1. Trang chủ
  2. » Công Nghệ Thông Tin

NETWORK+ GUIDE TO NETWORKS, FOURTH EDITION - CHAPTER 14 docx

56 416 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 56
Dung lượng 688 KB

Nội dung

Network+ Guide to Networks, Fourth Edition Chapter 14 Network Security Network+ Guide to Networks, 4e 2 Objectives • Identify security risks in LANs and WANs and design security policies that minimize risks • Explain how physical security contributes to network security • Discuss hardware- and design-based security techniques • Use network operating system techniques to provide basic security Network+ Guide to Networks, 4e 3 Objectives (continued) • Understand methods of encryption, such as SSL and IPSec, that can secure data in storage and in transit • Describe how popular authentication protocols, such as RADIUS, TACACS, Kerberos, PAP, CHAP, and MS-CHAP, function • Understand wireless security protocols, such as WEP, WPA, and 802.11i Network+ Guide to Networks, 4e 4 Security Audits • Every organization should assess security risks by conducting a security audit – Thorough examination of each aspect of network to determine how it might be compromised – At least annually, preferably quarterly • The more devastating a threat’s effects and the more likely it is to happen, the more rigorously your security measures should address it • In-house or third-party audits Network+ Guide to Networks, 4e 5 Security Risks • Not all security breaches result from manipulation of network technology – Staff members purposely or inadvertently reveal passwords – Undeveloped security policies • Malicious and determined intruders may “cascade” their techniques Network+ Guide to Networks, 4e 6 Risks Associated with People • Human errors, ignorance, and omissions cause majority of security breaches • Risks associated with people: – Social engineering or snooping to obtain passwords – Incorrectly creating or configuring user IDs, groups, and their associated rights on file server – Overlooking security flaws in topology or hardware configuration – Overlooking security flaws in OS or application configuration – Lack of documentation and communication Network+ Guide to Networks, 4e 7 Risks Associated with People (continued) • Risks associated with people (continued): – Dishonest or disgruntled employees – Unused computer or terminal left logged on – Easy-to-guess passwords – Leaving computer room doors open or unlocked – Discarding disks or backup tapes in public waste containers – Neglecting to remove access and file rights when required – Writing passwords on paper Network+ Guide to Networks, 4e 8 Risks Associated with Transmission and Hardware • Risks inherent in network hardware and design: – Transmissions can be intercepted – Networks using leased public lines vulnerable to eavesdropping – Network hubs broadcast traffic over entire segment – Unused hub, router, or server ports can be exploited and accessed by hackers – Not properly configuring routers to mask internal subnets Network+ Guide to Networks, 4e 9 Risks Associated with Transmission and Hardware (continued) • Risks inherent in network hardware and design (continued): – Modems attached to network devices may be configured to accept incoming calls – Dial-in access servers may not be carefully secured and monitored – Computers hosting very sensitive data may coexist on the same subnet with computers open to public – Passwords for switches, routers, and other devices may not be sufficiently difficult to guess, changed frequently, or may be left at default value Network+ Guide to Networks, 4e 10 Risks Associated with Protocols and Software • Networked software only as secure as it is configured to be • Risks pertaining to networking protocols and software: – TCP/IP contains several security flaws – Trust relationships between one server and another may allow hackers to access entire network – NOSs may contain “back doors” or security flaws allowing unauthorized access to system [...]... measures to prevent future problems Network+ Guide to Networks, 4e 17 Physical Security • Restrict physical access to components – Computer room, hubs, routers, switches, etc • Locks may be physical or electronic – Electronic access badges – Numeric key codes – Bio-recognition access • Closed-circuit TV systems • Most important way to ensure physical security is to plan for it Network+ Guide to Networks,. .. restricting what users authorized to do – Limit public rights – Administrators should group users according to security levels Network+ Guide to Networks, 4e 27 Logon Restrictions • Additional restrictions that network administrators can use to strengthen security of network: – – – – Time of day Total time logged on Source address Unsuccessful logon attempts Network+ Guide to Networks, 4e 28 Passwords •... intruder Network+ Guide to Networks, 4e 30 Key Encryption • Key: random string of characters • Weaves key into original data’s bits to generate unique data block – Ciphertext – Longer keys make it more difficult to decrypt – Hackers may attempt to crack a key by using brute force attack • Keys randomly generated by encryption software Network+ Guide to Networks, 4e 31 Key Encryption (continued) Figure 1 4-5 :... host system to call back • Support for data encryption Network+ Guide to Networks, 4e 24 Remote Access (continued) • Remote control (continued): – Desirable security features (continued): • Ability to leave host system’s screen blank while remote user works • Ability to disable host system’s keyboard and mouse • Ability to restart host system when remote user disconnects Network+ Guide to Networks, 4e... • Dial-up networking – Effectively turns remote workstation into node on network – Secure remote access server package should include at least: • User name and password authentication • Ability to log all dial-up connections, their sources, and their connection times • Ability to perform callbacks to users • Centralized management of dial-up users and their rights on network Network+ Guide to Networks,. .. for greater security • Improve performance for users accessing resources external to network by caching files Network+ Guide to Networks, 4e 22 Proxy Servers (continued) Figure 1 4-4 : A proxy server used on a WAN Network+ Guide to Networks, 4e 23 Remote Access • Must remember that any entry point to a LAN or WAN creates potential security risk • Remote control: – Can present serious security risks – Most... of laptops and loaner machines; Computer room access Network+ Guide to Networks, 4e 15 Security Policy Content (continued) • Explain to users what they can and cannot do and how these measures protect network’s security • Create separate section of policy that applies only to users • Define what “confidential” means to organization Network+ Guide to Networks, 4e 16 Response Policy • Security response... than private keys – Use longer keys – RSA: most popular public key algorithm • Digital certificate: password-protected, encrypted file that holds identification information Network+ Guide to Networks, 4e 35 Public Key Encryption (continued) Figure 1 4-7 : Public key encryption Network+ Guide to Networks, 4e 36 ... (continued) Figure 1 4-5 : Key encryption and decryption Network+ Guide to Networks, 4e 32 Private Key Encryption • Data encrypted using single key that only sender and receiver know • Data Encryption Standard (DES): 56-bit key – Triple DES (3DES): weaves 56-bit key through data three times • Advanced Encryption Standard (AES): weaves 12 8-, 16 0-, 19 2-, or 256-bit keys through data multiple times – Used in military... weaves 12 8-, 16 0-, 19 2-, or 256-bit keys through data multiple times – Used in military communication • Sender must share key with recipient Network+ Guide to Networks, 4e 33 Private Key Encryption (continued) Figure 1 4-6 : Private key encryption Network+ Guide to Networks, 4e 34 Public Key Encryption • Data encrypted using two keys: – Private key – Public key associated with user • Public key server: . Network+ Guide to Networks, Fourth Edition Chapter 14 Network Security Network+ Guide to Networks, 4e 2 Objectives • Identify security risks. codes – Bio-recognition access • Closed-circuit TV systems • Most important way to ensure physical security is to plan for it Network+ Guide to Networks, 4e 19 Physical Security (continued) Figure 1 4-1 :. allowing unauthorized access to system Network+ Guide to Networks, 4e 11 Risks Associated with Protocols and Software (continued) • Risks pertaining to networking protocols and software (continued): – If

Ngày đăng: 27/06/2014, 05:20

TỪ KHÓA LIÊN QUAN