chapter fifteen working with network security. objectives to discover what dangers lurk in that...
TRANSCRIPT
Objectives• To discover what dangers lurk in that great big world• To examine the basic concepts of security• To find out when you might have too much security• To learn what security features are offered by the NOS• To find out what makes a good password policy• To review data encryption• To learn to block out unwanted visitors• To examine some security protocols
What Are the Dangers?
• Data accessed or destroyed by intruders
• Data accessed or destroyed from the inside
• Physically stolen data or equipment
• Data lost or corrupted due to equipment failure
• Protecting against viruses
Some Security Considerations
• Physical security– Equipment and drives must be protected from
theft.
• Environmental damage
• Levels of risk– Just how sensitive is your data?
Physical Security
• Hard disks are easily removed.– The data can be extracted at leisure in a safe
location.
• A physical disaster can destroy the equipment housing your critical data.
Environmental Damage
• The Tsunami of 2005 showed how much damage nature can wreak.
• Voltage surges and/or static electricity can cause data loss.
Risk Levels• Low risk
– Loss or damage to data will not cause an interruption of business or personal risk to people.
• Medium risk– Loss or damage to data results in noticeable disruption of
workflow and/or involves putting people at noticeable risk.
• High risk– Loss or damage to data could bring the company to a
standstill and/or cause serious harm to people.
Can You Have Too Much Security?
• If files or other resources can’t be accessed by the people who need them…
• If passwords are made too difficult for the average person to remember…
• Three levels of firewalls to protect your saved Redneck Rampage games might be a bit much.
Opening Doors to the Outside
• Internet access and Email are now essential parts of doing business.
• Work at home users need to be able to log in remotely.
• Customer support might require maintaining an accessible intranet.
Guarding the Gates
• Firewalls can limit access from the outside
• Access control lists on a router interface
• Securing remote access services (RAS) connections
Security in the NOS• A network operating system will include a certain
degree of security.– Share level versus security user level (discussed earlier)– User authentication (discussed earlier)– File system security– Securing printing devices– Directory services
• IPSec• Kerberos
File System Security
• The Novell File System and NTFS both provide extensive security barriers.– Each one provides different permissions to
resources.– Each one allows you to monitor users and what
they’re doing on the network.
Windows Permissions
• Full control
• Modify
• Read and execute
• List folder contents
• Read
• Write
A Good Password Policy• Never reveal your password to anyone.• Force periodic password changes.• Do not use common names or words in a password.• Mix alpha and numeric characters with a nice mix of
punctuation.• Mix upper and lower-case letters.• Force a minimum password length.• Don’t allow repeat passwords to be used.
Data Encryption
• NTFS 5.0 provides the Encrypting File System.– Allows users to individually encrypt files or
folders– Provides a recovery agent for getting back lost
data– Uses a 128-bit encryption key
Basic Rules for Using Encryption
• Make sure a recovery agent is assigned and trained.
• Be careful who you choose as a recovery agent.
• Don’t use it if you don’t need it.
Firewalls• They can be an application gateway or a circuit
gateway.– A circuit gateway directs all outbound traffic to a certain
point.– The source IP address is substituted with that of the
gateway.– Application gateways work on the software level and
mask IP addresses.• All firewalls can filter packets by IP address or protocol;
more advanced firewalls filter by content.
Proxy Servers
• A single machine provides access to the outside world (similar to a circuit gateway).
• Private IP addressing is used inside the network.
• Only the ISP-assigned IP address of the proxy server is visible to the outside world.
• They can cache frequently accessed pages to provide faster Internet browsing for users.
Access Lists
• Configured as either inbound or outbound lists on the interface of a router
• Can filter traffic by IP address, protocol, host name, MAC address, or content
• Outbound traffic can have different rules than inbound traffic
Security Protocols
• Secure Socket Layers
• Transport Layer Security
• Secure Multipurpose Internet Mail Extensions
• IPSec
• Kerberos
Defense Against Viruses
• Viruses and other malevolent code can do any of the following:– Bring performance to a crawl– Destroy or redirect data to unauthorized people– Render a machine unbootable– Turn an otherwise harmless machine into a
SPAM redirector
Types of Malevolent Code
• Viruses
• Worms
• Trojan horses
• Logic bombs
• Trap doors
• Embedded macros
Good Antivirus Procedures
• Install an effective antivirus solution.
• Keep all updates and patches up to date.
• Regularly update signature files.
• Scan all incoming files as though your life depended on it.
The Virtual LAN
• It allows a few devices on a network to communicate as if they are a self-contained network.
• Make use of an intelligent switch configured to create the VLAN.
Static VLANs
• All devices on a single switch are part of the VLAN.
• Data from other parts of the network can’t get in.
• Data from the VLAN doesn’t get out to the rest of the network.