Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Deep packet inspection wikipedia , lookup
Computer network wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Distributed firewall wikipedia , lookup
Network tap wikipedia , lookup
Wireless security wikipedia , lookup
Airborne Networking wikipedia , lookup
Zero-configuration networking wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Computer security wikipedia , lookup
Fundamentals of Information Systems Security Lesson 2 Changing How People and Businesses Communicate Fundamentals of Information Systems Security 2013Jones Jonesand andBartlett BartlettLearning, Learning,LLC, LLC,an anAscend AscendLearning LearningCompany Company ©©2015 www.jblearning.com www.jblearning.com Allrights rightsreserved. reserved. All Page 1 Learning Objective Assess the current methods of business communications today and the associated risks and threats. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Key Concepts The evolution of personal and business communications from analog to digital to VoIP to unified communications Store-and-forward communications versus real-time communications The impact of the Internet on how people and businesses communicate Risk-mitigation strategies for VoIP and SIP applications Why businesses today need an Internet marketing strategy Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 DISCOVER: CONCEPTS Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 Evolution of Telecommunications Wall cabling by users Among 7 RBOCs for minuets Fundamentals of Information Systems Security For Central switches> Voice & Data travel together Diff data streams transmitted through same Fiber Optic line Dense Wavelength Division Multiplexing © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 Evolution of Voice Communications Session Initiation Protocol supports chat & conferencing Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 Evolution of Internet Access From dial-up to broadband Public Switched Telephone Network Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 Data Signal 1 (T1) & Data Signal 3 (T3) A DS1 circuit is made up of twenty-four 8-bit channels (also known as timeslots or DS0s), each channel being a 64 kbit/s DS0 multiplexed carrier circuit. A DS1 is also a full-duplex circuit, which means the circuit transmits and receives 1.544 Mbit/s concurrently. A total of 1.536 Mbit/s of bandwidth is achieved by sampling each of the twenty-four 8-bit DS0s 8000 times per second. This sampling is referred to as 8-kHz sampling A Digital Signal 3 (DS3) is a digital signal level 3 T-carrier. The data rate for this type of signal is 44.736 Mbit/s (45 Mb). This level of carrier can transport 28 DS1 level signals within its payload. This level of carrier can transport 672 DS0 level channels within its payload. Such circuits are the usual kind between telephony carriers, both wired and wireless, and typically by OC1optical connections. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 Essentials of VoIP, SIP, and UC Voice over Internet Protocol (VoIP) and unified communications (UC) require realtime support VoIP supports voice communications UC supports variety of communications applications Both use Session Initiation Protocol (SIP) Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 UC Applications Presence/ Availability IM Chat Video Fundamentals of Information Systems Security Audio Collaboration © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10 UC Applications Presence/availability—Within an IM chat box, you can list business, personal, and family contacts, and obtain the current availability status of your contacts. Instant messaging (IM) chat—This form of real-time communication is used for quick answers to quick questions. Audio conferencing—Audio conferencing is a softwarebased, real-time audio conference solution for VoIP callers. Videoconferencing—This is a software-based, real-time video conferencing service. Collaboration—Collaboration allows for software based, real-time, multi-person document and application sharing, with IM chat, audio, and video conferencing functionality. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 Store-and-Forward vs. Real-Time Communications Real-time Store-andforward Fundamentals of Information Systems Security • Occurs instantaneously • Acceptable delay in transmitting communication © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 VoIP and SIP Packets VoIP and SIP packets segmented from IP data packets Fundamentals of Information Systems Security Gateway © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 DISCOVER: PROCESS Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 Risks, Threats, Vulnerabilities Eavesdropping Call control Impersonation Toll fraud Brute-force password attacks Denial of Service (DoS) attacks Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 Risk, Threat, or Vulnerability Mitigation Eavesdropping: Unauthorized parties listening in to phone conversations without permission Lock wiring closets, lock down switch LAN attack ports, and house VoIP servers in data center. Deploy separate voice VLANs to minimize access to VoIP traffic. Encrypt VoIP packets where mandated by policy. Attackers obtaining knowledge about call control (VoIP server software), call patterns, and call usage to help them gain unauthorized access Same as above, plus use strong access controls to the VoIP system. Enable continuous auditing and logging for all system admin access to the VoIP system. Put VoIP call servers on their own firewalled VLAN and encrypt call control. Attackers impersonating an un authorized user to gain access to a VoIP phone. Use access controls on VoIP phones to prevent toll fraud and nonbusiness use for long-distance and international dialing. Enable second-level authentication on VoIP phones. Toll fraud or unauthorized use of VoIP phones. Provide users with authorization codes for long-distance and international dialing access. Brute-force password attacks on VoIP phone systems and phones Require frequent password-change policies (30-60-90 days). Require long passwords and use of alphanumeric characters. Denial of service (DoS) and distributed denial of service (DDoS) attacks Put VoIP call servers deep inside your IT infrastructure so that ping or ICMP packets can’t move through your IP network. Stop ping or ICMP packets from rogue IP source addresses. implement IDS/IPS at the Internet Ingress/egress to block ping attacks Poor network performance and throughput resulting in dropped VIOP calls Use separate VLANs for voice and data. Segment voice traffic onto same VLAN with VoIP servers. Use GigE or 10GigE switched LAN connectivity to the desktop. Enable Qos on WAN routers if congestion occurs Servers that could fail and disrupt critical business functions Use redundant VoIP call servers in two different physical locations, one acting as backup to the other. Disclosure of confidential data because VoIP and data are shared Isolate departmental VoIP and data VLANs. Enable VoIP and SIP firewalls to secure ©VLANs that carry confidential information. Remotely access VoIP 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company Page 16 systemswww.jblearning.com via secure shell (SSH) All rights reserved. Fundamentals of Information Systems Security Maintaining C-I-A Public Switched Telephone Network IP Telephony Server Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17 DISCOVER: ROLES Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18 Multimodal Communications Unified Communication can enhance customer-service delivery VoIP and SIP packets segmented from IP data packets Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 19 DISCOVER: CONTEXTS Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 20 Business Case Scenario CorpA is a business services provider with 300 employees spread across 5 branches. Some employees travel frequently between branches for sales meetings. CorpA employees use instant messaging (IM) to communicate. Security weaknesses with the current IM application have resulted in several security breaches over the last year. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 21 DISCOVER: RATIONALE Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 22 Why Businesses Need an Internet Marketing Strategy Must remain competitive Brick-and-mortar business model out of date in global market Customers require continuous access to information, products, and services Internet presence exposes organizations to online risks, threats, and vulnerabilities Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 23 IP Mobile Communications Mobile Node (MN) Home Agent (HA) Foreign Agent (FA) Care of Address (COA) Correspondent Node (CN) Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 24 IP Mobile Communications Today’s 4G networks provide true IP communications. Real jump. Each 4G device has a unique IP address like any other wired device on network. This made smart phones able to communicate with any fixed device without translating addresses. But, devices moving around all the time are difficult to secure. Next screens show how mobile IP provides connection transparency: Several entities work together to ensure that mobile devices can move from one network to another without dropping connections: Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 25 IP Mobile Communications Mobile Node (MN)—The mobile device that moves from one network to another. It has a fixed IP address regardless of the current network. Home Agent (HA)—A router with additional capabilities over standard routers. It keeps track of the MNs it manages. When an MN leaves the local network, the HA forwards packets to the MN’s current network. Foreign Agent (FA)—A router with additional capabilities connected to another network (not the HA network). When the MN connects to another network that supports mobile IP, it announces itself to the FA. The FA assigns the MN a local address. Care of Address (COA)—The local address for the MN when it connects to another network. The FA assigns the COA to the MN and sends the COA to the HA when the MN connects. In many cases, the COA is actually the FA address. The HA forwards any packets for the MN to the COA. The FA receives the packets and forwards them to the MN. Correspondent Node (CN)—The node that wants to communicate with the MN. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 26 IP Mobile Communications Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 27 Security of IP mobile devices Risk, Threat, or Vulnerability Untrusted access points Mitigation VPN for all network access Untrusted foreign networks VPN for all network access Sensitive data on mobile device Mandatory encryption of sensitive data at rest. Device loss or theft Required software to support wipe device after successive failed logon attempts or loss/theft. Required software to locate lost or stolen device. Weak security on personal device Policy requiring access passcode and device antimalware software. Policy and end user training on the dangers and proper use of infrared or Bluetooth to connect to peripherals. Commingling of personal and business data Strong policy on appropriate use and separation of business data. Spoofing and session hijacking Policy and training on best practices when connecting to untrusted networks. VPN for all network access. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 28 Key Words DWDM: Dense Wavelength Division Multiplexing carrying multiple wavelength signals within the same fiber optics cable. PBX: Private Branch Exchange.(users do wiring) PSTN: Public Switched Telephone Network. SIP: Session Initiation Protocol.(Multimedia communication protocol to be used by UC to support IM, chat, collaboration, audio and video conferencing) UC: Unified Communication. RBOCs: Regional Bell Operating Companies. TDM: Time Division Multiplexing (converge voice, video, and data communication by splitting the WAN channel into slots, each of them can carry either voice or video or data) Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 29 Network Devices: Router (1/5) A router is a networking device, commonly specialized hardware, that forwards data packets between computer networks. This creates an overlay internetwork, as a router is connected to two or more data lines from different networks. When a data packet comes in one of the lines, the router reads the address information in the packet to determine its ultimate destination. Then, using information in its routing table or routing policy, it directs the packet to the next network on its journey. Routers perform the "traffic directing" functions on the Internet. A data packet is typically forwarded from one router to another through the networks that constitute the internetwork until it reaches its destination node. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 30 Network Devices: Router (2/5) The most familiar type of routers are home and small office routers that simply pass data, such as web pages, email, IM, and videos between the home computers and the Internet. An example of a router would be the owner's cable or DSL router, which connects to the Internet through an ISP. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 31 Network Devices: Router (3/5) A typical home or small office router showing the ADSL telephone line and Ethernet network cable connections Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 32 Network Devices: Router (4/5) When multiple routers are used in interconnected networks, the routers exchange information about destination addresses using a dynamic routing protocol. Each router builds up a table listing the preferred routes between any two systems on the interconnected networks. A router has interfaces for different physical types of network connections, such as copper cables, fiber optic, or wireless transmission. It also contains firmware for different networking communications protocol standards. Each network interface uses this specialized computer software to enable data packets to be forwarded from one protocol transmission system to another. Routers may also be used to connect two or more logical groups of computer devices known as subnets, each with a different subnetwork address. The subnet addresses recorded in the router do not necessarily map directly to the physical interface connections.[2] A router has two stages of operation called planes: Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 33 Network Devices: Router (5/5) Control plane: A router maintains a routing table that lists which route should be used to forward a data packet, and through which physical interface connection. It does this using internal preconfigured directives, called static routes, or by learning routes using a dynamic routing protocol. Static and dynamic routes are stored in the Routing Information Base (RIB). The control-plane logic then strips the RIB from non essential directives and builds a Forwarding Information Base (FIB) to be used by the forwardingplane. Forwarding plane: The router forwards data packets between incoming and outgoing interface connections. It routes them to the correct network type using information that the packet header contains. It uses data recorded in the routing table control plane. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 34 Network Devices: Switch (1/2) A network switch (sometimes known as a switching hub) is a computer networking device that is used to connect devices together on a computer network, by using a form of packet switching to forward data to the destination device. A network switch is considered more advanced than a hub because a switch will only forward a message to one or multiple devices that need to receive it, rather than broadcasting the same message out of each of its ports. A network switch is a multi-port network bridge that processes and forwards data at the data link layer (layer 2) of the OSI model. Switches can also incorporate routing in addition to bridging; these switches are commonly known as layer-3 or multilayer switches. Switches exist for various types of networks including Fibre Channel, Asynchronous Transfer Mode, InfiniBand, Ethernet and others. The first Ethernet switch was introduced by Kalpana in 1990 Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 35 Network Devices: Switch (2/2) Multiple cables can be connected to a switch to enable networked devices to communicate with each other. Switches manage the flow of data across a network by only transmitting a received message to the device for which the message was intended. Each networked device connected to a switch can be identified using a MAC address, allowing the switch to regulate the flow of traffic. This maximises security and efficiency of the network. Because of these features, a switch is often considered more "intelligent" than a network hub. Hubs neither provide security, or identification of connected devices. This means that messages have to be transmitted out of every port of the hub, greatly degrading the efficiency of the network. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 36 Network Devices: Gateway(1/4) In telecommunications, the term gateway has the following meaning: • Gateway is a router or a proxy server that routes between networks • Gateway Rule - Gateway should belong to same subnet to which your PC belongs • In a communications network, a network node equipped for interfacing with another network that uses different protocols. • A gateway may contain devices such as protocol translators, impedance matching devices, rate converters, fault isolators, or signal translators as necessary to provide system interoperability. It also requires the establishment of mutually acceptable administrative procedures between both networks. • A protocol translation/mapping gateway interconnects networks with different network protocol technologies by performing the required protocol conversions. • Loosely, a computer or computer program configured to perform the tasks of a gateway. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 37 Network Devices: Gateway(2/4) • Gateways, also called protocol converters, can operate at any network layer. The activities of a gateway are more complex than that of the router or switch as it communicates using more than one protocol. • Both the computers of Internet users and the computers that serve pages to users are host nodes, while the nodes that connect the networks in between are gateways. For example, the computers that control traffic between company networks or the computers used by internet service providers (ISPs) to connect users to the internet are gateway nodes. • In the network for an enterprise, a computer server acting as a gateway node is often also acting as a proxy server and a firewall server. A gateway is often associated with both a router, which knows where to direct a given packet of data that arrives at the gateway, and a switch, which furnishes the actual path in and out of the gateway for a given packet. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 38 Network Devices: Gateway(3/4) • On an IP network, clients should automatically send IP packets with a destination outside a given subnet mask to a network gateway. A subnet mask defines the IP range of a private network. For example, if a private network has a base IP address of 192.168.0.0 and has a subnet mask of 255.255.255.0, then any data going to an IP address outside of 192.168.0.X will be sent to that network's gateway. While forwarding an IP packet to another network, the gateway might or might not perform Network Address Translation. • A gateway is an essential feature of most routers, although other devices (such as any PC or server) can function as a gateway. A gateway may contain devices such as protocol translators, impedance matching devices, rate converters, fault isolators, or signal translators as necessary to provide system interoperability. It also requires the establishment of mutually acceptable administrative procedures between both networks. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 39 Network Devices: Gateway(4/4) • Most computer operating systems use the terms described above. Microsoft Windows, however, describes this standard networking feature as Internet Connection Sharing, which acts as a gateway, offering a connection between the Internet and an internal network. Such a system might also act as a DHCP server. Dynamic Host Configuration Protocol (DHCP) is a protocol used by networked devices (clients) to obtain various parameters necessary for the clients to operate in an Internet Protocol (IP) network. By using this protocol, system administration workload greatly decreases, and devices can be added to the network with minimal or no manual configurations. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 40 Network Devices: Proxy(1/7) • In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. • A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. • Proxies were invented to add structure and encapsulation to distributed systems. • Today, most proxies are web proxies, facilitating access to content on the World Wide Web and providing anonymity. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 41 Network Devices: Proxy(2/7) Communication between two computers (shown in grey) connected through a third computer (shown in red) acting as a proxy. Bob does not know whom the information is going to, which is why proxies can be used to protect privacy Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 42 Network Devices: Proxy(3/7) Types of proxy: A proxy server may reside on the user's local computer, or at various points between the user's computer and destination servers on the Internet. • A proxy server that passes requests and responses unmodified is usually called a gateway or sometimes a tunneling proxy. • A forward proxy is an Internet-facing proxy used to retrieve from a wide range of sources (in most cases anywhere on the Internet). • A reverse proxy is usually an Internet-facing proxy used as a front-end to control and protect access to a server on a private network. A reverse proxy commonly also performs tasks such as load-balancing, authentication, decryption or caching Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 43 Network Devices: Proxy(4/7) An open proxy forwarding requests from and to anywhere on the Internet • An open proxy is a forwarding proxy server that is accessible by any Internet user. There are "hundreds of thousands" of open proxies on the Internet. • An anonymous open proxy allows users to conceal their IP address while browsing the Web or using other Internet services. • There are varying degrees of anonymity however, as well as a number of methods of 'tricking' the client into revealing itself regardless of the proxy being used. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 44 Network Devices: Proxy(5/7) A reverse proxy taking requests from the Internet and forwarding them to servers in an internal network. Those making requests connect to the proxy and may not be aware of the internal network. • A reverse proxy (or surrogate) is a proxy server that appears to clients to be an ordinary server. Requests are forwarded to one or more proxy servers which handle the request. The response from the proxy server is returned as if it came directly from the origin server, leaving the client no knowledge of the origin servers. • Reverse proxies are installed in the neighborhood of one or more web servers. All traffic coming from the Internet and with a destination of one of the neighborhood's web servers goes through the proxy server. The use of "reverse" originates in its counterpart "forward proxy" since the reverse proxy sits closer to the web server and serves only a restricted set of websites. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 45 Network Devices: Proxy(6/7) There are several reasons for installing reverse proxy servers: • Encryption / SSL acceleration: when secure web sites are created, the SSL Secure Sockets Layer encryption is often not done by the web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware.. Furthermore, a host can provide a single "SSL proxy" to provide SSL encryption for an arbitrary number of hosts; removing the need for a separate SSL Server Certificate for each host. • Load balancing: the reverse proxy can distribute the load to several web servers, each web server serving its own application area. • Serve/cache static content: A reverse proxy can offload the web servers by caching static content like pictures and other static graphical content. • Compression: the proxy server can optimize and compress the content to speed up the load time. • Spoon feeding: reduces resource usage caused by slow clients on the web servers by caching the content the web server sent and slowly "spoon feeding" it to the client. This especially benefits dynamically generated pages. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 46 Network Devices: Proxy(7/7) There are more reasons for installing reverse proxy servers: • Security: the proxy server is an additional layer of defense and can protect against some OS and Web Server specific attacks. However, it does not provide any protection from attacks against the web application or service itself, which is generally considered the larger threat. • Extranet Publishing: a reverse proxy server facing the Internet can be used to communicate to a firewall server internal to an organization, providing extranet access to some functions while keeping the servers behind the firewalls. If used in this way, security measures should be considered to protect the rest of your infrastructure in case this server is compromised, as its web application is exposed to attack from the Internet. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 47 Network Devices: Access Point (1/5) Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 48 Network Devices: Access Point (2/5) Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 49 Network Devices: Access Point (3/5) • A wireless Access Point (AP) is a device that allows wireless devices to connect to a wired network using Wi-Fi, or related standards. The AP usually connects to a router (via a wired network) as a standalone device, but it can also be an integral component of the router itself. • Prior to wireless networks, setting up a computer network in a business, home or school often required running many cables through walls and ceilings in order to deliver network access to all of the network-enabled devices in the building. • With the creation of the wireless Access Point (AP), network users are now able to add devices that access the network with few or no cables. • An AP normally connects directly to a wired Ethernet connection and the AP then provides wireless connections using radio frequency links for other devices to utilize that wired connection. • Most APs support the connection of multiple wireless devices to one wired connection. • Modern APs are built to support a standard for sending and receiving data using, these radio frequencies. Those standards, and the frequencies they use are defined by the IEEE. Most APs use IEEE 802.11 standards. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 50 Network Devices: Access Point (4/5) Limitations: • One IEEE 802.11 AP can typically communicate with 30 client systems located within a radius of 103 m. However, the actual range of communication can vary significantly, depending on such variables as indoor or outdoor placement, height above ground, nearby obstructions, other electronic devices that might actively interfere with the signal by broadcasting on the same frequency, type of antenna, the current weather, operating radio frequency, and the power output of devices. Network designers can extend the range of APs through the use of repeaters and reflectors, which can bounce or amplify radio signals that ordinarily would go un-received. In experimental conditions, wireless networking has operated over distances of several hundred kilometers Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 51 Network Devices: Access Point (5/5) Security: Wireless LAN Security Wireless access has special security considerations. Many wired networks base the security on physical access control, trusting all the users on the local network, but if wireless access points are connected to the network, anybody within range of the AP (which typically extends farther than the intended area) can attach to the network. The most common solution is wireless traffic encryption. Modern access points come with built-in encryption. The first generation encryption scheme WEP proved easy to crack; the second and third generation schemes, WPA and WPA2, are considered secure if a strong enough password or passphrase is used. Some WAPs support hotspot style authentication using RADIUS (Remote Authentication Dial In User Service) and other authentication servers. Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 52 Summary The evolution of personal and business communications Store-and-forward communications from real-time communications Risk-mitigation strategies for VoIP and SIP applications Why businesses today need an Internet marketing strategy Fundamentals of Information Systems Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 53