Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 11: Secure Network Architecture and Securing Network Components.

Similar presentations


Presentation on theme: "Chapter 11: Secure Network Architecture and Securing Network Components."— Presentation transcript:

1 Chapter 11: Secure Network Architecture and Securing Network Components

2 OSI Model History of the OSI Model OSI functionality Encapsulation/deencapsulation OSI layers

3 History of the OSI Model Developed after TCP/IP was created Abstract framework Theoretical model Common reference point

4 OSI Functionality Seven layers Manages information flow Layers communicate with layers directly above and below Supports peer-layer communication

5 Encapsulation/Deencapsulation Flow of information up or down protocols stack Adding headers and footers Removing headers and footers Calculating checksums

6 OSI Layers 1 – Physical 2 – Data link 3 – Network 4 – Transport 5 – Session 6 – Presentation 7 – Application

7 TCP/IP Model DoD or DARPA model Four layers – Application/Process – Transport/Host-to-host – Internet/Internetworking – Link

8 TCP/IP Protocol TCP and UPD – Ports: 65,536 – TCP header flags: SYN, ACK, FIN, RST IPv4 vs. IPv6 ICMP IGMP ARP

9 Common Application Protocols 1/2 Telnet FTP TFTP SMTP POP IMAP DHCP

10 Common Application Protocols 2/2 HTTP SSL/TLS LPD X Windows BootP NFS SNMP

11 Converged Protocols FCoE MPLS iSCSI VoIP SDN Content distribution networks

12 Wireless Networks Securing wireless access points Securing the SSID Conducting a site survey Using secure encryption protocols Determining antenna placement Antenna types Adjusting power-level controls Using captive portals

13 Securing Wireless Access Points 802.11, 11a, 11b, 11g, 11n 802.1x Infrastructure vs. ad hoc mode SSID

14 Securing the SSID BSSID ESSID Disable SSID broadcast Beacon frame

15 Conducting a Site Survey Signal strength measurements Used to optimize deployment of base stations Minimize external access

16 Using Secure Encryption Protocols OSA, SKA WEP WPA – TKIP WPA2 – CCMP 802.1x/EAP PEAP, LEAP MAC filter

17 Determining Antenna Placement Based on site survey Centrally located Avoid emanation obstructions Avoid emanation reflective surfaces

18 Antenna Types Omnidirectional Unidirectional Yagi Cantenna Panel Parabolic

19 Adjusting Power-Level Controls Set by manufacturer May be adjustable in software Based on site survey results Maintain reliable connections internally Minimize connections externally

20 Using Captive Portals Authorization system Forced interaction with control page May require payment, logon credentials, or access code Displays use policies Often found on public access wireless networks

21 General Wi-Fi Security Procedure Security steps Secure network components Network access control Firewalls Endpoint security Other network devices

22 Security Steps Change default password Disable SSID broadcast Change SSID Enable MAC filtering Consider using static IP addresses Use WPA2 Use 802.1x Use a firewall, VPN, IDS

23 Secure Network Components Intranets, extranets Network segmentation Boost performance Reduce communication issues Provide security VLANs, routers, firewalls DMZ

24 Network Access Control Prevent/reduce zero-day attacks Enforce security policy Use identities to perform access control Preadmission vs. postadmission

25 Firewalls Filtering between network segments Static packet filtering Application-level gateway Circuit-level gateway Stateful inspection Multihomed Deployment architectures

26 Endpoint Security Local security on each device Reduce network weaknesses Use appropriate security measures on every system

27 Other Network Devices Repeaters, concentrators, amplifiers Hubs Modems Bridges, switches Routers, brouters Gateways Proxies LAN extenders

28 Cabling, Wireless, Topology, and Communications Technology Network cabling Network topologies Wireless communications and security LAN technologies

29 Network Cabling LAN vs. WAN Coax Baseband and broadband cables Twisted pair Fiber optic Conductors 5-4-3 rule

30 Network Topologies Ring Bus Star Mesh

31 Wireless Communications and Security Radio wave communications FHSS, DSSS, OFDM Cell phones Bluetooth (IEEE 802.15) Cordless phones Mobile devices

32 LAN Technologies Ethernet Token ring FDDI Analog vs. digital Synchronous vs. asynchronous Baseband vs. broadband Broadcast, multicast, unicast LAN media access – CSMA, CSMA/CD, CSMA/CA, token passing, polling


Download ppt "Chapter 11: Secure Network Architecture and Securing Network Components."

Similar presentations


Ads by Google