Chapter Fifteen Working with Network Security

Objectives To discover what dangers lurk in that great big world To examine the basic concepts of security To find out when you might have too much security To learn what security features are offered by the NOS To find out what makes a good password policy To review data encryption To learn to block out unwanted visitors To examine some security protocols

What Are the Dangers? Data accessed or destroyed by intruders Data accessed or destroyed from the inside Physically stolen data or equipment Data lost or corrupted due to equipment failure Protecting against viruses

Some Security Considerations Physical security –Equipment and drives must be protected from theft. Environmental damage Levels of risk –Just how sensitive is your data?

Physical Security Hard disks are easily removed. –The data can be extracted at leisure in a safe location. A physical disaster can destroy the equipment housing your critical data.

Environmental Damage The Tsunami of 2005 showed how much damage nature can wreak. Voltage surges and/or static electricity can cause data loss.

Risk Levels Low risk –Loss or damage to data will not cause an interruption of business or personal risk to people. Medium risk –Loss or damage to data results in noticeable disruption of workflow and/or involves putting people at noticeable risk. High risk –Loss or damage to data could bring the company to a standstill and/or cause serious harm to people.

Can You Have Too Much Security? If files or other resources can’t be accessed by the people who need them… If passwords are made too difficult for the average person to remember… Three levels of firewalls to protect your saved Redneck Rampage games might be a bit much.

Opening Doors to the Outside Internet access and are now essential parts of doing business. Work at home users need to be able to log in remotely. Customer support might require maintaining an accessible intranet.

Guarding the Gates Firewalls can limit access from the outside Access control lists on a router interface Securing remote access services (RAS) connections

Security in the NOS A network operating system will include a certain degree of security. –Share level versus security user level (discussed earlier) –User authentication (discussed earlier) –File system security –Securing printing devices –Directory services IPSec Kerberos

File System Security The Novell File System and NTFS both provide extensive security barriers. –Each one provides different permissions to resources. –Each one allows you to monitor users and what they’re doing on the network.

Windows Permissions Full control Modify Read and execute List folder contents Read Write

Novell Permissions Browse Create Delete Inheritance control Rename Supervisor

A Good Password Policy Never reveal your password to anyone. Force periodic password changes. Do not use common names or words in a password. Mix alpha and numeric characters with a nice mix of punctuation. Mix upper and lower-case letters. Force a minimum password length. Don’t allow repeat passwords to be used.

Data Encryption NTFS 5.0 provides the Encrypting File System. –Allows users to individually encrypt files or folders –Provides a recovery agent for getting back lost data –Uses a 128-bit encryption key

Basic Rules for Using Encryption Make sure a recovery agent is assigned and trained. Be careful who you choose as a recovery agent. Don’t use it if you don’t need it.

Building Barriers Firewalls Proxy servers Access lists

Firewalls They can be an application gateway or a circuit gateway. –A circuit gateway directs all outbound traffic to a certain point. –The source IP address is substituted with that of the gateway. –Application gateways work on the software level and mask IP addresses. All firewalls can filter packets by IP address or protocol; more advanced firewalls filter by content.

Proxy Servers A single machine provides access to the outside world (similar to a circuit gateway). Private IP addressing is used inside the network. Only the ISP-assigned IP address of the proxy server is visible to the outside world. They can cache frequently accessed pages to provide faster Internet browsing for users.

Access Lists Configured as either inbound or outbound lists on the interface of a router Can filter traffic by IP address, protocol, host name, MAC address, or content Outbound traffic can have different rules than inbound traffic

Security Protocols Secure Socket Layers Transport Layer Security Secure Multipurpose Internet Mail Extensions IPSec Kerberos

Defense Against Viruses Viruses and other malevolent code can do any of the following: –Bring performance to a crawl –Destroy or redirect data to unauthorized people –Render a machine unbootable –Turn an otherwise harmless machine into a SPAM redirector

Types of Malevolent Code Viruses Worms Trojan horses Logic bombs Trap doors Embedded macros

Good Antivirus Procedures Install an effective antivirus solution. Keep all updates and patches up to date. Regularly update signature files. Scan all incoming files as though your life depended on it.

The Virtual LAN It allows a few devices on a network to communicate as if they are a self-contained network. Make use of an intelligent switch configured to create the VLAN.

Static VLANs All devices on a single switch are part of the VLAN. Data from other parts of the network can’t get in. Data from the VLAN doesn’t get out to the rest of the network.

Dynamic VLANs It requires a switch with intelligent management capability. Switches are configured to group devices together using a list of MAC addresses, by the applications running on systems or by protocol.