Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition Infrastructure Security & Network Fundamentals Chapter 10 © 2012 Principles of Computer Security: LANs, MANs, and CompTIA Security+ Security+® and Beyond, Third Edition (cont’d.) 2 © 2012 WANs Principles of Computer Security: Applying the CompTIA Security+ Security+® and Beyond, Third Edition OSI Model Table 2-1 Functions of the OSI layers Courtesy Course Technology/Cengage Learning © 2012 Network+ Guide to Networks, 6th Edition 3 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition © 2012 Network+ Guide to Networks, 6th Edition 4 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition 5 © 2012 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition 6 © 2012 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition Securing a Workstation • Keep the operating system (OS) patched and up to date. • Remove all shares that are not necessary. • Rename the administrator account, securing it with a strong password. • Install an antivirus program and keep abreast of updates. • If no corporate firewall exists between the machine and the Internet, install a firewall. • © 2012 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition Servers • Servers are the computers in a network that host applications and data for everyone to share. • The key management issue behind running a secure server setup is to identify the specific needs of a server for its proper operation and enable only items necessary for those functions. © 2012 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition Antivirus Software • For workstations, this type of software is still a necessary component, particularly to prevent a PC from becoming part of a botnet. • For servers, this type of software is most useful when users are allowed to place files on the machine. • SDRC diagram © 2012 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition Switches • Can operate at either the data link or network layers of the OSI model. • Creates separate collision domains for each port. • A sniffer can only see traffic for the connected port. • Can be attacked due to vulnerabilities in both SNMP and Telnet. • Subject to ARP poisoning and MAC flooding. © 2012 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition Routers • Operates at the network layer of the OSI model • Connects different network segments together • Uses routing protocols to determine optimal paths across a network • Forms the backbone of the Internet • Can also be attacked due to vulnerabilities in both SNMP and Telnet © 2012 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition Firewalls • Can be hardware, software, or a combination. • Enforce network security policies across network connections. • Different security policies will apply across the network, based on need. • Security policies are rules that define what traffic is permissible and what traffic is to be blocked or denied. – Security policies should follow the principle of least access. – It is necessary to have a complete understanding of your network to develop a comprehensive security policy. © 2012 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition Other Firewall Techniques • Basic packet filtering – Checks each packet against rules pre-defined on the firewall – Fairly simple, fast, and efficient – Doesn’t detect and catch all undesired packets • Stateful packet filtering – The firewall maintains the context of a conversation – More likely to detect and catch undesired packets – Due to overhead, network efficiency is reduced © 2012 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition VPN • Provides a secure channel between users even though their signal is traveling on public networks • Employs one of two types of encryption – Data encryption can be sniffed en route, but the contents cannot be read – Packet encryption uses tunneling and protects the data and the identities of the communicating parties • Often done using IPsec © 2012 Principles of Computer Security: CompTIA Security+ Security+® and Beyond, Third Edition Intrusion Detection Systems • Detects, logs, and responds to unauthorized network or host use • Can operate in real-time or after the fact • Two categories – Network-based systems – Host-based systems © 2012