CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security



Similar documents
Security. TestOut Modules

Transition Networks White Paper. Network Security. Why Authentication Matters YOUR NETWORK. OUR CONNECTION.

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Domain 6.0: Network Security

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Exam Questions SY0-401

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

CUSTOMIZED ASSESSMENT BLUEPRINT COMPUTER SYSTEMS NETWORKING PA. Test Code: 8148 Version: 01

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

CCT vs. CCENT Skill Set Comparison

Firewall Firewall August, 2003

Avaya TM G700 Media Gateway Security. White Paper

Avaya G700 Media Gateway Security - Issue 1.0

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Recommended IP Telephony Architecture

Chapter 11 Cloud Application Development

Logical & Physical Security

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

ProCurve Networking. Hardening ProCurve Switches. Technical White Paper

PROFESSIONAL SECURITY SYSTEMS

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Cornerstones of Security

Brocade Certified Layer 4-7 Professional Version: Demo. Page <<1/8>>

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

IT Security Standard: Network Device Configuration and Management

The following chart provides the breakdown of exam as to the weight of each section of the exam.

SonicWALL PCI 1.1 Implementation Guide

RuggedCom Solutions for

INTRODUCTION TO FIREWALL SECURITY

Network Configuration Settings

Chapter 1 Network Security

AT-S63 and AT-S63 NE Version Management Software for the AT-9400 Series Layer 2+ Gigabit Ethernet Switches Software Release Notes

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Test Code: 8148 / Version 1

Lab Developing ACLs to Implement Firewall Rule Sets

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Implementing Cisco IOS Network Security

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Configure WorkGroup Bridge on the WAP131 Access Point

Network Security Guidelines. e-governance

Network Security Fundamentals

A Guide to New Features in Propalms OneGate 4.0

Developing Network Security Strategies

Installation of the On Site Server (OSS)

PCI Compliance Report

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Information Technology Security Guideline. Network Security Zoning

How To Secure A Voice Over Internet Protocol (Voip) From A Cyber Attack

CMS Operational Policy for Infrastructure Router Security

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

7.1. Remote Access Connection

finger, ftp, host, hostname, mesg, rcp, rlogin, rsh, scp, sftp, slogin, ssh, talk, telnet, users, w, walla, who, write,...

Network Management Card Security Implementation

Testing Network Security Using OPNET

Network Access Security. Lesson 10

Secure Substation Automation for Operations & Maintenance

74% 96 Action Items. Compliance

Computer Networks. Secure Systems

Own your LAN with Arp Poison Routing

Executive Summary and Purpose

How To Understand And Understand The Security Of A Key Infrastructure

IINS Implementing Cisco Network Security 3.0 (IINS)

Solution of Exercise Sheet 5

How To Pass A Credit Course At Florida State College At Jacksonville

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Security Policy Revision Date: 23 April 2009

INTRUSION DETECTION SYSTEMS and Network Security

Wired Network Security: Hospital Best Practices. Jody Barnes. East Carolina University

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Network Security Topologies. Chapter 11

Guideline on Auditing and Log Management

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Firewalls CSCI 454/554

Linux MDS Firewall Supplement

F5 BIG-IP V9 Local Traffic Management EE Demo Version. ITCertKeys.com

CS5008: Internet Computing

Network Access Control ProCurve and Microsoft NAP Integration

Protecting and controlling Virtual LANs by Linux router-firewall

Secure Networks for Process Control

Section 12 MUST BE COMPLETED BY: 4/22

NEFSIS DEDICATED SERVER

A typical router setup between WebSAMS and ITEd network is shown below for reference. DSU. Router

Ranch Networks for Hosted Data Centers

RAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009

Configuring User Identification via Active Directory

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Fortigate Features & Demo

Transcription:

CTS2134 Introduction to Networking Module 8.4 8.7 Network Security

Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by assigning a switch port to a VLAN. A switch can have multiple VLANs configured on it, but each switch port can only be a member of a single VLAN. VLANs can be defined on a single switch, or on multiple interconnected switches. Workstations in one VLAN will not be able to communicate with workstations in other VLANs unless you use a router (or a Layer 3 switch). Using VLANs, the switch can be used to create multiple IP broadcast domains (broadcast traffic sent only to members of the same VLAN).

MAC filtering/port security With switch port security, the devices that can connect to a switch through the port are restricted. Port security uses MAC addresses to identify allowed and denied devices. You can specify a single MAC address or allow multiple addresses per port. With automatic configuration, the next device to connect to the port is allowed, while additional devices are denied. On the switch, MAC addresses are stored in RAM in a table and associated with the port. Port violation is when an unauthorized device tries to connect (the switch can drop all frames from the unauthorized device or shut down the port).

Port authentication (802.1x) Port authentication is provided by the 802.1x protocol, and allows only authenticated devices to connect to the LAN through the switch. Uses usernames/passwords, smart cards, or other authentication methods. When a device first connects, the port is set to an unauthorized state. Ports in unauthorized states can only be used for 802.1x authentication traffic. The process begins by the switch sending an authentication request to the device. The device responds with authentication credentials, which are forwarded by the switch to the authentication device (such as a RADIUS server).

Implementing Switch Security Creating VLANs with switches offers the following administrative benefits. VLANS can create virtual groups based on criteria other than physical location (such as workgroup, protocol, or service) You can simplify device moves (devices are moved to new VLANs by modifying the port assignment) You can control broadcast traffic based on logical criteria (only devices in the same VLAN receive broadcast traffic) You can control security (isolate traffic within a VLAN)

Implementing Switch Security (cont.) When you use switches to create VLANs, you will still need routers to: Route data in to and out of the local area network Route data between VLANs Apply firewall filtering rules to traffic VLANs are commonly used with Voice over IP (VoIP). Traffic on the voice VLAN can be given a higher priority to ensure timely delivery. MAC filtering uses the MAC address of a device to drop or forward frames through the switch. Port authentication requires that the user or device authenticates before frames are forwarded through the switch.

Authentication Facts Authentication is the process of submitting and checking credentials to validate user identity. Credentials include: username and password certificates digital signatures

Certificates A certificate is a digital document that identifies a user or a computer. Certificates are obtained from a Public Key Infrastructure (PKI) that provides for a trusted third party, Certification Authorities (CAs), to vouch for user identities. Certification Authorities (CAs): Accept certificate requests and verify information provided by the requester. Create and issue certificates to requesters. Revokes certificates (revoked certificates are not valid). You can obtain certificates from a public CA (VeriSign), or install your own PKI and CAs to issue certificates for your users and computers.

Secure Protocol Facts Secure Sockets Layer (SSL) Transport Layer Security (TLS) Secure Shell (SSH) Unsecure Protocol Hypertext Transfer Protocol (HTTP) Telnet Remote SHell (RSH) File Transfer Protocol (FTP) Simple Network Management Protocol (SNMPv1/2) Secure Protocol HTTP over SSL (HTTPS) Secure SHell (SSH) Secure FTP (SFTP) SNMPv3

Detection and Prevention Facts An intrusion detection system (IDS) is a network device that can detect attacks and suspicious activity. Response capability Passive (monitors but takes no action) Active (Intrusion Protection System) Recognition method Signature (pattern matching or dictionary recognition) Anomaly (behavior or heuristic) Detection scope Host based (a single host and monitors all traffic) Network based (dedicated device installed on the network)

Detection and Prevention Facts Catch threats to your network by performing regular monitoring with common network tools. Use a packet sniffer to examine network traffic Use a port scanner to check for open ports on a system or a firewall. Close all unused ports Investigate the cause of incorrectly opened ports Run security scanning software Keep operating systems and applications up to date Monitor system logs for unusual activity

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information