Presentation is loading. Please wait.

Presentation is loading. Please wait.

1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.

Published byEverett Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing."— Presentation transcript:

1

2 1/28/2010 Network Plus Security Review

3 Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing –Port scanners Protocols –NOS updates Internet Access –Spyware –Bots –Social media

4 Network Security Technology Firewalls –Router Access Lists –Stateless and Stateful –Intruder Detection and Prevention Proxy Servers

5 25 Router Access Lists (cont’d.) ACL instructs router –Permit or deny traffic according to variables: Network layer protocol (IP, ICMP) Transport layer protocol (TCP, UDP) Source IP address Source netmask Destination IP address Destination netmask TCP, UDP port number

6 27 Intrusion Detection and Prevention Port mirroring Port configured to send copy of all traffic to another port for monitoring purposes IDS (intrusion detection system) –Logs potential problems IPS (Intrusion Prevention System –Block potential problems Denial-of-service, smurf attacks

7 DMZ In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. An external attacker only has access to equipment in the DMZ, rather than any other part of the network.computer securitysubnetwork

8 Network+ Guide to Networks, 5 th Edition40 Proxy Servers (cont’d.) Figure 12-5 A proxy server used on a WAN

9 Encryption Use of keys to scramble data to prevent eavesdropping Symmetric vs Asymmetric keys Encryption systems

10 51 Public (Asymmetric) Key Encryption Data encrypted using two keys –Private key: user knows –Public key: anyone may request Public key server –Freely provides users’ public keys –Uses Certificate Authority to verify certificate Asymmetric encryption –Requires two different keys Used with SSL and TLS Used by HTTPS and SSH

11 63 IPSec (Internet Protocol Security) Defines encryption, authentication, key management –Works at Network layer for TCP/IP transmissions Native IPv6 standard Difference from other methods –Encrypts data by adding security information to all IP packet headers –Transforms data packets Operates at Network layer (Layer 3) Used by L2TP VPN connections

12 66 IPSec (cont’d.) Figure 12-9 Placement of a VPN concentrator on a WAN

13 Network Authentication Allow a user to login to a server or service without revealing the user password to packet sniffers. Requires some form of encryption Secure Login Systems

14 67 Authentication Protocols Authentication –Process of verifying a user’s credentials Grant user access to secured resources Authentication protocols –Rules computers follow to accomplish authentication Several authentication protocol types –RADIUS/TACACS –PAP –CHAP –EAP and 802.1x (EAPoL) Used in WPA2 (802.11x) –Kerberos

15 81 802.1x (EAPoL) (cont’d.) Figure 12-15 802.1x authentication process

16 Wireless Security Options

17 84 Wireless Network Security Wireless Susceptible to eavesdropping –War driving Effective for obtaining private information Forms of Wireless Encryption –WEP –802.11i Uses EAPoL –WPA –WPA2 Based on 802.11i Uses AES and CCMP encryption

18 WPA and WPA2 WPA (Wi-Fi Protected Access) –Subset of 802.11i –Same authentication as 802.11i TKIP keys –Uses RC4 encryption rather than AES –Has been cracked WPA2 –Follows 802.11i –Uses AES security –Replaces WPA2 –Uses CCMP

19 Setting Wireless Security

20 Network+ Guide to Networks, 5 th Edition The End

Download ppt "1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing."

Similar presentations

Network Security.

Network Security.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Network+ Guide to Networks, Fourth Edition

Network+ Guide to Networks, Fourth Edition
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Controlling access with packet filters and firewalls.

Controlling access with packet filters and firewalls.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Guide to Computer Network Security

Guide to Computer Network Security
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Similar presentations

Ads by Google