Chapter SixChapter Six

IS Network IS Network

and and

Telecommunications RisksTelecommunications Risks

1

TopicsTopics

Network and Telecommunication TechnologiesNetwork and Telecommunication Technologies

Risks to IT Network and Telecommunication Risks to IT Network and Telecommunication SystemsSystems

IT Network and Telecommunication SecurityIT Network and Telecommunication Security

Auditing Network SecurityAuditing Network Security

2

Network TypesNetwork Types By ScaleBy Scale

– Local Area Network (LAN)Local Area Network (LAN)– Backbone NetworksBackbone Networks (BN)(BN)

» for linking together organizational LANs at various locations.for linking together organizational LANs at various locations.

– Metropolitan Area Network (MAN)Metropolitan Area Network (MAN)» connects LANs and BNs across different locations (usually leased lines) connects LANs and BNs across different locations (usually leased lines)

– Wide Area Network (WAN)Wide Area Network (WAN)

By OwnershipBy Ownership– Internet, intranet, extranetInternet, intranet, extranet– Virtual private networks (VPN)Virtual private networks (VPN) 3

Network TypesNetwork Types

By TopologyBy Topology– Star-shaped – centralizedStar-shaped – centralized– Ring – decentralizedRing – decentralized– Bus – decentralizedBus – decentralized– MeshMesh

By Distribution of FunctionalityBy Distribution of Functionality– Client Server, Thin Client, Fat ClientClient Server, Thin Client, Fat Client

4

Network ComponentsNetwork Components

Computers and terminalsComputers and terminals Network Operating SystemNetwork Operating System Telecommunications processors (network Telecommunications processors (network

interface cards and modems)interface cards and modems)

Telecommunications channels – physical and Telecommunications channels – physical and wireless (media)wireless (media)

Devices (Routers, switching, hubs, etc.)Devices (Routers, switching, hubs, etc.)Network Infrastructure

Clients/Servers

(Users and Applications)

5

Network Protocols and SoftwareNetwork Protocols and Software

Network and telecommunications softwareNetwork and telecommunications software– application software (web browsers, e-mail application software (web browsers, e-mail

software, etc.),software, etc.),

– network OS, network OS,

– networks management software, networks management software,

– middlewaremiddleware

6

Multi-layer Network ModelsMulti-layer Network Models Network models – standard architecture that Network models – standard architecture that

allows different HW and SW to communicate allows different HW and SW to communicate across networksacross networks

Open Systems Interconnection Model (7 layer)Open Systems Interconnection Model (7 layer)– Created by International Standards Organization (ISO) in 1984Created by International Standards Organization (ISO) in 1984

Internet Model (5 layer)Internet Model (5 layer)– Created by DARPA originally in early 70’sCreated by DARPA originally in early 70’s– Based on Transmission Control Protocol/ Internet Protocol Based on Transmission Control Protocol/ Internet Protocol

(TCP/IP) suite(TCP/IP) suite– Combines the “top” three layers of the OSI model into a single Combines the “top” three layers of the OSI model into a single

layer.layer.7

5-Layer Internet Model5-Layer Internet Model Application LayerApplication Layer

– set of utilities used by application programs set of utilities used by application programs Transport LayerTransport Layer

– deals with end-to-end issues such as segmenting the message for deals with end-to-end issues such as segmenting the message for network transport, and maintaining the logical connections network transport, and maintaining the logical connections between sender and receiverbetween sender and receiver

Network LayerNetwork Layer– responsible for making routing decisionsresponsible for making routing decisions

Data Link LayerData Link Layer– deals with message delineation, error control and network medium deals with message delineation, error control and network medium

access controlaccess control Physical LayerPhysical Layer

– defines how individual bits are formatted to be transmitted defines how individual bits are formatted to be transmitted through the networkthrough the network

Application Software

Computer Hardware

System Software

8

1 - 9

Data Communication StandardsData Communication StandardsLayer Common Standards

5. Application layerHTTP, HTML (Web)IMAP, POP (e-mail)

4. Transport layerTCP (Internet)SPX (Novell LANs)

3. Network layer IP (Internet)IPX (Novell LANs)

2. Data link layerEthernet (LAN)PPP (dial-up via modem for MAN)

1. Physical layerCategory 5 twisted pair (LAN)Fiber optic cable (WAN)

Message Transmission ExampleMessage Transmission Example

10

5 - 11

Message Moving Through Message Moving Through LayersLayers

IS Network and IS Network and Telecommunications Risks Telecommunications Risks

Social Engineering, Software Vulnerabilities Social Engineering, Software Vulnerabilities (Unauthorized Access)(Unauthorized Access)

Physical Infrastructure Threats – the elements, Physical Infrastructure Threats – the elements, natural disasters, power supply, intentional natural disasters, power supply, intentional human attacks (disaster)human attacks (disaster)

Programmed Threats – viruses, worms, Trojan Programmed Threats – viruses, worms, Trojan horses, hoaxes, blended threats (destruction)horses, hoaxes, blended threats (destruction)

Denial of Service Attacks (disruption)Denial of Service Attacks (disruption)12

IS Network and IS Network and Telecommunications SecurityTelecommunications Security

Network security administrationNetwork security administration

Authentication and Access ControlAuthentication and Access Control

Encryption – secret key and public keyEncryption – secret key and public key

Firewalls – packet filtering and stateful Firewalls – packet filtering and stateful inspectioninspection

Intrusion Detection SystemsIntrusion Detection Systems

Penetration Testing – war dialing, port Penetration Testing – war dialing, port scanning, sniffers, password crackersscanning, sniffers, password crackers

13

Internal, Perimeter, and External Internal, Perimeter, and External NetworksNetworks

14

Auditing Network SecurityAuditing Network Security

Risk assessment and best practicesRisk assessment and best practices Benchmark toolsBenchmark tools IT audit programs for network securityIT audit programs for network security

15