1 / 40

TCP/IP Networks Management and Security

TCP/IP Networks Management and Security. Presented by: David M. Litton, CPA, CISA, CGFM Deputy Director, Audit and Management Services Virginia Commonwealth University May 7, 2001. Course Objectives:. What is a TCP/IP Network? Common components of a TCP/IP network

zilya
Download Presentation

TCP/IP Networks Management and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TCP/IP Networks Management and Security Presented by: David M. Litton, CPA, CISA, CGFM Deputy Director, Audit and Management Services Virginia Commonwealth University May 7, 2001

  2. TCP/IP Networks Management and Security

  3. Course Objectives: • What is a TCP/IP Network? • Common components of a TCP/IP network • Network environment: TCP/IP protocol and associated devices functionality • General network risks • Specific risks and compensating controls for TCP/IP network devices • Areas of a TCP/IP Infrastructure Audit TCP/IP Networks Management and Security

  4. What is a TCP/IP Network? • Envelope and post office concept • Ethernet Frames • Internet Protocol (IP) – Connectionless datagram; tries to send but not sure if it gets there • Transmission Control Protocol (TCP) • Alternatives to TCP: UDP and ICMP • Ports • Socket (Combination of port# & IP address) • Connection (pair of sockets for a session) TCP/IP Networks Management and Security

  5. TCP/IP Networks Management and Security

  6. OSI Model and TCP/IP Compared

  7. TCP/IP Networks Management and Security

  8. Common components of a TCP/IP network • Cat 5 UTP Wiring & fiber optics lower layer 1 • Hubs emphasis layer 1 • Bridges layer 1 or lower-part of layer 2 (MAC) • Switches – some layer 1 & emphasis layer 2 • Routers – emphasis layer 3 & some layer 4 • Applications/network utilities: layers 5-7; FTP, HTTP, NFS, X-Windows, Telnet… • Protocol Stacks: part of server/work station O/S • Servers - physical and logical contrasted • Specialized IP servers: DHCP, BOOTP, DNS… TCP/IP Networks Management and Security

  9. Network Environment: TCP/IP Protocol and Associated Devices Functionality TCP/IP Networks Management and Security

  10. LAN/WAN Protocol Example

  11. Inconsistently applied back-up procedures for Network Equipment and Servers Lack of a test lab and change control procedures Intercepting clear text, log-on identifiers and passwords Staff turn-over Use of unauthenticated services on network hosts and pass through routers Lack of spoofing prevention measures Use of default passwords on network equipment Lack of password change procedures for network equipment Poor O/S controls on network devices General network risks TCP/IP Networks Management and Security

  12. Improper access to restricted systems (patient information, financial records, payroll, etc.) Release of sensitive information Prolonged outages and inconsistent availability Lack of documentation Non-compartmentalized traffic Trojan Horses Lack of expertise, training, and cross-training Lack of restoration plans or spare parts Ineffective procedures Masquerading as another individual Spying, Sabotage Risk from easy-to-use freeware utilities Stolen Passwords General network risks TCP/IP Networks Management and Security

  13. Specific risks and compensating controls for TCP/IP network devices TCP/IP Networks Management and Security

  14. Router Risks and Controls TCP/IP Networks Management and Security

  15. Router Risks and Controls TCP/IP Networks Management and Security

  16. Router Risks and Controls TCP/IP Networks Management and Security

  17. Console TFTP Telnet TACACS MOP (maintenance operation protocol by DEC for CISCO routers) SNMP R-Shell R-Copy FTP HTTP More being added, check manufacturer documentation Router Risks and Controls:Methods of Accessing Routers TCP/IP Networks Management and Security

  18. Domain Name Service:Risks and Controls TCP/IP Networks Management and Security

  19. Network Address Translation TCP/IP Networks Management and Security

  20. TCP/IP Environment Example

  21. Wiring/Hubs: Risks and Controls TCP/IP Networks Management and Security

  22. Additional Server Risks and Controls TCP/IP Networks Management and Security

  23. Dangerous Services to be Restricted TCP/IP Networks Management and Security

  24. Work Stations Risks and Controls TCP/IP Networks Management and Security

  25. Encryption • Examine Encryption Practices • Determine where the traffic is the most exposed – going out on the Internet, between business partners… • Look for controls like compartmentalization & VLANs to reduce internal exposure • Use Encrypted methods like SNMP V.2 and CHAP V.2 to communicate to network devices • Consider testing encryption controls with a sniffer TCP/IP Networks Management and Security

  26. Sniffed PPP Connection in Clear Text TCP/IP Networks Management and Security

  27. Areas of a TCP/IP Infrastructure Audit:Why Examine Network Infrastructure • Rarely examined • Large investment • Basis for most technology - the “common denominator” • Connects to the World • Lost Revenue on E-Commerce • Susceptible to Denial of Service Attacks TCP/IP Networks Management and Security

  28. Areas of a TCP/IP Infrastructure Audit: Recommended Objectives • Continuity(consistent reliability and availability of system -- back-up and ability to recover) • Management and Maintenance (additions, change procedures, upgrades, and documentation) • Security(appropriate physical and logical access to network devices and hosts) TCP/IP Networks Management and Security

  29. Auditing TCP/IP Infrastructure • Review network policies and procedures • Review network diagrams (layer 1 & 2), design, and walk-through, list of network equipment and IP address list • Verify diagrams with Ping and Trace Route • Review utilization, trouble reports & helpdesk procedures • Probe systems (Netscan tools and Portscanner) • Interview network vendors, users, and network technicians • Review software settings on network equipment • Inspect computer room and network locations • Evaluate back-up and operational procedures TCP/IP Networks Management and Security

  30. Conclusion • Identify the paths and equipment used to navigate the network • Identify TCP/IP infrastructure areas of concern • Break into manageable pieces • Every network is different and the components and risks must be fully understood • Identify risks and prioritize • Dedicate more upfront planning • RELAX !! It’s not that bad ! TCP/IP Networks Management and Security

  31. Additional Information • Presentation located on line at URL: http://www.vcu.edu/iaweb/iam_welc.html • Contact information: dmlitton@vcu.edu (804) 828-9248 TCP/IP Networks Management and Security

More Related