Ch. 10 IS 141
Common Ports
20 FTP data transfer 21 FTP control 22 Secure Shell (SSH) 25 Simple Mail Transfer Protocol (SMTP) 53 Domain Name System (DNS) 80 Hypertext Transport Protocol (HTTP) 110 Post Office Protocol v3 (POP3) 139 NetBIOS Session Service 143 Internet Message Access Protocol (IMAP) 443 HTTP over Secure Sockets Layer (SSL)
Facts about WAN
-The internet is an open network -Can't gurantee privacy -Consider the securit issues surrounding the use of an open network
Malware Inspection
A specialized form of content inspection, the device looks at packet content for signs of malware.
Application Proxy
An application proxy firewall goes further than a stateful inspection firewall. It doesn't actually allow packets to travel directly between systems on opposite sides of the firewall. The firewall opens separate connections with each of the two communicating systems and then acts as a broker (or proxy) between the two. This allows for an added degree of protection, because the firewall can analyze information about the application in use when making the decision to allow or deny traffic.
Wide Area Networks
Connect systems over large geographic area.
Ehthernet Networks
Define the ways that computers communicate on the network. Governs both the Physical and Data Link layers. Defines how computers use MAC addresses to communicate with each other on the network.
Denial of Service (DoS)
Flooding a network with traffic and shutting down a single point of failure
LAN Devices:
Hubs Switches
Firewall Types
Packet Filtering Stateful Inspection Application Proxy
Local Area Networks
Provide network connectivity for computers located in the same geographic area.
Network Security Risks
Reconnaissance Eavesdropping Denial of Service (DoS) Distributed DoS (DDoS) Telephony denial of service (TDoS)
Layer 1- Physical
This layer is responsible for the physical operation of the network. The Physical Layer must translate the binary ones and zeros of computer language into the language of the transport medium. In the case of copper network cables, it must translate computer data into electrical pulses. In the case of fiber optics, it must translate the data into bursts of light.
Layer 2- Data Link
This layer is responsible for transmitting information on computers connected to the same local area network (LAN). The Data Link Layer uses Media Access Control (MAC) addresses. Device manufacturers assign each hardware device a unique MAC address
Eavesdropping
When an attacker an attacker taps the data cable to see all data passing through it
Antenna types
Wireless device antennas can have a large impact on the device's area of coverage. Generally, external antennas can reach farther than internal antennas. Also, antennas can transmit and receive in different ways. They can be omnidirectional (all directions), semidirectional (limited direction), or highly directional (focused direction). Choose the right antenna for your organization's use.
Power-level controls
You can change the power a wireless device uses from the configuration settings. Lowering the power settings from the default will reduce the area the device covers. This setting can be helpful when attempting to limit the visibility of your wireless networks.
Border routers
A border router is subject to direct attack from an outside source. When you configure any router, you should determine whether it is the only point of defense or if it is one part of a multilayered defense. Of course, a multilayered defense is far better and more secure. The lone defense router can protect internal resources but is subject to attack itself.
Virtual LANS (VLANs)
Any broadcast domain that is isolated from other domains A collection of logically related network devices that are viewed as a partitioned network segment Used to isolate logical groups of devices to reduce network traffic and increase security
Telephony denial of service (TDoS)
Attempts to prevent telephone calls from being successfully initiated or received by some person or organization
What is the most common LAN technology in use?
Ethernet
URL Filter
Filters web traffic by examining the URL as opposed to the IP address.
What are the basic tools for network security defense?
Firewalls Virtual Private Networks and Remote Access Network Access Control
The Open Systems Interconnection (OSI) Reference Model
Layer 7 Application Layer 6 Presentation Layer 5 Session Layer 4 Transport Layer 3 Network Layer 2 Data Link Layer 1 Physical
Antenna placement
Once you select the best antennas for your devices, carefully place the antennas to provide coverage that you want, and not for anyone else. Placing an omnidirectional antenna near an external wall will likely make your wireless network available to people outside your building.
Layer 4- Transport
This layer is responsible for breaking data into packets and properly transmitting it over the network. Flow control and error checking take place at the Transport Layer.
Layer 3- Network
This layer is responsible for the logical implementation of the network. One very important feature of the Network Layer, covered later in this chapter, is logical addressing. In TCP/ IP networking, logical addressing takes the familiar form of IP addresses.
Distributed DoS (DDoS)
Uses multiple compromised systems to flood the network from many different directions
Captive portals
A captive portal is a webpage that is displayed for all new connections. Your wireless device can redirect all traffic to the captive portal until the connection is authenticated. The most common use of a captive portal is to provide a logon page for your wireless network.
Firewalls
A firewall controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network
Internal routers
An internal router can also provide enhanced features to your internal networks. Internal routers can help keep subnet traffic separate. They can keep traffic out of a subnet and keep traffic in a subnet. For example, an internal router that sits between the network of an organization's research department network and the network for the rest of the organization can keep the two networks separate. These routers can keep confidential traffic inside the research department. They can also keep nonresearch traffic from crossing over into the research network from the organization's other networks.
Hubs
•Contain a number of plugs (or ports) where you can connect Ethernet cables for different network systems •When they hub receive packets, they automatically retransmit those packets to all the other ports
Switches
•Perform intelligent filtering •"Know" the MAC address of the system connected to each port •When they receive a packet on the network, they look at the destination MAC address and send the packet only to the port where the destination system resides
Reconnaissance
The act of gathering information about a network for use in a future attack
Wireless access points (WAPs)
The connection between a wired and wireless network
Network Port
A number that tells a receiving device where to send messages it receives.
Packet Fitering
A packet-filtering firewall is very basic. It compares received traffic with a set of rules that define which traffic it will permit to pass through the firewall. It makes this decision for each packet that reaches the firewall and has no memory of packets it has encountered in the past.
Stateful Inspection
A stateful inspection firewall remembers information about the status of a network communication. Once the firewall receives the first packet in a communication, the firewall remembers that communication session until it is closed. This type of firewall does not have to check its rules each time it receives a packet. It only needs to check rules when a new communication session starts.
How do TCP/IP work?
A suite of protocols that operate at both the Network and Transport layers of the OSI Reference Model Governs all activity across the Internet and through most corporate and home networks Developed by the DoD to provide a highly reliable and fault-tolerant network infrastructure (security was not a focus)
Site surveys
One of the most important nontechnical aspects to securing wireless networks is the site survey. Examine the physical area you want to serve with a wireless network. Facility floor plans can help determine the best placement for wireless devices. Use diagrams to plan your wireless network before you physically place devices.
Content Inspection
The device looks at some or all network packet content to determine if the packet should be allowed to pass.
Layer 7- Application
This layer is responsible for interacting with end users. The Application Layer includes all programs on a computer that interact with the network. For example, your email software is included, since it must transmit and receive messages over the network. A simple game like Solitaire doesn't fit here because it does not require the network in order to operate.
Layer 5- Session
This layer is responsible for maintaining communication sessions between computers. The Session Layer creates, maintains, and disconnects communications that take place between processes over the network.
Layer 6- Presentation
This layer is responsible for the coding of data. The Presentation Layer includes file formats and character representations. From a security perspective, encryption generally takes place at the Presentation Layer.