This preview shows page 1-2-3-4-5-6-7-8-53-54-55-56-57-58-59-108-109-110-111-112-113-114-115 out of 115 pages.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011Domain AgendaOSI ModelOSI Reference ModelTCP/IPNetwork SecuritySlide 7Target Related IssuesNetwork Security ToolsLayer 1: Physical LayerCommunication TechnologyNetwork TopologyNetwork TopologySlide 14Cable Selection ConsiderationsUnshielded Twisted Pair (UTP)Coaxial Cable (Coax)Fiber OpticsWireless Transmission TechnologiesWireless Multiplexing TechnologiesPhysical Layer: Equipment AgendaSlide 22Slide 23Slide 24Standard ConnectionsPhysical Layer Threats and ControlsLayer 2: Data Link LayerSynchronous/Asynchronous CommunicationsUnicast, Multicast and Broadcast TransmissionsUnicast – Point-to-PointIntegrated Service Digital Network (ISDN)“T” Carrier“E” Carrier“OC” Optical Carrier STSCircuit-switched vs. Packet-switched NetworksCarrier Sense Multiple AccessPolling to Avoid ContentionToken PassingBridges and SwitchesMultiplexer/DemultiplexerWireless Local Area NetworksWireless Standards : IEEE 802Ethernet (IEEE 802.3)ProtocolsChallenge Handshake Authentication ProtocolExtensible Authentication Protocol (EAP)Link Layer ThreatsWired and Wireless Link-Layer ControlsWireless Encryption SummaryMetropolitan Area Network (MAN)Layer 3: Network LayerLAN/WANStorage Area Network (SAN)Public Switched Telephone Networks (PSTNs)X.25Frame RelayAsynchronous Transfer Mode (ATM)Multi-Protocol Label Switching (MPLS)Comparing Broadband WirelessWireless OpticsNetwork Usage: DefinitionsOther AspectsFirewallsSlide 64Firewalls (cont.)Network PartitioningEnd SystemsInternet Protocol (IP)Internet Protocol (cont.)Subnetting and Valid SubnetsDynamic Host Configuration Protocol (DHCP)IPv6Internetwork Packet Exchange (IPX)Internet Control Message Protocols (ICMP)Internet Group Management Protocol (IGMP)Virtual Private Network (VPN)IPSEC Authentication and Confidentiality for VPNsTunneling ProtocolsRisks and AttacksRisks and AttacksSlide 81ControlsLayer 4: Transport LayerSlide 84Transport Layer Security (TLS)AttacksSlide 87Layer 5: Session LayerProtocolsRPC Threats and ControlsLayer 6: Presentation LayerStandardsCompression ProtocolsThreats and ControlsLayer 7: Application LayerImplementationsProtocols ExamplesThreats and ControlsTelephonyMobile Multiplexing TechnologiesSlide 101Telephony Threats and ControlsGeneral ThreatsServicesAuthenticationDirectory ServicesConfiguration ServicesCommunication ServicesRemote Communication ServicesStorage Server ServicesStorage Data ServicesPrinting ServicesDNS ThreatsOther ThreatsSlide 115Dr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)June 2011Telecommunications and Network SecurityDomain Agenda•Networks •Network Security•Physical•Data Link•Network•Transport•Session•Presentation•Application•Telephony•ServicesOSI Model•The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization. •It is a way of sub-dividing a communications system into smaller parts called layers. A layer is a collection of conceptually similar functions that provide services to the layer above it and receives services from the layer below it.•On each layer an instance provides services to the instances at the layer above and requests service from the layer below.OSI Reference Model•Layer 7: Application•Layer 6: Presentation•Layer 5: Session•Layer 4: Transport•Layer 3: Network•Layer 2: Data Link•Layer 1: PhysicalTCP/IP•In the TCP/IP model of the Internet, protocols are not as rigidly designed into strict layers as the OSI model.•TCP/IP does recognize four broad layers of functionality which are derived from the operating scope of their contained protocols, namely the scope of the software application, the end-to-end transport connection, the internetworking range, and lastly the scope of the direct links to other nodes on the local network.•The Internet Application Layer includes the OSI Application Layer, Presentation Layer, and most of the Session Layer. Its end-to-end Transport Layer includes the graceful close function of the OSI Session Layer as well as the OSI Transport Layer. The internetworking layer is a subset of the OSI Network Layer (see above), while the Link Layer includes the OSI Data Link and Physical Layers, as well as parts of OSI's Network Layer.Network Security•Issues and Concerns–Non-repudiation–Redundancy•Risks–Network is the key asset in many organizations–Network Attacks•Attacks–Network as a channel for attacks–Network as the target of attackNetwork Security•Defense in Depth–Series of hurdles–Collection of controls•Security controls:–Are built around social, organizational, procedural and technical activities–Will be based on the organization’s security policy•Security Objectives and Attacks–Business risk vs. Security solutions–Attack scenarios–Network entry point•Inbound vs. Outbound attacks•Methodology of Attack–Attack trees–Path of least resistanceTarget Related Issues•Acquisition–Attacks start by gathering intelligence–Controls•Limit information on a network; Distract an attacker•Analysis–Analyze target for security weaknesses•Access –Obtain access to the system–Manage user privileges–Monitor access•Target Appropriation–Escalation of privileges–Attacker may seek sustained control of the system–Controls against privilege escalationNetwork Security Tools•Tools automate the attack processes•Network security is more than just technical implementations•Scanners–Discovery scanning–Compliance scanning–Vulnerability scanningLayer 1: Physical Layer•Bits are converted into signals•All signal processing is handled here•Physical topologiesCommunication Technology•Analog Communication–Analog signals use frequency and amplitude–Transmitted on wires or with wireless devices•Digital communications–Uses different electronic states–Can be transmitted over most media–Integrity of digital communication is easier–Digital communication brings quantitative and qualitative enhancementsNetwork Topology•Even small networks are complex•Network topology and layout affect scalability and security•Wireless networks also have a topology•Ring Topology–Closed-loop topology–Advantages•Deterministic–Disadvantages•Single point of failureNetwork Topology•Bus Topology–LAN with a central cable to which all nodes
View Full Document
Unlocking...