soluciones de red.ppt

7/27/2019 Soluciones de Red.ppt

1/21

Installing Windows XP Professional Using Attended Installation

Slide 1 of 21Ver. 1.0

In this session, you will learn about:

Best practices for implementing VPNs and VoIP

Tips and tricks on network documentation

FAQs related to network planning

Objectives

Planning Network Solutions

Planning Network Solutions / Chapter 5


2/21



When planning for a VPN for an enterprise, you have to

consider the following best practices:

Place the VPN gateway outside the firewall.

Determine the location of the VPN gateway within the existing

network topology.

Place the firewall after the VPN gateway and allow the firewall

to inspect the traffic that the VPN decrypts.

Do not locate the VPN gateway parallel to or behind the

firewall. The firewall will not be able to inspect clear-text traffic.

Place a VPN gateway such that any Network Address

Translation (NAT) for data packets takes place outside theVPN tunnel.

Do not place the IDS outside the network firewall.

Best Practices




3/21



When planning for VoIP, you should consider the following

best practices:

Conduct an audit of the network technology implemented in the

enterprise to check if it is compatible with VoIP.

Prioritize voice traffic over data on corporate networks.

Determine bandwidth requirements.

Consider global governmental toll-bypass regulations.

Increase the visibility and performance of the VoIP network.

Stick to one VoIP provider.

Choose equipment that are compatible with each other.

Best Practices (Contd.)




4/21



Documenting a network helps reduce the maintenance and

management costs.

An analysis of the following questions helps in selecting an

appropriate network documentation package:

What should be documented?Why should it be documented?

Where is the information source?

Is all the required information readily available?

Who are the users?

What structure and naming conventions should be used?What is the feedback process?

Tips and Tricks




5/21



What is a VPN gateway?

A VPN gateway is a device that connects a LAN to a VPN. A VPN

gateway is a device that connects a LAN to a VPN. VPN gateways

are installed at both ends of a VPN tunnel. The VPN gateway

installed at the sending end encrypts the data and the VPN

gateway installed at the receiving end decrypts the data.

Does WLAN support Internet connectivity?Yes. WLAN works just like a LAN but communication takes place

without wires.

How reliable is VoIP?

Just as traditional phone lines depend on telephone companies for

their maintenance and quality, the reliability of VoIP depends on the

Internet Service Provider (ISP). The effectiveness of network lines in

VoIP entirely depends on the level of maintenance provided by the

ISP.

FAQs




6/21



How much bandwidth does VoIP require?

You need a broadband connection to make VoIP work

successfully. Having more bandwidth allows you to make a

greater number of simultaneous calls.

Do VoIP phones require specific hardware to work properly?

You need to have a Private Branch Exchange (PBX) that

supports an IP phone.

FAQs (Contd.)




7/21



How does understanding availability requirements help plan

an IT infrastructure?

Practice Questions



Understanding availability requirements help determine the level of

network services required and thereby help determine the cost of

setting up an IT infrastructure to fulfill the level of service.


8/21



What is the difference between scalability and obsolescence

protection?

Practice Questions (Contd.)



Scalability is the ability of a network to cope up with future

requirements, such as increase in the number of users, expansion

of the network, acquisition of new network sites, and installation of

new software applications.Obsolescence protection involves planning the purchase of your

network devices in such a way that they are able to keep pace with

fast changing technologies and higher capacity devices that might

be installed in future.


9/21



How does network sizing affect network planning?




Network sizing takes care of the number of users using the

network and the future requirements that might arise. Thereby,

network sizing helps determine the quality and level of network

services required. Network sizing helps you estimate the cost of

setting up a network that will meet the business as well astechnical requirements of an enterprise.


10/21



What are the various options available for setting up a WAN

infrastructure?




The various options for setting up a WAN infrastructure are:

Frame relay

X.25

WAN ATM

Leased line

ISDN

ADSL

Analog Modems

SMDS


11/21



What are VPNs? How does a VPN help provide low cost yet

secure WAN communication?




VPNs are networks that use encryption in the lower protocol layers

to provide a secure connection through an otherwise insecure

network, such as the Internet. VPNs are cheaper than real private

networks using private lines.VPNs use encryption to make the data safe on public networks,

such as the Internet. In addition, they use the IPsec protocol to

ensure better safety of information traveling through VPNs.


12/21



In this session, you will learn about:

Best practices for planning IDS

Tips and Tricks on planning a security solution

FAQs on security measures, such as firewalls and digital

signatures

Objectives

Planning Security Solutions

Planning Security Solutions / Chapter 6


13/21



The best practices for planning IDS are:

Employ measures to use the data gathered from the IDS

effectively, such as software tools to evaluate and report IDS

findings.

Choose a logging system that allows you to gather a large

amount of data, backup and recovery procedures, and storagefacilities.

Ensure that system logs are checked daily for critical incidents

and weekly for all other incidents.

Develop a standard response procedure to tackle any

malicious attempt made on the enterprises network.

Best Practices




14/21



The tips and tricks for implementing IDS are:

Use host-based IDS to secure the computers of mobile users

in your network.

Use network-based IDS to secure your IT infrastructure if you

do not want to place an additional workload on the computers

of your network.

Use hardware instead of software firewalls if securityrequirements are not very high.

Tips and Tricks




15/21



How does a firewall work?

A firewall checks the data packets leaving or entering a

network to ensure that they are authorized to go to the people

they are addressed to. It also checks whether the person or

application sending the data is authorized to use the Internet.

What is the difference between a hardware and softwarefirewalls?

A hardware firewall is implemented on network devices, such

as routers. Hardware firewalls use packet filtering to know the

source and destination addresses of a data packet.

Software firewalls are implemented on computers. A softwarefirewall allows only secure applications to communicate over

the Internet.

FAQs




16/21



What is a digital signature and how do you acquire one?

A digital signature needs to be different each time it is created,

and is used to secure objects, such as an electronic document, a

picture, or a program. It is created by performing a mathematical

calculation on the data that needs securing, such as a password

for a Web site. This mathematical calculation produces a unique

numerical value, which is encrypted using a private cryptographic

key. You cannot buy a digital signature. To create a digitalsignature, one needs to generate or buy a private cryptographic

key, a public key and certificate.

Who recognizes the Certification Authorities (CAs) for digital

certificates?

CAs are recognized by vendors that provide Web browsers.Different companies, such as Microsoft and Netscape, recognize

different CAs.

What is the lifecycle of a certificate?

Personal and server certificates have a validity of one year.

However, the issuing CA can decide the life of a certificate.

FAQs (Contd.)




17/21



What do you mean by physical security?

Practice Questions



Physical security concerns securing various physical devices that

form part of an IT infrastructure. The physical devices might

include computers, printers, routers, hard disks, and wiring

components.


18/21



What are the measures available to ensure physical

security?




The various measures to ensure physical security are:

Keeping devices under lock and key

Implementing biometric measures, such as keycards,fingerprint readers, and retinal scanners

Implementing surveillance measures


19/21



Define a security policy?




Every enterprise needs to define a set of rules and regulations to

secure its IT infrastructure from various critical situations, such as

unauthorized access to data, disclosure of confidential information,

and virus attacks. This set of rules and regulations is known as the

security policy. A security policy enables you devise appropriate

mechanisms and choose technologies to ensure the security of theIT infrastructure.


20/21



Describe how the QoS requirements of an enterprise

determine the level of security required in the enterprise.




Depending on the QoS requirements of the enterprise, the

enterprise can select an appropriate security method. If the

enterprise requires fast access to data, the security will be kept at

a low level because it might affect the speed of data access.

Alternately, if the enterprise requires highly secure data, the level

of security employed will be high.


21/21


Slid 21 f 21V 1 0

What are the differences between host-based and

network-based IDS.



Pl i S it S l ti / Ch t 6

Network-based IDS are deployed on a network. They use raw

network packets as the data source to check for any sort of

intrusion in a network. Network-based IDS utilize network adapters

to monitor and analyze network traffic. You can deploy network-

based IDS to protect a specific segment of the network, in which it

is installed.

Host-based IDS are installed on different types of computers such

as desktops, servers, or laptops. They can provide a second level

check and can detect problems missed out by network-based IDS.Therefore, identifying location of the IDS on internal networks can

be crucial for providing broad security coverage for an enterprise.

You can decide to implement host-based IDS on those computers

which are more prone to attack by intruders.

soluciones de red.ppt

Documents