareness: Applying Practical Security in Your World, Second Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security

  2. Objectives • Explain how a network functions • Discuss how to defend against network attacks • Describe the types of attacks that are launched against networks and network computers Security Awareness: Applying Practical Security in Your World, 2e

  3. How Networks Work • Personal computer • Isolated from other computers • Functionality is limited to installed software and hardware directly connected to it • Computer network • Allows sharing Security Awareness: Applying Practical Security in Your World, 2e

  4. Security Awareness: Applying Practical Security in Your World, 2e

  5. Security Awareness: Applying Practical Security in Your World, 2e

  6. Types of Networks • Local area network (LAN) • Computers located relatively close to each other • Wide area network (WAN) • Connects computers over a larger geographical area than a LAN • Wireless local area network (WLAN) • Based on standard that transmits data at fast speeds over a distance of up to 115 meters (375 feet) Security Awareness: Applying Practical Security in Your World, 2e

  7. Security Awareness: Applying Practical Security in Your World, 2e

  8. Security Awareness: Applying Practical Security in Your World, 2e

  9. Transmitting Network Data • Transmission Control Protocol/Internet Protocol (TCP/IP) • Most common set of protocols used on networks • IP address • Uniquely identifies computer • Packets • Used to transmit data through a computer network Security Awareness: Applying Practical Security in Your World, 2e

  10. Security Awareness: Applying Practical Security in Your World, 2e

  11. Network Devices • Network interface card (NIC) • Also called client network adapter • Hardware that connects a computer to a wired network • Laptop computers • May use an internal NIC or an external NIC Security Awareness: Applying Practical Security in Your World, 2e

  12. Security Awareness: Applying Practical Security in Your World, 2e

  13. Security Awareness: Applying Practical Security in Your World, 2e

  14. Network Devices (continued) • Access point (AP) • Contains an antenna and a radio transmitter/receiver to send and receive signals • Jack allows it to connect by cable to a standard wired network • Acts as base station for wireless network • Acts as bridge between wireless and wired networks • Router • Directs packets towards their destination Security Awareness: Applying Practical Security in Your World, 2e

  15. Security Awareness: Applying Practical Security in Your World, 2e

  16. Security Awareness: Applying Practical Security in Your World, 2e

  17. Security Awareness: Applying Practical Security in Your World, 2e

  18. Attacks on Networks • Denial of service (DoS)attack • Attempts to make a server or other network device unavailable by flooding it with requests • Variants • Smurf attack • Distributed denial of service (DDoS)attack Security Awareness: Applying Practical Security in Your World, 2e

  19. Security Awareness: Applying Practical Security in Your World, 2e

  20. Security Awareness: Applying Practical Security in Your World, 2e

  21. Zombie and Botnets • Computers that perform a DDoS and other network attacks • Often normal computers hijacked by attackers to carry out malicious network attacks • Zombies • Can be put to work to send spam and messages used in phishing scams • Can act as hosts for fake Web sites Security Awareness: Applying Practical Security in Your World, 2e

  22. Man-in-the-Middle Attacks • Attacker intercepts messages intended for a valid device • Two computers appear to be communicating with each other • However, they are actually sending and receiving data with a computer between them Security Awareness: Applying Practical Security in Your World, 2e

  23. Security Awareness: Applying Practical Security in Your World, 2e

  24. Hijacking and Spoofing • Spoofing • Act of pretending to be legitimate owner when in reality you are not • Media access control (MAC)address • Permanently recorded on network interface card when manufactured • Computers on network store a table • Links IP address with corresponding MAC address Security Awareness: Applying Practical Security in Your World, 2e

  25. Security Awareness: Applying Practical Security in Your World, 2e

  26. Security Awareness: Applying Practical Security in Your World, 2e

  27. Sniffing • Attacker captures packets as they travel through network • Sniffer • Hardware or software that performs sniffing • Attackers with sniffers • Can capture usernames, passwords, and other secure information without being detected Security Awareness: Applying Practical Security in Your World, 2e

  28. Security Awareness: Applying Practical Security in Your World, 2e

  29. Security Awareness: Applying Practical Security in Your World, 2e

  30. Network Defenses • Primary defenses against network attacks • Devices that can thwart attackers • Designing layout or configuration of a network that will reduce the risk of attacks • Testing network security Security Awareness: Applying Practical Security in Your World, 2e

  31. Network Devices • Firewalls • Designed to prevent malicious packets from entering network or computers • Software firewall • Runs as a program on a local computer to protect it against attacks • Hardware firewalls • Separate devices that protect an entire network • Usually located outside network security perimeter as the first line of defense Security Awareness: Applying Practical Security in Your World, 2e

  32. Security Awareness: Applying Practical Security in Your World, 2e

  33. Firewalls • Rule base • Foundation of a firewall • Establishes what action firewall should take when it receives a packet • Options • Allow, Block, Prompt Security Awareness: Applying Practical Security in Your World, 2e

  34. Firewalls (continued) • Stateless packet filtering • Looks at each incoming packet and permits or denies it based strictly on the rule base • Attackers can easily bypass the protection • Stateful packet filtering • Keeps record of the state of a connection between an internal computer and an external server • Makes decisions based on the connection as well as rule base Security Awareness: Applying Practical Security in Your World, 2e

  35. Security Awareness: Applying Practical Security in Your World, 2e

  36. Security Awareness: Applying Practical Security in Your World, 2e

  37. Network Address Translation (NAT) • Hides IP addresses of network devices from attackers • As a packet leaves the network • NAT removes original IP address from sender’s packet and replaces it with an alias Security Awareness: Applying Practical Security in Your World, 2e

  38. Network Address Translation (NAT) (continued) • NAT software • Maintains table of original address and corresponding alias address • Process is reversed when packet is returned to the NAT Security Awareness: Applying Practical Security in Your World, 2e

  39. Security Awareness: Applying Practical Security in Your World, 2e

  40. Intrusion Detection System • Establishes and maintains network security for large organizations • Monitors activity on the network and what packets are doing • Performs specific function when it senses an attack • Such as dropping packets or tracing source of attack Security Awareness: Applying Practical Security in Your World, 2e

  41. Security Awareness: Applying Practical Security in Your World, 2e

  42. Proxy Server • Primary goal • To conceal the identity of computers within a protected network • Can inspect data packets for viruses and other malicious content • Intercepts requests sent to server and replaces original IP address with its own address Security Awareness: Applying Practical Security in Your World, 2e

  43. Security Awareness: Applying Practical Security in Your World, 2e

  44. Network Design • Demilitarized zone (DMZ) • Another network that sits outside the secure network perimeter • Virtual private network • Creates a secure network connection over a public network Security Awareness: Applying Practical Security in Your World, 2e

  45. Security Awareness: Applying Practical Security in Your World, 2e

  46. Wireless LAN Security • Hotspots • Locations where wireless data services are available • Advantages of WLANs • Do not restrict users to their desks to access network resources • Ease of installation Security Awareness: Applying Practical Security in Your World, 2e

  47. Wireless LAN Security (continued) • Security concerns • Access to the wireless network • View wireless transmissions • Weaknesses in wireless security standards Security Awareness: Applying Practical Security in Your World, 2e

  48. Summary • Purpose of a computer network • To allow computers and devices to share data, programs, and hardware • Denial of service attack • Attempts to make a server unavailable by flooding it with requests • Man-in-the-middle attack • Intercepts communication between two computers Security Awareness: Applying Practical Security in Your World, 2e

  49. Summary (continued) • Firewall • Designed to prevent malicious packets from entering the network • Demilitarized zone • Another network that sits outside the secure network perimeter • Security for wireless LANs • Remains a primary concern for wireless users Security Awareness: Applying Practical Security in Your World, 2e

More Related