Lesson 9-Securing a Network

Overview

Identifying threats to the network security.

Planning a secure network.

Identifying Threats to the Network Security

Internal threats.

External threats.

Viruses, worms, and other malicious code.

Internal Threats

The primary components of any security strategy designed

to combat internal threats are:

Account security.

File and directory permissions.

Practices and user education.

Internal Threats

Account security:

Identification and authentication (I&A) is a security mechanism

that allows a computer to uniquely identify the user attempting

to log on or perform an action in the system.

I&A is done by assigning user IDs and names to each user on

the system.

Each user is assigned a password or a personal identification

number (PIN) to prove their identities.

Internal Threats

Account security (continued):

A credit card or a driver's license can be used to identify a user

in the system.

Smart cards are used as an identification medium for sensitive

computer systems and networks.

Biometrics uses unique human characteristics such as

fingerprints, hand geometry, retina scans, facial geometry, and

voiceprints for authentication.

Internal Threats

Account security (continued):

Passwords are the most common type of authentication

mechanism used.

Passwords should be at least eight characters in length and

contain a mixture of uppercase and lowercase letters,

numbers, and special characters.

Internal Threats

Account security (continued):

Passwords should not be written down or shared with

coworkers.

They should be hard to guess but easy to remember.

Setting the password lockouts on Windows 2000 is a good

practice to prevent password-guessing attacks.

Internal Threats

Account lockout duration settings

Internal Threats

Account lockout threshold settings

Internal Threats

Reset account lockout counter after settings

Internal Threats

Account security (continued):

Passwords are stored in an encrypted format on computer

systems.

Hackers can discover passwords through possible

combinations of letters, numbers, and special characters,

known as brute force attack.

Account security (continued):

Hackers can also obtain the encrypted password from the

network as they are communicated between systems.

Obtaining encrypted passwords from a network is called

sniffing the wire.

Internal Threats

Internal Threats

File and directory permissions:

File and directory permissions allow the computer to identify

users who have access to a particular file or directory in the

system.

Access control is a mechanism that is used to restrict what

authorized users can do on a computer system.

File and directory permissions (continued):

In a Windows system, an individual user or a group in a domain

can be assigned multiple permissions on each directory or

folder.

On Linux systems, read, write, and execute permissions can be

set for the owner, group, or other users of a file.

Internal Threats

Internal Threats

Practices and user education:

Technical security controls help an organization manage the

security of its networks.

An organization’s security policies define the expected level of

security that is to be configured.

Practices and user education (continued):

It is a good practice to maintain an audit log that records

certain security-related events for each server on a computer

system.

The audit log can be very useful in reconstructing events after

a problem or concern has been identified.

Internal Threats

External Threats

A front door attack is the most common type of external

attack.

It allows a hacker to identify vulnerabilities on any of an

organization’s systems that are on the Internet.

A port is a query used to identify systems that are running

services vulnerable to attacks.

A rootkit is a set of programs that helps a hacker in

returning to the system and hide its presence.

External Threats

External Threats

Network protection:

The router and firewall both help protect the Web server and

the internal network.

A router is a network device that blocks unwanted traffic by

configuring access control lists.

Network protection (continued):

A firewall drops all traffic by default and is configured to pass

traffic that is necessary.

Updating vulnerable software to eliminate programming errors

helps restrict hackers.

External Threats

External Threats

Back door hacking involves physically breaking into a

facility, using a remote access connection, using a wireless

network access point, or tricking an employee into giving

out information.

Remote Access Security allows a remote employee to

access internal resources.

External Threats

Wireless technology allows a user to access an

organization’s network from outside the building.

Wireless networks should be segregated from the main

internal network by a firewall and require a strong

authentication.

Social engineering can be used to gain unauthorized access

to computer systems through non-technical means.

External Threats

A denial of service attack (DOS attack) is a type of data

flood that uses up all the available bandwidth on a network

and prevents legitimate traffic from reaching the

computers.

A distributed DOS (DDOS) attack increases the amount of

traffic in the network and crashes larger connections or

multiple systems.

Viruses, Worms, and Other Malicious Code

A virus is a program that attaches itself to another program

and executes itself when the infected file is run.

Worms are programs that execute their own code to

propagate.

A Trojan horse is a program, which is accompanied by some

type of social engineering that attempts to make the

recipient execute the program.

Viruses, Worms, and Other Malicious Code

Preventing infections:

Antivirus software should be configured to examine the entire

file system for malicious code on a daily basis.

Antivirus software should be installed on desktop computers,

servers, and e-mail systems to identify malicious code.

Planning a Secure Network

System requirements must be identified in the areas of

confidentiality, integrity, availability, and accountability.

Disasters are events that cause massive damage to an

organization’s infrastructure.

A complete disaster recovery plan (DRP) should take into

account the computer equipment and communication

needs of the organization.

Planning a Secure Network

DRP helps identify and correct a problem before a real

disaster occurs.

File backups are an important part of managing the security

of a network.

Each server should be configured with backup drives in a

redundant array of independent disks (RAID) configuration.

Tapes and disks can also be used for creating backups.

Summary

A combination of uppercase and lowercase characters,

numbers, and special characters are used to create strong

passwords.

Access control mechanisms can be used to limit access to

sensitive files.

Patching vulnerabilities is an important part of overall

security.

Summary

Remote access via dial-up phone lines or VPN, and wireless

networks can be used by hackers to attack a network.

Disaster planning is important for the availability of the

network and systems.

Antivirus signatures must be updated on a regular basis to

make the antivirus software effective.