chapter six is network and telecommunications risks 1
TRANSCRIPT
Chapter SixChapter Six
IS Network IS Network
and and
Telecommunications RisksTelecommunications Risks
1
TopicsTopics
Network and Telecommunication TechnologiesNetwork and Telecommunication Technologies
Risks to IT Network and Telecommunication Risks to IT Network and Telecommunication SystemsSystems
IT Network and Telecommunication SecurityIT Network and Telecommunication Security
Auditing Network SecurityAuditing Network Security
2
Network TypesNetwork Types By ScaleBy Scale
– Local Area Network (LAN)Local Area Network (LAN)– Backbone NetworksBackbone Networks (BN)(BN)
» for linking together organizational LANs at various locations.for linking together organizational LANs at various locations.
– Metropolitan Area Network (MAN)Metropolitan Area Network (MAN)» connects LANs and BNs across different locations (usually leased lines) connects LANs and BNs across different locations (usually leased lines)
– Wide Area Network (WAN)Wide Area Network (WAN)
By OwnershipBy Ownership– Internet, intranet, extranetInternet, intranet, extranet– Virtual private networks (VPN)Virtual private networks (VPN) 3
Network TypesNetwork Types
By TopologyBy Topology– Star-shaped – centralizedStar-shaped – centralized– Ring – decentralizedRing – decentralized– Bus – decentralizedBus – decentralized– MeshMesh
By Distribution of FunctionalityBy Distribution of Functionality– Client Server, Thin Client, Fat ClientClient Server, Thin Client, Fat Client
4
Network ComponentsNetwork Components
Computers and terminalsComputers and terminals Network Operating SystemNetwork Operating System Telecommunications processors (network Telecommunications processors (network
interface cards and modems)interface cards and modems)
Telecommunications channels – physical and Telecommunications channels – physical and wireless (media)wireless (media)
Devices (Routers, switching, hubs, etc.)Devices (Routers, switching, hubs, etc.)Network Infrastructure
Clients/Servers
(Users and Applications)
5
Network Protocols and SoftwareNetwork Protocols and Software
Network and telecommunications softwareNetwork and telecommunications software– application software (web browsers, e-mail application software (web browsers, e-mail
software, etc.),software, etc.),
– network OS, network OS,
– networks management software, networks management software,
– middlewaremiddleware
6
Multi-layer Network ModelsMulti-layer Network Models Network models – standard architecture that Network models – standard architecture that
allows different HW and SW to communicate allows different HW and SW to communicate across networksacross networks
Open Systems Interconnection Model (7 layer)Open Systems Interconnection Model (7 layer)– Created by International Standards Organization (ISO) in 1984Created by International Standards Organization (ISO) in 1984
Internet Model (5 layer)Internet Model (5 layer)– Created by DARPA originally in early 70’sCreated by DARPA originally in early 70’s– Based on Transmission Control Protocol/ Internet Protocol Based on Transmission Control Protocol/ Internet Protocol
(TCP/IP) suite(TCP/IP) suite– Combines the “top” three layers of the OSI model into a single Combines the “top” three layers of the OSI model into a single
layer.layer.7
5-Layer Internet Model5-Layer Internet Model Application LayerApplication Layer
– set of utilities used by application programs set of utilities used by application programs Transport LayerTransport Layer
– deals with end-to-end issues such as segmenting the message for deals with end-to-end issues such as segmenting the message for network transport, and maintaining the logical connections network transport, and maintaining the logical connections between sender and receiverbetween sender and receiver
Network LayerNetwork Layer– responsible for making routing decisionsresponsible for making routing decisions
Data Link LayerData Link Layer– deals with message delineation, error control and network medium deals with message delineation, error control and network medium
access controlaccess control Physical LayerPhysical Layer
– defines how individual bits are formatted to be transmitted defines how individual bits are formatted to be transmitted through the networkthrough the network
Application Software
Computer Hardware
System Software
8
1 - 9
Data Communication StandardsData Communication StandardsLayer Common Standards
5. Application layerHTTP, HTML (Web)IMAP, POP (e-mail)
4. Transport layerTCP (Internet)SPX (Novell LANs)
3. Network layer IP (Internet)IPX (Novell LANs)
2. Data link layerEthernet (LAN)PPP (dial-up via modem for MAN)
1. Physical layerCategory 5 twisted pair (LAN)Fiber optic cable (WAN)
IS Network and IS Network and Telecommunications Risks Telecommunications Risks
Social Engineering, Software Vulnerabilities Social Engineering, Software Vulnerabilities (Unauthorized Access)(Unauthorized Access)
Physical Infrastructure Threats – the elements, Physical Infrastructure Threats – the elements, natural disasters, power supply, intentional natural disasters, power supply, intentional human attacks (disaster)human attacks (disaster)
Programmed Threats – viruses, worms, Trojan Programmed Threats – viruses, worms, Trojan horses, hoaxes, blended threats (destruction)horses, hoaxes, blended threats (destruction)
Denial of Service Attacks (disruption)Denial of Service Attacks (disruption)12
IS Network and IS Network and Telecommunications SecurityTelecommunications Security
Network security administrationNetwork security administration
Authentication and Access ControlAuthentication and Access Control
Encryption – secret key and public keyEncryption – secret key and public key
Firewalls – packet filtering and stateful Firewalls – packet filtering and stateful inspectioninspection
Intrusion Detection SystemsIntrusion Detection Systems
Penetration Testing – war dialing, port Penetration Testing – war dialing, port scanning, sniffers, password crackersscanning, sniffers, password crackers
13