NETWORK INFRASTRUCTURE SECURITY Domain 5
Jan 17, 2016
NETWORK INFRASTRUCTURE SECURITY
Domain 5
Computer Security“in short, the average
computer is about as secure as a wet paper bag, and it is one of the last places where you would want to hide valuable data or use to communicate secret or sensitive information” - Rick Maybury
Sanmi Fakiyesi
Network
Network means the joining or linking of two or more computers in order to:
1. Communicate2. Share resources such as files,
folders, printers, etc
Sanmi Fakiyesi
Sanmi Fakiyesi
Good Network
A good Network must be able to:
Connect
Communicate
Provide services or resources.
Sanmi Fakiyesi
Types of Network
LAN WAN PAN SAN MAN WLAN WWAN
Sanmi Fakiyesi
Network topology
Bus Star Ring Mesh
NETWORK TOPOLOGY
Sanmi Fakiyesi
Sanmi Fakiyesi
Network relationship
Peer to Peer
Client/Server
Workgroup
Domain
Sanmi Fakiyesi
Network Security Architecture
Before undertaking the Design or Implementation of an enterprise Network and it Components, a Security Architecture should be developed.
Sanmi Fakiyesi
Concept of security architecture
Top-down security model:
1. Security policy
2. Security Strategy
3. Procedure and Standards
Sanmi Fakiyesi
(1) Security policy
It should conform to relevant standards.
Define security responsibilities within the organization.
Identification of key information assets using security risk analysis.
Set out guiding security principles to be in use in the organization.
Sanmi Fakiyesi
(2) Security strategy
It is more detailed than the policy.It shows how to implement the policy to
get result.
Should support business needs.
Comply with the company’s security policy.
Sanmi Fakiyesi
(3) Procedure and Standards
These cover areas such as:
Performing system monitoring Configuring a system Configuring web server/firewall Steps to take when there is security
breach.
Sanmi Fakiyesi
Trust / Security Zones
Trust/Security zones are key aspect of security perimeter.A common classification for connection is:
1. Untrusted zone or Demilitarized zone2. Hostile zone or internet3. Semitrusted zone or extranets4. Trusted zone or intranets
Sanmi Fakiyesi
Information Assets issues
What are information assets? Are people part of the information
assets that need to be protected? What are the implications of not
protecting these assets? Who should be responsible for the
protection of these assets? How should these assets be protected?
Sanmi Fakiyesi
What should be protected? Data Application software (test and production) Web applications (public or private intranet
based) Domain name servers Operating systems for network routers and
switches System utilities Telecommunication lines Libraries and directories Passwords
Sanmi Fakiyesi
What should be protected? contd. Temporary disk files Tape files System software Access control software System procedure libraries Logging files Bypass label process feature Operator system exits Dial-up lines Data dictionary/directory Spool queues
Network Infrastructure Security
Sanmi Fakiyesi
Sanmi Fakiyesi
Communication networks
Components: Devices, Software/programs, and files supporting the network operations
Controls:
Network control terminal (WAN) or Server (LAN)
Communications software
Sanmi Fakiyesi
Components of Network Hardware/Devices Hub or Switch Cables (CAT5) Connector(DB-9, RJ-45) Modem (wired and wireless) Network Interface Card WAP for wireless connection Wireless Network Interface Card Router (wired and wireless) Computers, Printers servers
Router and Switch
Sanmi Fakiyesi
Sanmi Fakiyesi
Network Infrastructure Security
Control over the network is accomplished through a network control terminal and specialized communication software
The following are the controls over communication networks: Control functions should be performed by technically
qualified operators Control functions should be separated and duties should
be rotated on a regular basis, where possible Control software must restrict operator access from
performing certain functions (e.g. ability to amend/delete logs)
Control software should maintain an audit trail of all operator activities
Audit trails should be reviewed by [network] operations management to detect any unauthorized network operations activities
Network Infrastructure Security (cont’d)
Network operation standards and protocols should be documented and made available to the operators and should be periodically reviewed to ensure compliance.
Network access by the system engineers should be closely monitored and reviewed to detect unauthorized access.
Workload balance, fast response time and system efficiency should be ensured through analysis.
Terminals should be authenticated through the use of a terminal identification file.
Data encryption should be used to protect messages during transmission
Sanmi Fakiyesi
Sanmi Fakiyesi
Types of Network Software
Novell Netware Unix Microsoft Windows 2000/NT, Window
XP, Window vista, Window 7, Microsoft window server 2003, Microsoft window server 2008.
ETC
Examples of Network security software /tools
Anti-virus UTM-Unified Threat Management(e.g ISA)
Firewall VPN (Virtual Private Network) IDS/IPS
Honey pots Honey net Network Penetration tests
Sanmi Fakiyesi
Examples of Network security software
Port based security Identity based security Network Admission Control
Sanmi Fakiyesi