Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit 7 Chapter 9, plus Lab 11 Course Name – IT Network Design

Published byBrian Webb Modified over 8 years ago

Similar presentations

Presentation on theme: "Unit 7 Chapter 9, plus Lab 11 Course Name – IT Network Design"— Presentation transcript:

1 Unit 7 Chapter 9, plus Lab 11 Course Name – IT482-02 Network Design
Unit 7 Seminar Unit 7 Chapter 9, plus Lab 11 Course Name – IT Network Design Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Office Hours: Wednesday 9:00 PM ET and Thursday 5:00 PM ET

2 UNIT 6 Review Covered last week … Chapter 7 Network Management Architecture Defining Network Management Network Devices and Characteristics Network Management Mechanisms Monitoring, Instrumentation and Configuration Mechanisms Architectural Considerations In-band management, Out-of-band management, Centralized, distributed and hierarchical management, Scaling network management traffic, Checks and balances, Managing network management data, MIB selection, Integration of OSS (operations support systems) Chapter 8 Performance Architecture Developing Goals for Performance Performance Mechanisms QoS, Prioritization, Traffic Management, Scheduling, Queuing, SLAs OPNET ITGuru Lab 10 Queuing Disciplines, Exercises 1, 2 & 3

3 Quick check of Unit 6 Network Management and Performance Architecture
Unit 6 Review Quick check of Unit 6 Network Management and Performance Architecture #1 Components of SNMP network management #2 What is FCAPS? Give two specific examples. #3 What are the three traffic classes for DiffServ?

4 Security and Privacy Architecture
UNIT 7 Security and Privacy Architecture Security – integrated within all areas of the network and impacts all other functions on the network. Network Security - the protection of networks and their services from unauthorized access, modification, destruction and disclosure. Network Privacy – a subset of network security, focusing on protection of networks and their services from unauthorized access or disclosure. Three security considerations: protecting the integrity, confidentiality and availability of the network and system resources and data (CIA)

5 Developing a Security and Privacy Plan
UNIT 7 Developing a Security and Privacy Plan What are we trying to solve, add, or differentiate by adding security mechanisms to this network? Are security mechanisms sufficient for this network? Common areas addressed: Which resources need to be protected What problems (threats) are we protecting against The likelihood of each problem (threat)

6 Security and Privacy Administration
UNIT 7 Security and Privacy Administration Threat Analysis - a process used to determine which components of the system need to be protected and the types of security risks (threats) they should be protected from. Potential Assets and Threats to be Analyzed

7 Threat Analysis Worksheet
UNIT 7 Threat Analysis Worksheet Developing a threat analysis identifies the assets to be protected and identifies the possible threats.

8 Threat Analysis UNIT 7 SWOT analysis – used to examine these:
S = strengths, W = weaknesses, O = opportunities, T = threats. SWOT analysis, method, or model - a way to analyze competitive position of your company. SWOT analysis uses so-called SWOT matrix to assess both internal and external aspects of doing your business. The SWOT framework is a tool for auditing an organization and its environment. SWOT is the first stage of planning and helps decision makers to focus on key issues. SWOT method is a key tool for company top officials to formulate strategic plans.

9 Policies and Procedures
UNIT 7 Policies and Procedures Formal statements on the rules for system, network, and information access and use, in order to minimize exposure to security threats. Clarifies for users what security threats are and what can be done to reduce them. Types: Deny Specifics/ Accept Everything Else OR Accept Specifics/Deny Everything Else

10 Policies and Procedures
UNIT 7 Policies and Procedures Examples: Privacy statements like _____________________ Accounting statements like __________________ Authentication statements like ________________ Reporting violations like _____________________ Acceptable Use Policy Security incident-handling procedures Configuration-modification policies Network access control lists (ACLs)

11 Physical Security and Awareness
UNIT 7 Physical Security and Awareness Physical Security – protection of devices from physical access, damage, and theft. Examples: access-control rooms, backup power sources, off-sight storage, alarm systems, etc.

12 Protocol and Application Security
UNIT 7 Protocol and Application Security Use of common protocol and application security mechanisms: IPSec, SNMP, and packet filtering Transport Mode of IPSec

13 Encryption and Decryption
UNIT 7 Encryption and Decryption A security mechanism where cypher algorithms are applied together with a secret key to encrypt data. Two types: public key and private key. Public Key Infrastructure (PKI) – combines security mechanisms with policies and directives. Secure Sockets Layer (SSL) and Transport Layer Security (TLS)- allow client/server applications to communicate across a network Tradeoff in performance

14 Network Perimeter and Remote Access Security
UNIT 7 Network Perimeter and Remote Access Security Network Perimeter – protecting external interfaces – use of NAT and NAPT (network address port translation) and firewalls Remote Access – protecting dial-in, point-to-point sessions and VPN connections. Authentication of users and authorization of devices, NAS (network access server), RADIUS, etc.

15 Architectural Considerations
UNIT 7 Architectural Considerations Security mechanisms applied where needed Example: Apply security mechanisms to architectural model Access/Distribution/Core Architectural Model

16 Architectural Considerations
UNIT 7 Architectural Considerations Security zones - Embedded within each other Defense-in-depth

17 Security and Performance
UNIT 7 Security and Performance Security architecture includes trade-offs, dependencies and constraints High security can disrupt traffic flows and reduce performance.

18 Lab 11 in Experiments Manual
RSVP - Providing QoS by Reserving Resources in the Network The objective of this lab is to study the Resource Reservation Protocol (RSVP) as a part of the Integrated Services approach to providing Quality of Service (QoS) to individual applications or flows. Set up a network that carries real-time applications and uses RSVP to provide QoS ERROR – the page numbers on the project are incorrect

19 Unit 7 Assignment UNIT 7 Unit 7 Project
1. Create a threat analysis worksheet using a similar format to that of Figure 9.2 on p. 364 of your text. Use a network you are familiar with or the one on p Use numerical values for the effect and likelihood (i.e., Certain = 10, Impossible = 1). Explain your analysis. 2. Discuss the development of security policies and procedures. Give at least three examples of what elements to include and the reasons behind them. Apply the security mechanisms from this chapter to support the following requirements. Show where each mechanism might be applied. a. An intranet between each of the routers connected to the WAN. b. Remote access security for each of the 15 dial-up routers connected to the LAN in Washington, DC. c. All traffic flows between Los Angeles and Minneapolis must be encrypted. 4. Outline the development of DMZs that would be applied at each site where connections are made to other autonomous systems (AS). What types of devices would be used at these sites? 5. Figure 9.17 shows five security zones required by the customer. These zones are prioritized, such that Security Zone 5 provides basic security for the entire network, and Zones 2, 3, 4, and 1 have increasing degrees of security, with Zone 1 having the highest level of security. What security mechanisms can be applied within each security zone, and at the interfaces between security zones, to achieve increasing degrees of security? Which architectural models are most applicable to this network? Show how each model can be applied. 5 points for #1 and # points for #3, #4, and # points for the lab.

Download ppt "Unit 7 Chapter 9, plus Lab 11 Course Name – IT Network Design"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.

NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds,

UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT Introduction to Network Security Instructor – Jan McDanolds,
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Virtual Private Network

Virtual Private Network
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

Similar presentations

Ads by Google