Tài liệu Module 10: Creating a Security Design for Data Transmission docx

28 319 0
  • Loading ...
1/28 trang

Thông tin tài liệu

Ngày đăng: 18/01/2014, 05:20

Contents Overview 1 Lesson: Determining Threats and Analyzing Risks to Data Transmission 2 Lesson: Designing Security for Data Transmission 7 Lab A: Designing Security for Data Transmission 19 Course Evaluation 22 Module 10: Creating a Security Design for Data Transmission Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2002 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, BizTalk, PowerPoint, Visio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Module 10: Creating a Security Design for Data Transmission iii Instructor Notes In this module, students will learn how to determine threats and analyze risks to data transmission in an organization. Students will also learn how to design security for different types of data transmission, including traffic on local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), wireless networks, and the Internet. After completing this module, students will be able to:  Determine threats and analyze risks to data transmission.  Design security for data transmission. To teach this module, you need Microsoft® PowerPoint® file 2830A_10.ppt. It is recommended that you use PowerPoint version 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all of the features of the slides may not be displayed correctly. To prepare for this module:  Read all of the materials for this module.  Complete the practices.  Complete the lab and practice discussing the answers.  Read the additional reading for this module, located under Additional Reading on the Web page on the Student Materials CD.  Visit the Web links that are referenced in the module. Presentation: 45 minutes Lab: 30 minutes Required materials Important Preparation tasks iv Module 10: Creating a Security Design for Data Transmission How to Teach This Module This section contains information that will help you to teach this module. Lesson: Determining Threats and Analyzing Risks to Data Transmission This section describes the instructional methods for teaching this lesson. Use the slide, repeated from earlier modules, to reinforce where the items in the bulleted list on the slide exist on the network diagram. This is a very simple diagram that is intended to generate class discussion. This page is intended simply to give examples of vulnerabilities. To elaborate attacks, draw upon your own experiences. The next page deals with common vulnerabilities, so try not to skip ahead. Explain the threats, but do not discuss how to secure against them. The second lesson in the module covers that topic. Use the practice to generate discussion. Lesson: Designing Security for Data Transmission This lesson contains numerous Web links that you will find valuable in preparing to teach this module. Business or technical requirements may include standards such as HIPAA, the Health Insurance Portability and Accountability Act of 1996. When discussing encryption requirements and restrictions, mention that government encryption standards vary from country to country and could be a security concern for international organizations and corporations. Use this page to introduce the topics that will follow in the lesson. The four-layer Department of Defense Internet model is one of many Internet models. Others, such as the Open Systems Interconnection (OSI), use seven-layers. We chose the Department of Defense model for the sake of simplicity. Answers may vary. Use the rankings provided and the security responses that students give to generate classroom discussion. Use this page to review the content of the module. Students can use the checklist as a basic job aid. The phases mentioned on the page are from Microsoft Solutions Framework (MSF). Use this page to emphasize that students must perform threat analysis and risk assessment on their own networks for the topic covered in this module. Students must then design security responses to protect the networks. Assessment There are assessments for each lesson, located on the Student Materials compact disc. You can use them as pre-assessments to help students identify areas of difficulty, or you can use them as post-assessments to validate learning. Overview of Data Transmission Why Securing Data Transmission Is Important Common Vulnerabilities to Data Transmission Practice: Analyzing Risks to Data Transmission How to Determine Security Requirements for Data Transmission Overview of Methods for Securing Communication Channels Practice: Risk and Response Security Policy Checklist Module 10: Creating a Security Design for Data Transmission v Lab A: Designing Security for Data Transmission To begin the lab, open Microsoft Internet Explorer and click the name of the lab. Play the video interviews for students, and then instruct students to begin the lab with their lab partners. Give students approximately 20 minutes to complete this lab, and spend about 10 minutes discussing the lab answers as a class. Use the lab answers provided in the Lab section of the module to answer student questions about the scope of Ashley Larson’s e-mail request, and to lead classroom discussion after students complete the lab. For general lab suggestions, see the Instructor Notes in Module 2, “Creating a Plan for Network Security.” Those notes contain detailed suggestions for facilitating the lab environment used in this course. Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs. This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware. This module includes only computer-based interactive lab exercises, and as a result, there are no lab setup requirements or configuration changes that affect replication or customization. The lab in this module is also dependent on the classroom configuration that is specified in the Customization Information section at the end of the Automated Classroom Setup Guide for Course 2830A, Designing Security for Microsoft Networks. Lab Setup There are no lab setup requirements that affect replication or customization. Lab Results There are no configuration changes on student computers that affect replication or customization. General lab suggestions Important Module 10: Creating a Security Design for Data Transmission 1 Overview *****************************ILLEGAL FOR NON-TRAINER USE****************************** In this module, you will learn how to determine threats and analyze risks to data transmission in an organization. You will also learn how to design security for different types of data transmission, including traffic on local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), wireless networks, and the Internet. After completing this module, you will be able to:  Determine threats and analyze risks to data transmission.  Design security for data transmission. Introduction Objectives 2 Module 10: Creating a Security Design for Data Transmission Lesson: Determining Threats and Analyzing Risks to Data Transmission *****************************ILLEGAL FOR NON-TRAINER USE****************************** You can protect data that is stored on your network by securing access to it, but when you transmit data across the network in your organization, the data becomes vulnerable to a variety of additional threats. Attackers can potentially intercept transmitted data, depending on how and where the data is transmitted. After completing this lesson, you will be able to:  Describe data transmission methods.  Explain why securing data transmission is important.  List common vulnerabilities that threaten transmitted data. Introduction Lesson objectives Module 10: Creating a Security Design for Data Transmission 3 Overview of Data Transmission *****************************ILLEGAL FOR NON-TRAINER USE****************************** Data travels over many types of networks in an organization, with different levels of trust associated with them. For example, LANs are generally associated with a high degree of trust because they are located within an organization’s physical facilities. Web server traffic is generally associated with a low level of trust because it crosses public links that are outside your organization’s control. When designing security for data transmission, determine the types of networks that your organization uses to transmit data. Common networks include LANs, wireless networks, WANs for branch offices and trusted partners, virtual private networks (VPNs) for remote users, and the Internet. Key points 4 Module 10: Creating a Security Design for Data Transmission Why Securing Data Transmission Is Important *****************************ILLEGAL FOR NON-TRAINER USE****************************** An attacker sits in a car across the street from an organization and uses a high-powered antenna to intercept packets from the organization’s wireless network. After intercepting packets, he performs an offline attack on the packets that were transmitted over the wireless network to obtain the Wired Equivalent Privacy (WEP) key. The attacker configures his portable computer with the WEP key for the organization’s WAN and then connects to the organization’s network. An attacker forges e-mail from another employee and sends a message to the company president. The message contains links to Web sites that contain offensive content. The company terminates the employee who appeared to have sent the offensive e-mail message. External attacker scenario Internal attacker scenario [...]... to save your answers to a folder on your desktop 4 Discuss your answers as a class 20 Module 10: Creating a Security Design for Data Transmission Lab A: Designing Security for Data Transmission Lab Questions and Answers Answers may vary The following are possible answers 1 What traffic on the business-to-business (B2B) network is vulnerable, and what can be done to secure the traffic? Traffic Security. .. from flowing to and from a network Additional reading For more information about threats to data transmission, see the white paper, Security Threats, at: http://www.microsoft.com/technet /security/ bestprac/bpent/sec1/secthret.asp 6 Module 10: Creating a Security Design for Data Transmission Practice: Analyzing Risks to Data Transmission *****************************ILLEGAL FOR NON-TRAINER USE******************************... Information disclosure, Denial of service, and Elevation of privilege) and life cycle threat models Manage risks Qualitative and quantitative risk analysis Phase Task Details Building Create policies and procedures for securing: Local area network traffic Wireless networks Wide area network traffic Web traffic Remote access connections Module 10: Creating a Security Design for Data Transmission 19 Lab... traffic For example, an attacker who wants to gain knowledge about data as it is transmitted can passively monitor the network from within an organization This type of attack reveals data but does not interrupt data transmission However, an attacker who wants to stop the transmission of traffic entirely can attempt a denial of service (DoS) attack over the Internet that prevents legitimate traffic from.. .Module 10: Creating a Security Design for Data Transmission 5 Common Vulnerabilities to Data Transmission *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points Threats and vulnerabilities to data transmission differ, depending on the mode of transmission and the goals of the attacker Threats can range from passive monitoring to malicious disruption of traffic... at the data link and physical layers Choose a VPN tunneling protocol 8 Module 10: Creating a Security Design for Data Transmission How to Determine Security Requirements for Data Transmission *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points To determine security requirements for data transmission: 1 Analyze business and technical requirements for securing... characteristics of a switched LAN infrastructure to authenticate devices that are attached to a LAN port It also prevents access to the port if the authentication process fails 802.1x requires a public key infrastructure (PKI) and a Remote Authentication Dial-In User Service (RADIUS) infrastructure Additional reading For more information about data transmission protocols for the application layer, see: RFC 2246,... 19 Lab A: Designing Security for Data Transmission *****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives After completing this lab, you will be able to apply security design concepts to data transmission Scenario You are a consultant hired by Contoso Pharmaceuticals to help the company design security for its network Each lab uses an interactive application... greater access to the LAN than external attackers have 18 Module 10: Creating a Security Design for Data Transmission Security Policy Checklist *****************************ILLEGAL FOR NON-TRAINER USE****************************** Checklist Use the following checklist to guide your security design for data transmission Phase Task Details Planning Model threats STRIDE (Spoofing, Tampering, Repudiation,... S/SMIME to digitally sign and encrypt messages before they are sent Use a certificate from a commercial CA to do this Module 10: Creating a Security Design for Data Transmission 21 2 What are the risks involved with installing an 802.11b wireless network in the buildings at the Geneva facility, and what can be done to mitigate those risks? Transmissions from the wireless LAN at the Geneva facility will . Determining Threats and Analyzing Risks to Data Transmission 2 Lesson: Designing Security for Data Transmission 7 Lab A: Designing Security for Data Transmission. threaten transmitted data. Introduction Lesson objectives Module 10: Creating a Security Design for Data Transmission 3 Overview of Data Transmission
- Xem thêm -

Xem thêm: Tài liệu Module 10: Creating a Security Design for Data Transmission docx, Tài liệu Module 10: Creating a Security Design for Data Transmission docx, Tài liệu Module 10: Creating a Security Design for Data Transmission docx

Gợi ý tài liệu liên quan cho bạn

Nhận lời giải ngay chưa đến 10 phút Đăng bài tập ngay