Common forms of active attacks may ... indiscriminately With careful consideration when designing and developing network ... directory system, which ... – PowerPoint PPT presentation
Local area networks facilitate the storage and retrieval of programs and data used by a group of people. LAN software and practices also need to provide for the security of these programs and data.
LAN risk and issues
Dial-up access controls
3 Network Infrastructure Security
Client-Server Security
Control techniques in place
Securing access to data or application
Use of network monitoring devices
Data encryption techniques
Authentication systems
Use of application level access control programs
4 Network Infrastructure Security
Client/Server Security
Client/server risks and issues
Access controls may be weak in a client-server environment.
Change control and change management procedures.
The loss of network availability may have a serious impact on the business or service.
Obsolescence of the network components
The use of modems to connect the network to other networks
5 Network Infrastructure Security
Client/Server Security
Client/server risks and issues
The connection of the network to public switched telephone networks may be weak
Changes to systems or data
Access to confidential data and data modification may be unauthorized
Application code and data may not be located on a single machine enclosed in a secure computer room, as with mainframe computing
6 Network Infrastructure Security
Wireless Security Threats and Risk Mitigation
Threats categorization
Errors and omissions
Fraud and theft committed by authorized or unauthorized users of the system
Employee sabotage
Loss of physical and infrastructure support
Malicious hackers
Industrial espionage
Malicious code
Foreign government espionage
Threats to personal privacy
7 Network Infrastructure Security
Wireless Security Threats and Risk Mitigation
Security requirements
Authenticity
Nonrepudiation
Accountability
Network availability
8 Network Infrastructure Security
Internet Threats and Security
Passive attacks
Network analysis
Eavesdropping
Traffic analysis
Active attacks
Brute-force attack
Masquerading
Packet replay
Phishing
Message modification
Unauthorized access through the Internet or web-based services
Denial of service
Dial-in penetration attacks
E-mail bombing and spamming
E-mail spoofing
9 Network Infrastructure Security
Internet Threats and Security
Threat impact
Loss of income
Increased cost of recovery
Increased cost of retrospectively securing systems
Loss of information
Loss of trade secrets
Damage to reputation
Legal and regulatory noncompliance
Failure to meet contractual commitments
Legal action by customers for loss of confidential data
10 Network Infrastructure Security
Internet Threats and Security
Causal factors for internet attacks
Availability of tools and techniques on the Internet
Lack of security awareness and training
Exploitation of security vulnerabilities
Inadequate security over firewalls
Internet security controls
11 Network Infrastructure Security
Firewall Security Systems
Firewall general features
Firewall types
Router packet filtering
Application firewall systems
Stateful inspection
12 Network Infrastructure Security
Firewall Security Systems
Firewall issues
A false sense of security
The circumvention of firewall
Misconfigured firewalls
What constitutes a firewall
Monitoring activities may not occur on a regular basis
Firewall policies
13 Network Infrastructure Security
Intrusion Detection Systems (IDS)
An IDS works in conjunction with routers and firewalls by monitoring network usage anomalies.
Network-based IDSs
Host-based IDSs
14 Network Infrastructure Security
Intrusion Detection Systems (IDS)
Components
Sensors that are responsible for collecting data
Analyzers that receive inputo from sensors and determine intrusive activity
An administration console
A user interface
15 Network Infrastructure Security
Intrusion Detection Systems (IDS)
Types include
Signature-based
Statistical-based
Neural networks
16 Network Infrastructure Security
Intrusion Detection Systems (IDS)
Features
Intrusion detection
Gathering evidence on intrusive activity
Automated response
Security monitoring
Interface with system tolls
Security policy management
17 Network Infrastructure Security
Intrusion Detection Systems (IDS)
Limitations
Weaknesses in the policy definition
Application-level vulnerabilities
Backdoors into applications
Weaknesses in identification and authentication schemes
18 Network Infrastructure Security
Honeypots and Honeynets
High interaction Give hackers a real environment to attack
Low interaction Emulate production environments
19 Network Infrastructure Security
Encryption
Key elements of encryption systems
Encryption algorithm
Encryption key
Key length
Private key cryptographic systems
Public key cryptographic systems
20 Network Infrastructure Security
Encryption (Continued)
Digital signatures
Data integrity
Authentication
Nonrepudiation
Replay protection
21 Network Infrastructure Security
Digital Envelope
Used to send encrypted information and the relevant key along with it.
The message to be sent, can be encrypted by using either
Asymmetric key
Symmetric key
22 Network Infrastructure Security
Encryption (Continued)
Public key infrastructure
Digital certificates
Certificate authority (CA)
Registration authority (RA)
Certificate revocation list (CRL)
Certification practice statement (CPS)
23 Network Infrastructure Security
Encryption risks and password protection
Viruses
Virus and worm controls
Technical controls
Anti-virus software implementation strategies
24 Network Infrastructure Security
VOICE-OVER IP
- Advantages
Unlike traditional telephony VoIP innovation progresses at market rates
Lower costs per call, or even free calls, especially for long-distance calls
Lower infrastructure costs. Once IP infrastructure is installed, no or little additional telephony infrastructure is needed.
25 Network Infrastructure Security
VOICE-OVER IP
- VoIP Security Issues
Inherent poor security
The current Internet architecture does not provide the same physical wire security as the phone lines.
PowerShow.com is a leading presentation sharing website. It has millions of presentations already uploaded and available with 1,000s more being uploaded by its users every day. Whatever your area of interest, here you’ll be able to find and view presentations you’ll love and possibly download. And, best of all, it is completely free and easy to use.
You might even have a presentation you’d like to share with others. If so, just upload it to PowerShow.com. We’ll convert it to an HTML5 slideshow that includes all the media types you’ve already added: audio, video, music, pictures, animations and transition effects. Then you can share it with your target audience as well as PowerShow.com’s millions of monthly visitors. And, again, it’s all free.
About the Developers
PowerShow.com is brought to you by CrystalGraphics, the award-winning developer and market-leading publisher of rich-media enhancement products for presentations. Our product offerings include millions of PowerPoint templates, diagrams, animated 3D characters and more.