11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2...
-
Upload
paula-lawson -
Category
Documents
-
view
233 -
download
0
Transcript of 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2...
![Page 1: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/1.jpg)
11
SECURING A NETWORK INFRASTRUCTURE
Chapter 7
![Page 2: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/2.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 2
OVERVIEW
List the criteria for selecting operating systems for network servers and workstations.
List the default security settings for the Microsoft Windows Server 2003 and Microsoft Windows XP Professional operating systems.
Describe the problems inherent in keeping the software on a large network installation updated.
Use Microsoft Baseline Security Analyzer (MBSA).
![Page 3: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/3.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 3
OVERVIEW (continued)
Use Microsoft Software Update Services (SUS).
Describe the security problems inherent in wireless networking.
List the mechanisms that Windows-based IEEE 802.11 WLANs can use to authenticate clients and encrypt transmitted data.
Determine the security requirements of your remote access installation.
Control remote access with user account properties.
Create remote access policies.
![Page 4: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/4.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 4
SELECTING COMPUTERS AND OPERATING SYSTEMS
Purchase and use of computer systems should be governed by policies.
Policies should dictate which operating systems are used for different purposes.
Policies should dictate which hardware is purchased for different purposes.
![Page 5: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/5.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 5
UNDERSTANDING COMPUTER ROLES
Server Role
Desktop workstation role
Portable workstation role
![Page 6: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/6.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 6
UNDERSTANDING THE SERVER ROLE
Servers can perform a number of different roles.
Each role places different demands on the underlying hardware and operating system software.
Some roles require additional hardware: a server that is used for backups requires a connection to a tape drive or some other storage device.
Server systems often include fault-tolerant measures.
![Page 7: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/7.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 7
UNDERSTANDING THE DESKTOP WORKSTATION’S ROLE
Workstation hardware is generally less powerful than server hardware.
Workstation hardware typically does not include fault-tolerant measures.
Some applications, such as computer-aided design (CAD), video and sound editing, and geographic mapping, require very high-performance hardware.
![Page 8: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/8.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 8
UNDERSTANDING THE PORTABLE WORKSTATION’S ROLE
Portable workstations can include laptops, notebooks, PDAs, and tablet PCs.
Portable workstations have different hardware and configuration requirements from desktop workstations.
Some users may have a desktop workstation and one or more portable workstations.
Portable workstations create additional security concerns since they can be moved both within and outside of the physical security perimeter.
![Page 9: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/9.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 9
CREATING HARDWARE SPECIFICATIONS
Server hardware specifications
Desktop hardware specifications
Portable hardware specifications
![Page 10: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/10.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 10
SERVER HARDWARE SPECIFICATIONS
Create a hardware specification based on the applications that the server will host.
Use company information such as expected increases in personnel or customer activity when creating the specification.
Factor a reasonable growth margin into the specification.
Consider the ease of future upgrades to preserve investment.
![Page 11: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/11.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 11
DESKTOP HARDWARE SPECIFICATIONS
Specify a base hardware configuration that supports most users.
Create additional specifications as needed to accommodate special requirements.
Where possible, use a small number of standard configurations.
Standardized hardware provides many advantages in terms of support.
![Page 12: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/12.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 12
PORTABLE HARDWARE SPECIFICATIONS
Different types of portable hardware have different hardware requirements.
Many portable computing devices use proprietary technologies.
As with desktop workstations, keep the number of standard configurations to a minimum.
![Page 13: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/13.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 13
SELECTING OPERATING SYSTEMS
When selecting operating systems, you must consider the following: Application compatibility The operating system
you select must support the application software needed by the organization.
Support issues Familiarity with operating systems decreases training costs and improves technical support service.
Security features In highly secure environments, operating systems with advanced security features should be chosen.
Cost Operating system software represents a significant investment, and the availability of funds for software purchases must be considered.
![Page 14: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/14.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 14
CHOOSING WORKSTATION OPERATING SYSTEMS
![Page 15: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/15.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 15
CHOOSING SERVER OPERATING SYSTEMS
![Page 16: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/16.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 16
IDENTIFYING CLIENT AND SERVER DEFAULT SECURITY SETTINGS
Operating systems install with a default set of security settings.
These settings should be evaluated to determine whether they satisfy security requirements.
Windows Server 2003 is designed to be more secure in a default installation than are previous versions of Windows.
![Page 17: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/17.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 17
EVALUATING SECURITY SETTINGS
File System permissions
Share permissions
Registry permissions
Active Directory permissions
Account Policy settings
Audit policies
![Page 18: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/18.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 18
FILE SYSTEM PERMISSIONS
file or folder’s ownership, permissions, and file system attributes
NNTTFFSS FFoollddeerr PPeerrmmiissssiioonn EEnnaabblleess tthhee UUsseerr oorr GGrroouupp TToo
Full Control Change file/folder permissions, take ownership of files/folders,and delete subfolders and files, plus perform the actionspermitted by all of the other NTFS permissions.
Modify Modify or delete a file/folder, plus perform all actions permittedby the Write permission and the Read & Execute permission.
Read & ExecuteRun applications; browse through folders to reach other filesand folders, even if the user does not have permission to accessthose files/folders; and perform all actions permitted by theRead permission and the List Folder Contents permission.
List Folder ContentsSee the names of files and subfolders in a folder.
Read Read a file; see the files and subfolders in a folder; and view a
(such as Read-only, Hidden, Archive, and System).
Write Overwrite a file, create new files and subfolders within a folder,change a file or folder’s attributes, and view the file or folder’s
ownership and permissions.
![Page 19: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/19.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 19
SHARE PERMISSIONS
SShhaarreedd FFoollddeerrPPeerrmmiissssiioonn EEnnaabblleess tthhee UUsseerr oorr GGrroouupp TToo
Read View file names and subfolder names, view datain files, traverse to subfolders, and run programs.
Change Add files and subfolders to the shared folder,change data in files, delete subfolders and files,plus perform all actions permitted by the Read
permission.
Full ControlChange file permissions (NTFS only), takeownership of files (NTFS only), and perform alltasks permitted by the Change permission.
![Page 20: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/20.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 20
REGISTRY PERMISSIONS
![Page 21: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/21.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 21
ACTIVE DIRECTORY PERMISSIONS
Active Directory has over 25 standard permissions and 67 special permissions.
The following default permission assignments are made to cover most requirements: Enterprise Admins Receives the Full Control
permission for the entire forest Domain Admins and Administrators Receives
a selection of permissions that enables him or her to perform Active Directory object maintenance tasks within their domain
Authenticated Users Receives the Read permission for the entire domain, plus a small selection of very specific Modify permissions
![Page 22: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/22.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 22
ACCOUNT POLICY SETTINGS
![Page 23: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/23.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 23
AUDIT POLICIES
![Page 24: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/24.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 24
PLANNING A SECURITY UPDATE INFRASTRUCTURE
Understanding software update practices
Using Windows Update
Updating a network
![Page 25: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/25.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 25
UNDERSTANDING SOFTWARE UPDATE PRACTICES
Microsoft distributes software updates in two forms: Service pack A collection of patches and
updates that have been tested as a single unit
Hotfix A small patch designed to address a specific issue
Microsoft recommends that service packs are installed on all applicable systems. Hotfixes should only be applied to systems that are experiencing a specific problem.
![Page 26: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/26.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 26
USING WINDOWS UPDATE
![Page 27: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/27.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 27
UPDATING A NETWORK
Updating PCs on a network presents many challenges to the administrator.
A network security update infrastructure is a series of policies that are designed to help the administrator manage software and security updates on the network.
The security update infrastructure should specify procedures for the identification, testing, and deployment of software updates.
![Page 28: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/28.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 28
USING MBSA
![Page 29: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/29.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 29
TESTING SECURITY UPDATES
All updates, including those related to security, should be tested before they are implemented.
If possible, use a test system with a configuration similar to that of the system on which the update will be applied.
If a test system is not available, updates should be deployed progressively, and systems with the updates should be closely monitored.
![Page 30: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/30.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 30
USING MICROSOFT SOFTWARE UPDATE SERVICES
![Page 31: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/31.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 31
SECURING A WIRELESS NETWORK
Wireless networks are becoming increasingly popular as related hardware becomes more affordable, and companies begin to realize the flexibility that wireless networks offer.
Wireless networks present more and different security challenges than their wired counterparts.
![Page 32: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/32.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 32
UNDERSTANDING WIRELESS NETWORKING STANDARDS
Wireless networking standards are developed and ratified by the Institute of Electrical and Electronics Engineers (IEEE).
Three standard have been defined: 802.11b The current standard. Offers speeds
up to 11 Mbps.
802.11a In development. Uses different frequency ranges than 802.11b. Offers speeds up to 54 Mbps.
802.11g Uses the same frequency ranges as 802.11b. Offers speeds up to 54 Mbps.
![Page 33: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/33.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 33
WIRELESS NETWORKING TOPOLOGIES
![Page 34: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/34.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 34
UNDERSTANDING WIRELESS NETWORK SECURITY
Wireless networking presents security risks that are not present when using traditional wired networks.
Logical security becomes of paramount concern, as physical security measures are not necessarily preventative.
Two main concerns when using wireless networks are unauthorized access and data interception.
![Page 35: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/35.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 35
CONTROLLING WIRELESS ACCESS USING GROUP POLICIES
![Page 36: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/36.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 36
AUTHENTICATING USERS
Open system authentication
Shared key authentication
IEEE 802.1x authentication
![Page 37: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/37.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 37
OPEN SYSTEM AUTHENTICATION
The default authentication method used by IEEE 802.11 devices.
Despite the name, it offers no actual authentication.
A device configured to use Open System authentication will not refuse authentication to another device.
![Page 38: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/38.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 38
SHARED KEY AUTHENTICATION
Devices authenticate each other using a secret key that both possess.
The key is shared before authentication using a secure channel.
All the computers in the same BSS must possess the same key.
![Page 39: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/39.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 39
IEEE 802.1X AUTHENTICATION
The IEEE 802.1x standard defines a method of authenticating and authorizing users on any 802 LAN.
Most IEEE 802.1x implementations use Remote Authentication Dial-In User Service (RADIUS) servers.
RADIUS typically uses one of the following two authentication protocols: Extensible Authentication Protocol-Transport
Level Security (EAP-TLS) Protected EAP-Microsoft Challenge Handshake
Authentication Protocol version 2 (PEAP-MS-CHAP v2)
![Page 40: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/40.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 40
ENCRYPTING WIRELESS TRAFFIC
The IEEE 802.11 standard uses an encryption mechanism called Wired Equivalent Privacy (WEP) to secure data while in transit.
WEP uses the RC4 cryptographic algorithm developed by RSA Security, Inc.
WEP allows the key length, as well as the frequency with which the systems generate new keys, to be configured.
![Page 41: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/41.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 41
SECURING REMOTE ACCESS
Determining security requirements
Controlling access using dial-in properties
Planning authentication
Using remote access policies
![Page 42: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/42.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 42
DETERMINING SECURITY REQUIREMENTS
Which users require remote access?
Do users require different levels of remote access?
Do users need access to the entire network?
What applications must users run?
![Page 43: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/43.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 43
CONTROLLING ACCESS USING DIAL-IN PROPERTIES
![Page 44: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/44.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 44
PLANNING AUTHENTICATION
![Page 45: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/45.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 45
USING RADIUS
Windows Server 2003 with IAS can be a RADIUS server or a RADIUS proxy.
When configured as a RADIUS server, the computer receiving the authentication request will process and authorize the connection request.
When configured as a RADIUS proxy, the authenti-cation request is forwarded to the configured RADIUS server.
![Page 46: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/46.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 46
SELECTING AN AUTHENTICATION PROTOCOL
![Page 47: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/47.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 47
USING REMOTE ACCESS POLICIES
Sets of conditions that users must meet before RRAS authorizes them to access the server or the network
Can be configured to limit user access based on group memberships, day and time restrictions, and many other criteria
Can specify what authentication protocol, and what type of encryption clients must use
Policies can be created based on type of connection, such as dial-up, VPN, or wireless
![Page 48: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/48.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 48
REMOTE ACCESS POLICY COMPONENTS
Conditions Specific attributes that the policy uses to grant or
deny authorization to a user. If more than one condition is defined, the user must meet all the conditions before the server can grant access.
Remote access permission Defines whether the user is allowed to connect to
the system through a remote access connection.
Remote access profile A set of attributes applied to a client once it has
been authenticated and authorized.
![Page 49: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/49.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 49
CREATING REMOTE ACCESS POLICIES
![Page 50: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/50.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 50
CHAPTER SUMMARY
When selecting operating systems for servers, you can choose the platform best suited to the server’s role. When selecting workstation operating systems, standardization takes precedence over specialization.
When you install Windows Server 2003 or Windows XP Professional, the operating system Setup program configures a number of security settings with default values that you can either keep or modify.
Microsoft releases updates for its operating systems and applications. Major updates are called service packs. Individual updates are called hotfixes.
MBSA is a tool that scans computers on a network and examines them for security vulnerabilities.
![Page 51: 11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW List the criteria for selecting operating systems.](https://reader036.fdocuments.net/reader036/viewer/2022062309/5697bfec1a28abf838cb8a67/html5/thumbnails/51.jpg)
Chapter 7: SECURING A NETWORK INFRASTRUCTURE 51
CHAPTER SUMMARY (continued)
SUS is a tool that streamlines the approval and implementation of software updates.
Most wireless LANs today are based on the 802.11 standards published by the IEEE. WLANs present additional security risks over wired networks.
To secure a wireless network, you must authenticate the clients before they are granted network access, and encrypt all packets transmitted over the wireless link.
To determine the security requirements you need for your remote access server, determine which users need access and what type of access they need.
Remote access policies are sets of conditions that must be met by remote clients attempting to connect to the Routing and Remote Access server.