Transcript Crafting a secure network

Eric Van Horn
Cosc 356



Nearly every organization in todays era uses
computers and a network to send, receive, and
store information
Very important to focus on the security of the
network, especially if the network contains
sensitive, confidential, and personal
information
Without being up to date, it makes it easy for a
hacker to gain unauthorized access to the
system


Information security can be defined as
“measures adopted to prevent the
unauthorized use, misuse, modification, or
denial of use of knowledge, facts, data, or
capabilities.”
It is a name given to the preventative steps
taken to guard information

Cannot alone guarantee protection

Numerous methods to ensure security
Sub-netting
 Planning for convergence
 DMZ’s
 Firewalls
 Proxy Servers
 Network intrusion detection systems
 Network intrusion prevention systems



Divides one network into a series of subnets
Splits the host IP address into two addresses


Network address (192.146.118)
Host address (20)



The source of potential security issues can be
located much quicker than on a large single
network.
Makes regulating who has access in and out of
a particular subnetwork much easier
Decreased network traffic

The integration of voice and data traffic over a
single IP network is becoming a more popular
idea in today’s day in age.


Allows several different services to be combined and
transferred in a single universal format
Advantages:
 Moves from the traditional concept of a network to a
more ‘slimmed down’ and efficient concept

Still has a way to go security wise before being
accepted as the standard


As with any traditional network, convergence
networks, too, are vulnerable to attacks
Not currently the standard, but someday may
be, and so it is important for a secure network
design to be ready to convert easily and less
chaotically

Demilitarized zones (DMZ) are a good security
measure to take.



If an organization has sensitive, private files that
need to be protected while enabling some services of
the network to outside “common” users.
DMZ is a separate network located outside the
perimeter of the secured network.
Isolates devices and systems that are most
vulnerable to attack

Email servers, web servers

Users in a DMZ have access to things located
within the DMZ but not the secured network

Ex: A hotel has a network for customers to connect
to for browsing the web and checking email, but not
to personal information for the hotel itself

Computers loaded with data files and software
that appears to be legitimate in order to fool
attackers
Typically located inside a DMZ
 Can be used to monitor attackers techniques, early
warning signs of an attack on the secure network
and to deflect attention from the actual sensitive data


Network Address Translation



hides the IP addresses of devices connected to the
secure network by switching it with a common,
known IP address that can be used by anybody on
the network before sending the packet out
typically incorporated into a firewall
implementation and is usually required when two or
more networks interface with each other
Good for security because it stops users on the
internet from seeing the actual IP address of
the sender

Responsible for examining the current state of a
system or device attempting to connect to the
network before allowing it to join.


If device fails to meet criteria, it is sent to a
“quarantine” network


Does so by checking to see if the system joining is up to
par with a specified set of criteria, such as having the
most current anti-virus signature or having the firewall
properly enabled.
A network located outside of the secure network
The overall idea of NAC is to prevent computers
with sub-par security from joining the secure
network and potentially infecting other computers

System that attempts to discover unauthorized
access to a computer network by analyzing
traffic on the network for signs of malicious
activity


Can perform simple tasks such as alerting the
administrator via email or text message at the first
sign of an intrusion
i.e., burglar alarm

A popular open-source NIPS



has the ability to perform real-time traffic analysis
and packet logging on IP networks
performs protocol analysis, content searching, and
content matching
can also be used to detect probes or attacks,
including, but not limited to, operating system
fingerprinting attempts, common gateway interface,
buffer overflows, server message bloke probes, and
stealth port scans.


Recently entered InfoWorld’s open source hall
of fame as “one of the greatest pieces of open
source software of all time”
Has several modes to run on



Sniffer mode
Packet logger mode
Intrusion detection mode






1. Ciampa, Mark D. Security+ Guide to Network
Security Fundamentals. 3rd ed. Boston, MA:
Course Technology, Cengage Learning, 2012.
2. Fung, K. T. Network Security Technologies.
Boca Raton, FL: Auerbach Publications, 2005.
3. Maiwald, Eric. Network Security: A Beginner's
Guide. New York, NY: Osborne/McGraw-Hill
2001.
4. Wikipedia.org