Identify and Describe Security Risks People Phishing Passwords
Transmissions Man in middle Packet sniffing Port scanners Protocols
NOS updates Internet Access Spyware Bots Social media
Slide 4
Network Security Technology Firewalls Router Access Lists
Stateless and Stateful Intruder Detection and Prevention Proxy
Servers
Slide 5
25 Router Access Lists (contd.) ACL instructs router Permit or
deny traffic according to variables: Network layer protocol (IP,
ICMP) Transport layer protocol (TCP, UDP) Source IP address Source
netmask Destination IP address Destination netmask TCP, UDP port
number
Slide 6
27 Intrusion Detection and Prevention Port mirroring Port
configured to send copy of all traffic to another port for
monitoring purposes IDS (intrusion detection system) Logs potential
problems IPS (Intrusion Prevention System Block potential problems
Denial-of-service, smurf attacks
Slide 7
DMZ In computer security, a DMZ, or demilitarized zone is a
physical or logical subnetwork that contains and exposes an
organization's external services to a larger untrusted network,
usually the Internet. An external attacker only has access to
equipment in the DMZ, rather than any other part of the
network.computer securitysubnetwork
Slide 8
Network+ Guide to Networks, 5 th Edition40 Proxy Servers
(contd.) Figure 12-5 A proxy server used on a WAN
Slide 9
Encryption Use of keys to scramble data to prevent
eavesdropping Symmetric vs Asymmetric keys Encryption systems
Slide 10
51 Public (Asymmetric) Key Encryption Data encrypted using two
keys Private key: user knows Public key: anyone may request Public
key server Freely provides users public keys Uses Certificate
Authority to verify certificate Asymmetric encryption Requires two
different keys Used with SSL and TLS Used by HTTPS and SSH
Slide 11
63 IPSec (Internet Protocol Security) Defines encryption,
authentication, key management Works at Network layer for TCP/IP
transmissions Native IPv6 standard Difference from other methods
Encrypts data by adding security information to all IP packet
headers Transforms data packets Operates at Network layer (Layer 3)
Used by L2TP VPN connections
Slide 12
66 IPSec (contd.) Figure 12-9 Placement of a VPN concentrator
on a WAN
Slide 13
Network Authentication Allow a user to login to a server or
service without revealing the user password to packet sniffers.
Requires some form of encryption Secure Login Systems
Slide 14
67 Authentication Protocols Authentication Process of verifying
a users credentials Grant user access to secured resources
Authentication protocols Rules computers follow to accomplish
authentication Several authentication protocol types RADIUS/TACACS
PAP CHAP EAP and 802.1x (EAPoL) Used in WPA2 (802.11x)
Kerberos
Slide 15
81 802.1x (EAPoL) (contd.) Figure 12-15 802.1x authentication
process
Slide 16
Wireless Security Options
Slide 17
84 Wireless Network Security Wireless Susceptible to
eavesdropping War driving Effective for obtaining private
information Forms of Wireless Encryption WEP 802.11i Uses EAPoL WPA
WPA2 Based on 802.11i Uses AES and CCMP encryption
Slide 18
WPA and WPA2 WPA (Wi-Fi Protected Access) Subset of 802.11i
Same authentication as 802.11i TKIP keys Uses RC4 encryption rather
than AES Has been cracked WPA2 Follows 802.11i Uses AES security
Replaces WPA2 Uses CCMP