Securing Wired Local Area Networks(LANs)

Slides:

Advertisements

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Advertisements

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Network Security Network Attacks and Mitigation 張晃崚 CCIE #13673, CCSI #31340 區域銷售事業處副處長麟瑞科技.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

IS Network and Telecommunications Risks

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Security Awareness: Applying Practical Security in Your World

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Enterprise Network Security Accessing the WAN Lecture week 4.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

NW Security and Firewalls Network Security

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

COEN 252 Computer Forensics

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Module 11: Remote Access Fundamentals

Attack Vectors and Mitigations. Attack Vectors ? Network Security2T. A. Yang

Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Module 11: Designing Security for Network Perimeters.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Connecting to the Network Introduction to Networking Concepts.

Security in Networks Single point of failure Resillence or fault tolerance CS model.

Security fundamentals Topic 10 Securing the network perimeter.

Chapter 9: Implementing the Cisco Adaptive Security Appliance

Chapter 6: Securing the Local Area Network

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.

Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.

Chapter 1: Modern Network Security Threats

Cisco Exam Questions IMPLEMENTING CISCO IOS NETWORK SECURITY (IINS V2.0) VERSION: Presents: 1.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

Security fundamentals

Chapter 1: Explore the Network

CompTIA Security+ Study Guide (SY0-401)

Instructor Materials Chapter 5: Network Security and Monitoring

Working at a Small-to-Medium Business or ISP – Chapter 8

Instructor Materials Chapter 7 Network Security

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Chapter 5: Network Security and Monitoring

Security in Networking

CompTIA Security+ Study Guide (SY0-401)

Network Security and Monitoring

DCS835 Compute Network and the Internet

Firewalls Purpose of a Firewall Characteristic of a firewall

Intrusion Detection system

Chapter 10: Advanced Cisco Adaptive Security Appliance

Introduction to Network Security

Introduction to Networking Security

Presentation transcript:

Securing Wired Local Area Networks(LANs) By Sentuya Francis Derrick ID 08051602 Module code:CT3P50N BSc Computer Networking London Metropolitan University 13th/04/11 Supervisor: Mr Shahram Salekzamankhani

Introduction Two fold: LAN & LAN Security LANs: group of computers and devices interconnected in a limited geographical area i.e. home, office building, or school to enable the sharing of resources like printers, files etc. (REF 2) LANs include higher data-transfer rates (REF 2) It’s imperative to make LANs secure to achieve confidentiality, data integrity, and authentication of users on the network. (REF 2) Use OSI Model Approach to understand LAN Vulnerabilities. (REF 2) Secure protocols, applications, technologies, and devices, with network security tools and techniques in order to mitigate any threat i.e. Virus, Worm, unauthorised access (REF 2)

Literature Review Access attacks: Denial-of-service Network Security Network security solutions started coming up early 1960 due to network threats: Reconnaissance attacks: Packet sniffers, Ping sweeps, Port Scans Access attacks: Buffer overflow , Man-in-the-middle, Password attacks, Port Redirection Denial-of-service Ping of Death , Smurf Attack , TCP SYN Flood attack

Literature Review (Cont...) Layer 2 of the OSI model – (Data link layer)poses the most network security vulnerabilities on the LAN- Layer 2 Switches, Ethernet, Token Ring, FDDI Protocols. Imperative to secure other Protocols on other layers too. LAN security threats MAC Address Spoofing, MAC Address Table Overflow Attacks, LAN Storm, STP manipulation attack VLAN attacks Operating system basic Security (OS vulnerabilities) Trusted code and trusted path Privileged context of execution Process memory protection and isolation

Aims & Objectives Aim 1:To find out most OSI model is most vulnerable layer of OSI model. Objectives: Secure Layer 2 Protocols Secure Addressing Structure and Routing Protocol Secure Identifiable and Transport mechanism Secure ways for Applications to translate data formats. encrypt, compress. Secure Application layer protocols-HTTP,FTP,TELNET etc

Aims & Objectives (Cont...) Aim2: Investigate & Analyse tools & methods to secure LAN Objectives Prevent un-trusted network traffic access to trusted networks To provide Reliable, efficient, & cost effective LAN Personal & Academic objectives Gain Computer Network Security Skills Learn to organise my time Efficiently To Learn & gain research skills To Improve report writing skills To improve my presentation skills and improve my confidence to prepare for Career in Network Security

Approach(scenario) Approach Secure the LAN’s endpoints i.e. hosts, servers, other network clients devices non-endpoint LAN devices i.e. switches, storage area networking devices (SAN),etc REF 1 Scenario I am assigned with a project specification of type research and practical work to do a project on ‘Securing Wired Local Area Networks (LANs)’. A virtual topology is used to show network devices that require to be secured on the LAN. Policy Compliance Threat Protection Cisco Network Control Cisco Security Agent Infection Containment NAC,IPS,CSA

Approach/scenario Cont... Secured LAN Topology Cloud CSA Agent Cisco Perimeter Router1 with Firewall Webmail DMZ IPS CS-MARS/Wireshark Email Server Cisco ASA 5500 DHCP& DNS Server 3560Catalyst L3 Switch 3560Catalyst L3 Switch AAA Radius Server Vlan40 Management centre Vlan99 Cisco Security Agent 2960cat L2 Switch 2960cat L2 Switch Cisco Security Agent Host A Vlan2 Host B Vlan3 Host C Vlan2 Host D Vlan3 CSA Agent My own designed Topology: REF1

Scope Brief History of LAN evolution Network Security in General Wired LAN Security Threats Internal Threats External Threats Wired LAN Security Vulnerabilities Secure Wired LAN Devices Wired LAN Security Mitigation Technologies Virtual Topology Wired LAN Security implementation Impacts of the Network Security Threats

Methodology Designate a secure physical environment – Data centre Configure port level security for traffic control Use VLAN technology Configure access- lists i.e. router access- lists, port access- lists, Mac access- lists, and VLAN access- lists. Configure DHCP snooping and enable IP source guard Configure Authentication, Authorization, and Accounting (AAA) protocol on TACACS+ Server Use the Cisco Adaptive Security Appliance (ASA) firewall Create a demilitarized zone (DMZ) Use Network-based and Host-based intrusion prevention systems Structure the LAN in a 3 layer hierarchal model

Project Plan Work Breakdown Structure

Gantt Chart

Final project Report table of contents Chapter 7: Secured Wired LAN Topology Chapter 8: Testing and Analysis Chapter 9: Conclusions References & Bibliography Appendix A: Project Plans & System Models Appendix B: Test Plans & Results Appendix C: Project Proposal Report Front Page Contents Page Introduction Acknowledgements Chapter 1: What is a LAN? Chapter 2: What is Network Security? Chapter 3: LAN Security Threats Chapter 4: LAN Security Devices Chapter 5: Benefits of a Secured Wired LANs Chapter 6:L AN Security Technologies

References. Carroll, B.(2004) Cisco Access Control Security: AAA Administration Services, Cisco Press, 2Rev Ed Hucaby, D.(2005)Cisco ASA and PIX Firewall Handbook, Cisco Press. Behringer, M.H.(2005) MPLS VPN Security, Cisco Press. Wayne Lewis (2008)LAN Switching and Wireless Companion Guide. CCNA Fundamentals of Network Security Companion Guide, Cisco Press (REF 2) Secured LAN Topology Cisco lib images (Ref 1) http://www.referenceforbusiness.com/small/Inc-Mail/Local-Area- Networks-LANS.html(accessed 12/03/11) http://www.sans.org/top-cyber-security-risks/ (accessed 20/03/11) http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xr/dmz_port. html#wp1046651 (accessed04/04/2011).

Cont: References. http://flylib.com/books/2/464/1/html/2/images/1587052091/graphics/ 08fig14.gif (accessed 05/04/11) http://compnetworking.about.com/library/graphics/basics_osimodel.j pg (accessed 25/03/11) http://www.orbit-computer-solutions.com (accessed 30/03/11) http://www.i1u.net/images/web/PAT.gif (accessed 09/03/11) http://ptgmedia.pearsoncmg.com/images/0131014684/samplechapt er/0131014684_ch02.pdf (accessed 02/03/11) http://www.cisco.com/warp/public/cc/so/neso/sqso/roi1_wp.pdf (accessed 10/03/11) http://www.cisco.com/en/US/docs/solutions/Verticals/EttF/ch5_EttF.h tml#wp1031600 (accessed 19/03/11)

Thank you. Any ?s