Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)

Guide to Network Defense and Countermeasures Second Edition

Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Firewall Configuration Strategies

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.

Security Awareness Chapter 5 Wireless Network Security.

IS Network and Telecommunications Risks

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

Wi-Fi Structures.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Internet Protocol Security (IPSec)

Guide to Computer Network Security

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

Virtual Private Network

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Intranet, Extranet, Firewall. Intranet and Extranet.

COMP 6005 An Introduction To Computing Session Four: Internetworking and the World Wide Web.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Chapter 6: Packet Filtering

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Chapter 8: Virtual LAN (VLAN)

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.

NETWORK INFRASTRUCTURE SECURITY Domain 5. Computer Security “in short, the average computer is about as secure as a wet paper bag, and it is one of the.

Security fundamentals Topic 10 Securing the network perimeter.

Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.

Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,

K. Salah1 Security Protocols in the Internet IPSec.

SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.

NT1210 Introduction to Networking

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Cisco Discovery 3 Chapter 1 Networking in the Enterprise JEOPARDY.

Defining Network Infrastructure and Network Security Lesson 8.

S ECURITY APPLIANCES Module 2 Unit 2. S ECURE NETWORK TOPOLOGIES A topology is a description of how a computer network is physically or logically organized.

Security fundamentals

CompTIA Security+ Study Guide (SY0-401)

Introduction to Networking

CompTIA Security+ Study Guide (SY0-401)

Firewalls Routers, Switches, Hubs VPNs

Introduction to Network Security

Cengage Learning: Computer Networking from LANs to WANs

Implementing Firewalls

Presentation transcript:

Network Security Topologies Chapter 11

Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place and role of the demilitarized zone in the network Explain how network address translation is used to help secure networks Spell out the role of tunneling in network security Describe security features of virtual local area networks

Perimeter Security Topologies Put in place using firewalls and routers on network edge Permit secure communications between the organization and third parties Key enablers for many mission-critical network services Include demilitarized zones (DMZs) extranets, and intranets continued…

Perimeter Security Topologies Selectively admit or deny data flows from other networks based on several criteria:  Type (protocol)  Source  Destination  Content

Three-tiered Architecture Outermost perimeter Internal perimeters Innermost perimeter

Outermost Perimeter Router used to separate network from ISP’s network Identifies separation point between assets you control and those you do not Most insecure area of a network infrastructure Normally reserved for routers, firewalls, public Internet servers (HTTP, FTP, Gopher) Not for sensitive company information that is for internal use only

Internal Perimeters Represent additional boundaries where other security measures are in place

Network Classifications Trusted Semi-trusted Untrusted

Trusted Networks Inside network security perimeter The networks you are trying to protect

Semi-Trusted Networks Allow access to some database materials and May include DNS, proxy, and modem servers Not for confidential or proprietary information Referred to as the demilitarized zone (DMZ)

Untrusted Networks Outside your security perimeter Outside your control

Creating and Developing Your Security Design Know your enemy Count the cost Identify assumptions Control secrets Know your weaknesses Limit the scope of access Understand your environment Limit your trust

DMZ Used by a company to host its own Internet services without sacrificing unauthorized access to its private network Sits between Internet and internal network’s line of defense, usually some combination of firewalls and bastion hosts Traffic originating from it should be filtered continued…

DMZ Typically contains devices accessible to Internet traffic  Web (HTTP) servers  FTP servers  SMTP ( ) servers  DNS servers Optional, more secure approach to a simple firewall; may include a proxy server

DMZ Design Goals Minimize scope of damage Protect sensitive data on the server Detect the compromise as soon as possible Minimize effect of the compromise on other organizations

Intranet Either a network topology or application (usually a Web portal) used as a single point of access to deliver services to employees Typically a collection of all LANs inside the firewall Shares company information and computing resources among employees continued…

Intranet Allows access to public Internet through firewalls that screen communications in both directions to maintain company security Also called a campus network

Extranet Private network that uses Internet protocol and public telecommunication system to provide various levels of accessibility to outsiders Can be accessed only with a valid username and password Identity determines which parts of the extranet you can view continued…

Extranet Requires security and privacy  Firewall management  Issuance and use of digital certificates or other user authentication  Encryption of messages  Use of VPNs that tunnel through the public network

Network Address Translation (NAT) Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set for external traffic Able to translate addresses contained in an IP packet

Main Purposes of NAT Provide a type of firewall by hiding internal IP addresses Enable a company to use more internal IP addresses

NAT Most often used to map IPs from nonroutable private address spaces defined by RFC 1918 Static NAT and dynamic NAT Port Address Translation (PAT)  Variation of dynamic NAT  Allows many hosts to share a single IP address by multiplexing streams differentiated by TCP/UDP port numbers  Commonly implemented on SOHO routers

Tunneling Enables a network to securely send its data through untrusted/shared network infrastructure Encrypts and encapsulates a network protocol within packets carried by second network Best-known example: virtual private networks Replacing WAN links because of security and low cost An option for most IP connectivity requirements

Example of a Tunnel

Virtual Local Area Networks (VLANs) Deployed using network switches Used throughout networks to segment different hosts from each other Often coupled with a trunk, which allows switches to share many VLANs over a single physical link

Benefits of VLANs Network flexibility Scalability Increased performance Some security features

Security Features of VLANs Can be configured to group together users in same group or team Offer some protection when sniffers are inserted into the network Protect unused switch ports Use an air gap to separate trusted from untrusted networks

Vulnerabilities of VLAN Trunks Trunk autonegotiation  Prevention: Disable autonegotiation on all ports Trunk VLAN membership and pruning  Prevention: Manually configure all trunk links with the VLANs that are permitted to traverse them

Chapter Summary Technologies used to create network topologies that secure data and networked resources  Perimeter networks  Network address translation (NAT)  Virtual local area networks (VLANs)