Slide 1

Slide 2

1/28/2010 Network Plus Security Review

Slide 3

Identify and Describe Security Risks People Phishing Passwords Transmissions Man in middle Packet sniffing Port scanners Protocols NOS updates Internet Access Spyware Bots Social media

Slide 4

Network Security Technology Firewalls Router Access Lists Stateless and Stateful Intruder Detection and Prevention Proxy Servers

Slide 5

25 Router Access Lists (contd.) ACL instructs router Permit or deny traffic according to variables: Network layer protocol (IP, ICMP) Transport layer protocol (TCP, UDP) Source IP address Source netmask Destination IP address Destination netmask TCP, UDP port number

Slide 6

27 Intrusion Detection and Prevention Port mirroring Port configured to send copy of all traffic to another port for monitoring purposes IDS (intrusion detection system) Logs potential problems IPS (Intrusion Prevention System Block potential problems Denial-of-service, smurf attacks

Slide 7

DMZ In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. An external attacker only has access to equipment in the DMZ, rather than any other part of the network.computer securitysubnetwork

Slide 8

Network+ Guide to Networks, 5 th Edition40 Proxy Servers (contd.) Figure 12-5 A proxy server used on a WAN

Slide 9

Encryption Use of keys to scramble data to prevent eavesdropping Symmetric vs Asymmetric keys Encryption systems

Slide 10

51 Public (Asymmetric) Key Encryption Data encrypted using two keys Private key: user knows Public key: anyone may request Public key server Freely provides users public keys Uses Certificate Authority to verify certificate Asymmetric encryption Requires two different keys Used with SSL and TLS Used by HTTPS and SSH

Slide 11

63 IPSec (Internet Protocol Security) Defines encryption, authentication, key management Works at Network layer for TCP/IP transmissions Native IPv6 standard Difference from other methods Encrypts data by adding security information to all IP packet headers Transforms data packets Operates at Network layer (Layer 3) Used by L2TP VPN connections

Slide 12

66 IPSec (contd.) Figure 12-9 Placement of a VPN concentrator on a WAN

Slide 13

Network Authentication Allow a user to login to a server or service without revealing the user password to packet sniffers. Requires some form of encryption Secure Login Systems

Slide 14

67 Authentication Protocols Authentication Process of verifying a users credentials Grant user access to secured resources Authentication protocols Rules computers follow to accomplish authentication Several authentication protocol types RADIUS/TACACS PAP CHAP EAP and 802.1x (EAPoL) Used in WPA2 (802.11x) Kerberos

Slide 15

81 802.1x (EAPoL) (contd.) Figure 12-15 802.1x authentication process

Slide 16

Wireless Security Options

Slide 17

84 Wireless Network Security Wireless Susceptible to eavesdropping War driving Effective for obtaining private information Forms of Wireless Encryption WEP 802.11i Uses EAPoL WPA WPA2 Based on 802.11i Uses AES and CCMP encryption

Slide 18

WPA and WPA2 WPA (Wi-Fi Protected Access) Subset of 802.11i Same authentication as 802.11i TKIP keys Uses RC4 encryption rather than AES Has been cracked WPA2 Follows 802.11i Uses AES security Replaces WPA2 Uses CCMP

Slide 19

Setting Wireless Security

Slide 20

Network+ Guide to Networks, 5 th Edition The End