Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security."— Presentation transcript:

1 Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security

2 Security Awareness: Applying Practical Security in Your World, 2e 2 Objectives Explain how a network functions Discuss how to defend against network attacks Describe the types of attacks that are launched against networks and network computers

3 Security Awareness: Applying Practical Security in Your World, 2e 3 How Networks Work Personal computer –Isolated from other computers –Functionality is limited to installed software and hardware directly connected to it Computer network –Allows sharing

4 Security Awareness: Applying Practical Security in Your World, 2e 4

5 5

6 6 Types of Networks Local area network (LAN) –Computers located relatively close to each other Wide area network (WAN) –Connects computers over a larger geographical area than a LAN Wireless local area network (WLAN) –Based on standard that transmits data at fast speeds over a distance of up to 115 meters (375 feet)

7 Security Awareness: Applying Practical Security in Your World, 2e 7

8 8

9 9 Transmitting Network Data Transmission Control Protocol/Internet Protocol (TCP/IP) –Most common set of protocols used on networks IP address –Uniquely identifies computer Packets –Used to transmit data through a computer network

10 Security Awareness: Applying Practical Security in Your World, 2e 10

11 Security Awareness: Applying Practical Security in Your World, 2e 11 Network Devices Network interface card (NIC) –Also called client network adapter –Hardware that connects a computer to a wired network Laptop computers –May use an internal NIC or an external NIC

12 Security Awareness: Applying Practical Security in Your World, 2e 12

13 Security Awareness: Applying Practical Security in Your World, 2e 13

14 Security Awareness: Applying Practical Security in Your World, 2e 14 Network Devices (continued) Access point (AP) –Contains an antenna and a radio transmitter/receiver to send and receive signals –Jack allows it to connect by cable to a standard wired network –Acts as base station for wireless network –Acts as bridge between wireless and wired networks Router –Directs packets towards their destination

15 Security Awareness: Applying Practical Security in Your World, 2e 15

16 Security Awareness: Applying Practical Security in Your World, 2e 16

17 Security Awareness: Applying Practical Security in Your World, 2e 17

18 Security Awareness: Applying Practical Security in Your World, 2e 18 Attacks on Networks Denial of service (DoS) attack –Attempts to make a server or other network device unavailable by flooding it with requests –Variants Smurf attack Distributed denial of service (DDoS) attack

19 Security Awareness: Applying Practical Security in Your World, 2e 19

20 Security Awareness: Applying Practical Security in Your World, 2e 20

21 Security Awareness: Applying Practical Security in Your World, 2e 21 Zombie and Botnets Computers that perform a DDoS and other network attacks –Often normal computers hijacked by attackers to carry out malicious network attacks Zombies –Can be put to work to send spam and messages used in phishing scams –Can act as hosts for fake Web sites

22 Security Awareness: Applying Practical Security in Your World, 2e 22 Man-in-the-Middle Attacks Attacker intercepts messages intended for a valid device Two computers appear to be communicating with each other –However, they are actually sending and receiving data with a computer between them

23 Security Awareness: Applying Practical Security in Your World, 2e 23

24 Security Awareness: Applying Practical Security in Your World, 2e 24 Hijacking and Spoofing Spoofing –Act of pretending to be legitimate owner when in reality you are not Media access control (MAC) address –Permanently recorded on network interface card when manufactured –Computers on network store a table Links IP address with corresponding MAC address

25 Security Awareness: Applying Practical Security in Your World, 2e 25

26 Security Awareness: Applying Practical Security in Your World, 2e 26

27 Security Awareness: Applying Practical Security in Your World, 2e 27 Sniffing Attacker captures packets as they travel through network Sniffer –Hardware or software that performs sniffing Attackers with sniffers –Can capture usernames, passwords, and other secure information without being detected

28 Security Awareness: Applying Practical Security in Your World, 2e 28

29 Security Awareness: Applying Practical Security in Your World, 2e 29

30 Security Awareness: Applying Practical Security in Your World, 2e 30 Network Defenses Primary defenses against network attacks –Devices that can thwart attackers –Designing layout or configuration of a network that will reduce the risk of attacks –Testing network security

31 Security Awareness: Applying Practical Security in Your World, 2e 31 Network Devices Firewalls –Designed to prevent malicious packets from entering network or computers Software firewall –Runs as a program on a local computer to protect it against attacks Hardware firewalls –Separate devices that protect an entire network –Usually located outside network security perimeter as the first line of defense

32 Security Awareness: Applying Practical Security in Your World, 2e 32

33 Security Awareness: Applying Practical Security in Your World, 2e 33 Firewalls Rule base –Foundation of a firewall –Establishes what action firewall should take when it receives a packet –Options Allow, Block, Prompt

34 Security Awareness: Applying Practical Security in Your World, 2e 34 Firewalls (continued) Stateless packet filtering –Looks at each incoming packet and permits or denies it based strictly on the rule base –Attackers can easily bypass the protection Stateful packet filtering –Keeps record of the state of a connection between an internal computer and an external server –Makes decisions based on the connection as well as rule base

35 Security Awareness: Applying Practical Security in Your World, 2e 35

36 Security Awareness: Applying Practical Security in Your World, 2e 36

37 Security Awareness: Applying Practical Security in Your World, 2e 37 Network Address Translation (NAT) Hides IP addresses of network devices from attackers As a packet leaves the network –NAT removes original IP address from sender’s packet and replaces it with an alias

38 Security Awareness: Applying Practical Security in Your World, 2e 38 Network Address Translation (NAT) (continued) NAT software –Maintains table of original address and corresponding alias address Process is reversed when packet is returned to the NAT

39 Security Awareness: Applying Practical Security in Your World, 2e 39

40 Security Awareness: Applying Practical Security in Your World, 2e 40 Intrusion Detection System Establishes and maintains network security for large organizations Monitors activity on the network and what packets are doing Performs specific function when it senses an attack –Such as dropping packets or tracing source of attack

41 Security Awareness: Applying Practical Security in Your World, 2e 41

42 Security Awareness: Applying Practical Security in Your World, 2e 42 Proxy Server Primary goal –To conceal the identity of computers within a protected network Can inspect data packets for viruses and other malicious content Intercepts requests sent to server and replaces original IP address with its own address

43 Security Awareness: Applying Practical Security in Your World, 2e 43

44 Security Awareness: Applying Practical Security in Your World, 2e 44 Network Design Demilitarized zone (DMZ) –Another network that sits outside the secure network perimeter Virtual private network –Creates a secure network connection over a public network

45 Security Awareness: Applying Practical Security in Your World, 2e 45

46 Security Awareness: Applying Practical Security in Your World, 2e 46 Wireless LAN Security Hotspots –Locations where wireless data services are available Advantages of WLANs –Do not restrict users to their desks to access network resources –Ease of installation

47 Security Awareness: Applying Practical Security in Your World, 2e 47 Wireless LAN Security (continued) Security concerns –Access to the wireless network –View wireless transmissions –Weaknesses in wireless security standards

48 Security Awareness: Applying Practical Security in Your World, 2e 48 Summary Purpose of a computer network –To allow computers and devices to share data, programs, and hardware Denial of service attack –Attempts to make a server unavailable by flooding it with requests Man-in-the-middle attack –Intercepts communication between two computers

49 Security Awareness: Applying Practical Security in Your World, 2e 49 Summary (continued) Firewall –Designed to prevent malicious packets from entering the network Demilitarized zone –Another network that sits outside the secure network perimeter Security for wireless LANs –Remains a primary concern for wireless users

Download ppt "Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security."

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Firewall Configuration Strategies

Firewall Configuration Strategies
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Wi-Fi Structures.

Wi-Fi Structures.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.
Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –

Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Similar presentations

Ads by Google