Unit 7 Chapter 9, plus Lab 11 Course Name – IT482-02 Network Design Unit 7 Seminar Unit 7 Chapter 9, plus Lab 11 Course Name – IT482-02 Network Design Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Email – jmcdanolds@kaplan.edu Office Hours: Wednesday 9:00 PM ET and Thursday 5:00 PM ET
UNIT 6 Review Covered last week … Chapter 7 Network Management Architecture Defining Network Management Network Devices and Characteristics Network Management Mechanisms Monitoring, Instrumentation and Configuration Mechanisms Architectural Considerations In-band management, Out-of-band management, Centralized, distributed and hierarchical management, Scaling network management traffic, Checks and balances, Managing network management data, MIB selection, Integration of OSS (operations support systems) Chapter 8 Performance Architecture Developing Goals for Performance Performance Mechanisms QoS, Prioritization, Traffic Management, Scheduling, Queuing, SLAs OPNET ITGuru Lab 10 Queuing Disciplines, Exercises 1, 2 & 3
Quick check of Unit 6 Network Management and Performance Architecture Unit 6 Review Quick check of Unit 6 Network Management and Performance Architecture #1 Components of SNMP network management #2 What is FCAPS? Give two specific examples. #3 What are the three traffic classes for DiffServ?
Security and Privacy Architecture UNIT 7 Security and Privacy Architecture Security – integrated within all areas of the network and impacts all other functions on the network. Network Security - the protection of networks and their services from unauthorized access, modification, destruction and disclosure. Network Privacy – a subset of network security, focusing on protection of networks and their services from unauthorized access or disclosure. Three security considerations: protecting the integrity, confidentiality and availability of the network and system resources and data (CIA)
Developing a Security and Privacy Plan UNIT 7 Developing a Security and Privacy Plan What are we trying to solve, add, or differentiate by adding security mechanisms to this network? Are security mechanisms sufficient for this network? Common areas addressed: Which resources need to be protected What problems (threats) are we protecting against The likelihood of each problem (threat)
Security and Privacy Administration UNIT 7 Security and Privacy Administration Threat Analysis - a process used to determine which components of the system need to be protected and the types of security risks (threats) they should be protected from. Potential Assets and Threats to be Analyzed
Threat Analysis Worksheet UNIT 7 Threat Analysis Worksheet Developing a threat analysis identifies the assets to be protected and identifies the possible threats.
Threat Analysis UNIT 7 SWOT analysis – used to examine these: S = strengths, W = weaknesses, O = opportunities, T = threats. http://www.maxi-pedia.com/SWOT+analysis+matrix+method+model http://www.maxi-pedia.com/security SWOT analysis, method, or model - a way to analyze competitive position of your company. SWOT analysis uses so-called SWOT matrix to assess both internal and external aspects of doing your business. The SWOT framework is a tool for auditing an organization and its environment. SWOT is the first stage of planning and helps decision makers to focus on key issues. SWOT method is a key tool for company top officials to formulate strategic plans.
Policies and Procedures UNIT 7 Policies and Procedures Formal statements on the rules for system, network, and information access and use, in order to minimize exposure to security threats. Clarifies for users what security threats are and what can be done to reduce them. Types: Deny Specifics/ Accept Everything Else OR Accept Specifics/Deny Everything Else
Policies and Procedures UNIT 7 Policies and Procedures Examples: Privacy statements like _____________________ Accounting statements like __________________ Authentication statements like ________________ Reporting violations like _____________________ Acceptable Use Policy Security incident-handling procedures Configuration-modification policies Network access control lists (ACLs)
Physical Security and Awareness UNIT 7 Physical Security and Awareness Physical Security – protection of devices from physical access, damage, and theft. Examples: access-control rooms, backup power sources, off-sight storage, alarm systems, etc.
Protocol and Application Security UNIT 7 Protocol and Application Security Use of common protocol and application security mechanisms: IPSec, SNMP, and packet filtering Transport Mode of IPSec
Encryption and Decryption UNIT 7 Encryption and Decryption A security mechanism where cypher algorithms are applied together with a secret key to encrypt data. Two types: public key and private key. Public Key Infrastructure (PKI) – combines security mechanisms with policies and directives. Secure Sockets Layer (SSL) and Transport Layer Security (TLS)- allow client/server applications to communicate across a network Tradeoff in performance
Network Perimeter and Remote Access Security UNIT 7 Network Perimeter and Remote Access Security Network Perimeter – protecting external interfaces – use of NAT and NAPT (network address port translation) and firewalls Remote Access – protecting dial-in, point-to-point sessions and VPN connections. Authentication of users and authorization of devices, NAS (network access server), RADIUS, etc.
Architectural Considerations UNIT 7 Architectural Considerations Security mechanisms applied where needed Example: Apply security mechanisms to architectural model Access/Distribution/Core Architectural Model
Architectural Considerations UNIT 7 Architectural Considerations Security zones - Embedded within each other Defense-in-depth
Security and Performance UNIT 7 Security and Performance Security architecture includes trade-offs, dependencies and constraints High security can disrupt traffic flows and reduce performance.
Lab 11 in Experiments Manual RSVP - Providing QoS by Reserving Resources in the Network The objective of this lab is to study the Resource Reservation Protocol (RSVP) as a part of the Integrated Services approach to providing Quality of Service (QoS) to individual applications or flows. Set up a network that carries real-time applications and uses RSVP to provide QoS ERROR – the page numbers on the project are incorrect
Unit 7 Assignment UNIT 7 Unit 7 Project 1. Create a threat analysis worksheet using a similar format to that of Figure 9.2 on p. 364 of your text. Use a network you are familiar with or the one on p. 383. Use numerical values for the effect and likelihood (i.e., Certain = 10, Impossible = 1). Explain your analysis. 2. Discuss the development of security policies and procedures. Give at least three examples of what elements to include and the reasons behind them. Apply the security mechanisms from this chapter to support the following requirements. Show where each mechanism might be applied. a. An intranet between each of the routers connected to the WAN. b. Remote access security for each of the 15 dial-up routers connected to the LAN in Washington, DC. c. All traffic flows between Los Angeles and Minneapolis must be encrypted. 4. Outline the development of DMZs that would be applied at each site where connections are made to other autonomous systems (AS). What types of devices would be used at these sites? 5. Figure 9.17 shows five security zones required by the customer. These zones are prioritized, such that Security Zone 5 provides basic security for the entire network, and Zones 2, 3, 4, and 1 have increasing degrees of security, with Zone 1 having the highest level of security. What security mechanisms can be applied within each security zone, and at the interfaces between security zones, to achieve increasing degrees of security? Which architectural models are most applicable to this network? Show how each model can be applied. 5 points for #1 and #2. 10 points for #3, #4, and #5. 10 points for the lab.