240 likes | 526 Views
Networks . Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder. Objectives. Types of Networks Components of Networks Risks to Networks Network Security/Controls Auditing Networks. What is a Network?.
E N D
Networks Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder
Objectives • Types of Networks • Components of Networks • Risks to Networks • Network Security/Controls • Auditing Networks
What is a Network? • Two or more connected computers that allow the process of telecommunications to occur • Telecommunications is the transfer of text, audio, video, or other data formats
Types of Networks • Characterized in 3 categories: • Distance • Ownership • Client/Server Networks
Distance • Local Area Network (LAN) • Connected computers within a short geographical distance of one another • Wide Area Network (WAN) • Connects computer large geographic away from one another
Ownership • Intranet • Internal network within a company • Extranet • Connects internal network to outside business partners • Virtual Private Network (VPN) • Uses public internet connection but achieves privacy through encryption and authentication
Client/Server Networks • Network servers that manage the networks and host applications that are shared with client computers • Two types: • Two-tiered • Three-tiered
Network Security and Controls • Authentication • Process of ensuring users are who they say they are • Encryption • Scrambling or coding data so that anyone who views will not be able to decode it without a decryption key • Firewalls • Hardware and software to control outside access to the network
Components of a Network • Computers and terminals • Telecommunication channels • Telecommunication processors • Routers and Switching devices
Computers and Terminals • Computers process data in a network and send/receive information to and from terminals • Terminals serve as input/output devices
Telecommunications Channels • Transmit data from computer to computer • Physical transmitters • Wireless transmitters
Telecommunications Processors • Most common is a modem • Transforms digital communication signals to analog signals for transfer and then back to digital signals • Digital communication networks
Routers and Switching Devices • Switches: connect network components and ensure messages are delivered to appropriate destinations • Routers: similar to switches but with more complex features based on protocols • Approaches to switching • Message switching • Packet switching • Circuit switching
Risks to Networks • Social Engineering • Physical Infrastructure Threats • Programmed Threats • Denial of Service Threats • Software Vulnerabilities
“Soc-ing” VoIP Vulnerabilities – Can open channel to network that is not fire-walled Phishing Scams – i.e. – emails from unknown persons containing malicious links. Cross Site Scripting (XSS) – leads to account hijacking, changing of user settings, cookie theft/poisoning, or false advertising
Network Security • Network manager and network security administration • Authentication • Encryption • Firewalls
Auditing Networks • Perform risk assessment procedures to assess vulnerabilities • Evaluate controls and their effectiveness • Auditing Network Security • Network diagrams • Determine what assets, who has access, and understand connections • Penetration testing • Benchmarking
Risk Assessment Procedures • Basic vulnerabilities of a network • Interception- transmitted data is intercepted by a third party • Availability- unavailability of the network could result in losses for the firm • Access/Entry points- a weak point in access can make the information assets vulnerable to intruders
Evaluate Controls • Physical access controls • Transmitted information should be encrypted • Network should have sufficient management • Controls to limit the type of traffic • Passwords for everyone who has access
Auditing Networks • Network diagrams • Determine what assets • Who has access • Understand connections • Penetration testing