Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Infrastructure Security Chapter 10 © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Objectives • Construct networks using different types of network devices. • Enhance security using NAC/NAP methodologies. • Identify the different types of media used to carry network signals. • Describe the different types of storage media used to store information. • Use basic terminology associated with network functions related to information security. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Key Terms • • • • • • • • • • © 2010 Basic packet filtering Bridge Coaxial cable Collision domain Firewall Hub Modem Network access control Network Access Protection (NAP) Network Admission Control (NAC) Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Key Terms (continued) • • • • • • • • • • © 2010 Network Attached Storage Network interface card (NIC) Private branch exchange (PBX) Router Servers Shielded twisted-pair (STP) Switch Unshielded twisted-pair (UTP) Wireless access point Workstation Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Devices • Devices are needed to connect the clients and servers and to regulate the traffic between them. • Devices come in many forms and with many functions, from hubs and switches, to routers, wireless access points, and special-purpose devices such as virtual private network (VPN) devices. • Each device has a specific network function and plays a role in maintaining network infrastructure security. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Securing a Workstation • Keep the operating system (OS) patched and up to date. • Remove all shares that are not necessary. • Rename the administrator account, securing it with a strong password. • Install an antivirus program and keep abreast of updates. • If no corporate firewall exists between the machine and the Internet, install a firewall. • © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Additional Precautions for Workstations • Personal firewalls if the machine has an unprotected interface to the Internet. • Turning off all services that are not needed. • Removing methods of connecting additional devices to a workstation to move data. • Restricting physical access to the workstation to only approved personnel. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Servers • Servers are the computers in a network that host applications and data for everyone to share. • The key management issue behind running a secure server setup is to identify the specific needs of a server for its proper operation and enable only items necessary for those functions. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Antivirus Software • For workstations, this type of software is still a necessary component, particularly to prevent a PC from becoming part of a botnet. • For servers, this type of software is most useful when users are allowed to place files on the machine. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Virtualization • Allows multiple operating systems to operate concurrently on the same hardware. • Allow for added security, as virtual machines can be deleted at the end of a session, thus preventing the spread of any malware to the other operating systems. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Network Interface Card (NIC) • It is the physical connection between a computer and the network. • Each NIC has unique code built in, called a Media Access Control (MAC) address, that is assigned by the manufacturer. – 48 bits long, with 24 bits representing the manufacturer and 24 bits being a serial number, guaranteeing uniqueness. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Hubs • • • • Connects devices in a star configuration. Operates at the physical layer of the OSI model. Creates a single collision domain. Insecure—all PCs connected to a hub see all of the traffic that passes through it. • Replaced by low-cost switches. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Bridges • Operate at the data link layer. • Filter traffic based on MAC addresses. • Reduces collisions by creating two separate collision domains. • Have been replaced by switches. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Switches • Can operate at either the data link or network layers of the OSI model. • Creates separate collision domains for each port. • A sniffer can only see traffic for the connected port. • Can be attacked due to vulnerabilities in both SNMP and Telnet. • Subject to ARP poisoning and MAC flooding. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Routers • Operates at the network layer of the OSI model • Connects different network segments together • Uses routing protocols to determine optimal paths across a network • Forms the backbone of the Internet • Can also be attacked due to vulnerabilities in both SNMP and Telnet © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Firewalls • Can be hardware, software, or a combination. • Enforce network security policies across network connections. • Different security policies will apply across the network, based on need. • Security policies are rules that define what traffic is permissible and what traffic is to be blocked or denied. – Security policies should follow the principle of least access. – It is necessary to have a complete understanding of your network to develop a comprehensive security policy. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Other Firewall Techniques • Basic packet filtering – Checks each packet against rules pre-defined on the firewall – Fairly simple, fast, and efficient – Doesn’t detect and catch all undesired packets • Stateful packet filtering – The firewall maintains the context of a conversation – More likely to detect and catch undesired packets – Due to overhead, network efficiency is reduced © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Wireless • Specific precautions must be taken or you will have no control over who can see your data. • It requires a wireless access point (WAP) to provide the network signal. • WAPs and NICs must use the same protocol for proper operation. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Modems • Now used to describe high-speed Internet hardware. • Cable modems provide shared arrangements. – Other people can sniff traffic between the user and the ISP. • DSL modems provide a direct connection. – Traffic cannot be sniffed between the user and the ISP. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Cable/DSL Security • Both cable and DSL provide always-on connections. • Should be secured with a firewall: – Can be a hardware firewall as part of a router – Can be a software router on the PC © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Telecom/PBX • Computer-based switching equipment that connects a company’s phones to the local phone system • Should be protected by a telecommunications firewall – Enforce long-distance access code – Restrict service hours © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition VPN • Provides a secure channel between users even though their signal is traveling on public networks • Employs one of two types of encryption – Data encryption can be sniffed en route, but the contents cannot be read – Packet encryption uses tunneling and protects the data and the identities of the communicating parties • Often done using IPsec © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Intrusion Detection Systems • Detects, logs, and responds to unauthorized network or host use • Can operate in real-time or after the fact • Two categories – Network-based systems – Host-based systems © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Network Access Control • Manages the endpoints on a case-by-case basis • Two methodologies – Network Access Protection (NAP) • Developed by Microsoft • Measures the health of a host when it connects to the network – Network Admission Control (NAC) • Developed by Cisco • Enforces policies chosen by the network administrator – Both are still in early stages of implementation © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Network Monitoring/Diagnostic • Simple Network Management Protocol (SNMP) provides management, monitoring, and fault resolution on a network. • SNMP has holes in its implementation that should be taken into account when using it as part of a network monitoring solution. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Mobile Devices • These devices add several challenges for network administrators. – Can act as transmission vectors for viruses – Can be used to remove sensitive material offsite – Can be used as part of a Bluetooth attack © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Common Concerns in Device Security • Default passwords are known to hackers, and frequently left unchanged © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Media • Devices connect to the network at the physical layer of the OSI model via: – – – – © 2010 Coaxial cable Twisted-pair cable Fiber-optics Wireless Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Coaxial Cable • Has high-bandwidth and shielding capabilities • Less prone to outside interference than other cabling methods • Replaced by less-expensive and faster twisted-pair cabling alternatives • Vulnerable to “vampire taps” © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition UTP/STP • The least expensive type of cable to run. • Unshielded twisted pair is less expensive than shielded twisted pair. • Three different categories are currently in use. • Is easy to splice into and difficult to detect rogue connections when they have been made. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Fiber • The most expensive cable option • Used as the backbone medium of the Internet and large networks • Has the longest possible cable runs • Is the hardest cable to splice • Not susceptible to EMI © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Unguided Media • All transmission media not guided by a wire, fiber, or other constraints – Infrared – Radio Frequency/Microwave • Must assume that unauthorized users have access to the signal © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Infrared (IR) • A band of electromagnetic energy just beyond the red end of the visible color spectrum • Used to connect to printers, wireless mice, wireless keyboards, and PDAs • Slow compared to other wireless technologies • Cannot penetrate solid objects © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition RF/Microwave • • • • • © 2010 Can carry signals over long distances and rough terrain. Used in home wireless networks. Signal is not line-of-sight. Can be used in point-to-multipoint links. Helps resolve the “last-mile” problem. Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Security Concerns for Transmission Media • Things to avoid: – Access to a server by an unauthorized individual – Access to switches and routers by an unauthorized individual – Access to network connections by an unauthorized individual © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Physical Security Concerns • Limiting access to physical media to avoid the use of sniffers • Properly securing wireless networks • Use of either authenticated firewalls or VPNs © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Removable Media • Present a potential loss of control of the data on the movable media • Risk introducing unwanted items (i.e., a worm) onto the network • Has three categories: – Magnetic – Optical – Electronic © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Magnetic Media • Includes hard drives, floppy disks, zip disks, and magnetic tape • All are sensitive to external magnetic fields • Affected by high temperatures and exposure to water © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Hard Drives • Portable hard drives are physically small but have large capacities. • They can be used with encryption technology to protect the data if the drive is lost or stolen (particularly important for laptops). © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Diskettes • Were the first attempt at portable media • Have been rendered obsolete by recordable optical drives © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Tape • Primarily used for backups and offline storage • Should be encrypted, in case of theft or loss • Inexpensive but slow to work with © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Optical Media • • • • © 2010 Use a laser to write/read information from the disk Have larger storage capacities than diskettes Have faster read times than tape Can be read-write or read-only Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition CD-R/DVD • CD-Rs are relatively inexpensive and easy to use for high-capacity storage. • DVDs come in two types: Blu-ray and HD-DVD. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Electronic Media • High capacity, but small in size. • Becoming ubiquitous: laptops and PCs have built-in card readers. • Can be used to move information between machines. © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Network Attached Storage • High-capacity devices are accessed via the network • Susceptible to various attacks: – Sniffing of credentials – Brute-force attacks to access the data © 2010 Principles of Computer Security: CompTIA Security+® and Beyond, Second Edition Chapter Summary • Construct networks using different types of network devices. • Enhance security using NAC/NAP methodologies. • Identify the different types of media used to carry network signals. • Describe the different types of storage media used to store information. • Use basic terminology associated with network functions related to information security. © 2010