Basic of Wired Networks: Network Security

Chat with Document Download

Document Details

ConscientiousArithmetic

Uploaded by ConscientiousArithmetic

Nour Ismail

Tags

network security wired networks firewalls proxy servers

Related

Summary

These slides cover basic network security concepts for wired networks. Topics include physical security measures, firewalls, intrusion detection and prevention systems (IDS/IPS), proxy servers, scanning tools like NMAP, honeypots, and security measures such as user authorization and password guidelines.

Full Transcript

Basic of Wired Networks TECM 120 ‫أساسيات الشبكات السلكية‬ 120 ‫تقم‬ Prepared by : Network Dr Nour Ismail Assistant Security P...

Basic of Wired Networks TECM 120 ‫أساسيات الشبكات السلكية‬ 120 ‫تقم‬ Prepared by : Network Dr Nour Ismail Assistant Security Physical Security Restrict physical access to network components Lock computer rooms, telco rooms, wiring closets, and equipment cabinets Locks can be physical or electronic Electronic access badges Locks requiring entrants to punch numeric code Bio-recognition access Figure 11-1 Badge access security systemTechnology/Cengage Courtesy Course Learning Physical Security (cont’d.) Security audit Ask questions related to physical security checks Consider losses from salvaged and discarded computers Hard disk information stolen Solutions Run specialized disk sanitizer program Remove disk and use magnetic hard disk eraser Pulverize or melt disk Security in Network Design Breaches may occur due to poor LAN or WAN design Address though intelligent network design Preventing external LAN security breaches Restrict access at every point where LAN connects to rest of the world Intrusion Detection and Prevention Proactive security measure Detecting suspicious network activity IDS (intrusion detection system) Software monitoring traffic Port mirroring One port makes copy of traffic to second port for monitoring Intrusion Detection and Prevention (cont’d.) IPS (intrusion-prevention system) Reacts to suspicious activity when alerted Detects threat and prevents traffic from flowing to network Based on originating IP address NIPS (network-based intrusion prevention) Protects entire networks HIPS (host-based intrusion prevention) Protects certain hosts Figure 11-2 Placement of an IDS/IPS on a network Courtesy Course Technology/Cengage Learning Firewalls Specialized device or computer installed with specialized software Selectively filters and blocks traffic between networks Involves hardware and software combination Firewall location Between two interconnected private networks Between private network and public network (network-based firewall) Figure 11-3 Placement of a firewall between a private network and the Internet Courtesy Course Technology/Cengage Learning Figure 11-4 Firewall of Courtesy NETGEAR Firewalls (cont’d.) Port blocking Prevents connection to and transmission completion through ports Optional firewall functions Encryption User authentication Central management Easy rule establishment Filtering based on data contained in packets Proxy Servers Proxy service Network host software application Intermediary between external and internal networks Screens all incoming and outgoing traffic Proxy server Network host running proxy service Also called application layer gateway, application gateway, proxy Manages security at Application layer Proxy Servers (cont’d.) Fundamental function Prevent outside world from discovering internal network addresses Improves performance for external users File caching Figure 11-5 A proxy server used on a WAN Courtesy Course Technology/Cengage Learning Scanning Tools Used during posture assessment NMAP (Network Mapper) Designed to scan large networks Provides information about network and hosts Free to download Nessus Performs more sophisticated scans than NMAP Lures Honeypot Decoy system that is purposefully vulnerable Designed to fool hackers and gain information about their behavior Honeynet Network of honeypots NOS (Network Operating System) Security Restrict user authorization Access to server files and directories Public rights Conferred to all users Very limited Group users according to security levels Assign additional rights Logon Restrictions Additional restrictions to strengthen security Time of day Total time logged on Source address Unsuccessful logon attempts Passwords Choosing secure password Guards against unauthorized access Easy, inexpensive Communicate password guidelines Use security policy Stress importance of company’s financial, personnel data security