Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID 08051602 Module code:CT3P50N BSc Computer Networking London Metropolitan University.

Slides:

Advertisements

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.

Advertisements

Data Center Security Overview Dr. Natheer Khasawneh Ziad BashaBsheh.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Trish Miller Network Security. Trish Miller Types of Attacks Attacks on the OSI & TCP/IP Model Attack Methods Prevention Switch Vulnerabilities and Hacking.

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security Network Attacks and Mitigation 張晃崚 CCIE #13673, CCSI #31340 區域銷售事業處副處長麟瑞科技.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

IS Network and Telecommunications Risks

1 Packet Sniffers Prepared By: Amer Alhorini Supervised By: Dr. Lo'ai Tawalbeh NYIT New York Institute of Technology.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Enterprise Network Security Accessing the WAN Lecture week 4.

Deployment of the VoIP Servers BY: Syed khaja Najmuddin Ahmed Anil Kumar Marikukala.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Secure LAN Switching Layer 2 security Introduction Port-level controls

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security.

– Chapter 5 – Secure LAN Switching

Network Admin Course Plan Accede Institute Of Science & Technology.

Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Securing Wired Local Area Networks(LANs)

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.

Attack Vectors and Mitigations. Attack Vectors ? Network Security2T. A. Yang

Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 7 – Secure Network Architecture and Management.

Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

Chapter 10 Security. A typical secured network Recognizing Security Threats 1- Application-layer attacks Ex: companyname.com/scripts/..%5c../winnt/system32/cmd.exe?/c+dir+c:\

Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Module 11: Designing Security for Network Perimeters.

Discovery 2 Internetworking Module 8 JEOPARDY K. Martin.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Basic Switch Configurations.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Connecting to the Network Introduction to Networking Concepts.

Security fundamentals Topic 10 Securing the network perimeter.

Chapter 6: Securing the Local Area Network

Lab #2 NET332 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

Security fundamentals

Lab #2 NET332 By Asma AlOsaimi.

CCNA Practice Exam Questions

CompTIA Security+ Study Guide (SY0-401)

Instructor Materials Chapter 5: Network Security and Monitoring

Working at a Small-to-Medium Business or ISP – Chapter 8

Chapter 11: It’s a Network

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

– Chapter 5 – Secure LAN Switching

Chapter 2: Basic Switching Concepts and Configuration

Chapter 5: Network Security and Monitoring

Security in Networking

CompTIA Security+ Study Guide (SY0-401)

Firewalls Purpose of a Firewall Characteristic of a firewall

Firewalls Routers, Switches, Hubs VPNs

Cisco networking CNET-448

Introduction to Network Security

Introduction to Networking Security

Presentation transcript:

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University 03/02/12 Supervisor: Dr. Shahram Salekzamankhani

 LAN : A group of computers and devices interconnected together in a limited geographical area such as computer laboratory, etc to enable the sharing of resources like printers, files, amongst users.  LAN security provides confidentiality, data Integrity, and availability to network users. ( Protection: information, systems, hardware that store, and transmit information. )  OSI Model is used as a basis for a systematic approach to secure LAN Vulnerabilities.  A Virtual topology is used to show how to have a secured wired LAN solution. Introduction

LAN Security?  Network security solutions started coming up as the early 1960 but didn’t have a big impact not until the 2000s.  Last 13 years measures to mitigate LAN security threats and cryptography security technology(encryption and hashing mechanisms) been developed. Categories of Network threats  Reconnaissance attacks  Packet sniffers,  Ping sweeps,  Port Scans,  Internet information queries,  Denial-of-service  Ping of Death,  Smurf Attack,  TCP SYN Flood attack  Worm.  Virus,  Trojan horse, Project background

 Access attacks  Man-in-the-middle,  Buffer overflow,  Port Redirection,  Password attacks,  Trust exploitation  Other categories that exploit LAN switches vulnerabilities.  MAC address spoofing,  Spanning Tree Protocol manipulation attack,  MAC address table overflows,  LAN storms,  VLAN attacks, Cont : Project background

 Aims 1: To investigate which OSI model layer is most vulnerable to attacks. 2: To investigate, analyse the available tools and methods to secure a wired LAN.  Objectives  To secure the physical layer devices i.e. Routers, Switches, PCs, servers, etc.  To secure layer 2 protocols i.e. Ethernet/IEEE 802.3, token ring / IEEE  To secure the addressing structure and routing protocols at the network layer.  To have a secure and reliable transport mechanism between two communicating devices.  To provide a secure way for applications to translate data formats, encrypt and decryption of the data using authentication methods, SSH, passwords, encryption etc. Aims and objectives

 Cont: Objectives  To provide a secure platform for users to interact with applications by securing application layer protocols such as HTTP, FTP, TELNET, FTP-DATA.  To prevent un-trusted traffic to access the network resources.  To provide a cost effective but efficient and reliable LAN.  Personal and Academic objectives  To learn how to secure LAN.  To learn to organise my time meaningfully to meet deadlines.  To learn research technique and writing well-structured report.  To improve my presentation skills, confidence,and prepare for a career in Computer and Network Security. Aims and objectives

Scenario: Secured LAN Topology

Developments  End users Host- Based Intrusion Detection Systems(London Met labs) Cisco catalyst Switches  Message of the day / login Banner  Port level Port Security  BPDU Guard  Storm Control  Root Guard  High Availability with Hot Standby Routing Protocol (HSRP)  VLANs  VLAN Trunk Security  Root Bridge  Spanning Tree Protocol feature – PortFast

Cont: Developments Cisco Router security  Password requirement (router access).  Secure remote routers access.  Secure unused router network services & interfaces.  Authentication, Authorization, Accounting protocol.  Syslog server – LAN activities.  IPS software firewall.  Secure EIGRP routing protocol authentication Secure router IOS image  Access Lists  Network Address Translation/PAT

Analysis Inspection rule/Audit-trail process CBAC rule Secure DHCP server: DHCP Snooping, Dynamic ARP inspection, IP source guard

Cont: Analysis Public users access internal web server Public denied access to private VLAN 2, and 3 subnets

Cont: Analysis Inter- VLAN routing : VLAN 2 accesses VLAN 3 & DMZ VLAN 3 accesses VLAN 2 & DMZ

Cont: Analysis ISP/WEB server pings successfully the Company DMZ Web server NAT Transactions

Cont: Analysis In-line IPS software firewall inspection Syslog server activity

Cont: Analysis Secure line VTY: SSHVlan 2 & 3 access internet

 London Met Cisco laboratory enabled me achieve a secured environment of the physical layer devices.  layer 2 is the LAN’s most vulnerable layer  Secured layer 2 to 7 of the OSI model layers.  Secured the private network from receiving un-trusted traffic from public network/internet.  LANs redundancy, reliability and cost effectiveness achieved by;  Implement Network Security Policies & employ Network Security Professionals.  Skills learnt: LAN security threats,& mitigation technology, Time management, report writing, information research and presentation skills. Conclusion