NETWORK INFRASTRUCTURE SECURITY Domain 5. Computer Security “in short, the average computer is about as secure as a wet paper bag, and it is one of the.

NETWORK INFRASTRUCTURE SECURITY

Domain 5

Computer Security“in short, the average

computer is about as secure as a wet paper bag, and it is one of the last places where you would want to hide valuable data or use to communicate secret or sensitive information” - Rick Maybury

Sanmi Fakiyesi

Network

Network means the joining or linking of two or more computers in order to:

1. Communicate2. Share resources such as files,

folders, printers, etc

Sanmi Fakiyesi

Sanmi Fakiyesi

Good Network

A good Network must be able to:

Connect

Communicate

Provide services or resources.

Sanmi Fakiyesi

Types of Network

LAN WAN PAN SAN MAN WLAN WWAN

Sanmi Fakiyesi

Network topology

Bus Star Ring Mesh

NETWORK TOPOLOGY

Sanmi Fakiyesi

Sanmi Fakiyesi

Network relationship

Peer to Peer

Client/Server

Workgroup

Domain

Sanmi Fakiyesi

Network Security Architecture

Before undertaking the Design or Implementation of an enterprise Network and it Components, a Security Architecture should be developed.

Sanmi Fakiyesi

Concept of security architecture

Top-down security model:

1. Security policy

2. Security Strategy

3. Procedure and Standards

Sanmi Fakiyesi

(1) Security policy

It should conform to relevant standards.

Define security responsibilities within the organization.

Identification of key information assets using security risk analysis.

Set out guiding security principles to be in use in the organization.

Sanmi Fakiyesi

(2) Security strategy

It is more detailed than the policy.It shows how to implement the policy to

get result.

Should support business needs.

Comply with the company’s security policy.

Sanmi Fakiyesi

(3) Procedure and Standards

These cover areas such as:

Performing system monitoring Configuring a system Configuring web server/firewall Steps to take when there is security

breach.

Sanmi Fakiyesi

Trust / Security Zones

Trust/Security zones are key aspect of security perimeter.A common classification for connection is:

1. Untrusted zone or Demilitarized zone2. Hostile zone or internet3. Semitrusted zone or extranets4. Trusted zone or intranets

Sanmi Fakiyesi

Information Assets issues

What are information assets? Are people part of the information

assets that need to be protected? What are the implications of not

protecting these assets? Who should be responsible for the

protection of these assets? How should these assets be protected?

Sanmi Fakiyesi

What should be protected? Data Application software (test and production) Web applications (public or private intranet

based) Domain name servers Operating systems for network routers and

switches System utilities Telecommunication lines Libraries and directories Passwords

Sanmi Fakiyesi

What should be protected? contd. Temporary disk files Tape files System software Access control software System procedure libraries Logging files Bypass label process feature Operator system exits Dial-up lines Data dictionary/directory Spool queues

Network Infrastructure Security

Sanmi Fakiyesi

Sanmi Fakiyesi

Communication networks

Components: Devices, Software/programs, and files supporting the network operations

Controls:

Network control terminal (WAN) or Server (LAN)

Communications software

Sanmi Fakiyesi

Components of Network Hardware/Devices Hub or Switch Cables (CAT5) Connector(DB-9, RJ-45) Modem (wired and wireless) Network Interface Card WAP for wireless connection Wireless Network Interface Card Router (wired and wireless) Computers, Printers servers

Router and Switch

Sanmi Fakiyesi

Sanmi Fakiyesi

Network Infrastructure Security

Control over the network is accomplished through a network control terminal and specialized communication software

The following are the controls over communication networks: Control functions should be performed by technically

qualified operators Control functions should be separated and duties should

be rotated on a regular basis, where possible Control software must restrict operator access from

performing certain functions (e.g. ability to amend/delete logs)

Control software should maintain an audit trail of all operator activities

Audit trails should be reviewed by [network] operations management to detect any unauthorized network operations activities

Network Infrastructure Security (cont’d)

Network operation standards and protocols should be documented and made available to the operators and should be periodically reviewed to ensure compliance.

Network access by the system engineers should be closely monitored and reviewed to detect unauthorized access.

Workload balance, fast response time and system efficiency should be ensured through analysis.

Terminals should be authenticated through the use of a terminal identification file.

Data encryption should be used to protect messages during transmission

Sanmi Fakiyesi

Sanmi Fakiyesi

Types of Network Software

Novell Netware Unix Microsoft Windows 2000/NT, Window

XP, Window vista, Window 7, Microsoft window server 2003, Microsoft window server 2008.

ETC

Examples of Network security software /tools

Anti-virus UTM-Unified Threat Management(e.g ISA)

Firewall VPN (Virtual Private Network) IDS/IPS

Honey pots Honey net Network Penetration tests

Sanmi Fakiyesi

Examples of Network security software

Port based security Identity based security Network Admission Control

Sanmi Fakiyesi