Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 12 Communications Security & Countermeasures

Published byBuddy Richard Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 12 Communications Security & Countermeasures"— Presentation transcript:

1 Chapter 12 Communications Security & Countermeasures
CISSP Study Guide BIS 4113/6113

2 Wireless (Wi-Fi) Network Types
Standard Frequency Potential Speed Range Spectrum 802.11b 2.4 GHz 11 Mbps 50 m DSSS (Spread across range) 802.11a 5 GHz 54 Mbps m OFDM (Orthogonal Freq. MP) 802.11g 802.11n (2009) 2.4 and 5 GHz (MIMO) 600 Mbps 200 m 802.11ac (2013) 1.3 Gbps Wide channel

3 Types of WLAN Security Service Set Identifier (SSID)
PAGES Service Set Identifier (SSID) Transmitted by “beacon frame” Included as plain text Easy to break Wired Equivalent Privacy (WEP) Requires that user enter a key manually (to NIC and AP) Short key ( bits)  Easy to break by “brute force” Extensible Authentication Protocol (EAP) WEP keys created dynamically after correct login Requires a login (with password) to a server Wi-Fi Protected Access (WPA) – new standard A longer key, changed for every packet Still requires a passphrase, could be guessed

4 Packet Sniffing / Eavesdropping

5

6

7 WiFi Security Procedure
PAGE 462 1. Change admin default password 2. Disable SSID broadcast 3. Change default SSID 4. Enable MAC filtering (whitelist if less than 20 clients) 5. Enable highest form of authentication/encryption available 6. Monitor traffic using firewall and/or IDS 7. Require VPN connections

8 Physical Ethernet Media Types
1.        PAGES Physical Ethernet Media Types Name Maximum Data Rate  Cables 10Base-5 10 Mbps Coaxial 10Base-2 10Base-T UTP cat 3, UTP cat 5 100Base-T 100 Mbps UTP cat 5, fiber 1000Base-T 1 Gbps UTP cat 5, UTP cat 5e, UTP cat 6, fiber 10 GbE 10 Gbps UTP cat 5e, UTP cat 6, UTP cat 7, fiber 40 GbE 40 Gbps fiber

9 Network Taps

10 VIRTUAL PRIVATE NETWORKS
PAGE 517 VIRTUAL PRIVATE NETWORKS How might you have used a VPN in the past? Remote Access Remote Communication Anonymous Web Browsing Avoid Geo-Blocking Gaming

11 VPN Architecture Internet ISP Access Server VPN Device Office
Telephone Line VPN Device Employee’s Home Internet Backbone VPN Tunnel VPN Tunnel Office VPN Device Backbone

12 VPN Encapsulation of Packets
Packet from the client computer Packet in transmission through the Internet PPP IP TCP SMTP ATM IP L2TP PPP IP TCP SMTP ISP Telephone Line Access Server VPN Device Employee’s Home Packet from the VPN VPN Tunnel PPP IP TCP SMTP Outgoing packets from the VPN are sent through specially designed routers or switches. Internet VPN Device Access Server VPN Encapsulation of Packets Backbone

13 Regular VPN (no split tunnel)
“Split Tunneling” Enables more efficient routing of high-bandwidth traffic Regular VPN (no split tunnel) Split Tunnel

14 NETWORK ADDRESS TRANSLATION
PAGE 525 NETWORK ADDRESS TRANSLATION Hides identity of internal client computers Efficiently allocates IP addresses internally using only a few “public” addresses Internet

15 Dynamic NAT: To communicate with outside world, traversing an NAT-enabled device (firewall, router, etc.) The combo of address and port is written to NAT table and ensures the return traffic reaches the appropriate source. It is difficult for an outsider to directly contact a host behind the NAT device, since the table entry is established and deleted in the same session. Source:

16 Network address translation
Are you using NAT? IPConfig: Have an private IP address? and still interact with the Internet? Have a private IP address? but your IP address and an IP-checked address are different? YES YES NO YES Private IP addresses: Class A – Class B – Class C –

17 Not a private IP address Uh oh…

18 IPv4 Addresses 4 byte (32 bit) addresses Dotted decimal notation
Strings of 32 binary bits Dotted decimal notation Example: 64 16 4 1 128 32 8 2 Sum up the values of the 1 bits: = 56

19 Hiding IP addresses Spoofing HTTP Forward Proxy Proxy Chaining
Works much like NAT Caches frequently requested content Proxy Chaining TOR (underground proxy system) Valid and illegal reasons IP Traceback Technology Forward Proxy

20 Circuit switching / packet switching
“Permanent,” point-to-point connection Three Phases of Communication Often take the form of “dedicated circuits” Packet Switching Attempts to alleviate two shortcomings Circuit reserved by the packet, not the connection

Download ppt "Chapter 12 Communications Security & Countermeasures"

Similar presentations

LAN Devices 5.3 IT Essentials.

LAN Devices 5.3 IT Essentials.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Chapter 9 Connecting to and Setting up a Network

Chapter 9 Connecting to and Setting up a Network
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Chapter Extension 8 Understanding and Setting up a SOHO Network © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 8 Understanding and Setting up a SOHO Network © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
A Guide to major network components

A Guide to major network components
Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –

Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.

Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.

1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.
ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.

ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.
Securing a Wireless Network

Securing a Wireless Network
4: Addressing Working At A Small-to-Medium Business or ISP.

4: Addressing Working At A Small-to-Medium Business or ISP.
Module 4 - Networking MIS5122: Enterprise Architecture for the IT Auditor.

Module 4 - Networking MIS5122: Enterprise Architecture for the IT Auditor.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

Similar presentations

Ads by Google