Transcript E-Learning

Fundamentals of Information
Systems Security
Lesson 2
Changing How People and
Businesses Communicate
Fundamentals of Information Systems Security
2013Jones
Jonesand
andBartlett
BartlettLearning,
Learning,LLC,
LLC,an
anAscend
AscendLearning
LearningCompany
Company
©©2015
www.jblearning.com
www.jblearning.com
Allrights
rightsreserved.
reserved.
All
Page 1
Learning Objective
 Assess the current methods of business
communications today and the associated
risks and threats.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 2
Key Concepts
 The evolution of personal and business
communications from analog to digital to VoIP to
unified communications
 Store-and-forward communications versus real-time
communications
 The impact of the Internet on how people and
businesses communicate
 Risk-mitigation strategies for VoIP and SIP
applications
 Why businesses today need an Internet marketing
strategy
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 3
DISCOVER: CONCEPTS
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 4
Evolution of
Telecommunications
Wall cabling
by users
Among 7
RBOCs for
minuets
Fundamentals of Information Systems Security
For Central
switches>
Voice & Data
travel together
Diff data streams
transmitted
through same
Fiber Optic line
Dense
Wavelength
Division
Multiplexing
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 5
Evolution of Voice
Communications
Session
Initiation
Protocol
supports chat
& conferencing
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 6
Evolution of Internet Access
From dial-up to
broadband
Public Switched
Telephone Network
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 7
Data Signal 1 (T1) & Data Signal 3 (T3)
 A DS1 circuit is made up of twenty-four 8-bit channels (also known as
timeslots or DS0s), each channel being a 64 kbit/s DS0 multiplexed carrier
circuit.
 A DS1 is also a full-duplex circuit, which means the circuit transmits and
receives 1.544 Mbit/s concurrently.
 A total of 1.536 Mbit/s of bandwidth is achieved by sampling each of the
twenty-four 8-bit DS0s 8000 times per second. This sampling is referred to
as 8-kHz sampling




A Digital Signal 3 (DS3) is a digital signal level 3 T-carrier.
The data rate for this type of signal is 44.736 Mbit/s (45 Mb).
This level of carrier can transport 28 DS1 level signals within its payload.
This level of carrier can transport 672 DS0 level channels within its
payload.
 Such circuits are the usual kind between telephony carriers, both wired and
wireless, and typically by OC1optical connections.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 8
Essentials of VoIP, SIP, and UC
 Voice over Internet Protocol (VoIP) and
unified communications (UC) require realtime support
 VoIP supports voice communications
 UC supports variety of communications
applications
 Both use Session Initiation Protocol (SIP)
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 9
UC Applications
Presence/
Availability
IM Chat
Video
Fundamentals of Information Systems Security
Audio
Collaboration
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 10
UC Applications
 Presence/availability—Within an IM chat box, you can
list business, personal, and family contacts, and obtain
the current availability status of your contacts.
 Instant messaging (IM) chat—This form of real-time
communication is used for quick answers to quick
questions.
 Audio conferencing—Audio conferencing is a softwarebased, real-time audio conference solution for VoIP
callers.
 Videoconferencing—This is a software-based, real-time
video conferencing service.
 Collaboration—Collaboration allows for software based,
real-time, multi-person document and application sharing,
with IM chat, audio, and video conferencing functionality.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 11
Store-and-Forward vs. Real-Time
Communications
Real-time
Store-andforward
Fundamentals of Information Systems Security
• Occurs instantaneously
• Acceptable delay in
transmitting communication
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 12
VoIP and SIP Packets
VoIP and SIP
packets
segmented from IP
data packets
Fundamentals of Information Systems Security
Gateway
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 13
DISCOVER: PROCESS
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 14
Risks, Threats, Vulnerabilities
Eavesdropping
Call control
Impersonation
Toll fraud
Brute-force password attacks
Denial of Service (DoS) attacks
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 15
Risk, Threat, or Vulnerability
Mitigation
Eavesdropping: Unauthorized
parties listening in to phone
conversations without permission
Lock wiring closets, lock down switch LAN attack ports, and house VoIP
servers in data center. Deploy separate voice VLANs to minimize access to
VoIP traffic. Encrypt VoIP packets where mandated by policy.
Attackers obtaining knowledge about
call control (VoIP server software),
call patterns, and call usage to help
them gain unauthorized access
Same as above, plus use strong access controls to the VoIP system. Enable
continuous auditing and logging for all system admin access to the VoIP
system. Put VoIP call servers on their own firewalled VLAN and encrypt call
control.
Attackers impersonating an un
authorized user to gain access to a
VoIP phone.
Use access controls on VoIP phones to prevent toll fraud and nonbusiness
use for long-distance and international dialing.
Enable second-level authentication on VoIP phones.
Toll fraud or unauthorized use of
VoIP phones.
Provide users with authorization codes for long-distance and international
dialing access.
Brute-force password attacks on
VoIP phone systems and phones
Require frequent password-change policies (30-60-90 days). Require long
passwords and use of alphanumeric characters.
Denial of service (DoS) and
distributed denial of service (DDoS)
attacks
Put VoIP call servers deep inside your IT infrastructure so that ping or ICMP
packets can’t move through your IP network. Stop ping or ICMP packets
from rogue IP source addresses. implement IDS/IPS at the Internet
Ingress/egress to block ping attacks
Poor network performance and
throughput resulting in dropped
VIOP calls
Use separate VLANs for voice and data. Segment voice traffic onto same
VLAN with VoIP servers. Use GigE or 10GigE switched LAN connectivity to
the desktop. Enable Qos on WAN routers if congestion occurs
Servers that could fail and disrupt
critical business functions
Use redundant VoIP call servers in two different physical locations, one
acting as backup to the other.
Disclosure of confidential data
because VoIP and data are shared
Isolate departmental VoIP and data VLANs. Enable VoIP and SIP firewalls to
secure ©VLANs
that carry confidential information. Remotely access VoIP
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Page 16
systemswww.jblearning.com
via secure shell (SSH)
All rights reserved.
Fundamentals of Information Systems Security
Maintaining C-I-A
Public
Switched
Telephone
Network
IP
Telephony
Server
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 17
DISCOVER: ROLES
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 18
Multimodal Communications
Unified Communication can enhance customer-service delivery
VoIP and SIP
packets
segmented from
IP data packets
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 19
DISCOVER: CONTEXTS
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 20
Business Case Scenario
 CorpA is a business services provider with
300 employees spread across 5 branches.
 Some employees travel frequently between
branches for sales meetings.
 CorpA employees use instant messaging
(IM) to communicate.
 Security weaknesses with the current IM
application have resulted in several security
breaches over the last year.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 21
DISCOVER: RATIONALE
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 22
Why Businesses Need an
Internet Marketing Strategy
 Must remain competitive
 Brick-and-mortar business model out of
date in global market
 Customers require continuous access to
information, products, and services
 Internet presence exposes organizations to
online risks, threats, and vulnerabilities
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 23
IP Mobile Communications
 Mobile Node (MN)
 Home Agent (HA)
 Foreign Agent (FA)
 Care of Address (COA)
 Correspondent Node (CN)
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 24
IP Mobile Communications
 Today’s 4G networks provide true IP communications. Real
jump.
 Each 4G device has a unique IP address like any other wired
device on network.
 This made smart phones able to communicate with any fixed
device without translating addresses.
 But, devices moving around all the time are difficult to secure.
 Next screens show how mobile IP provides connection
transparency: Several entities work together to ensure that
mobile devices can move from one network to another without
dropping connections:
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 25
IP Mobile Communications
 Mobile Node (MN)—The mobile device that moves from one network to
another. It has a fixed IP address regardless of the current network.
 Home Agent (HA)—A router with additional capabilities over standard
routers. It keeps track of the MNs it manages. When an MN leaves the local
network, the HA forwards packets to the MN’s current network.
 Foreign Agent (FA)—A router with additional capabilities connected to
another network (not the HA network). When the MN connects to another
network that supports mobile IP, it announces itself to the FA. The FA assigns
the MN a local address.
 Care of Address (COA)—The local address for the MN when it connects to
another network. The FA assigns the COA to the MN and sends the COA to
the HA when the MN connects. In many cases, the COA is actually the FA
address. The HA forwards any packets for the MN to the COA. The FA
receives the packets and forwards them to the MN.
 Correspondent Node (CN)—The node that wants to communicate with the
MN.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 26
IP Mobile Communications
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 27
Security of IP mobile devices
Risk, Threat, or
Vulnerability
Untrusted access points
Mitigation
VPN for all network access
Untrusted foreign networks VPN for all network access
Sensitive data on mobile
device
Mandatory encryption of sensitive data at rest.
Device loss or theft
Required software to support wipe device after
successive failed logon attempts or loss/theft.
Required software to locate lost or stolen device.
Weak security on personal
device
Policy requiring access passcode and device antimalware software. Policy and end user training on
the dangers and proper use of infrared or
Bluetooth to connect to peripherals.
Commingling of personal
and business data
Strong policy on appropriate use and separation of
business data.
Spoofing and session
hijacking
Policy and training on best practices when
connecting to untrusted networks. VPN for all
network access.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 28
Key Words
 DWDM: Dense Wavelength Division Multiplexing
carrying multiple wavelength signals within the same fiber optics cable.
 PBX: Private Branch Exchange.(users do wiring)
 PSTN: Public Switched Telephone Network.
 SIP: Session Initiation Protocol.(Multimedia communication protocol
to be used by UC to support IM, chat, collaboration, audio and video conferencing)
 UC: Unified Communication.
 RBOCs: Regional Bell Operating Companies.
 TDM: Time Division Multiplexing (converge voice, video, and data
communication by splitting the WAN channel into slots, each of them can carry either
voice or video or data)
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 29
Network Devices: Router (1/5)
 A router is a networking device, commonly specialized
hardware, that forwards data packets between computer
networks. This creates an overlay internetwork, as a
router is connected to two or more data lines from
different networks. When a data packet comes in one of
the lines, the router reads the address information in the
packet to determine its ultimate destination. Then, using
information in its routing table or routing policy, it directs
the packet to the next network on its journey. Routers
perform the "traffic directing" functions on the Internet.
 A data packet is typically forwarded from one router to
another through the networks that constitute the
internetwork until it reaches its destination node.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 30
Network Devices: Router (2/5)
 The most familiar type of routers are home and small
office routers that simply pass data, such as web
pages, email, IM, and videos between the home
computers and the Internet. An example of a router
would be the owner's cable or DSL router, which
connects to the Internet through an ISP. More
sophisticated routers, such as enterprise routers,
connect large business or ISP networks up to the
powerful core routers that forward data at high speed
along the optical fiber lines of the Internet backbone.
Though routers are typically dedicated hardware
devices, use of software-based routers has grown
increasingly common.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 31
Network Devices: Router (3/5)
A typical home or small office router
showing the ADSL telephone line and
Ethernet network cable connections
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 32
Network Devices: Router (4/5)
When multiple routers are used in interconnected networks, the
routers exchange information about destination addresses using a
dynamic routing protocol. Each router builds up a table listing the
preferred routes between any two systems on the interconnected
networks. A router has interfaces for different physical types of
network connections, such as copper cables, fiber optic, or wireless
transmission. It also contains firmware for different networking
communications protocol standards. Each network interface uses
this specialized computer software to enable data packets to be
forwarded from one protocol transmission system to another.
Routers may also be used to connect two or more logical groups of
computer devices known as subnets, each with a different subnetwork address. The subnet addresses recorded in the router do
not necessarily map directly to the physical interface connections.[2]
A router has two stages of operation called planes:
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 33
Network Devices: Router (5/5)
Control plane: A router maintains a routing table that lists which
route should be used to forward a data packet, and through which
physical interface connection. It does this using internal preconfigured directives, called static routes, or by learning routes
using a dynamic routing protocol. Static and dynamic routes are
stored in the Routing Information Base (RIB). The control-plane
logic then strips the RIB from non essential directives and builds a
Forwarding Information Base (FIB) to be used by the forwardingplane.
Forwarding plane: The router forwards data packets between
incoming and outgoing interface connections. It routes them to the
correct network type using information that the packet header
contains. It uses data recorded in the routing table control plane.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 34
Network Devices: Switch (1/2)
A network switch (sometimes known as a switching hub) is a
computer networking device that is used to connect devices
together on a computer network, by using a form of packet
switching to forward data to the destination device.
A network switch is considered more advanced than a hub because
a switch will only forward a message to one or multiple devices that
need to receive it, rather than broadcasting the same message out
of each of its ports.
A network switch is a multi-port network bridge that processes and
forwards data at the data link layer (layer 2) of the OSI model.
Switches can also incorporate routing in addition to bridging; these
switches are commonly known as layer-3 or multilayer switches.
Switches exist for various types of networks including Fibre
Channel, Asynchronous Transfer Mode, InfiniBand, Ethernet and
others. The first Ethernet switch was introduced by Kalpana in 1990
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 35
Network Devices: Switch (2/2)
Multiple cables can be connected to a switch to enable
networked devices to communicate with each other.
Switches manage the flow of data across a network by only
transmitting a received message to the device for which the
message was intended.
Each networked device connected to a switch can be identified
using a MAC address, allowing the switch to regulate the flow of
traffic. This maximises security and efficiency of the network.
Because of these features, a switch is often considered more
"intelligent" than a network hub. Hubs neither provide security, or
identification of connected devices.
This means that messages have to be transmitted out of every
port of the hub, greatly degrading the efficiency of the network.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 36
Network Devices: Gateway(1/4)
In telecommunications, the term gateway has the following meaning:
• Gateway is a router or a proxy server that routes between networks
• Gateway Rule - Gateway should belong to same subnet to which your
PC belongs
• In a communications network, a network node equipped for interfacing
with another network that uses different protocols.
• A gateway may contain devices such as protocol translators, impedance
matching devices, rate converters, fault isolators, or signal translators as
necessary to provide system interoperability. It also requires the
establishment of mutually acceptable administrative procedures between
both networks.
• A protocol translation/mapping gateway interconnects networks with
different network protocol technologies by performing the required protocol
conversions.
• Loosely, a computer or computer program configured to perform the
tasks of a gateway.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 37
Network Devices: Gateway(2/4)
• Gateways, also called protocol converters, can operate at any
network layer. The activities of a gateway are more complex than
that of the router or switch as it communicates using more than
one protocol.
• Both the computers of Internet users and the computers that
serve pages to users are host nodes, while the nodes that
connect the networks in between are gateways. For example, the
computers that control traffic between company networks or the
computers used by internet service providers (ISPs) to connect
users to the internet are gateway nodes.
• In the network for an enterprise, a computer server acting as a
gateway node is often also acting as a proxy server and a firewall
server. A gateway is often associated with both a router, which
knows where to direct a given packet of data that arrives at the
gateway, and a switch, which furnishes the actual path in and out
of the gateway for a given packet.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 38
Network Devices: Gateway(3/4)
• On an IP network, clients should automatically send IP packets
with a destination outside a given subnet mask to a network
gateway. A subnet mask defines the IP range of a private
network. For example, if a private network has a base IP address
of 192.168.0.0 and has a subnet mask of 255.255.255.0, then
any data going to an IP address outside of 192.168.0.X will be
sent to that network's gateway. While forwarding an IP packet to
another network, the gateway might or might not perform
Network Address Translation.
• A gateway is an essential feature of most routers, although other
devices (such as any PC or server) can function as a gateway. A
gateway may contain devices such as protocol translators,
impedance matching devices, rate converters, fault isolators, or
signal translators as necessary to provide system
interoperability. It also requires the establishment of mutually
acceptable administrative procedures between both networks.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 39
Network Devices: Gateway(4/4)
• Most computer operating systems use the terms described
above. Microsoft Windows, however, describes this standard
networking feature as Internet Connection Sharing, which acts
as a gateway, offering a connection between the Internet and
an internal network. Such a system might also act as a DHCP
server. Dynamic Host Configuration Protocol (DHCP) is a
protocol used by networked devices (clients) to obtain various
parameters necessary for the clients to operate in an Internet
Protocol (IP) network. By using this protocol, system
administration workload greatly decreases, and devices can be
added to the network with minimal or no manual configurations.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 40
Network Devices: Proxy(1/7)
• In computer networks, a proxy server is a server (a computer
system or an application) that acts as an intermediary for
requests from clients seeking resources from other servers.
• A client connects to the proxy server, requesting some service,
such as a file, connection, web page, or other resource
available from a different server and the proxy server evaluates
the request as a way to simplify and control its complexity.
• Proxies were invented to add structure and encapsulation to
distributed systems.
• Today, most proxies are web proxies, facilitating access to
content on the World Wide Web and providing anonymity.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 41
Network Devices: Proxy(2/7)
Communication between two computers (shown in grey)
connected through a third computer (shown in red) acting as a
proxy. Bob does not know whom the information is going to,
which is why proxies can be used to protect privacy
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 42
Network Devices: Proxy(3/7)
Types of proxy:
A proxy server may reside on the user's local computer, or at
various points between the user's computer and destination
servers on the Internet.
• A proxy server that passes requests and responses
unmodified is usually called a gateway or sometimes a
tunneling proxy.
• A forward proxy is an Internet-facing proxy used to retrieve
from a wide range of sources (in most cases anywhere on the
Internet).
• A reverse proxy is usually an Internet-facing proxy used as a
front-end to control and protect access to a server on a private
network. A reverse proxy commonly also performs tasks such
as load-balancing, authentication, decryption or caching
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 43
Network Devices: Proxy(4/7)
An open proxy forwarding requests from and to anywhere on the Internet
• An open proxy is a forwarding proxy server that is accessible by
any Internet user. There are "hundreds of thousands" of open
proxies on the Internet.
• An anonymous open proxy allows users to conceal their IP address
while browsing the Web or using other Internet services.
• There are varying degrees of anonymity however, as well as a
number of methods of 'tricking' the client into revealing itself
regardless of the proxy being used.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 44
Network Devices: Proxy(5/7)
A reverse proxy taking requests from the Internet and forwarding them to
servers in an internal network. Those making requests connect to the
proxy and may not be aware of the internal network.
• A reverse proxy (or surrogate) is a proxy server that appears to clients to be
an ordinary server. Requests are forwarded to one or more proxy servers
which handle the request. The response from the proxy server is returned as
if it came directly from the origin server, leaving the client no knowledge of the
origin servers.
• Reverse proxies are installed in the neighborhood of one or more web
servers. All traffic coming from the Internet and with a destination of one of
the neighborhood's web servers goes through the proxy server. The use of
"reverse" originates in its counterpart "forward proxy" since the reverse proxy
sits closer to the web server and serves only a restricted set of websites.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 45
Network Devices: Proxy(6/7)
There are several reasons for installing reverse proxy servers:
• Encryption / SSL acceleration: when secure web sites are created, the SSL
Secure Sockets Layer encryption is often not done by the web server itself,
but by a reverse proxy that is equipped with SSL acceleration hardware..
Furthermore, a host can provide a single "SSL proxy" to provide SSL
encryption for an arbitrary number of hosts; removing the need for a separate
SSL Server Certificate for each host.
• Load balancing: the reverse proxy can distribute the load to several web
servers, each web server serving its own application area.
• Serve/cache static content: A reverse proxy can offload the web servers by
caching static content like pictures and other static graphical content.
• Compression: the proxy server can optimize and compress the content to
speed up the load time.
• Spoon feeding: reduces resource usage caused by slow clients on the web
servers by caching the content the web server sent and slowly "spoon
feeding" it to the client. This especially benefits dynamically generated pages.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 46
Network Devices: Proxy(7/7)
There are more reasons for installing reverse proxy servers:
• Security: the proxy server is an additional layer of defense and can protect
against some OS and Web Server specific attacks. However, it does not
provide any protection from attacks against the web application or service
itself, which is generally considered the larger threat.
• Extranet Publishing: a reverse proxy server facing the Internet can be used
to communicate to a firewall server internal to an organization, providing
extranet access to some functions while keeping the servers behind the
firewalls. If used in this way, security measures should be considered to
protect the rest of your infrastructure in case this server is compromised, as
its web application is exposed to attack from the Internet.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 47
Network Devices: Access Point (1/5)
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 48
Network Devices: Access Point (2/5)
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 49
Network Devices: Access Point (3/5)
• A wireless Access Point (AP) is a device that allows wireless devices to
connect to a wired network using Wi-Fi, or related standards. The AP usually
connects to a router (via a wired network) as a standalone device, but it can
also be an integral component of the router itself.
• Prior to wireless networks, setting up a computer network in a business, home
or school often required running many cables through walls and ceilings in
order to deliver network access to all of the network-enabled devices in the
building.
• With the creation of the wireless Access Point (AP), network users are now
able to add devices that access the network with few or no cables.
• An AP normally connects directly to a wired Ethernet connection and the AP
then provides wireless connections using radio frequency links for other
devices to utilize that wired connection.
• Most APs support the connection of multiple wireless devices to one wired
connection.
• Modern APs are built to support a standard for sending and receiving data
using, these radio frequencies. Those standards, and the frequencies they use
are defined by the IEEE. Most APs use IEEE 802.11 standards.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 50
Network Devices: Access Point (4/5)
Limitations:
• One IEEE 802.11 AP can typically communicate with 30 client
systems located within a radius of 103 m. However, the actual
range of communication can vary significantly, depending on
such variables as indoor or outdoor placement, height above
ground, nearby obstructions, other electronic devices that might
actively interfere with the signal by broadcasting on the same
frequency, type of antenna, the current weather, operating radio
frequency, and the power output of devices. Network designers
can extend the range of APs through the use of repeaters and
reflectors, which can bounce or amplify radio signals that
ordinarily would go un-received. In experimental conditions,
wireless networking has operated over distances of several
hundred kilometers
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 51
Network Devices: Access Point (5/5)
Security: Wireless LAN Security
Wireless access has special security considerations.
Many wired networks base the security on physical access control,
trusting all the users on the local network, but if wireless access points
are connected to the network, anybody within range of the AP (which
typically extends farther than the intended area) can attach to the
network.
The most common solution is wireless traffic encryption. Modern
access points come with built-in encryption.
The first generation encryption scheme WEP proved easy to crack; the
second and third generation schemes, WPA and WPA2, are considered
secure if a strong enough password or passphrase is used.
Some WAPs support hotspot style authentication using RADIUS
(Remote Authentication Dial In User Service) and other
authentication servers.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 52
Summary
 The evolution of personal and business
communications
 Store-and-forward communications
from real-time communications
 Risk-mitigation strategies for VoIP and
SIP applications
 Why businesses today need an
Internet marketing strategy
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 53