1 / 147

Security Network Architecture & Design

Security Network Architecture & Design. Domain Objectives. Discuss the concepts of network security Understand security risks Provide the business context for network security. Availability. Information Security. Confidentiality. Integrity. Information Security TRIAD. Domain Agenda.

melindabaker
Download Presentation

Security Network Architecture & Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Network Architecture & Design

  2. Domain Objectives • Discuss the concepts of network security • Understand security risks • Provide the business context for network security

  3. Availability Information Security Confidentiality Integrity Information Security TRIAD

  4. Domain Agenda • Basic Concepts • OSI Framework

  5. Network & Telecommunications • Network Security • Network Structures • Transmission Methods • Transport Formats • Security Measures • Network Security is the cornerstone for business operations

  6. Network Models • Models • OSI Reference Model • TCP/IP Model

  7. Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer OSI Reference Model • Layer 1: Physical Layer • Layer 2: Data Link Layer • Layer 3: Network Layer • Layer 4: Transport Layer • Layer 5: Session Layer • Layer 6: Presentation Layer • Layer 7: Application Layer

  8. OSI Reference Model • Encapsulation • Layering

  9. OSI Model Layer 1: Physical Layer • Bits are converted into signals • All signal processing • Physical Topologies Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer

  10. OSI Model Layer 2: Data Link Layer • Connects layer 1 and 3 • Converts information • Transmits frames to devices • Link Layer encryption Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Physical Layer Physical Layer

  11. OSI Model Layer 3: Network Layer • Moves information between two hosts that are not physically connected • Uses logical addressing • Internet Protocol (IP) Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Physical Layer Physical Layer

  12. OSI Model Layer 4: Transport Layer • End-to-end Transport between Peer Hosts • Connection Oriented and Connectionless Protocols Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Physical Layer Physical Layer

  13. OSI Model Layer 5: Session Layer • Manages logical persistent connection • Three Modes • Full Duplex • Half Duplex • Simplex Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Physical Layer Physical Layer

  14. OSI Model Layer 6: Presentation Layer • Ensures a common format to data • Services for encryption and compression Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Physical Layer Physical Layer

  15. OSI Model Layer 7: Application Layer • The application layer is not the application • Performs communication between peer applications • Least control of network security Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer Physical Layer Physical Layer

  16. TCP/IP Model • Originated by the U.S. Department of Defense • Functions like the OSI Model • Supports the TCP/IP Protocol • Application layer is unique

  17. Application Layer Application Layer Presentation Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Data Link Layer Data Link Layer Physical Layer Physical Layer TCP/IP Model

  18. Application Layer Transport Layer Network Layer Data Link Layer Physical Layer TCP/IP Protocol Stack Application TCP, UDP IP, IGMP, ICMP ARP, Hardware Interface, PPP Network Connection

  19. Network Security and Risks • Network is the key asset in many organizations • Network Attacks

  20. Network-based Attacks • Network as a Channel for Attacks • Network as the Target of Attack

  21. Network as a Bastion of Defense • Security controls built around social, organizational, procedural and technical activities • Based on the organization's security policy

  22. Network Security Objectives and Attacks • Business Risk versus Security Solutions • Attacks Scenarios • Network Entry Point - in Both Directions • Outside-in • Inside-out

  23. Methodology of an Attack • Attack Trees • Path of Least Resistance Methodology of an Attack 1 2 3 4 Target Acquisition Target Analysis Target Access Target Appropriation

  24. Target Acquisition 1 • Attacks start by intelligence gathering • Means of intelligence gathering • Countermeasures • Limit information on a network • Distract an attacker

  25. Target Analysis 2 • Analyze identified target for security weaknesses • Tools available • Target analysis

  26. Target Access 3 • Obtain access to the system • Manage user privileges • Monitor access

  27. Target Appropriation 4 • Escalate privileges • Attacker may seek sustained control of the system • Countermeasures against privilege escalation

  28. Network Security Tools • Tools automate processes • Network security is more than just technical implementations

  29. Network Scanners • Discovery Scanning • Compliance Scanning • Vulnerability Scanning

  30. Domain Agenda • Basic Concepts • OSI Framework • Layer 1: Physical Layer

  31. Layer 1: Physical Layer • Basic Concepts • Communications Technology • Network Topology • Technology and Implementation

  32. Communication Technology • Analog and Digital Communications • Digital communication brings quantitative and qualitative enhancements

  33. Analog Communication • Analog signals use electronic properties • Transmitted on wires or with wireless devices

  34. Digital Communication • Uses two electronic states • Can be transmitted over most media • Integrity of digital communication less difficult

  35. Layer 1: Physical Layer • Basic Concepts • Communications Technology • Network Topology • Technology and Implementation

  36. Network Topology • Even small networks are complex • Network topology and layout affects scalability and security • Wireless networks have a topology

  37. Bus • LAN with a central cable to which all nodes connect • Advantages • Scalable • Permits node failure • Disadvantages • Bus failure

  38. Tree • Devices connect to a branch on the network • Advantages • Scalable • Permits node failure • Disadvantages • Failures will split the network

  39. Ring • Closed-loop Topology • Advantages • Deterministic • Disadvantages • Single Point of Failure

  40. Mesh • All nodes are connected with each other • Advantages • Redundancy • Disadvantages • Expensive • Complex • Scalability

  41. Star • All of the nodes connected to a central device • Advantages • Permits node/cable failure • Scalable • Disadvantages • Single point of failure

  42. Security Perimeter • The first line of defense between trusted and un-trusted networks • No direct physical connection between trusted and untrusted networks • Security perimeter most widely used implementation of network partitioning

  43. Layer 1: Physical Layer • Basic Concepts • Communications Technology • Network Topology • Technology and Implementation

  44. Technology and Implementation • Physical networks employ a wide variety of cabling technologies and components • Wireless networks use frequency ranges and encryption/authentication

  45. Cable • Cable Selection Considerations • Throughput • Distance between Devices • Data Sensitivity • Environment Cable Twisted Pair Coaxial Cable Fiber Optics Patch Panels Modems

  46. Twisted Pair • One of the Simplest and Cheapest Cabling Technologies • Unshielded (UTP) or Shielded (STP)

  47. Unshielded Twisted Pair (UTP)

  48. Coaxial Cable (Coax) • Conducting wire is thicker than twisted pair • Bandwidth • Length • Expensive and physically stiff

  49. Fiber Optics • Three Components • Light Source • Optical Fiber Cable • Light Detector • Advantages • Disadvantages

  50. Patch Panels • Provides physical cross-connect point for devices • Alternative to directly connecting devices • Centralized management

More Related