Đang tải... (xem toàn văn)
Securing the Network Infrastructure
Chapter 5: Securing the Network InfrastructureSecurity+ Guide to Network Security Fundamentals Second Edition Objectives•Work with the network cable plant•Secure removable media•Harden network devices•Design network topologies Working with the Network Cable Plant•Cable plant: physical infrastructure of a network (wire, connectors, and cables) used to carry data communication signals between equipment•Three types of transmission media:–Coaxial cables–Twisted-pair cables–Fiber-optic cables Coaxial Cables•Coaxial cable was main type of copper cabling used in computer networks for many years•Has a single copper wire at its center surrounded by insulation and shielding•Called “coaxial” because it houses two (co) axes or shafts―the copper wire and the shielding•Thick coaxial cable has a copper wire in center surrounded by a thick layer of insulation that is covered with braided metal shielding Coaxial Cables (continued)•Thin coaxial cable looks similar to the cable that carries a cable TV signal•A braided copper mesh channel surrounds the insulation and everything is covered by an outer shield of insulation for the cable itself•The copper mesh channel protects the core from interference•BNC connectors: connectors used on the ends of a thin coaxial cable Coaxial Cables (continued) Twisted-Pair Cables•Standard for copper cabling used in computer networks today, replacing thin coaxial cable •Composed of two insulated copper wires twisted around each other and bundled together with other pairs in a jacket Twisted-Pair Cables (continued)•Shielded twisted-pair (STP) cables have a foil shielding on the inside of the jacket to reduce interference•Unshielded twisted-pair (UTP) cables do not have any shielding•Twisted-pair cables have RJ-45 connectors Fiber-Optic Cables•Coaxial and twisted-pair cables have copper wire at the center that conducts an electrical signal•Fiber-optic cable uses a very thin cylinder of glass (core) at its center instead of copper that transmit light impulses•A glass tube (cladding) surrounds the core•The core and cladding are protected by a jacket Fiber-Optic Cables (continued)•Classified by the diameter of the core and the diameter of the cladding–Diameters are measured in microns, each is about 1/25,000 of an inch or one-millionth of a meter•Two types:–Single-mode fiber cables: used when data must be transmitted over long distances–Multimode cable: supports many simultaneous light transmissions, generated by light-emitting diodes [...]... Servers • Workstation: personal computer attached to a network (also called a client) – Connected to a LAN and shares resources with other workstations and network equipment – Can be used independently of the network and can have their own applications installed • Server: computer on a network dedicated to managing and controlling the network • Basic steps to harden these systems are outlined on page 152 ... activity • Network- based IDS monitors all network traffic instead of only the activity on a computer – Typically located just behind the firewall • Other IDS systems are based on behavior: – Watch network activity and report abnormal behavior – Result in many false alarms Network Monitoring and Diagnostic Devices • SNMP enables network administrators to: – Monitor network performance – Find and solve network. .. from 2 MB to 128 MB • The card itself is only 45 mm long, 37 mm wide, and less than 1 mm thick Demilitarized Zones (DMZs) • Separate networks that sit outside the secure network perimeter • Outside users can access the DMZ, but cannot enter the secure network • For extra security, some networks use a DMZ with two firewalls • The types of servers that should be located in the DMZ include: – Web... and can create network connection speeds of 15 Mbps and higher • Two popular broadband technologies: – Digital Subscriber Line (DSL) transmits data at 15 Mbps over regular telephone lines – Another broadband technology uses the local cable television system Securing the Cable Plant (continued) • The attacker can capture packets as they travel through the network by sniffing – The hardware or software... passwords, network security devices, antivirus software, and door locks • An employee copying data to a floppy disk or CD and carrying it home poses two risks: – Storage media could be lost or stolen, compromising the information – A worm or virus could be introduced to the media, potentially damaging the stored information and infecting the network Hardening Network Security Devices • The final... authenticates users and passes service requests to the network Twisted-Pair Cables • Standard for copper cabling used in computer networks today, replacing thin coaxial cable • Composed of two insulated copper wires twisted around each other and bundled together with other pairs in a jacket Keeping Removable Media Secure • Protecting removable media involves making sure that antivirus and other... Routers • Switch – Most commonly used in Ethernet LANs – Receives a packet from one network device and sends it to the destination device only – Limits the collision domain (part of network on which multiple devices may attempt to send packets simultaneously) • A switch is used within a single network • Routers connect two or more single networks to form a larger network Coaxial Cables (continued) • Thin... Network Security Devices • The final category of network devices includes those designed and used strictly to protect the network • Include: – Firewalls – Intrusion-detection systems – Network monitoring and diagnostic devices Remote Access Servers • Set of technologies that allows a remote user to connect to a network through the Internet or a wide area network (WAN) • Users run remote access client... communicates with software agents on each network device and collects the data stored in the MIBs • Page 154 lists defensive controls that can be set for switches and routers Telecom/PBX Systems • Term used to describe a Private Branch eXchange • The definition of a PBX comes from the words that make up its name: – Private – Branch – eXchange Securing Removable Media • Securing critical information stored... defense – Protects the equipment and infrastructure itself – Has one primary goal: to prevent unauthorized users from reaching the equipment or cable plant in order to use, steal, or vandalize it Firewalls • Typically used to filter packets • Designed to prevent malicious packets from entering the network or its computers (sometimes called a packet filter) • Typically located outside the network security . the cable plant in the internal network An attacker who can access the internal network directly through the cable plant has effectively bypassed the network. Chapter 5: Securing the Network InfrastructureSecurity+ Guide to Network Security Fundamentals Second Edition Objectives•Work with the network cable