1. Eric Van Horn Cosc 356

2.  Nearly every organization in todays era uses computers and a network to send, receive, and store information  Very important to focus on the security of the network, especially if the network contains sensitive, confidential, and personal information  Without being up to date, it makes it easy for a hacker to gain unauthorized access to the system

3.  Information security can be defined as “measures adopted to prevent the unauthorized use, misuse, modification, or denial of use of knowledge, facts, data, or capabilities.”  It is a name given to the preventative steps taken to guard information  Cannot alone guarantee protection

4.  Numerous methods to ensure security  Sub-netting  Planning for convergence  DMZ’s  Firewalls  Proxy Servers  Network intrusion detection systems  Network intrusion prevention systems

5.  Divides one network into a series of subnets  Splits the host IP address into two addresses  Network address (192.146.118)  Host address (20)

6.  The source of potential security issues can be located much quicker than on a large single network.  Makes regulating who has access in and out of a particular subnetwork much easier  Decreased network traffic

7.  The integration of voice and data traffic over a single IP network is becoming a more popular idea in today’s day in age.  Allows several different services to be combined and transferred in a single universal format  Advantages:  Moves from the traditional concept of a network to a more ‘slimmed down’ and efficient concept

8.  Still has a way to go security wise before being accepted as the standard  As with any traditional network, convergence networks, too, are vulnerable to attacks  Not currently the standard, but someday may be, and so it is important for a secure network design to be ready to convert easily and less chaotically

9.  Demilitarized zones (DMZ) are a good security measure to take.  If an organization has sensitive, private files that need to be protected while enabling some services of the network to outside “common” users.  DMZ is a separate network located outside the perimeter of the secured network.  Isolates devices and systems that are most vulnerable to attack  Email servers, web servers

10.  Users in a DMZ have access to things located within the DMZ but not the secured network  Ex: A hotel has a network for customers to connect to for browsing the web and checking email, but not to personal information for the hotel itself

11.  Computers loaded with data files and software that appears to be legitimate in order to fool attackers  Typically located inside a DMZ  Can be used to monitor attackers techniques, early warning signs of an attack on the secure network and to deflect attention from the actual sensitive data

12.  Network Address Translation  hides the IP addresses of devices connected to the secure network by switching it with a common, known IP address that can be used by anybody on the network before sending the packet out  typically incorporated into a firewall implementation and is usually required when two or more networks interface with each other  Good for security because it stops users on the internet from seeing the actual IP address of the sender

14.  Responsible for examining the current state of a system or device attempting to connect to the network before allowing it to join.  Does so by checking to see if the system joining is up to par with a specified set of criteria, such as having the most current anti-virus signature or having the firewall properly enabled.  If device fails to meet criteria, it is sent to a “quarantine” network  A network located outside of the secure network  The overall idea of NAC is to prevent computers with sub-par security from joining the secure network and potentially infecting other computers

15.  System that attempts to discover unauthorized access to a computer network by analyzing traffic on the network for signs of malicious activity  Can perform simple tasks such as alerting the administrator via email or text message at the first sign of an intrusion  i.e., burglar alarm

16.  A popular open-source NIPS  has the ability to perform real-time traffic analysis and packet logging on IP networks  performs protocol analysis, content searching, and content matching  can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, common gateway interface, buffer overflows, server message bloke probes, and stealth port scans.

17.  Recently entered InfoWorld’s open source hall of fame as “one of the greatest pieces of open source software of all time”  Has several modes to run on  Sniffer mode  Packet logger mode  Intrusion detection mode

18.  1. Ciampa, Mark D. Security+ Guide to Network Security Fundamentals. 3rd ed. Boston, MA:  Course Technology, Cengage Learning, 2012.  2. Fung, K. T. Network Security Technologies. Boca Raton, FL: Auerbach Publications, 2005.  3. Maiwald, Eric. Network Security: A Beginner's Guide. New York, NY: Osborne/McGraw-Hill  2001.  4. Wikipedia.org