Download Security Controls for Computer Systems and Networks

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
Document related concepts

Deep packet inspection wikipedia , lookup

Net bias wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Wireless security wikipedia , lookup

Computer security wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Computer network wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Network tap wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Airborne Networking wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript 
Network
Components and
Security Measures
for Businesses
By
Adam Hess
Topics to be covered:
 Basics of a Network
 Modems, Routers, Firewalls, Switches, Cabling
 Virtual Private Networking (VPN)
 Vulnerabilities with Networks


Businesses
Schools
Basics of a Network
 What is the purpose




of a computer network?
Share resources!
Whether it be software or hardware
(Software) Share files, programs, applications
(Hardware) Share storage
Basics of a Network
 Four basic elements of a computer network:




Sender
Receiver
Medium (copper, fiberglass, light)
Protocols
 Two types


of Networks:
Peer-to-Peer (P2P)
Client-Server (C/S)
Basics of a Network
 Geographical distinctions:

PAN (Personal Area Network)
 Bluetooth earpiece

LAN (Local Area Network) and WLAN(Wireless LAN)
 Computers on an

to cellphone
office floor
WAN (Wide Area Network)
 Device in one city connected to device in
another city.
Peer-to-Peer Network
 Can connect two computers together
with
crossover cable
 Can connect computers with a switch
 Every computer is responsible for what resources
it shares, as well as security settings.
Client-Server Network
 Has server
computer with a server operating
system which manages resources.
 Server has domain controller(s)



List of users
List of groups
List of computers
Client-Server Network
 Server



controls what the clients see
Which clients see what information
Which users have access
Which computers have access
 Manage utilities


Antivirus
Updates, etc.
Modems, CSU/DSU
 A modem is a device that modulates an
analog
carrier signal to encode digital information.
 It also demodulates carrier waves to get the digital
information.
 Dial-Up connections
Modems, CSU/DSU
 CSU/DSU – Channel Service Unit/Data Service
Unit. (Confused with modems)
 Digital-Digital connection. No need to
modulate/demodulate from analog to digital or
vise versa.
 Device used to connect a router to a digital circuit
such as a DSL, T-Carrier, and OC lines.
 They are responsible for the connection between
telecom network and your network.
Routers

Routers are the devices that make communication
between networks possible.



Operate at the Network Layer (Layer 3) of OSI model.
A router forwards packets and routes the information
to a desired destination.
When devices are connected to the ports of a switch in
the router, the router will assign each of them a unique
IP address with the help of Dynamic Host
Configuration Protocol (DHCP).
Routers
 Consumer-focused Router vs. Business Router
 Consumer based routers are typically around the
$100 range, depending on what features they
come with.
 Business based routers can be very expensive:
$1000+. These are purposed for security, flexible
access to network, and scalability.
Firewalls
 A firewall can be a software or hardware-based
network security system.
 The firewall’s job is to block ports (or doors) so
that only the ports you want information to come
in on are open.
 There are 65,536 ports that a network can use to
communicate to the Internet or outside the
network.
Firewalls



Stateful firewalls can control the incoming and
outgoing network traffic and analyze the data to
determine whether it should be allowed through.
They keep memory of previous packets and hold
several attributes of each connection in dynamic state
tables.
Firewalls can be configured; the network administrator
can create a rule set to check the incoming and
outgoing data on whether or not it can pass through.
Firewalls
 Hardware firewalls come in two types:


Network Address Translation (NAT)
Stateful Packet Inspection (SPI)
 Software firewalls:

Checks to see if applications on your computer are
trying to communicate outside the network
Switches
 Devices that link network segments or network
devices (computers, other switches, etc)
 Switches operate at the Data-Link Layer (Layer 2)
of the OSI model.
 These devices receive messages from other
devices and transmit the messages only to the
devices for which the message was intended.
Switches
 Two types of switches:
Managed/Unmanaged
 Managed switches: Allows users to change
configurations and tune the network properly.
 Unmanaged switches: Doesn’t allow any changes
to configurations/settings.
 Unmanaged switches are normally found at the
consumer level.
Switches
 Switches are very important for computer
networks.
 These devices bridge the network components
together and allows for a manageable
architecture.
 Switches are crucial for setting up segments or
VLANs (Virtual Local Area Networks)
Cabling
 Without cables, there would be no way for any
communication in a network!
 Cabling may sound very basic, and it is. But there
are certain procedures and guidelines to follow.
Cabling

Different types of networking cables:


Cat3, Cat5, Cat6 Ethernet cables
Cat3 was the original networking cable not used much
anymore.


Cat5, or Cat5e, has been the standard for a while.


Max speed of 10 Mbps
Max speeds of 1 Gbps
Cat6 is now becoming more of the standard.
Allows speeds up to 10 Gbps
 Also has more shielding between the twisted pair wires

Cabling
 Plenum cable:
Very expensive cable but only used
in hot areas.
 If you have to run cable through heating ducts,
then you should use Plenum cable.
 Some states have standards that prohibit anything
other than Plenum cabling to be run through
heating ducts.
 To be safe, either avoid going through ducts, or if
you must, then use Plenum cable.
Cabling

Plugs used for these cables?



RJ-45
(RJ-11 is used for telephones!)
When cabling, take your time and do a good job.




Zip-tie bunches of cables
Cables should run to a central area
Ends of these cables should be punched into patch panels
These panels allow for flexibility and ease of seeing what
plug goes to which port.
Cabling
 All your runs
should be “homeruns”
 The cable should be a single cable from the jack all
the way to the patch panel.



Spliced cables are not professional
Spliced cables can deteriorate
Stress can pull connection apart
Virtual Private Networking (VPN)
 VPN
allows computers and/or networks to
connect over the Internet securely.

Example: Office in Los Angeles needs to securely
connect to the network in an office in New York.
 VPN

follows a C/S architecture.
VPN software allows the clients to connect to the
server securely.
Virtual Private Networking(VPN)
 Large number of routers in the Internet
 Tunneling



protocol
Sets up a “tunnel” between your client and the
server
Encrypts the data inside the tunnel
If a hacker is sitting at a router between the client
and the server and tries penetrating the tunnel, the
data is still encrypted
Virtual Private Networking (VPN)
 The

tunnel will detect any attempted attacks.
Tunnel will shut down and find a new path through
the Internet
 This is how VPN sustains a secure connection.
Virtual Private Networking (VPN)
 How does VPN



communication happen?
VPN client application on your computer will ask for
username and password.
This data is sent to the server.
VPN server will check credentials and see if you’re
allowed on the network.
Virtual Private Networking (VPN)
 Once connected to VPN server, the computer is
logically a part of the network.
 Problems?



The speed of your connection and the upload speed
of the network at the office is crucial.
If you try to edit a large file on the network, then
that data will have to get uploaded to the Internet.
VPN is slow compared to physically being a part of
the network.
Virtual Private Networking (VPN)

Other problems?


Old wiring is bad for transmitting data.
The problem with this is that VPN technology says that if
someone tries to hack into the tunnel, the tunnel will
drop and rebuild a connection through a different router.
What does an attack “look like”?
 When the data signal isn’t steady or if the stream gets
slowed down, dropped packets etc.



If you have bad wiring between you and the server, you
may have these problems.
VPN may keep bouncing up and down causing problems.
Vulnerabilities with Networks
 Information can be considered the
most
important thing when it comes to businesses
 Keeping trade secrets and patents, even financial
or personal information can make or break a
business.
 Network Administrators must keep the network
safe and allow only permitted users to be on the
network.
Vulnerabilities with Networks
 With C/S network, this is very simple.

Clients can only access what the server allows them.
 Clients
can only get this access when credentials are
verified
 When the Network Administrator sets up
the
groups, users, and computers, he/she must
manage which ones have access to what
information.
Vulnerabilities with Networks
 Monitoring traffic among the clients, Network
Administrators can detect attacks if one of the
users attempts to hack into something.
 With WLANs, the risks of intrusions are even
greater.


Any mobile device within range of the access point
is a threat to the security of the network.
Having a Network Access Controller, the
administrator can allow access to only certain users
or devices.
Network Security Challenges Faced
by Universities
 Each year, new students arrive at colleges and
bring with them their laptops and other mobile
devices.
 More often than not, these devices are not up to
the security levels that would be acceptable.
 On top of that, the devices could be housing
malware and other viruses.
Conclusion
 In summary, developing
a successful and secure
computer network system has several areas that
must be addressed.

Network components, cabling, configurations, etc.
 Being a network administrator comes with a great
responsibility of protecting the network from
attacks and keeping the information from being
leaked to unwelcome guests while maintaining
stable connections to all the network
components.
Questions or Comments?
References:

[1] (2013, October 16). Retrieved October 20, 2013, from Wikipedia website: http://upload.wikimedia.org/wikipedia/commons/5/5b/Firewall.png



[2] Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches ." . (n.d.). Retrieved October 16, 2013, from
SANS website:
http://www.sans.org/critical-security-controls/control.php?id=10


[3] Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers . (n.d.). Retrieved
October 10, 2013, from SANS website: http://www.sans.org/critical-security-controls/control.php?id=3


[4] Data Breach Trends & Stats. (2013). Retrieved October 10, 2013, from http://www.indefenseofdata.com/data-breach-trends-stats


[5] Dhull, S. (2010). Study of Vulnerabilities in Wireless Local Area Networks (WLAN). International Journal of Education Administration, 2(4), 727-731.
Retrieved from http://www.ripublication.com/ijea.htm


[6] Network and Computer Systems Administrators. (2012, March 19). Retrieved October 16, 2013, from Occupational Outlook Handbook website:
http://www.bls.gov/ooh/computer-and-information-technology/network-and-computer-systems-administrators.htm


[7] Positioning Network Agent in the network. (n.d.). Retrieved October 25, 2013, from Websense website:
http://www.websense.com/content/support/library/deployctr/v77/dic_ws_na_loc.aspx


[8] Powers, V. (2008, March). Keeping an Eye on the Network. University Business, 55-58. Retrieved from http://www.badgerlink.net/


[9] Purcell, J. E. (n.d.). Security Control Types and Operational Security. Retrieved October 10, 2013, from Risk website: http://risk1.net/SecurityControl-Types-and-Operational-Security-James-E.-Purcell-pdf-e2182.html


[10] Stewart, J. (2011, June 6). June tech tips - firewalls, routers, and switches. The Enterprise. Retrieved from http://www.slenterprise.com/


[11] Thurman, M. (2011, March 7). Firming Up Firewall Protection. Security Manager's Journal, 24.
Related documents
BUS 352 Week 4 Discussion 2 (Security components)
BUS 352 Week 4 Discussion 2 (Security components)
What is a VPN? A VPN (Virtual Private Network) is a private
What is a VPN? A VPN (Virtual Private Network) is a private
Agenda
Agenda
Virtual Private Network(VPN)
Virtual Private Network(VPN)
Solution: Virtual Private Network (VPN)
Solution: Virtual Private Network (VPN)
Virtual Private Network
Virtual Private Network
Installation of Low Voltage Systems
Installation of Low Voltage Systems
common network terms - Amazon Web Services
common network terms - Amazon Web Services
Virtual Private Network (VPN)
Virtual Private Network (VPN)
pptx
pptx
Virtual Private Networks - Mathematics and Computer Science
Virtual Private Networks - Mathematics and Computer Science
Commercial Sales
Commercial Sales
virtual private network(vpns)
virtual private network(vpns)
Understand Wide Area Networks (WANs)
Understand Wide Area Networks (WANs)
Configuring a VPN for Dynamic IP Address
Configuring a VPN for Dynamic IP Address
p1568938335-dutta - Computer Science, Columbia University
p1568938335-dutta - Computer Science, Columbia University
BUSINESS PRODUCT - Ingram Micro US
BUSINESS PRODUCT - Ingram Micro US
Customizable virtual private network service with QoS
Customizable virtual private network service with QoS