1 / 18

Physical and Perimeter Security

2. Physical and Perimeter Security. Physical controlsLocation, Locks, SurveillanceTechnical controlsID cards, Biometrics, Power supply, Fire suppressionPerimeter security topologiesTunnelingVirtual LAN. 3. Physical Security. Location of the computer systems is criticalLocation related concern

temple
Download Presentation

Physical and Perimeter Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. 1 Physical and Perimeter Security

    2. 2 Physical and Perimeter Security Physical controls Location, Locks, Surveillance Technical controls ID cards, Biometrics, Power supply, Fire suppression Perimeter security topologies Tunneling Virtual LAN

    3. 3 Physical Security Location of the computer systems is critical Location related concerns are: Visibility Accessibility Environmental problems For highly secure systems, location is kept confidential

    4. 4 Physical Security Physical barriers Key locks are the least secure Cipher locks require number entry for access Can handle door delay alarm (if propped open) Key override Master keyring for changing access codes Hostage alarm

    5. 5 Physical Security Device locks Locking down a desktop via a cable Switch control lock Slot lock (expansion slots are blocked) Port controls (blocks access to hard drives and serial ports) Cable traps (prevents removal of cabling) Surveillance Security guards Guard dogs

    6. 6 Physical Security Technical controls Personnel access controls Access cards biometrics Ventilation (outward air flow to keep dust out) Power supply (uninterrupted, generator backup) Fire detection systems

    7. 7 Perimeter Security Perimeter security topologies Three-tiered architecture Untrusted, semi-trusted, trusted Two-perimeter networks Internal (trusted) External (untrusted)

    8. 8 Three-tiered structure

    9. 9 Common problems encountered Not knowing who the attacker is Not knowing what the attacker is looking for Inconveniences the routine Costs money to implement Challenge the assumptions Keep the number of secrets to a minimum Understand your environment Do not rely too much on technology

    10. 10 Tunneling Uses both encryption and encapsulation in placing data in packets over untrusted networks VPNs using tunneling technology Tunnel is created between routers in a logical way

    11. 11 Tunneling diagram

    12. 12 Tunneling How tunneling works? Source router asks the destination router to set up a tunnel. This means that the destination specifies an encryption protocol. Source uses that protocol and sends the encrypted packet in an encapsulated frame. Destination decrypts the packet and routes to the proper node. Tunneling is inexpensive since existing connections are used

    13. 13 Virtual LAN VLAN is a partition of an existing LAN so that broadcast traffic is limited to the nodes on that VLAN By default all nodes are on VLAN1 A router can support several VLANs When VLANs are used, only nodes in that VLAN can communicate. To communicate with nodes on another VLAN a router will be needed. Creating a VLAN is software-based Ports on a router making up a VLAN need not be consecutive

    14. 14 VLAN diagram

    15. 15 VLAN features Nodes on a VLAN need not be physically on the same network. As long as the router can connect to the network the location of the node is unimportant Traffic filtering can be configured per VLAN Ports do not reveal in a physical way the VLAN number. It is available through software easily. That is why physical security is important. A trunk is a physical link which allows switches to share many VLANs

    16. 16 VLAN features Some switches auto-negotiate a trunk connection. This is a loophole hackers take advantage of. Once a hacker has access to a host on a network, they can cause the host to establish a connection to the switch via a new trunk. Switches forward all traffic on VLANs on the same trunk, giving the hacker ability to sniff the network One way to prevent this is to disable auto-negotiate feature of switches

    17. 17 VLAN features Once a VLAN is created the bandwidth allocated to the trunk is dedicated. If the nodes of the VLAN are removed then the trunk does not get removed. Removing such trunks is called pruning. Pruning can increase data traffic rate.

    18. 18 References Virtual LAN http://www.3com.com/other/pdfs/solutions/en_US/20037401.pdf Virtual LAN routing http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/switch_c/xcvlan.htm Virtual LANs and IEEE 802.1Q standard http://www.marconi.com/media/vlan100.pdf

    19. 19 Security Scenario to Solve Virtual LANs provide an effective mechanism to separate traffic on a network. You are given the responsibility to evaluate the VLAN products in the market and give a summary information so that decision makers can better prepare for network security. Create such a report.

More Related