Download presentation
Presentation is loading. Please wait.
Published byRussell Dawson Modified over 9 years ago
1
Chapter 11: Secure Network Architecture and Securing Network Components
2
OSI Model History of the OSI Model OSI functionality Encapsulation/deencapsulation OSI layers
3
History of the OSI Model Developed after TCP/IP was created Abstract framework Theoretical model Common reference point
4
OSI Functionality Seven layers Manages information flow Layers communicate with layers directly above and below Supports peer-layer communication
5
Encapsulation/Deencapsulation Flow of information up or down protocols stack Adding headers and footers Removing headers and footers Calculating checksums
6
OSI Layers 1 – Physical 2 – Data link 3 – Network 4 – Transport 5 – Session 6 – Presentation 7 – Application
7
TCP/IP Model DoD or DARPA model Four layers – Application/Process – Transport/Host-to-host – Internet/Internetworking – Link
8
TCP/IP Protocol TCP and UPD – Ports: 65,536 – TCP header flags: SYN, ACK, FIN, RST IPv4 vs. IPv6 ICMP IGMP ARP
9
Common Application Protocols 1/2 Telnet FTP TFTP SMTP POP IMAP DHCP
10
Common Application Protocols 2/2 HTTP SSL/TLS LPD X Windows BootP NFS SNMP
11
Converged Protocols FCoE MPLS iSCSI VoIP SDN Content distribution networks
12
Wireless Networks Securing wireless access points Securing the SSID Conducting a site survey Using secure encryption protocols Determining antenna placement Antenna types Adjusting power-level controls Using captive portals
13
Securing Wireless Access Points 802.11, 11a, 11b, 11g, 11n 802.1x Infrastructure vs. ad hoc mode SSID
14
Securing the SSID BSSID ESSID Disable SSID broadcast Beacon frame
15
Conducting a Site Survey Signal strength measurements Used to optimize deployment of base stations Minimize external access
16
Using Secure Encryption Protocols OSA, SKA WEP WPA – TKIP WPA2 – CCMP 802.1x/EAP PEAP, LEAP MAC filter
17
Determining Antenna Placement Based on site survey Centrally located Avoid emanation obstructions Avoid emanation reflective surfaces
18
Antenna Types Omnidirectional Unidirectional Yagi Cantenna Panel Parabolic
19
Adjusting Power-Level Controls Set by manufacturer May be adjustable in software Based on site survey results Maintain reliable connections internally Minimize connections externally
20
Using Captive Portals Authorization system Forced interaction with control page May require payment, logon credentials, or access code Displays use policies Often found on public access wireless networks
21
General Wi-Fi Security Procedure Security steps Secure network components Network access control Firewalls Endpoint security Other network devices
22
Security Steps Change default password Disable SSID broadcast Change SSID Enable MAC filtering Consider using static IP addresses Use WPA2 Use 802.1x Use a firewall, VPN, IDS
23
Secure Network Components Intranets, extranets Network segmentation Boost performance Reduce communication issues Provide security VLANs, routers, firewalls DMZ
24
Network Access Control Prevent/reduce zero-day attacks Enforce security policy Use identities to perform access control Preadmission vs. postadmission
25
Firewalls Filtering between network segments Static packet filtering Application-level gateway Circuit-level gateway Stateful inspection Multihomed Deployment architectures
26
Endpoint Security Local security on each device Reduce network weaknesses Use appropriate security measures on every system
27
Other Network Devices Repeaters, concentrators, amplifiers Hubs Modems Bridges, switches Routers, brouters Gateways Proxies LAN extenders
28
Cabling, Wireless, Topology, and Communications Technology Network cabling Network topologies Wireless communications and security LAN technologies
29
Network Cabling LAN vs. WAN Coax Baseband and broadband cables Twisted pair Fiber optic Conductors 5-4-3 rule
30
Network Topologies Ring Bus Star Mesh
31
Wireless Communications and Security Radio wave communications FHSS, DSSS, OFDM Cell phones Bluetooth (IEEE 802.15) Cordless phones Mobile devices
32
LAN Technologies Ethernet Token ring FDDI Analog vs. digital Synchronous vs. asynchronous Baseband vs. broadband Broadcast, multicast, unicast LAN media access – CSMA, CSMA/CD, CSMA/CA, token passing, polling
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.