![Page 1: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/1.jpg)
Physical and Hardware Security
Chapter 15Networking Essentials
Spring, 2013
![Page 2: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/2.jpg)
Defining FirewallsFirewalls are a combination of ___ & ___
What is a “black box?” (p. 502)
Default deny or default allow – which one?
![Page 3: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/3.jpg)
Types of FirewallsNetwork-based firewalls protect __ from __.
Host-based firewalls protect ____.
![Page 4: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/4.jpg)
Access Control ListsHow they are processed
Lines are compared in sequential orderAfter a match is made, ACL is exitedImplicit deny at the end – why?
Standard ACLs vs Extended ACLsInbound vs outbound ACLs
![Page 5: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/5.jpg)
Ways to make things more secure
DMZ - Image on page 507Protocol switching – shift to IPX – why?Proxy Services
IP proxyWeb proxyFTP proxySMTP proxy
![Page 6: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/6.jpg)
More Firewall StuffNetwork Layer Firewalls
Stateful – Stateless –
Application Layer FirewallsSlower, because they …
![Page 7: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/7.jpg)
Scanning ServicesDefault Scanning Settings:
![Page 8: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/8.jpg)
Filtering for ContentCommon things to filter:
![Page 9: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/9.jpg)
Local Browser SettingsZones
Trusted Sites
Customizing Settings
![Page 10: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/10.jpg)
Intrusion Detection Systems (IDS)
More of a watchdog than a firewallCan be software or an actual devicePassive responses:
(honeypot) -
![Page 11: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/11.jpg)
VPN ConcentratorsLike a firewall, but made for VPNs
Allows for higher-speed throughput
Allows for encryption
![Page 12: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/12.jpg)
Problems Affecting Device Security
Physical security – where to keep stuff
Climate conditions –
Three barriers to your server –
Security zones ID Badges
![Page 13: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/13.jpg)
Logical Security Configurations
Logging On LocallyOnly administrator can log onto server
Administrator must log on locally – why?
![Page 14: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/14.jpg)
Access-Control PrinciplesUtilize implicit denies
(UNIX) - .allow file(UNIX) - .deny file
Least-privilege model
Separate administrative duties
Rotate administrator jobs
![Page 15: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/15.jpg)
Access Control MethodsMandatory Access Control (MAC) Model…Discretionary Access Control (DAC)… Role-Based Access Control (RBAC)…Rule-Based Access Control (RBAC)…
![Page 16: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/16.jpg)
Unsecure Protocols (UNIX) –(UNIX) –
![Page 17: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/17.jpg)
Secure Protocols
![Page 18: Physical and Hardware Security Chapter 15 Networking Essentials Spring, 2013](https://reader035.vdocument.in/reader035/viewer/2022062421/56649d825503460f94a68262/html5/thumbnails/18.jpg)