Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Slides:



Advertisements
Similar presentations
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Advertisements

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
CSA 223 network and web security Chapter one
Security+ Guide to Network Security Fundamentals
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
I T Essentials I Chapter 9 JEOPARDY.
1 Guide to Network Defense and Countermeasures Chapter 2.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
BUSINESS B1 Information Security.
Internet Security facilities for secure communication.
Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Connecting Computers and Keeping them safe from Hackers and Viruses Bradie Britzmann and Courtney Hughes Britzmann & Hughes.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
Caring for Technology Malware. Malware In this Topic we examine: v Viruses (or Malware) v Virus Detection Techniques v When a Virus is Detected v Updating.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
Information Systems Security Operations Security Domain #9.
Types of Electronic Infection
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Security Issues and Strategies Chapter 8 – Computers: Understanding Technology (Third edition)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
Module 11: Designing Security for Network Perimeters.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Sarvajanik college of engineering and technology. Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m) Jarul Mehta(co-m) Topic.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Understanding Security Policies Lesson 3. Objectives.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.
Securing Network Servers
Instructor Materials Chapter 7 Network Security
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Security in Networking
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Operating System Security
Security.
Securing Windows 7 Lesson 10.
PLANNING A SECURE BASELINE INSTALLATION
Operating System Concepts
Chapter Goals Discuss the CIA triad
G061 - Network Security.
Presentation transcript:

Lesson 9-Securing a Network

Overview Identifying threats to the network security. Planning a secure network.

Identifying Threats to the Network Security Internal threats. External threats. Viruses, worms, and other malicious code.

Internal Threats The primary components of any security strategy designed to combat internal threats are: Account security. File and directory permissions. Practices and user education.

Internal Threats Account security: Identification and authentication (I&A) is a security mechanism that allows a computer to uniquely identify the user attempting to log on or perform an action in the system. I&A is done by assigning user IDs and names to each user on the system. Each user is assigned a password or a personal identification number (PIN) to prove their identities.

Internal Threats Account security (continued): A credit card or a driver's license can be used to identify a user in the system. Smart cards are used as an identification medium for sensitive computer systems and networks. Biometrics uses unique human characteristics such as fingerprints, hand geometry, retina scans, facial geometry, and voiceprints for authentication.

Internal Threats Account security (continued): Passwords are the most common type of authentication mechanism used. Passwords should be at least eight characters in length and contain a mixture of uppercase and lowercase letters, numbers, and special characters.

Internal Threats Account security (continued): Passwords should not be written down or shared with coworkers. They should be hard to guess but easy to remember. Setting the password lockouts on Windows 2000 is a good practice to prevent password-guessing attacks.

Internal Threats Account lockout duration settings

Internal Threats Account lockout threshold settings

Internal Threats Reset account lockout counter after settings

Internal Threats Account security (continued): Passwords are stored in an encrypted format on computer systems. Hackers can discover passwords through possible combinations of letters, numbers, and special characters, known as brute force attack.

Account security (continued): Hackers can also obtain the encrypted password from the network as they are communicated between systems. Obtaining encrypted passwords from a network is called sniffing the wire. Internal Threats

File and directory permissions: File and directory permissions allow the computer to identify users who have access to a particular file or directory in the system. Access control is a mechanism that is used to restrict what authorized users can do on a computer system.

File and directory permissions (continued): In a Windows system, an individual user or a group in a domain can be assigned multiple permissions on each directory or folder. On Linux systems, read, write, and execute permissions can be set for the owner, group, or other users of a file. Internal Threats

Practices and user education: Technical security controls help an organization manage the security of its networks. An organization’s security policies define the expected level of security that is to be configured.

Practices and user education (continued): It is a good practice to maintain an audit log that records certain security-related events for each server on a computer system. The audit log can be very useful in reconstructing events after a problem or concern has been identified. Internal Threats

External Threats A front door attack is the most common type of external attack. It allows a hacker to identify vulnerabilities on any of an organization’s systems that are on the Internet.

A port is a query used to identify systems that are running services vulnerable to attacks. A rootkit is a set of programs that helps a hacker in returning to the system and hide its presence. External Threats

Network protection: The router and firewall both help protect the Web server and the internal network. A router is a network device that blocks unwanted traffic by configuring access control lists.

Network protection (continued): A firewall drops all traffic by default and is configured to pass traffic that is necessary. Updating vulnerable software to eliminate programming errors helps restrict hackers. External Threats

Back door hacking involves physically breaking into a facility, using a remote access connection, using a wireless network access point, or tricking an employee into giving out information. Remote Access Security allows a remote employee to access internal resources.

External Threats Wireless technology allows a user to access an organization’s network from outside the building. Wireless networks should be segregated from the main internal network by a firewall and require a strong authentication. Social engineering can be used to gain unauthorized access to computer systems through non-technical means.

External Threats A denial of service attack (DOS attack) is a type of data flood that uses up all the available bandwidth on a network and prevents legitimate traffic from reaching the computers. A distributed DOS (DDOS) attack increases the amount of traffic in the network and crashes larger connections or multiple systems.

Viruses, Worms, and Other Malicious Code A virus is a program that attaches itself to another program and executes itself when the infected file is run. Worms are programs that execute their own code to propagate. A Trojan horse is a program, which is accompanied by some type of social engineering that attempts to make the recipient execute the program.

Viruses, Worms, and Other Malicious Code Preventing infections: Antivirus software should be configured to examine the entire file system for malicious code on a daily basis. Antivirus software should be installed on desktop computers, servers, and systems to identify malicious code.

Planning a Secure Network System requirements must be identified in the areas of confidentiality, integrity, availability, and accountability. Disasters are events that cause massive damage to an organization’s infrastructure. A complete disaster recovery plan (DRP) should take into account the computer equipment and communication needs of the organization.

Planning a Secure Network DRP helps identify and correct a problem before a real disaster occurs. File backups are an important part of managing the security of a network. Each server should be configured with backup drives in a redundant array of independent disks (RAID) configuration. Tapes and disks can also be used for creating backups.

Summary A combination of uppercase and lowercase characters, numbers, and special characters are used to create strong passwords. Access control mechanisms can be used to limit access to sensitive files. Patching vulnerabilities is an important part of overall security.

Summary Remote access via dial-up phone lines or VPN, and wireless networks can be used by hackers to attack a network. Disaster planning is important for the availability of the network and systems. Antivirus signatures must be updated on a regular basis to make the antivirus software effective.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.