Академический Документы
Профессиональный Документы
Культура Документы
Objectives
Ver. 1.0
Slide 1 of 21
Best Practices
When planning for a VPN for an enterprise, you have to consider the following best practices:
Place the VPN gateway outside the firewall. Determine the location of the VPN gateway within the existing network topology. Place the firewall after the VPN gateway and allow the firewall to inspect the traffic that the VPN decrypts. Do not locate the VPN gateway parallel to or behind the firewall. The firewall will not be able to inspect clear-text traffic. Place a VPN gateway such that any Network Address Translation (NAT) for data packets takes place outside the VPN tunnel. Do not place the IDS outside the network firewall.
Ver. 1.0
Slide 2 of 21
When planning for VoIP, you should consider the following best practices:
Conduct an audit of the network technology implemented in the enterprise to check if it is compatible with VoIP. Prioritize voice traffic over data on corporate networks. Determine bandwidth requirements. Consider global governmental toll-bypass regulations. Increase the visibility and performance of the VoIP network. Stick to one VoIP provider. Choose equipment that are compatible with each other.
Ver. 1.0
Slide 3 of 21
Documenting a network helps reduce the maintenance and management costs. An analysis of the following questions helps in selecting an appropriate network documentation package:
What should be documented? Why should it be documented? Where is the information source? Is all the required information readily available? Who are the users? What structure and naming conventions should be used? What is the feedback process?
Ver. 1.0
Slide 4 of 21
Ver. 1.0
Slide 5 of 21
Ver. 1.0
Slide 6 of 21
Practice Questions How does understanding availability requirements help plan an IT infrastructure?
Understanding availability requirements help determine the level of network services required and thereby help determine the cost of setting up an IT infrastructure to fulfill the level of service.
Ver. 1.0
Slide 7 of 21
Practice Questions (Contd.) What is the difference between scalability and obsolescence protection?
Scalability is the ability of a network to cope up with future requirements, such as increase in the number of users, expansion of the network, acquisition of new network sites, and installation of new software applications. Obsolescence protection involves planning the purchase of your network devices in such a way that they are able to keep pace with fast changing technologies and higher capacity devices that might be installed in future.
Ver. 1.0
Slide 8 of 21
Practice Questions (Contd.) How does network sizing affect network planning?
Network sizing takes care of the number of users using the network and the future requirements that might arise. Thereby, network sizing helps determine the quality and level of network services required. Network sizing helps you estimate the cost of setting up a network that will meet the business as well as technical requirements of an enterprise.
Ver. 1.0
Slide 9 of 21
Practice Questions (Contd.) What are the various options available for setting up a WAN infrastructure?
The various options for setting up a WAN infrastructure are: Frame relay X.25 WAN ATM Leased line ISDN ADSL Analog Modems SMDS
Ver. 1.0
Slide 10 of 21
Practice Questions (Contd.) What are VPNs? How does a VPN help provide low cost yet secure WAN communication?
VPNs are networks that use encryption in the lower protocol layers to provide a secure connection through an otherwise insecure network, such as the Internet. VPNs are cheaper than real private networks using private lines. VPNs use encryption to make the data safe on public networks, such as the Internet. In addition, they use the IPsec protocol to ensure better safety of information traveling through VPNs.
Ver. 1.0
Slide 11 of 21
Objectives
Ver. 1.0
Slide 12 of 21
Best Practices
Ver. 1.0
Slide 13 of 21
Tips and Tricks The tips and tricks for implementing IDS are:
Use host-based IDS to secure the computers of mobile users in your network. Use network-based IDS to secure your IT infrastructure if you do not want to place an additional workload on the computers of your network. Use hardware instead of software firewalls if security requirements are not very high.
Ver. 1.0
Slide 14 of 21
Ver. 1.0
Slide 15 of 21
FAQs (Contd.) What is a digital signature and how do you acquire one?
A digital signature needs to be different each time it is created, and is used to secure objects, such as an electronic document, a picture, or a program. It is created by performing a mathematical calculation on the data that needs securing, such as a password for a Web site. This mathematical calculation produces a unique numerical value, which is encrypted using a private cryptographic key. You cannot buy a digital signature. To create a digital signature, one needs to generate or buy a private cryptographic key, a public key and certificate.
Slide 16 of 21
Ver. 1.0
Slide 17 of 21
Practice Questions (Contd.) What are the measures available to ensure physical security?
The various measures to ensure physical security are: Keeping devices under lock and key Implementing biometric measures, such as keycards, fingerprint readers, and retinal scanners Implementing surveillance measures
Ver. 1.0
Slide 18 of 21
Ver. 1.0
Slide 19 of 21
Practice Questions (Contd.) Describe how the QoS requirements of an enterprise determine the level of security required in the enterprise.
Depending on the QoS requirements of the enterprise, the enterprise can select an appropriate security method. If the enterprise requires fast access to data, the security will be kept at a low level because it might affect the speed of data access. Alternately, if the enterprise requires highly secure data, the level of security employed will be high.
Ver. 1.0
Slide 20 of 21
Practice Questions (Contd.) What are the differences between host-based and network-based IDS.
Network-based IDS are deployed on a network. They use raw network packets as the data source to check for any sort of intrusion in a network. Network-based IDS utilize network adapters to monitor and analyze network traffic. You can deploy networkbased IDS to protect a specific segment of the network, in which it is installed. Host-based IDS are installed on different types of computers such as desktops, servers, or laptops. They can provide a second level check and can detect problems missed out by network-based IDS. Therefore, identifying location of the IDS on internal networks can be crucial for providing broad security coverage for an enterprise. You can decide to implement host-based IDS on those computers which are more prone to attack by intruders.
Ver. 1.0
Slide 21 of 21