Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defining Network Infrastructure and Network Security Lesson 8.

Published byJayson Shaw Modified over 7 years ago

Similar presentations

Presentation on theme: "Defining Network Infrastructure and Network Security Lesson 8."— Presentation transcript:

1 Defining Network Infrastructure and Network Security Lesson 8

2 Objectives

3 Internet The Internet is a worldwide system of connected computer networks. Computers that connect to the Internet use the TCP/IP protocol suite.

4 World Wide Web The World Wide Web (WWW) is an enormous system of interlinked hypertext documents that can be accessed with a web browser. Currently, the World Wide Web is in a stage known as Web 2.0 Web 2.0 is an interactive type of web experience compared to the previous version 1.0.

5 Intranet An intranet is a private computer network or single Web site that an organization implements in order to share data with employees around the world. User authentication is necessary before a person can access the information in an intranet. –Ideally, this keeps the general public out, as long as the intranet is properly secured.

6 Extranet An extranet is similar to an intranet except that it is extended to users outside a company, and possibly to entire organizations that are separate from or lateral to the company. User authentication is still necessary, and an extranet is not open to the general public.

7 Intranet and Extranet

8 VPN A virtual private network (VPN) is a connection between two or more computers or devices that are not on the same private network. In order to ensure that only the proper users and data sessions cross to a VPN device, data encapsulation and encryption are used. A “tunnel’ is created, so to speak, through the LANs and WANs that might intervene;

9 VPN

10 VPN Popular VPN Protocols are: –PPTP –L2TP with IPSec

11 Point-to-Point Tunneling Protocol Point-to-Point Tunneling Protocol (PPTP) is the more commonly used protocol, but it is also the less secure option. PPTP generally includes security mechanisms, and no additional software or protocols need to be loaded. A VPN device or server that allows incoming PPTP connections must have inbound port 1723 open. PPTP works within the point-to-point protocol (PPP), which is also used for dial-up connections.

12 L2TP with IPSec Layer 2 Tunneling Protocol (L2TP) is quickly gaining popularity due to the inclusion of IPsec as its security protocol. Although this is a separate protocol and L2TP doesn’t have any inherent security, L2TP is considered the more secure solution because IPsec is required in most L2TP implementations. A VPN device or server that allows incoming L2TP connections must have inbound port 1701 open.

13 Selecting Custom Configuration

14 VPN Connection

15 Ipconfig showing results of VPN adapter

16 Security Devices and Zones Security devices such as firewalls are the main defense for a company’s networks, whether they are LANs, WANs, intranets, or extranets. Perimeter security zones such as demilitarized zones (DMZs) help keep certain information open to specific users or to the public while keeping the rest of an organization’s data secret.

17 Firewalls Firewalls are used to protect a network from malicious attack and unwanted intrusion. They are the most commonly used type of security device in an organization’s perimeter.

18 Firewalls

19 Packet Filtering Packet filtering inspects each packet that passes through the firewall and accepts or rejects it based on a set of rules. –Stateless packet inspection and stateful packet inspection (SPI). –A stateless packet filter, also known as pure packet filtering, does not retain memory of packets that have passed through the firewall.

20 NAT Filtering NAT filtering, also known as NAT endpoint filtering, filters traffic according to ports (TCP or UDP). This can be done in three ways: using basic endpoint connections, by matching incoming traffic to the corresponding outbound IP address connection, or by matching incoming traffic to the corresponding IP address and port.

21 Application-Level Gateway Application-level gateway (ALG) supports address and port translation and checks whether the type of application traffic is allowed. It adds a layer of security; however, it is resource intensive.

22 Circuit-Level Gateway Circuit-level gateway works at the session layer of the OSI model when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. Circuit-level gateways hide information about the private network, but they do not filter individual packets.

23 Proxy Server A proxy server acts as an intermediary between a LAN and the Internet. By definition, proxy means “go-between,” acting as such a mediator between a private and a public network. The proxy server evaluates requests from clients, and if they meet certain criteria, forwards them to the appropriate server.

24 Caching Proxy Caching proxy attempts to serve client requests without actually contacting the remote server. Although there are FTP and SMTP proxies among others, the most common caching proxy is the HTTP proxy, also known as a web proxy, which caches web pages from servers on the Internet for a set amount of time. This is done to save bandwidth on the company’s Internet connection and to increase the speed at which client requests are carried out.

25 IP Proxy IP proxy secures a network by keeping machines behind it anonymous. It does this through the use of NAT.

26 Internet Content Filter An Internet content filter, or simply a content filter, is usually applied as software at the application layer and it can filter out various types of Internet activities, such as access to certain Web sites, email, instant messaging, and so on.

27 Network Intrusion Detection and Prevention A network intrusion detection system (NIDS) is a type of IDS that attempts to detect malicious network activities (e.g., port scans and DoS attacks) by constantly monitoring network traffic. –The NIDS will then report any issues that it finds to a network administrator as long as it is configured properly. A network intrusion prevention system (NIPS) is designed to inspect traffic, and, based on its configuration or security policy, it can remove, detain, or redirect malicious traffic in addition to simply detecting it.

28 DMZ A perimeter network or demilitarized zone (DMZ) is a small network that is set up separately from a company’s private local area network and the Internet. It is called a perimeter network because it is usually on the edge of a LAN, but DMZ has become a much more popular term. A DMZ allows users outside a company LAN to access specific services located on the DMZ. However, when the DMZ set up properly, those users are blocked from gaining access to the company LAN. The DMZ might house a switch with servers connected to it that offer web, email, and other services.

29 DMZ Two common DMZ configurations are as follows: –Back-to-back configuration: This configuration has a DMZ situated between two firewall devices, which could be black box appliances or Microsoft Internet Security and Acceleration (ISA) Servers. –3-leg perimeter configuration: In this scenario, the DMZ is usually attached to a separate connection of the company firewall. Therefore, the firewall has three connections—one to the company LAN, one to the DMZ, and one to the Internet.

30 DMZ

31 Summary How to differentiate between the Internet, intranets, and extranets. How to set up a virtual private network with Windows Server 2008 and with a typical SOHO four-port router. About firewalls and how to initiate port scans on them to see whether they are locked down. About other perimeter devices and zones, such as proxy servers, internet content filters, NIDS, NIPS, and the DMZ.

Download ppt "Defining Network Infrastructure and Network Security Lesson 8."

Similar presentations

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.
Defining Network Infrastructure and Security

Defining Network Infrastructure and Security
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Guide to Computer Network Security

Guide to Computer Network Security
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Similar presentations

Ads by Google