Scribd
Upload
275 views

Network Infrastructure

This document discusses various aspects of network infrastructure security. It covers security for local area networks (LANs), client-server environments, wireless networks, the internet and firewalls. Specific topics mentioned include access controls, risks, intrusion detection systems, honeypots, encryption techniques and Voice over IP security issues. The goal is to provide an overview of how to secure different parts of a network infrastructure.

Uploaded by

Al Zeroseven
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
275 views

Network Infrastructure

This document discusses various aspects of network infrastructure security. It covers security for local area networks (LANs), client-server environments, wireless networks, the internet and firewalls. Specific topics mentioned include access controls, risks, intrusion detection systems, honeypots, encryption techniques and Voice over IP security issues. The goal is to provide an overview of how to secure different parts of a network infrastructure.

Uploaded by

Al Zeroseven
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 25

Network Infrastructure Security

Network Infrastructure Security

LAN Security
Local area networks facilitate the storage and retrieval of programs and data used by a group of people. LAN software and practices also need to provide for the security of these programs and data. LAN risk and issues Dial-up access controls

Network Infrastructure Security

Client-Server Security

Control techniques in place


Securing access to data or application Use of network monitoring devices Data encryption techniques Authentication systems Use of application level access control programs

Network Infrastructure Security

Client/Server Security

Client/server risks and issues

Access controls may be weak in a client-server environment. Change control and change management procedures. The loss of network availability may have a serious impact on the business or service. Obsolescence of the network components The use of modems to connect the network to other networks

Network Infrastructure Security

Client/Server Security

Client/server risks and issues

The connection of the network to public switched telephone networks may be weak Changes to systems or data Access to confidential data and data modification may be unauthorized Application code and data may not be located on a single machine enclosed in a secure computer room, as with mainframe computing

Network Infrastructure Security

Wireless Security Threats and Risk Mitigation Threats categorization:


Errors and omissions Fraud and theft committed by authorized or unauthorized users of the system Employee sabotage Loss of physical and infrastructure support Malicious hackers Industrial espionage Malicious code Foreign government espionage Threats to personal privacy

Network Infrastructure Security

Wireless Security Threats and Risk Mitigation

Security requirements

Authenticity Nonrepudiation Accountability Network availability

Network Infrastructure Security

Internet Threats and Security

Passive attacks

Network analysis Eavesdropping Traffic analysis Brute-force attack Masquerading Packet replay Phishing Message modification Unauthorized access through the Internet or web-based services Denial of service Dial-in penetration attacks E-mail bombing and spamming E-mail spoofing

Active attacks

Network Infrastructure Security

Internet Threats and Security

Threat impact

Loss of income Increased cost of recovery Increased cost of retrospectively securing systems Loss of information Loss of trade secrets Damage to reputation Legal and regulatory noncompliance Failure to meet contractual commitments Legal action by customers for loss of confidential data

Network Infrastructure Security

Internet Threats and Security

Causal factors for internet attacks


Availability of tools and techniques on the Internet Lack of security awareness and training

Exploitation of security vulnerabilities


Inadequate security over firewalls

Internet security controls

Network Infrastructure Security

Firewall Security Systems


Firewall general features Firewall types


Router packet filtering Application firewall systems Stateful inspection

Network Infrastructure Security

Firewall Security Systems

Firewall issues

A false sense of security The circumvention of firewall

Misconfigured firewalls
What constitutes a firewall Monitoring activities may not occur on a regular basis

Firewall policies

Network Infrastructure Security

Intrusion Detection Systems (IDS)


An IDS works in conjunction with routers and
firewalls by monitoring network usage

anomalies.
Network-based

IDSs

Host-based

IDSs

Network Infrastructure Security

Intrusion Detection Systems (IDS)


Components:

Sensors that are responsible for collecting data Analyzers that receive inputo from sensors and determine intrusive activity

An administration console A user interface

Network Infrastructure Security

Intrusion Detection Systems (IDS)


Types include:

Signature-based

Statistical-based
Neural networks

Network Infrastructure Security

Intrusion Detection Systems (IDS)


Features:

Intrusion detection Gathering evidence on intrusive activity Automated response Security monitoring Interface with system tolls Security policy management

Network Infrastructure Security

Intrusion Detection Systems (IDS)


Limitations:

Weaknesses in the policy definition

Application-level vulnerabilities
Backdoors into applications Weaknesses in identification and authentication schemes

Network Infrastructure Security

Honeypots and Honeynets


interaction Give hackers a real environment to attack Low interaction Emulate production environments
High

Network Infrastructure Security

Encryption

Key elements of encryption systems


Encryption algorithm Encryption key Key length

Private key cryptographic systems Public key cryptographic systems

Network Infrastructure Security

Encryption (Continued)

Digital signatures

Data integrity Authentication Nonrepudiation Replay protection

Network Infrastructure Security


Digital

Envelope

Used to send encrypted information and the relevant key along with it.
The message to be sent, can be encrypted by using either:

Asymmetric key Symmetric key

Network Infrastructure Security

Encryption (Continued)

Public key infrastructure


Digital certificates Certificate authority (CA) Registration authority (RA) Certificate revocation list (CRL) Certification practice statement (CPS)

Network Infrastructure Security


Encryption risks and password protection Viruses Virus and worm controls Technical controls Anti-virus software implementation strategies

Network Infrastructure Security

VOICE-OVER IP
- Advantages

Unlike traditional telephony VoIP innovation progresses at market rates Lower costs per call, or even free calls, especially for long-distance calls Lower infrastructure costs. Once IP infrastructure is installed, no or little additional telephony infrastructure is needed.

Network Infrastructure Security

VOICE-OVER IP
- VoIP Security Issues

Inherent poor security The current Internet architecture does not provide the same physical wire security as the phone lines.

You might also like