Lecture 2 - Network Security Flashcards
Basic Network Definition
Set of devices connected together.
Four points of network security
Scalability (grow in users)
Availability (continuous)
Manageability (Staff able to manage)
Security (Not after thought)
Seven Domains of IT infra
- User
_ Workstation - LAN
- LAN to WAN
- WAN
- Remote Access
- System/App
User domain
Any individual associated with the org, with or without logins.
Threats: Social engineering/phishing
Workstation domain
Workstations/standalone systems and home computers.
Threats: Malware, port scanning, default pass, unpatched OS.
LAN Domain
Hosts on private LANs
LAN to WAN Domain
Routers/firewalls at LAN/WAN connection point
Threats: Port scanning Dos
Vulnerabilities: Weak permeter security, default config, misconfig
Risks: Instability and malicious traffic
Remote Access Domain
Org resources via remote access
Threats: Malware, rogue access point
Vulnerabilities: Unencrypted wireless, weak security controls
Risks: Compromise of remote sys results in org compromise
WAN Domain
Routers, switches and firewalls that ensure connectivity between LANs
Threats: Eavesdropping, Availability
Vulnerabilities: DNS Poisoning
Risks: Attacks on DNS root, clear text traffic intercepted, disaster
Sys/ App Domain
Servers, apps, databases etc
Threats: SQL injection, XSS, DoS
Vulnerabilities: Unpatched OS, misconfig, insecure code
Risks: Instability, Data loss, loss of function
Network Analysis Steps
- Create network baseline using Nmap/Zenmap
- Capture data at specific points on net
- Analyse captured data
- Investigate/resolve, update baseline,
Security Controls 3 sections
Physical
Procedural
Technical
Physical Controls
- Door locks, guards etc
- Fire detection and suppression, other environmental
- Electrical grounding etc
Procedural Controls
- Policies/procedures
- Insurance
- Background and financial checks
- Data loss prevention
- Awareness training
Technical Controls
- Login ID
- TImeouts
– Logs and audit trails - Firewalls and routers
- Encryption/Public Key Infrastructure
Firewall
Integrated colleciton of security mesaures that prevent unauthorised access to a network.
A Firewall can/is:
- Security Gateway
- Traffic Control Device
- Packet Filtering
- Routing
- ENforce security policy
- Loggin
- Secure the net from external attack
Firewalls are not/cannot:
- Be the only security
- Not an auth server
- Not a remote acces server
- Cannot see the content of encrypted packets
- Cannot see all traffic if positioned incorrectly
- Not a malicious code scanner
- Not an IDS.