Physical and Network Topology Security Chapter 7 Physical and Network Topology Security

Objectives Explain physical security methods for workstations, servers, and network devices Implement a network topology for security Explain network communications media in relation to security Use structured network design for security Guide to Operating System Security

Physical Security Limiting physical access Location of equipment Construction quality Devices to protect Workstations Servers Network devices and communications media Guide to Operating System Security

Workstation Security Password protect user accounts Configure screen saver with a password Log off or turn off computers when not in use Lock office doors Keep ventilation holes unobstructed Keep liquids away from computer Guide to Operating System Security

Workstation Security Guide to Operating System Security

Server Security (Continued) Centralized versus decentralized considerations Environmentally controlled computer room Strong access controls Cipher locks on locked doors Power regulation devices Guide to Operating System Security

Server Security (Continued) Motion sensors Camera-monitored entrances and equipment Fire detection and suppression equipment Screen savers for servers Guide to Operating System Security

Configuring Screen Savers Windows Server Use screen saver options with passwords for servers Red Hat Linux 9.x Lock a screen using screen saver NetWare SCRSAVER command at the console SECURE CONSOLE command Guide to Operating System Security

Configuring a NetWare Screen Saver (Continued) Guide to Operating System Security

Configuring a NetWare Screen Saver Guide to Operating System Security

Network Devices Access servers Bridges Chassis hubs Firewalls Hubs Multiplexers Repeaters Routers Switches Transceivers UPS Guide to Operating System Security

Securing Network Devices Place central wiring and network devices in wiring closets that follow EIA/TIA-569 standards Telecommunications room Main cross-connect Intermediate cross-connect Locate wiring closets away from sources of EMI and RFI Guide to Operating System Security

Designing a Network Topology for Security Main network topologies Bus Ring Star Bus-star Guide to Operating System Security

Bus Topology Cable runs from one computer to the next, like a chain Terminators connect to each bus cable segment Disadvantages Easily compromised by removing a terminator Easy for unauthorized person to tap into cable segment Guide to Operating System Security

Bus Topology Guide to Operating System Security

Ring Topology Continuous path for data; no logical beginning or ending point; no terminators Easier to manage, more reliable, and more secure than the bus More expensive than the bus Guide to Operating System Security

Ring Topology Guide to Operating System Security

Star Topology Multiple stations attached to central hub or switch Allows you to emphasize security, efficiency, and reliability Guide to Operating System Security

Star Topology Guide to Operating System Security

Star Topology Advantages Disadvantages Wide variety of equipment available Unauthorized taps are difficult Easier to manage than the bus Expansion options Disadvantages Hub or switch is single point of failure Requires more cable than bus Guide to Operating System Security

Logical Bus Networks in a Physical Star Layout Most common topology Advantages No exposed terminators to pose security risk Expansion capabilities Guide to Operating System Security

Communications Media and Network Security Coaxial cable Twisted-pair cable Fiber-optic cable Wireless technologies Guide to Operating System Security

Coaxial Cable Copper wire construction Thick and thin varieties Suitability Older LANs LANs with strong sources of signal interference Guide to Operating System Security

Thick Coaxial Cable Guide to Operating System Security

Thin Coaxial Cable (Thinnet) Guide to Operating System Security

Twisted-Pair Cable Copper wire construction Shielded twisted-pair (STP) and unshielded twisted-pair (UTP) Most commonly used cabling Guide to Operating System Security

Twisted-Pair Cable Guide to Operating System Security

Fiber-Optic Cable Glass (usually) or plastic cable Single mode and multimode Suitability High-speed LAN and WAN access To connect networks between different locations In situations with significant electrical interference Where security is a concern Guide to Operating System Security

Fiber-Optic Cable Guide to Operating System Security

Wireless Technologies Radio, infrared, or microwave Suitability Difficult or too expensive to use cable When flexibility to move network hosts and devices is required Guide to Operating System Security

Comparing Cable Types Guide to Operating System Security

Using Structured Design Follow accepted guidelines for cable installation Deploy structured wiring design Implement structured network design Guide to Operating System Security

Guidelines for Cable Installation (Continued) Meet or exceed maximum bandwidth requirements Category 5 or better UTP cable Multimode fiber-optic riser cable between floors IEEE specifications Single-mode fiber-optic cable for long runs Guide to Operating System Security

Guidelines for Cable Installation (Continued) Wireless options where needed Star-based cable plants High-quality cable Building codes (eg, plenum cable) Do not exceed tension limits of twisted-pair cable Guide to Operating System Security

Guidelines for Cable Installation (Continued) Follow rules for cable bend radius Extra cable at endpoints Qualified contractor Label all cable Ground cable plants (EIA/TIA-607 standard) Guide to Operating System Security

Structured Wiring Requirements Flexible cabling Wiring stations into a physical star Adherence to EIA/TIA-568-A/EIA-TIA-568-B standards for horizontal wiring Centralizing cable plant in chassis hubs or switches Guide to Operating System Security continued…

Structured Wiring Requirements Intelligence built into chassis hubs and switches to detect problems at stations Ability to isolate hosts and servers on their own cable segments Ability to provide high-speed links to hosts and servers and other network devices Guide to Operating System Security

Structured Wiring Design Guide to Operating System Security

Structured Network Design Solid horizontal and vertical wiring design enables: Centralizing a network at strategic points Customization for security and efficiency Linking together by a fast backbone Guide to Operating System Security

Structured Network for Centralized Management Figure 7-10 Structured network for centralized management Guide to Operating System Security

Vertical Wiring Principles Extended star topology between devices High-speed cable to reduce congestion not susceptible to EMI and RFI EIA/TIA-568-A/EIA-TIA-568-B standards for vertical or backbone cabling Riser-rated cable for cable runs through cable ports or vertical shafts Fire-stop material to cover cable between floors Guide to Operating System Security

Centralized Management Central points are established for critical network functions Simple Network Management Protocol (SNMP) Community name Network management station (NMS) Network agents Guide to Operating System Security

Using Virtual LANs Can be used as a central management tool Potential problems Improper configuration exposes network to security risks Trunks are vulnerable to attacks Guide to Operating System Security

Using Network Redundancy for Security Vital network areas remain running even if equipment fails or an attack occurs Guide to Operating System Security

Designing for Redundancy Figure 7-11 Designing for redundancy Guide to Operating System Security

Building Multiple Redundant Pathways Figure 7-12 Building multiple redundant pathways Guide to Operating System Security

Summary How to physically secure workstations and servers How network topologies can be used to enhance security Which network media offer the best security How to combine network topology and media in a structured wiring and networking design for efficiency and security Guide to Operating System Security