Chap10_R

advertisement
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Infrastructure Security & Network
Fundamentals
Chapter 10
© 2012
Principles of Computer Security: LANs, MANs, and
CompTIA Security+
Security+® and Beyond, Third Edition
(cont’d.)
2
© 2012
WANs
Principles of Computer Security:
Applying the
CompTIA Security+
Security+® and Beyond, Third Edition
OSI Model
Table 2-1 Functions of the OSI layers
Courtesy Course Technology/Cengage Learning
© 2012
Network+ Guide to
Networks, 6th Edition
3
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
© 2012
Network+ Guide to
Networks, 6th Edition
4
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
5
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
6
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Securing a Workstation
• Keep the operating system (OS) patched and up to
date.
• Remove all shares that are not necessary.
• Rename the administrator account, securing it with a
strong password.
• Install an antivirus program and keep abreast of
updates.
• If no corporate firewall exists between the machine
and the Internet, install a firewall.
•
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Servers
• Servers are the computers in a network that host
applications and data for everyone to share.
• The key management issue behind running a secure
server setup is to identify the specific needs of a server
for its proper operation and enable only items
necessary for those functions.
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Antivirus Software
• For workstations, this type of software is still a
necessary component, particularly to prevent a PC
from becoming part of a botnet.
• For servers, this type of software is most useful when
users are allowed to place files on the machine.
• SDRC diagram
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Switches
• Can operate at either the data link or network layers of
the OSI model.
• Creates separate collision domains for each port.
• A sniffer can only see traffic for the connected port.
• Can be attacked due to vulnerabilities in both SNMP
and Telnet.
• Subject to ARP poisoning and MAC flooding.
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Routers
• Operates at the network layer of the OSI model
• Connects different network segments together
• Uses routing protocols to determine optimal paths
across a network
• Forms the backbone of the Internet
• Can also be attacked due to vulnerabilities in both
SNMP and Telnet
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Firewalls
• Can be hardware, software, or a combination.
• Enforce network security policies across network
connections.
• Different security policies will apply across the network,
based on need.
• Security policies are rules that define what traffic is
permissible and what traffic is to be blocked or denied.
– Security policies should follow the principle of least access.
– It is necessary to have a complete understanding of your
network to develop a comprehensive security policy.
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Other Firewall Techniques
• Basic packet filtering
– Checks each packet against rules pre-defined on the firewall
– Fairly simple, fast, and efficient
– Doesn’t detect and catch all undesired packets
• Stateful packet filtering
– The firewall maintains the context of a conversation
– More likely to detect and catch undesired packets
– Due to overhead, network efficiency is reduced
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
VPN
• Provides a secure channel between users even though
their signal is traveling on public networks
• Employs one of two types of encryption
– Data encryption can be sniffed en route, but the contents
cannot be read
– Packet encryption uses tunneling and protects the data and
the identities of the communicating parties
• Often done using IPsec
© 2012
Principles of Computer Security:
CompTIA Security+
Security+® and Beyond, Third Edition
Intrusion Detection Systems
• Detects, logs, and responds to unauthorized network or host use
• Can operate in real-time or after the fact
• Two categories
– Network-based systems
– Host-based systems
© 2012
Download