Network and Communications Security Part 3 PDF

# Network Security Technologies and Systems ## Network Access Control (NAC) - NAC enables organizations to explicitly authenticate users and devices and ensure access devices are compliant with organizational policies. - NAC solution provides several benefits: - Ensures only authorized devices can establish a network connection. - Ensures that connections are made with trusted infrastructures using valid resources certificates. - Allows for pre-access screening of devices to ensure security configuration requirements are met. ## Network Access Control (NAC) Architecture: - The IEEE 802.1X protocol is used to implement NAC. - The 802.1X architecture has three components: - **Supplicant:** An agent installed on the client device that facilitates authentication and compliance checks. - **Authenticator:** A switch or wireless controller that interacts directly with the client to facilitate user and device authentication. - **Authentication Server:** Typically a Remote Authentication Dial-In User Service (RADIUS) server that performs the actual authentication. ## Data Loss Prevention (DLP) - DLP ensures that data does not leave organizational controls. - DLP solutions may include: - Content discovery, classification, and mapping - Local agents - Management portal - Database Activities Monitoring (DAM) ## Unified Threat Management (UTM) - UTM is an integrated solution that provides multiple security features in a single virtual or physical appliance. - Typical UTM security features include: - Network Access Control (NAC) - Web Application Firewall (WAF) - Data Loss Prevention (DLP) - VPN gateway - Content filtering - Email security ## Wireless Network Operations - Wireless networks have evolved to use different device authentication processes: - Open System Authentication - Shared Key Authentication - Ad Hoc Mode - Infrastructure Mode ## Wireless Privacy and Protection Protocols - **Wired Equivalent Privacy (WEP) Protocol:** WEP is susceptible to the following attacks: - Passive attacks to decrypt traffic based on known plaintext and chosen ciphertext attacks. - Active attacks to inject new traffic from unauthorized mobile stations. - **Wi-Fi Protected Access 3 (WPA3):** WPA3 includes: - Natural password selection - Forward secrecy - Authenticated encryption - Key derivation and confirmation - Key establishment and authentication - Robust management frame protection ## Common Wireless Security Flaws - **Shared Key Authentication flaw** - **Service Set Identifier (SSID) flaw** ## Endpoints and the Internet of Things (IoT) - The IoT is a collection of devices that are connected, either wired or wirelessly, with some connecting to the internet. - The IoT creates a different form of internetworking that allows human and nonhuman users to communicate, transfer data, and request or deliver services over a potentially poorly secured network. ## IoT Risk Mitigation Activities - IoT devices must be managed. - Current patches must be applied. - Configuration hardening must be performed. - The IoT network must be segregated from the business network. ## Key Takeaways ### 6.1 Understand and Apply Fundamental Concepts of Networking - Recognize layers of the OSI model, their functions and attacks present at each layer and identify commonly used ports and protocols. - OSI and TCP/IP are network reference models that help to communicate and troubleshoot network issues. ### 6.2 Understand Network Attacks - Countermeasures reduce security risk to an acceptable level defined in the organization's security policies. Some countermeasures include Content Delivery Network (CDN), Firewalls, NAC, and IDS/IPS. - Attacks are common at each layer of the network. ### 6.3 Manage Access Controls - **Remote Authentication Dial-In User Service (RADIUS):** RADIUS is a networking protocol that supports authentication, authorization, and accounting (AAA) services for network access. - **Terminal Access Controller Access Control System (TACACS):** TACACS+ splits authentication, authorization, and accounting into separate functions. - **Lightweight Directory Access Protocol (LDAP):** LDAP includes: - Active directory - Active directory domain services - Active directory federation services ### 6.4 Manage Network Security - **VLANs:** - Broadcast traffic with VLANs is limited. - Nodes can use non-routable protocols to communicate with each other. - Provide virtual workgroup management, performance, and flexibility. - **Access Control Lists (ACLs):** ACLs can be applied at the client or at the server, switch, and router. They help provide another layer of segmentation and control on the LAN. ### 6.5 Configure and Operate Network-based Security Devices - **Firewalls:** Enforce policies primarily by filtering incoming traffic based on a set of rules. - **Personal Firewalls:** A wide range of personal devices, such as smart home and entertainment systems, may have built in firewalls. - **Proxies:** Proxies sit between the user and the service that the user is trying to access. - **Intrusion Detection/Prevention Systems (IDS/IPS):** - **IDS:** Identifies events that may be indicators of an unauthorized access attempt. - **IPS:** Acts in response to the detection of a suspected intrusion event. ### 6.6 Secure Wireless Communications - Wireless networks use different device authentication processes: - Open System Authentication - Shared Key Authentication - Ad Hoc Mode - Infrastructure Mode ### 6.7 Wired and Wireless Media - **Wired Media:** Twisted Pair, Coaxial Cable, Fiber Optic - **Wireless Media:** Wireless Local Area Network (LAN/WAN), Wi-Fi, Bluetooth, WiMAX, Satellite network, Cellular network ### 6.8 The OSI Model - The OSI model has seven layers: - **Physical Layer:** Defines the physical medium being used to transmit data. - **Data Link Layer:** Handles addressing and error detection for data transfer. - **Network Layer:** Manages logical addressing and routing. - **Transport Layer:** Provides reliable connection-oriented communication over the network. - **Session Layer:** Establishes, manages, and terminates communication sessions. - **Presentation Layer:** Handles data formatting and encryption. - **Application Layer:** Provides user-level services to applications such as email and web browsing. ### 6.9 Topographical Models - **Bus, Ring, Star, and Mesh Topologies:** Each topology has its own strengths and weaknesses in terms of performance, scalability, and reliability. ### 6.10 Software-Defined Networking (SDN) - SDN provides a more flexible and programmable approach to network management. - It allows for greater automation, control, and security. ### 6.11 Network Architectures - **Internetwork:** A network with multiple segments linked by routers and switches. - **Intranet:** A private network internal to an organization. - **Extranet:** A network that provides secure access to external partners. - **WAN:** A network that covers a wide geographical area. - **MAN:** A network that covers a metropolitan area. - **PAN:** A network that covers a small personal area. - **Perimeter Network (DMZ):** A network that provides secure access to external networks, often for web servers or other resources. ### 6.11 Service Architectures - **Peer-to-Peer:** Networks where each device can communicate directly with other devices. - **Client-Server:** Networks where clients request services from a central server. ### 6.12 Common Ports and Protocols - Familiarize yourself with commonly used ports and protocols. - Understand the purpose of each port and protocol. - Recognize the security risks associated with each port and protocol. ### 6.13 Network Access Controls - Understand how to implement various network access control mechanisms, including: - **RADIUS:** Remote Authentication Dial-In User Service. - **TACACS+:** Terminal Access Controller Access Control System. - **LDAP:** Lightweight Directory Access Protocol ### 6.14 Network Security - **Firewalls:** Understand how firewalls work and their role in securing the network. - **Intrusion Detection/Prevention Systems (IDS/IPS):** Recognize the difference between IDS (detection) and IPS (prevention). - **Anti-Malware:** Understand the importance of anti-malware software in protecting the network. ### 6.15 Common Wireless Security Flaws - Be aware of common security flaws in wireless networks. ### 6.16 Secure Wireless Communications - Understand the different components and features of secure wireless network protocols, including: - WPA2/3: Wi-Fi Protected Access. - IEEE 802.11: The IEEE 802.11 family of wireless network standards. ### 6.17 Endpoints and the Internet of Things (IoT) - Understand the unique security challenges posed by the IoT. - Know how to mitigate IoT security risks. **GLOSSARY:** This is a glossary of key terms used throughout the document. - **Access Point:** A device that allows wireless devices to connect to a wireless network. - **Authentication:** The process of verifying the identity of a user or device. - **Authorization:** The process of granting access to resources based on a user's or device's identity. - **Botnet:** A network of computers that have been infected with malware and are under the control of an attacker. - **Capture:** To intercept and record network traffic. - **Ciphertext:** Data that has been encrypted. - **Client:** A computer or device that requests services from a server. - **Content Delivery Network (CDN):** A network of servers that can deliver content to users from locations closer to them, improving performance and reducing latency. - **Data Link Layer:** The second layer of the OSI model, responsible for managing physical addressing and error detection. - **Deep Packet Inspection (DPI):** A technique used to inspect the content of network packets to detect malicious or unwanted traffic. - **Encryption:** The process of converting data into a format that is unreadable without a decryption key. - **Firewall:** A device or software that filters network traffic to prevent unauthorized access. - **Host:** A computer or device connected to a network. - **IP Address:** A unique numerical address assigned to each device on a network. - **IoT:** Internet of Things. - **Intrusion Detection System (IDS):** A system that monitors network traffic for malicious activity. - **Intrusion Prevention System (IPS):** A system that blocks malicious traffic from reaching its destination. - **LAN:** Local Area Network. - **MAC Address:** A unique physical address assigned to each network interface card (NIC). - **Malware:** Software designed to harm computer systems, steal data, or disrupt network operations. - **MAN:** Metropolitan Area Network. - **Network Access Control (NAC):** A technology that controls access to a network by authenticating users and devices. - **Node:** A computer or device on a network. - **Packet:** A unit of data transmitted over a network. - **PAN:** Personal Area Network. - **Port:** A logical address used by applications to communicate with each other over a network. - **Protocol:** A set of rules that govern how computers communicate. - **Proxy:** A server that acts as an intermediary between a client and another server, often used to provide security, anonymity, or performance improvements. - **RADIUS:** Remote Authentication Dial-In User Service. - **Router:** A device that connects two or more networks and forwards network traffic. - **Server: ** A computer or device that provides services to clients. - **SDN:** Software-Defined Networking. - **Security Event and Incident Management (SEIM):** A system that collects, analyzes, and manages security events and incidents from across an organization. - **TCP:** Transmission Control Protocol. - **UDP:** User Datagram Protocol. - **VLAN:** Virtual Local Area Network. - **VPN:** Virtual Private Network. - **Wi-Fi:** Wireless Fidelity. It's a wireless networking standard. - **WPA:** Wi-Fi Protected Access. - **WPA3:** The latest version of WPA, offering improved security features. - **Wireless Network:** A network that uses radio waves to connect devices. **NOTE:** This document provides an overview of network security technologies and systems. It is intended to be a starting point for further exploration. For a comprehensive understanding of network security, it is recommended to consult other networking resources and seek expert guidance.

Network and Communications Security Part 3 PDF

Document Details

Tags

Related

Summary

Full Transcript