PowerPoint Presentation

HOW TO BUILD A SECURE NETWORK ARCHITECTURE

MEET OUR TEAMFawaz AliD-14-CS-09Saqib IqbalD-14-CS-07Aarij KhanD-14-CS-18Ata ul MunimD-14-CS-10

What is Network Security?A Business Tool to achieve goalSenior management might view the network security as a business tool to facilitate the goals of the companyThe Centre of the universeNetwork technicians might consider their networks to be the center of the universe.A Tool to get the Job DoneEnd users might consider the network to be just a tool for them to get their job doneNetwork securityconsists of the policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computernetworkand network-accessible resources.Network security involves the authorization of access to data in anetwork, which is controlled by thenetworkadministrator.

5Attack Methods

Most attackers do not want to be discovered and so they use a variety of techniques toremain in the shadows when attempting to compromise a network.

Reconnaissance Attack

This is the discovery process used to find information about the network.

It could include scans of the network to find out which IP addresses respond, and further scans to see which ports are open.

Social Engineering Attack

This is a tough one because it leverages our weakest (very likely)vulnerability in a secure network: the user.

If the attacker can get the user to reveal information, it is much easier for the attacker than using some other method of reconnaissance.

Covert ChannelThis method uses programs or communications in unintended ways. For example, if the security policy says that web traffic is allowed but P2P messaging is not, users can attempt to tunnel their peer-to-peer traffic inside of HTTP traffic.

Dos or D-Dos AttackDenial-of-service attack and distributed denial-of-service attack. An example is using a botnet to attack a target system.

Denial of service (DDoS) attacks are made from numerous computers to cause a web address to fail.

Password attacks

These could be brute force, where the attackers system attempts thousands of possible passwords looking for the right match.

BackdoorWhen attackers gain access to a system, they usually want future access, as well, and they want it to be easy. A backdoor application can be installed to either allow future access or to collect information to use in further attacks.

12Guidelines for Secure Network Architecture

We all want some basic principles and guidelines in place in the early stages of designingand implementing a network.

Auditing4

Separation of Duties3

Defense in Depth2

Rule of Least Privilege1

Applying Fundamentals Security Principles to Network Design

Rule of Least PrivilegeThis rule states that minimal access is only provided to the required network resources, and not any more than that.

Defense in Depth

This concept suggests that you have security implemented on nearly every point of your network.

The concept behind defense in depth is that if a single system fails, it does not mean that security has completely been removed from the equation.

Separation of DutiesIt refer to Dividing roles and responsibilities so that a single individual cannot subvert a critical process

Auditing

This refers to accounting and keeping records about what is occurring on the network.

Most of this can be automated through the features of authentication, authorization, and accounting (AAA)

18Devices, Tools and Methods we can use to achieve a secure network

Just because your business is small, doesn't mean that hackers won't target you. The reality is that automated scanning techniques and botnets don't care whether your company is big or small, they're only looking for holes in your network security to exploit.

The good news is that there are a lot of things that small businesses can do to lock down networks without spending a small fortune. Through a combination of hardware, software and best practices, you can minimize your risks and reduce the attack surface that your small business presents to the world.

ASAAdaptive Security Appliance is a security device that combines firewall, antivirus, IPS, SIO and VPN capabilities. It provides proactive threat defense that stops attacks before they spread through the network

IPSIntrusion Prevention Systems, primarily using signature matching, can alert administrators about an attack on the network and can prevent the initial packet from entering the network.

AMPAdvance Malware Protection provides protection before, during or after an attack. It uses the best global threat intelligence to strengthen the defense of an organization.

SIOSecurity Intelligence Operations or SIO operates as the measure and transmit hub for email, web, and IPS services, etc.

Thank YouThanks for comingHave a nice day