Defining Network Infrastructure and Security

Slides:



Advertisements
Similar presentations
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Advertisements

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Module 5: Configuring Access for Remote Clients and Networks.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
NetComm Wireless VPN Functionality Feature Spotlight.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
A Brief Taxonomy of Firewalls
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Intranet, Extranet, Firewall. Intranet and Extranet.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
1 Network Security Revisited ITEC 370 George Vaughan Franklin University.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Chapter 6: Packet Filtering
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Module 4: Designing Routing and Switching Requirements.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
The University of Oklahoma Virtual Private Network How it works.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
The Intranet.
Security fundamentals Topic 10 Securing the network perimeter.
Module 10: Windows Firewall and Caching Fundamentals.
Securing Access to Data Using IPsec Josh Jones Cosc352.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
Defining Network Infrastructure and Network Security Lesson 8.
Security fundamentals
CompTIA Security+ Study Guide (SY0-401)
Virtual Private Networks
Virtual Private Networks
Click to edit Master subtitle style
Configuring TMG as a Firewall
CompTIA Security+ Study Guide (SY0-401)
VPN: Virtual Private Network
Firewalls Chapter 8.
Introduction to Network Security
Cengage Learning: Computer Networking from LANs to WANs
Virtual Private Network zswu
Topic 12: Virtual Private Networks
Presentation transcript:

Defining Network Infrastructure and Security Lesson 8

Objectives Skills/Concepts Objective Domain Description Objective Domain Number Understanding networks outside the LAN Understanding the concepts of the Internet, Intranet and Extranet 1.1 Understanding Security Devices and Zones This should also be a review for the 70-642.

Internet The Internet is a worldwide system of connected computer networks Devices that connect to the Internet use the TCP/IP protocol suite The Internet contains a lot of information, resources and services: World Wide Web (WWW) servers hosting content Supporting infrastructure for email Connectivity for peer-to-peer networks Internet

World Wide Web The World Wide Web (WWW) is an enormous system of interlinked hypertext documents that can be accessed by using a web browser Interlinked hypertext documents can contain text, graphics and videos Currently, the World Wide Web is in a stage known as Web 2.0 Web 2.0 is an interactive type of web experience compared to the previous version 1.0

Intranet An intranet is a private computer network or single Web site that an organization implements in order to share data with employees around the world User authentication is necessary before a person can access the information in an intranet Ideally, this keeps the general public out, as long as the intranet is properly secured

Extranet An extranet is similar to an intranet except that it is extended to users outside a company, and possibly to entire organizations that are separate from or lateral to the company User authentication is still necessary, and an extranet is not open to the general public

Accessing Company Data Public Remote Users Accessing Company Data Partner A company can present information to different groups: Intranet – For internal employees Extranet – For partners Web Server – For the public

VPN A virtual private network (VPN) is a connection between two or more computers or devices that are not on the same private network In order to ensure that only the proper users and data sessions cross to a VPN device, data encapsulation and encryption are used A “tunnel’ is created, through the LANs and WANs that are being used Internet/ISP

Popular VPN Protocols Point-to-Point Tunneling Protocol (PPTP): Encapsulates Point-to-Point (PPP) frames into IP datagrams for transmission over an IP-based network (data isn’t encrypted by default) Layer Two Tunneling Protocol with Internet Protocol Security (L2TP/IPSec) is a combination of PPTP and Layer 2 Forwarding (L2F) a technology from Cisco Systems, Inc, IPSec is used to encrypt the message

Point-to-Point Tunneling Protocol PPTP allows multiprotocol traffic to be encrypted and then encapsulated in an IP header to be sent across an IP network or a public IP network PPTP can be used for remote access and site-to-site VPN connections PPTP encapsulates PPP frames in IP datagrams for transmission PPTP uses a TCP connection for tunnel management and a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames The payload of the encapsulated PPP frame can be encrypted, compressed or both Encrypted IP Header GRE Header PPP Header PPP Payload (IP Datagram) PPP Frame

PPP Payload (IP Datagram) PPP Payload (IP Datagram) L2TP with IPSec L2TP allows multiprotocol traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery L2TP relies on IPSec in Transport Mode for encryption services Encapsulation for L2TP/IPSec packets consists of two layers: L2TP Encapsulation: PPP frame is wrapped with an L2TP and UDP header IPSec Encapsulation: The L2TP message is wrapped with an IPSec Encapsulating Security Payload (ESP) header and trailer, and an IPSec Authentication Trailer IP Header UDP Header L2TP Header PPP Header PPP Payload (IP Datagram) Encrypted by IPSec IP Header IPSec ESP Header UDP Header L2TP Header PPP Header PPP Payload (IP Datagram) IPSec ESP Trailer IPSec Auth Trailer

DEMO: Custom RRAS Configuration and show a VPN connection

Firewalls Firewalls are used to help protect a network from malicious attack and unwanted intrusion They are the most commonly used type of security device in an organization’s perimeter

Security Devices and Zones Security devices such as firewalls are the main defense for a company’s networks, whether they are LANs, WANs, intranets, or extranets Perimeter networks help keep certain information open to specific users or to the public while keeping the rest of an organization’s data secret Public Remote Users Partner

Packet Filtering Packet filtering inspects each packet that passes through the firewall and accepts or rejects it based on a set of rules Stateless packet inspection does not retain memory of packets that have passed through the firewall Stateful packet inspection (SPI) maintain context about active sessions

NAT Filtering NAT filtering, also known as NAT endpoint filtering, filters traffic according to ports (TCP or UDP) This can be done in three ways: Using basic endpoint connections Matching incoming traffic to the corresponding outbound IP address connection Matching incoming traffic to the corresponding IP address and port

Application-Level Gateway Application-level gateway (ALG) supports address and port translation and checks whether the type of application traffic is allowed It adds a layer of security; however, it is resource intensive

Circuit-Level Gateway Circuit-level gateway works at the session layer of the OSI model when a TCP or UDP connection is established. Circuit-level filtering inspects sessions rather than connections or packets Once the connection has been made, packets can flow between the hosts without further checking Circuit-level gateways hide information about the private network, but they do not filter individual packets

Proxy Server A proxy server acts as an intermediary between a LAN and the Internet By definition, proxy means “go-between,” acting as such a mediator between a private and a public network The proxy server evaluates requests from clients, and if they meet certain criteria, forwards them to the appropriate server

Caching Proxy Caching proxy attempts to serve client requests without actually contacting the remote server Although there are FTP and SMTP proxies among others, the most common caching proxy is the HTTP proxy, also known as a web proxy, which caches web pages from servers on the Internet for a set amount of time This is done to save bandwidth on the company’s Internet connection and to increase the speed at which client requests are carried out

IP Proxy IP proxy secures a network by keeping machines behind it anonymous It does this through the use of NAT

Internet Content Filter An Internet content filter, or simply a content filter, is usually applied as software at the application layer and it can filter out various types of Internet activities, such as access to certain Web sites, email, instant messaging, and so on.

Network Intrusion Detection and Prevention A network intrusion detection system (NIDS) is a type of IDS that attempts to detect malicious network activities (e.g., port scans and DoS attacks) by constantly monitoring network traffic The NIDS will then report any issues that it finds to a network administrator as long as it is configured properly A network intrusion prevention system (NIPS) is designed to inspect traffic, and, based on its configuration or security policy, it can remove, detain, or redirect malicious traffic in addition to simply detecting it

Perimeter Network A perimeter network is a small network that is set up separately from a company’s private local area network and the Internet It is called a perimeter network because it is usually on the edge of a LAN, but DMZ is an industry standard term A perimeter network allows users outside a company LAN to access specific services located on the DMZ When the perimeter network is set up properly, those users are blocked from gaining access to the company LAN The perimeter network might house a switch with servers connected to it that offer web, email, and other services

Perimeter Network Configurations Back-to-back configuration: This configuration has the perimeter network situated between two firewall devices, which could be black box appliances or Microsoft Internet Security and Acceleration (ISA) Servers 3-leg perimeter configuration: In this scenario, the perimeter network is usually attached to a separate connection of the company firewall. Therefore, the firewall has three connections—one to the company LAN, one to the perimeter network, and one to the Internet

Summary How to differentiate between the Internet, intranets, and extranets. You have learned about firewalls and how to initiate port scans on them to see whether they are locked down. Understand other perimeter devices and zones, such as proxy servers, internet content filters, NIDS, NIPS, and a perimeter network.

Additional Resources & Next Steps Instructor-Led Courses 40033A: Windows Operating System and Windows Server Fundamentals: Training 2-Pack for MTA Exams 98-349 and 98-365 (5 Days) 40349A: Windows Operating System Fundamentals: MTA Exam 98-349 (3 Days) 40032A: Networking and Security Fundamentals: Training 2-Pack for MTA Exams 98-366 and 98-367 (5 Days) 40366A: Networking Fundamentals: MTA Exam 98-366 Books Exam 98-366: MTA Networking Fundamentals (Microsoft Official Academic Course) Exams & Certifications Exam 98-366: Networking Fundamentals Remote Desktop Poster http://www.microsoft.com/en-us/download/confirmation.aspx?id=3262

4/14/2017 11:38 AM © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.