Академический Документы
Профессиональный Документы
Культура Документы
Infrastructure
Objectives
Work with the network cable plant
Secure removable media
Harden network devices
Design network topologies
Coaxial Cables
Coaxial cable was main type of copper cabling used
in computer networks for many years
Has a single copper wire at its center surrounded by
insulation and shielding
Called coaxial because it houses two (co) axes or
shaftsthe copper wire and the shielding
Thick coaxial cable has a copper wire in center
surrounded by a thick layer of insulation that is
covered with braided metal shielding
4
Twisted-Pair Cables
Standard for copper cabling used in computer
networks today, replacing thin coaxial cable
Composed of two insulated copper wires twisted
around each other and bundled together with other
pairs in a jacket
Fiber-Optic Cables
Coaxial and twisted-pair cables have copper wire at
the center that conducts an electrical signal
Fiber-optic cable uses a very thin cylinder of glass
(core) at its center instead of copper that transmit
light impulses
A glass tube (cladding) surrounds the core
The core and cladding are protected by a jacket
10
11
Physical security
First line of defense
Protects the equipment and infrastructure itself
Has one primary goal: to prevent unauthorized users
from reaching the equipment or cable plant in order to
use, steal, or vandalize it
12
13
Magnetic Media
Record information by changing the magnetic
direction of particles on a platter
Floppy disks were some of the first magnetic media
developed
The capacity of todays 3 1/2-inch disks are 14 MB
Hard drives contain several platters stacked in a
closed unit, each platter having its own head or
apparatus to read and write information
Magnetic tape drives record information in a serial
fashion
14
Optical Media
Optical media use a principle for recording information
different from magnetic media
A high-intensity laser burns a tiny pit into the surface
of an optical disc to record a one, but does nothing to
record a zero
Capacity of optical discs varies by type
A Compact Disc-Recordable (CD-R) disc can record
up to 650 MB of data
Data cannot be changed once recorded
15
16
Electronic Media
Electronic media use flash memory for storage
Flash memory is a solid state storage device
everything is electronic, with no moving or mechanical
parts
18
19
20
21
22
23
24
25
26
Modems
Most common communication device
Broadband is increasing in popularity and can create
network connection speeds of 15 Mbps and higher
Two popular broadband technologies:
Digital Subscriber Line (DSL) transmits data at
15 Mbps over regular telephone lines
Another broadband technology uses the local cable
television system
27
Modems (continued)
A computer connects to a cable modem, which is
connected to the coaxial cable that brings cable TV
signals to the home
Because cable connectivity is shared in a
neighborhood, other users can use a sniffer to view
traffic
Another risk with DSL and cable modem connections
is that broadband connections are charged at a set
monthly rate, not by the minute of connect time
28
29
30
31
Telecom/PBX Systems
Term used to describe a Private Branch eXchange
The definition of a PBX comes from the words that
make up its name:
Private
Branch
eXchange
32
Mobile Devices
As cellular phones and personal digital assistants
(PDAs) have become increasingly popular, they have
become the target of attackers
Some defenses against attacks on these devices use
real-time data encryption and passwords to protect
the system so that an intruder cannot beam a virus
through a wireless connection
33
34
Firewalls
Typically used to filter packets
Designed to prevent malicious packets from entering
the network or its computers (sometimes called a
packet filter)
Typically located outside the network security
perimeter as first line of defense
Can be software or hardware configurations
35
Firewalls (continued)
Software firewall runs as a program on a local
computer (sometimes known as a personal firewall)
Enterprise firewalls are software firewalls designed to
run on a dedicated device and protect a network
instead of only one computer
One disadvantage is that it is only as strong as the
operating system of the computer
36
Firewalls (continued)
Filter packets in one of two ways:
Stateless packet filtering: permits or denies each
packet based strictly on the rule base
Stateful packet filtering: records state of a connection
between an internal computer and an external server;
makes decisions based on connection and rule base
37
Firewalls (continued)
An application layer firewall can defend against
worms better than other kinds of firewalls
Reassembles and analyzes packet streams instead of
examining individual packets
38
39
40
Managed device:
Network device that contains an SNMP agent
Collects and stores management information and
makes it available to SNMP
41
42
Security Zones
One of the keys to mapping the topology of a network
is to separate secure users from outsiders through:
Demilitarized Zones (DMZs)
Intranets
Extranets
43
E-mail servers
FTP servers
44
45
Intranets
Networks that use the same protocols as the public
Internet, but are only accessible to trusted inside
users
Disadvantage is that it does not allow remote trusted
users access to information
46
Extranets
Sometimes called a cross between the Internet and
an intranet
Accessible to users that are not trusted internal
users, but trusted external users
Not accessible to the general public, but allows
vendors and business partners to access a company
Web site
47
48
49
Honeypots
Computers located in a DMZ loaded with software
and data files that appear to be authentic
Intended to trap or trick attackers
Two-fold purpose:
To direct attackers attention away from real servers on
the network
To examine techniques used by attackers
50
Honeypots (continued)
51
53
54
Summary
Cable plant: physical infrastructure (wire, connectors,
and cables that carry data communication signals
between equipment)
Removable media used to store information include:
Magnetic storage (removable disks, hard drives)
Optical storage (CD and DVD)
Electronic storage (USB memory sticks, FlashCards)
55
Summary (continued)
Network devices (workstations, servers, switches,
and routers) should all be hardened to repel attackers
A networks topology plays a critical role in resisting
attackers
Hiding the IP address of a network device can help
disguise it so that an attacker cannot find it
56