Transcript Document

UNIT 7 SEMINAR
Unit 7
Chapter 9, plus Lab 11
Course Name – IT482-02 Network Design
Instructor – Jan McDanolds, MS, Security+
Contact Information: AIM – JMcDanolds
Email – [email protected]
Office Hours: Wednesday 9:00 PM ET and Thursday 5:00 PM ET
UNIT 6 REVIEW
Covered last week …
Chapter 7 Network Management Architecture
Defining Network Management
Network Devices and Characteristics
Network Management Mechanisms
Monitoring, Instrumentation and Configuration Mechanisms
Architectural Considerations
In-band management, Out-of-band management, Centralized, distributed and
hierarchical management, Scaling network management traffic, Checks and
balances, Managing network management data, MIB selection, Integration of OSS
(operations support systems)
Chapter 8 Performance Architecture
Developing Goals for Performance
Performance Mechanisms
QoS, Prioritization, Traffic Management, Scheduling, Queuing, SLAs
Architectural Considerations
OPNET ITGuru Lab 10 Queuing Disciplines, Exercises 1, 2 & 3
UNIT 6 REVIEW
Quick check of Unit 6
Network Management and Performance
Architecture
#1 Components of SNMP network management
#2 What is FCAPS? Give two specific examples.
#3 What are the three traffic classes for DiffServ?
UNIT 7
Security and Privacy Architecture
Security – integrated within all areas of the network and
impacts all other functions on the network.
Network Security - the protection of networks and their services
from unauthorized access, modification, destruction and disclosure.
Network Privacy – a subset of network security, focusing on protection
of networks and their services from unauthorized access or disclosure.
Three security considerations: protecting the integrity, confidentiality
and availability of the network and system resources and data (CIA)
UNIT 7
Developing a Security and Privacy Plan
What are we trying to solve, add, or differentiate by adding
security mechanisms to this network?
Are security mechanisms sufficient for this network?
Common areas addressed:
Which resources need to be protected
What problems (threats) are we protecting against
The likelihood of each problem (threat)
UNIT 7
Security and Privacy Administration
Threat Analysis - a process used to determine which components
of the system need to be protected and the types of security risks
(threats) they should be protected from.
Potential Assets and Threats to be Analyzed
UNIT 7
Threat Analysis Worksheet
Developing a
threat
analysis
identifies the
assets to be
protected
and identifies
the possible
threats.
UNIT 7
Threat Analysis
SWOT analysis – used to examine these:
S = strengths, W = weaknesses, O = opportunities, T = threats.
http://www.maxi-pedia.com/SWOT+analysis+matrix+method+model
http://www.maxi-pedia.com/security
SWOT analysis, method, or model - a way to analyze competitive
position of your company. SWOT analysis uses so-called SWOT matrix
to assess both internal and external aspects of doing your business.
The SWOT framework is a tool for auditing an organization and its
environment. SWOT is the first stage of planning and helps decision
makers to focus on key issues. SWOT method is a key tool for
company top officials to formulate strategic plans.
UNIT 7
Policies and Procedures
Formal statements on the rules for system, network, and information access
and use, in order to minimize exposure to security threats. Clarifies for users
what security threats are and what can be done to reduce them.
Types: Deny Specifics/ Accept Everything Else OR Accept Specifics/Deny
Everything Else
UNIT 7
Policies and Procedures
Examples:
Privacy statements like _____________________
Accounting statements like __________________
Authentication statements like ________________
Reporting violations like _____________________
Acceptable Use Policy
Security incident-handling procedures
Configuration-modification policies
Network access control lists (ACLs)
UNIT 7
Physical Security and Awareness
Physical Security – protection of devices from physical
access, damage, and theft. Examples: access-control rooms,
backup power sources, off-sight storage, alarm systems, etc.
UNIT 7
Protocol and Application Security
Use of common protocol and application security mechanisms: IPSec,
SNMP, and packet filtering
Transport Mode of IPSec
UNIT 7
Encryption and Decryption
A security mechanism where cypher algorithms are applied together
with a secret key to encrypt data.
Two types: public key and private key.
Public Key Infrastructure (PKI) – combines security mechanisms with
policies and directives.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS)- allow
client/server applications to communicate across a network
Tradeoff in performance
UNIT 7
Network Perimeter and Remote Access Security
Network Perimeter – protecting external interfaces – use
of NAT and NAPT (network address port translation) and
firewalls
Remote Access – protecting dial-in, point-to-point
sessions and VPN connections. Authentication of users
and authorization of devices, NAS (network access server),
RADIUS, etc.
UNIT 7
Architectural Considerations
Security mechanisms applied where needed
Example: Apply security mechanisms to architectural model
Access/Distribution/Core Architectural Model
UNIT 7
Architectural Considerations
Security zones Embedded within
each other
Defense-in-depth
UNIT 7
Security and Performance
Security architecture includes trade-offs, dependencies
and constraints
High security can disrupt traffic flows and reduce
performance.
LAB 11
Lab 11 in Experiments Manual
RSVP - Providing QoS by
Reserving Resources in the
Network
The objective of this lab is to
study the Resource
Reservation Protocol (RSVP)
as a part of the Integrated
Services approach to providing
Quality of Service (QoS) to
individual applications or flows.
Set up a network that carries
real-time applications and uses
RSVP to provide QoS
ERROR – the page numbers
on the project are incorrect
UNIT 7
Unit 7 Assignment
Unit 7 Project
1. Create a threat analysis worksheet using a similar format to that of Figure 9.2 on p. 364 of your text.
Use a network you are familiar with or the one on p. 383. Use numerical values for the effect and
likelihood (i.e., Certain = 10, Impossible = 1). Explain your analysis.
2. Discuss the development of security policies and procedures. Give at least three examples of what
elements to include and the reasons behind them.
3 Apply the security mechanisms from this chapter to support the following requirements. Show where
each mechanism might be applied.
a. An intranet between each of the routers connected to the WAN.
b. Remote access security for each of the 15 dial-up routers connected to the LAN in Washington, DC.
c. All traffic flows between Los Angeles and Minneapolis must be encrypted.
4. Outline the development of DMZs that would be applied at each site where connections are made
to other autonomous systems (AS). What types of devices would be used at these sites?
5. Figure 9.17 shows five security zones required by the customer. These zones are prioritized, such
that Security Zone 5 provides basic security for the entire network, and Zones 2, 3, 4, and 1 have
increasing degrees of security, with Zone 1 having the highest level of security. What security
mechanisms can be applied within each security zone, and at the interfaces between security zones,
to achieve increasing degrees of security? Which architectural models are most applicable to this
network? Show how each model can be applied.
5 points for #1 and #2. 10 points for #3, #4, and #5. 10 points for the lab.