Security Controls for Computer Systems and Networks
Download
Report
Transcript Security Controls for Computer Systems and Networks
Network
Components and
Security Measures
for Businesses
By
Adam Hess
Topics to be covered:
Basics of a Network
Modems, Routers, Firewalls, Switches, Cabling
Virtual Private Networking (VPN)
Vulnerabilities with Networks
Businesses
Schools
Basics of a Network
What is the purpose
of a computer network?
Share resources!
Whether it be software or hardware
(Software) Share files, programs, applications
(Hardware) Share storage
Basics of a Network
Four basic elements of a computer network:
Sender
Receiver
Medium (copper, fiberglass, light)
Protocols
Two types
of Networks:
Peer-to-Peer (P2P)
Client-Server (C/S)
Basics of a Network
Geographical distinctions:
PAN (Personal Area Network)
Bluetooth earpiece
LAN (Local Area Network) and WLAN(Wireless LAN)
Computers on an
to cellphone
office floor
WAN (Wide Area Network)
Device in one city connected to device in
another city.
Peer-to-Peer Network
Can connect two computers together
with
crossover cable
Can connect computers with a switch
Every computer is responsible for what resources
it shares, as well as security settings.
Client-Server Network
Has server
computer with a server operating
system which manages resources.
Server has domain controller(s)
List of users
List of groups
List of computers
Client-Server Network
Server
controls what the clients see
Which clients see what information
Which users have access
Which computers have access
Manage utilities
Antivirus
Updates, etc.
Modems, CSU/DSU
A modem is a device that modulates an
analog
carrier signal to encode digital information.
It also demodulates carrier waves to get the digital
information.
Dial-Up connections
Modems, CSU/DSU
CSU/DSU – Channel Service Unit/Data Service
Unit. (Confused with modems)
Digital-Digital connection. No need to
modulate/demodulate from analog to digital or
vise versa.
Device used to connect a router to a digital circuit
such as a DSL, T-Carrier, and OC lines.
They are responsible for the connection between
telecom network and your network.
Routers
Routers are the devices that make communication
between networks possible.
Operate at the Network Layer (Layer 3) of OSI model.
A router forwards packets and routes the information
to a desired destination.
When devices are connected to the ports of a switch in
the router, the router will assign each of them a unique
IP address with the help of Dynamic Host
Configuration Protocol (DHCP).
Routers
Consumer-focused Router vs. Business Router
Consumer based routers are typically around the
$100 range, depending on what features they
come with.
Business based routers can be very expensive:
$1000+. These are purposed for security, flexible
access to network, and scalability.
Firewalls
A firewall can be a software or hardware-based
network security system.
The firewall’s job is to block ports (or doors) so
that only the ports you want information to come
in on are open.
There are 65,536 ports that a network can use to
communicate to the Internet or outside the
network.
Firewalls
Stateful firewalls can control the incoming and
outgoing network traffic and analyze the data to
determine whether it should be allowed through.
They keep memory of previous packets and hold
several attributes of each connection in dynamic state
tables.
Firewalls can be configured; the network administrator
can create a rule set to check the incoming and
outgoing data on whether or not it can pass through.
Firewalls
Hardware firewalls come in two types:
Network Address Translation (NAT)
Stateful Packet Inspection (SPI)
Software firewalls:
Checks to see if applications on your computer are
trying to communicate outside the network
Switches
Devices that link network segments or network
devices (computers, other switches, etc)
Switches operate at the Data-Link Layer (Layer 2)
of the OSI model.
These devices receive messages from other
devices and transmit the messages only to the
devices for which the message was intended.
Switches
Two types of switches:
Managed/Unmanaged
Managed switches: Allows users to change
configurations and tune the network properly.
Unmanaged switches: Doesn’t allow any changes
to configurations/settings.
Unmanaged switches are normally found at the
consumer level.
Switches
Switches are very important for computer
networks.
These devices bridge the network components
together and allows for a manageable
architecture.
Switches are crucial for setting up segments or
VLANs (Virtual Local Area Networks)
Cabling
Without cables, there would be no way for any
communication in a network!
Cabling may sound very basic, and it is. But there
are certain procedures and guidelines to follow.
Cabling
Different types of networking cables:
Cat3, Cat5, Cat6 Ethernet cables
Cat3 was the original networking cable not used much
anymore.
Cat5, or Cat5e, has been the standard for a while.
Max speed of 10 Mbps
Max speeds of 1 Gbps
Cat6 is now becoming more of the standard.
Allows speeds up to 10 Gbps
Also has more shielding between the twisted pair wires
Cabling
Plenum cable:
Very expensive cable but only used
in hot areas.
If you have to run cable through heating ducts,
then you should use Plenum cable.
Some states have standards that prohibit anything
other than Plenum cabling to be run through
heating ducts.
To be safe, either avoid going through ducts, or if
you must, then use Plenum cable.
Cabling
Plugs used for these cables?
RJ-45
(RJ-11 is used for telephones!)
When cabling, take your time and do a good job.
Zip-tie bunches of cables
Cables should run to a central area
Ends of these cables should be punched into patch panels
These panels allow for flexibility and ease of seeing what
plug goes to which port.
Cabling
All your runs
should be “homeruns”
The cable should be a single cable from the jack all
the way to the patch panel.
Spliced cables are not professional
Spliced cables can deteriorate
Stress can pull connection apart
Virtual Private Networking (VPN)
VPN
allows computers and/or networks to
connect over the Internet securely.
Example: Office in Los Angeles needs to securely
connect to the network in an office in New York.
VPN
follows a C/S architecture.
VPN software allows the clients to connect to the
server securely.
Virtual Private Networking(VPN)
Large number of routers in the Internet
Tunneling
protocol
Sets up a “tunnel” between your client and the
server
Encrypts the data inside the tunnel
If a hacker is sitting at a router between the client
and the server and tries penetrating the tunnel, the
data is still encrypted
Virtual Private Networking (VPN)
The
tunnel will detect any attempted attacks.
Tunnel will shut down and find a new path through
the Internet
This is how VPN sustains a secure connection.
Virtual Private Networking (VPN)
How does VPN
communication happen?
VPN client application on your computer will ask for
username and password.
This data is sent to the server.
VPN server will check credentials and see if you’re
allowed on the network.
Virtual Private Networking (VPN)
Once connected to VPN server, the computer is
logically a part of the network.
Problems?
The speed of your connection and the upload speed
of the network at the office is crucial.
If you try to edit a large file on the network, then
that data will have to get uploaded to the Internet.
VPN is slow compared to physically being a part of
the network.
Virtual Private Networking (VPN)
Other problems?
Old wiring is bad for transmitting data.
The problem with this is that VPN technology says that if
someone tries to hack into the tunnel, the tunnel will
drop and rebuild a connection through a different router.
What does an attack “look like”?
When the data signal isn’t steady or if the stream gets
slowed down, dropped packets etc.
If you have bad wiring between you and the server, you
may have these problems.
VPN may keep bouncing up and down causing problems.
Vulnerabilities with Networks
Information can be considered the
most
important thing when it comes to businesses
Keeping trade secrets and patents, even financial
or personal information can make or break a
business.
Network Administrators must keep the network
safe and allow only permitted users to be on the
network.
Vulnerabilities with Networks
With C/S network, this is very simple.
Clients can only access what the server allows them.
Clients
can only get this access when credentials are
verified
When the Network Administrator sets up
the
groups, users, and computers, he/she must
manage which ones have access to what
information.
Vulnerabilities with Networks
Monitoring traffic among the clients, Network
Administrators can detect attacks if one of the
users attempts to hack into something.
With WLANs, the risks of intrusions are even
greater.
Any mobile device within range of the access point
is a threat to the security of the network.
Having a Network Access Controller, the
administrator can allow access to only certain users
or devices.
Network Security Challenges Faced
by Universities
Each year, new students arrive at colleges and
bring with them their laptops and other mobile
devices.
More often than not, these devices are not up to
the security levels that would be acceptable.
On top of that, the devices could be housing
malware and other viruses.
Conclusion
In summary, developing
a successful and secure
computer network system has several areas that
must be addressed.
Network components, cabling, configurations, etc.
Being a network administrator comes with a great
responsibility of protecting the network from
attacks and keeping the information from being
leaked to unwelcome guests while maintaining
stable connections to all the network
components.
Questions or Comments?
References:
[1] (2013, October 16). Retrieved October 20, 2013, from Wikipedia website: http://upload.wikimedia.org/wikipedia/commons/5/5b/Firewall.png
[2] Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches ." . (n.d.). Retrieved October 16, 2013, from
SANS website:
http://www.sans.org/critical-security-controls/control.php?id=10
[3] Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers . (n.d.). Retrieved
October 10, 2013, from SANS website: http://www.sans.org/critical-security-controls/control.php?id=3
[4] Data Breach Trends & Stats. (2013). Retrieved October 10, 2013, from http://www.indefenseofdata.com/data-breach-trends-stats
[5] Dhull, S. (2010). Study of Vulnerabilities in Wireless Local Area Networks (WLAN). International Journal of Education Administration, 2(4), 727-731.
Retrieved from http://www.ripublication.com/ijea.htm
[6] Network and Computer Systems Administrators. (2012, March 19). Retrieved October 16, 2013, from Occupational Outlook Handbook website:
http://www.bls.gov/ooh/computer-and-information-technology/network-and-computer-systems-administrators.htm
[7] Positioning Network Agent in the network. (n.d.). Retrieved October 25, 2013, from Websense website:
http://www.websense.com/content/support/library/deployctr/v77/dic_ws_na_loc.aspx
[8] Powers, V. (2008, March). Keeping an Eye on the Network. University Business, 55-58. Retrieved from http://www.badgerlink.net/
[9] Purcell, J. E. (n.d.). Security Control Types and Operational Security. Retrieved October 10, 2013, from Risk website: http://risk1.net/SecurityControl-Types-and-Operational-Security-James-E.-Purcell-pdf-e2182.html
[10] Stewart, J. (2011, June 6). June tech tips - firewalls, routers, and switches. The Enterprise. Retrieved from http://www.slenterprise.com/
[11] Thurman, M. (2011, March 7). Firming Up Firewall Protection. Security Manager's Journal, 24.