Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 56 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
56
Dung lượng
688 KB
Nội dung
Network+GuidetoNetworks,FourthEditionChapter14 Network Security Network+GuidetoNetworks, 4e 2 Objectives • Identify security risks in LANs and WANs and design security policies that minimize risks • Explain how physical security contributes to network security • Discuss hardware- and design-based security techniques • Use network operating system techniques to provide basic security Network+GuidetoNetworks, 4e 3 Objectives (continued) • Understand methods of encryption, such as SSL and IPSec, that can secure data in storage and in transit • Describe how popular authentication protocols, such as RADIUS, TACACS, Kerberos, PAP, CHAP, and MS-CHAP, function • Understand wireless security protocols, such as WEP, WPA, and 802.11i Network+GuidetoNetworks, 4e 4 Security Audits • Every organization should assess security risks by conducting a security audit – Thorough examination of each aspect of network to determine how it might be compromised – At least annually, preferably quarterly • The more devastating a threat’s effects and the more likely it is to happen, the more rigorously your security measures should address it • In-house or third-party audits Network+GuidetoNetworks, 4e 5 Security Risks • Not all security breaches result from manipulation of network technology – Staff members purposely or inadvertently reveal passwords – Undeveloped security policies • Malicious and determined intruders may “cascade” their techniques Network+GuidetoNetworks, 4e 6 Risks Associated with People • Human errors, ignorance, and omissions cause majority of security breaches • Risks associated with people: – Social engineering or snooping to obtain passwords – Incorrectly creating or configuring user IDs, groups, and their associated rights on file server – Overlooking security flaws in topology or hardware configuration – Overlooking security flaws in OS or application configuration – Lack of documentation and communication Network+GuidetoNetworks, 4e 7 Risks Associated with People (continued) • Risks associated with people (continued): – Dishonest or disgruntled employees – Unused computer or terminal left logged on – Easy-to-guess passwords – Leaving computer room doors open or unlocked – Discarding disks or backup tapes in public waste containers – Neglecting to remove access and file rights when required – Writing passwords on paper Network+GuidetoNetworks, 4e 8 Risks Associated with Transmission and Hardware • Risks inherent in network hardware and design: – Transmissions can be intercepted – Networks using leased public lines vulnerable to eavesdropping – Network hubs broadcast traffic over entire segment – Unused hub, router, or server ports can be exploited and accessed by hackers – Not properly configuring routers to mask internal subnets Network+GuidetoNetworks, 4e 9 Risks Associated with Transmission and Hardware (continued) • Risks inherent in network hardware and design (continued): – Modems attached to network devices may be configured to accept incoming calls – Dial-in access servers may not be carefully secured and monitored – Computers hosting very sensitive data may coexist on the same subnet with computers open to public – Passwords for switches, routers, and other devices may not be sufficiently difficult to guess, changed frequently, or may be left at default value Network+GuidetoNetworks, 4e 10 Risks Associated with Protocols and Software • Networked software only as secure as it is configured to be • Risks pertaining to networking protocols and software: – TCP/IP contains several security flaws – Trust relationships between one server and another may allow hackers to access entire network – NOSs may contain “back doors” or security flaws allowing unauthorized access to system [...]... measures to prevent future problems Network+GuidetoNetworks, 4e 17 Physical Security • Restrict physical access to components – Computer room, hubs, routers, switches, etc • Locks may be physical or electronic – Electronic access badges – Numeric key codes – Bio-recognition access • Closed-circuit TV systems • Most important way to ensure physical security is to plan for it Network+Guideto Networks,. .. restricting what users authorized to do – Limit public rights – Administrators should group users according to security levels Network+GuidetoNetworks, 4e 27 Logon Restrictions • Additional restrictions that network administrators can use to strengthen security of network: – – – – Time of day Total time logged on Source address Unsuccessful logon attempts Network+GuidetoNetworks, 4e 28 Passwords •... intruder Network+GuidetoNetworks, 4e 30 Key Encryption • Key: random string of characters • Weaves key into original data’s bits to generate unique data block – Ciphertext – Longer keys make it more difficult to decrypt – Hackers may attempt to crack a key by using brute force attack • Keys randomly generated by encryption software Network+GuidetoNetworks, 4e 31 Key Encryption (continued) Figure 1 4-5 :... host system to call back • Support for data encryption Network+GuidetoNetworks, 4e 24 Remote Access (continued) • Remote control (continued): – Desirable security features (continued): • Ability to leave host system’s screen blank while remote user works • Ability to disable host system’s keyboard and mouse • Ability to restart host system when remote user disconnects Network+GuidetoNetworks, 4e... • Dial-up networking – Effectively turns remote workstation into node on network – Secure remote access server package should include at least: • User name and password authentication • Ability to log all dial-up connections, their sources, and their connection times • Ability to perform callbacks to users • Centralized management of dial-up users and their rights on network Network+Guideto Networks,. .. for greater security • Improve performance for users accessing resources external to network by caching files Network+GuidetoNetworks, 4e 22 Proxy Servers (continued) Figure 1 4-4 : A proxy server used on a WAN Network+ Guide to Networks, 4e 23 Remote Access • Must remember that any entry point to a LAN or WAN creates potential security risk • Remote control: – Can present serious security risks – Most... of laptops and loaner machines; Computer room access Network+ Guide to Networks, 4e 15 Security Policy Content (continued) • Explain to users what they can and cannot do and how these measures protect network’s security • Create separate section of policy that applies only to users • Define what “confidential” means to organization Network+ Guide to Networks, 4e 16 Response Policy • Security response... than private keys – Use longer keys – RSA: most popular public key algorithm • Digital certificate: password-protected, encrypted file that holds identification information Network+ Guide to Networks, 4e 35 Public Key Encryption (continued) Figure 1 4-7 : Public key encryption Network+ Guide to Networks, 4e 36 ... (continued) Figure 1 4-5 : Key encryption and decryption Network+GuidetoNetworks, 4e 32 Private Key Encryption • Data encrypted using single key that only sender and receiver know • Data Encryption Standard (DES): 56-bit key – Triple DES (3DES): weaves 56-bit key through data three times • Advanced Encryption Standard (AES): weaves 12 8-, 16 0-, 19 2-, or 256-bit keys through data multiple times – Used in military... weaves 12 8-, 16 0-, 19 2-, or 256-bit keys through data multiple times – Used in military communication • Sender must share key with recipient Network+GuidetoNetworks, 4e 33 Private Key Encryption (continued) Figure 1 4-6 : Private key encryption Network+GuidetoNetworks, 4e 34 Public Key Encryption • Data encrypted using two keys: – Private key – Public key associated with user • Public key server: . Network+ Guide to Networks, Fourth Edition Chapter 14 Network Security Network+ Guide to Networks, 4e 2 Objectives • Identify security risks. codes – Bio-recognition access • Closed-circuit TV systems • Most important way to ensure physical security is to plan for it Network+ Guide to Networks, 4e 19 Physical Security (continued) Figure 1 4-1 :. allowing unauthorized access to system Network+ Guide to Networks, 4e 11 Risks Associated with Protocols and Software (continued) • Risks pertaining to networking protocols and software (continued): – If