Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID 08051602 Module code:CT3P50N BSc Computer Networking London Metropolitan University.

Published byPreston Kelley Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID 08051602 Module code:CT3P50N BSc Computer Networking London Metropolitan University."— Presentation transcript:

1 Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID 08051602 Module code:CT3P50N BSc Computer Networking London Metropolitan University 03/02/12 Supervisor: Dr. Shahram Salekzamankhani

2  LAN : A group of computers and devices interconnected together in a limited geographical area such as computer laboratory, etc to enable the sharing of resources like printers, files, amongst users.  LAN security provides confidentiality, data Integrity, and availability to network users. ( Protection: information, systems, hardware that store, and transmit information. )  OSI Model is used as a basis for a systematic approach to secure LAN Vulnerabilities.  A Virtual topology is used to show how to have a secured wired LAN solution. Introduction

3 LAN Security?  Network security solutions started coming up as the early 1960 but didn’t have a big impact not until the 2000s.  Last 13 years measures to mitigate LAN security threats and cryptography security technology(encryption and hashing mechanisms) been developed. Categories of Network threats  Reconnaissance attacks  Packet sniffers,  Ping sweeps,  Port Scans,  Internet information queries,  Denial-of-service  Ping of Death,  Smurf Attack,  TCP SYN Flood attack  Worm.  Virus,  Trojan horse, Project background

4  Access attacks  Man-in-the-middle,  Buffer overflow,  Port Redirection,  Password attacks,  Trust exploitation  Other categories that exploit LAN switches vulnerabilities.  MAC address spoofing,  Spanning Tree Protocol manipulation attack,  MAC address table overflows,  LAN storms,  VLAN attacks, Cont : Project background

5  Aims 1: To investigate which OSI model layer is most vulnerable to attacks. 2: To investigate, analyse the available tools and methods to secure a wired LAN.  Objectives  To secure the physical layer devices i.e. Routers, Switches, PCs, servers, etc.  To secure layer 2 protocols i.e. Ethernet/IEEE 802.3, token ring / IEEE 802.5.  To secure the addressing structure and routing protocols at the network layer.  To have a secure and reliable transport mechanism between two communicating devices.  To provide a secure way for applications to translate data formats, encrypt and decryption of the data using authentication methods, SSH, passwords, encryption etc. Aims and objectives

6  Cont: Objectives  To provide a secure platform for users to interact with applications by securing application layer protocols such as HTTP, FTP, TELNET, FTP-DATA.  To prevent un-trusted traffic to access the network resources.  To provide a cost effective but efficient and reliable LAN.  Personal and Academic objectives  To learn how to secure LAN.  To learn to organise my time meaningfully to meet deadlines.  To learn research technique and writing well-structured report.  To improve my presentation skills, confidence,and prepare for a career in Computer and Network Security. Aims and objectives

7 Scenario: Secured LAN Topology

8 Developments  End users Host- Based Intrusion Detection Systems(London Met labs) Cisco catalyst Switches  Message of the day / login Banner  Port level Port Security  BPDU Guard  Storm Control  Root Guard  High Availability with Hot Standby Routing Protocol (HSRP)  VLANs  VLAN Trunk Security  Root Bridge  Spanning Tree Protocol feature – PortFast

9 Cont: Developments Cisco Router security  Password requirement (router access).  Secure remote routers access.  Secure unused router network services & interfaces.  Authentication, Authorization, Accounting protocol.  Syslog server – LAN activities.  IPS software firewall.  Secure EIGRP routing protocol authentication Secure router IOS image  Access Lists  Network Address Translation/PAT

10 Analysis Inspection rule/Audit-trail process CBAC rule Secure DHCP server: DHCP Snooping, Dynamic ARP inspection, IP source guard

11 Cont: Analysis Public users access internal web server Public denied access to private VLAN 2, and 3 subnets

12 Cont: Analysis Inter- VLAN routing : VLAN 2 accesses VLAN 3 & DMZ VLAN 3 accesses VLAN 2 & DMZ

13 Cont: Analysis ISP/WEB server pings successfully the Company DMZ Web server NAT Transactions

14 Cont: Analysis In-line IPS software firewall inspection Syslog server activity

15 Cont: Analysis Secure line VTY: SSHVlan 2 & 3 access internet

16  London Met Cisco laboratory enabled me achieve a secured environment of the physical layer devices.  layer 2 is the LAN’s most vulnerable layer  Secured layer 2 to 7 of the OSI model layers.  Secured the private network from receiving un-trusted traffic from public network/internet.  LANs redundancy, reliability and cost effectiveness achieved by;  Implement Network Security Policies & employ Network Security Professionals.  Skills learnt: LAN security threats,& mitigation technology, Time management, report writing, information research and presentation skills. Conclusion

17

Download ppt "Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID 08051602 Module code:CT3P50N BSc Computer Networking London Metropolitan University."

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
Data Center Security Overview Dr. Natheer Khasawneh Ziad BashaBsheh.

Data Center Security Overview Dr. Natheer Khasawneh Ziad BashaBsheh.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Trish Miller Network Security. Trish Miller Types of Attacks Attacks on the OSI & TCP/IP Model Attack Methods Prevention Switch Vulnerabilities and Hacking.

Trish Miller Network Security. Trish Miller Types of Attacks Attacks on the OSI & TCP/IP Model Attack Methods Prevention Switch Vulnerabilities and Hacking.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Network Security Network Attacks and Mitigation 張晃崚 CCIE #13673, CCSI #31340 區域銷售事業處 副處長 麟瑞科技.

Network Security Network Attacks and Mitigation 張晃崚 CCIE #13673, CCSI #31340 區域銷售事業處 副處長 麟瑞科技.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
1 Packet Sniffers Prepared By: Amer Alhorini Supervised By: Dr. Lo'ai Tawalbeh NYIT New York Institute of Technology.

1 Packet Sniffers Prepared By: Amer Alhorini Supervised By: Dr. Lo'ai Tawalbeh NYIT New York Institute of Technology.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.

Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.

Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Secure LAN Switching Layer 2 security Introduction Port-level controls

Secure LAN Switching Layer 2 security Introduction Port-level controls

Similar presentations

Ads by Google