NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder

Objectives  Types of Networks  Components of Networks  Risks to Networks  Network Security/Controls  Auditing Networks

What is a Network?  Two or more connected computers that allow the process of telecommunications to occur  Telecommunications is the transfer of text, audio, video, or other data formats

Types of Networks  Characterized in 3 categories:  Distance  Ownership  Client/Server Networks

Distance  Local Area Network (LAN)  Connected computers within a short geographical distance of one another  Wide Area Network (WAN)  Connects computer large geographic away from one another

Ownership  Intranet  Internal network within a company  Extranet  Connects internal network to outside business partners  Virtual Private Network (VPN)  Uses public internet connection but achieves privacy through encryption and authentication

Client/Server Networks  Network servers that manage the networks and host applications that are shared with client computers  Two types:  Two-tiered  Three-tiered

Network Security and Controls  Authentication  Process of ensuring users are who they say they are  Encryption  Scrambling or coding data so that anyone who views will not be able to decode it without a decryption key  Firewalls  Hardware and software to control outside access to the network

Components of a Network  Computers and terminals  Telecommunication channels  Telecommunication processors  Routers and Switching devices

Computers and Terminals  Computers process data in a network and send/receive information to and from terminals  Terminals serve as input/output devices

Telecommunications Channels  Transmit data from computer to computer  Physical transmitters  Wireless transmitters

Telecommunications Processors  Most common is a modem  Transforms digital communication signals to analog signals for transfer and then back to digital signals  Digital communication networks

Routers and Switching Devices  Switches: connect network components and ensure messages are delivered to appropriate destinations  Routers: similar to switches but with more complex features based on protocols  Approaches to switching  Message switching  Packet switching  Circuit switching

Risks to Networks  Social Engineering  Physical Infrastructure Threats  Programmed Threats  Denial of Service Threats  Software Vulnerabilities

Social Engineering Diversion

“Soc-ing”  VoIP Vulnerabilities – Can open channel to network that is not fire-walled  Phishing Scams – i.e. – s from unknown persons containing malicious links.  Cross Site Scripting (XSS) – leads to account hijacking, changing of user settings, cookie theft/poisoning, or false advertising

Network Security  Network manager and network security administration  Authentication  Encryption  Firewalls

Auditing Networks  Perform risk assessment procedures to assess vulnerabilities  Evaluate controls and their effectiveness  Auditing Network Security  Network diagrams  Determine what assets, who has access, and understand connections  Penetration testing  Benchmarking

Risk Assessment Procedures  Basic vulnerabilities of a network  Interception- transmitted data is intercepted by a third party  Availability- unavailability of the network could result in losses for the firm  Access/Entry points- a weak point in access can make the information assets vulnerable to intruders

Evaluate Controls  Physical access controls  Transmitted information should be encrypted  Network should have sufficient management  Controls to limit the type of traffic  Passwords for everyone who has access

Auditing Networks  Network diagrams  Determine what assets  Who has access  Understand connections  Penetration testing

Questions?