Chapter 7. Infrastructure is the basic physical structures (devices) in an organization required...

Infrastructure SecurityChapter 7

Infrastructure is the basic physical structures (devices) in an organization required for the correct operation.

The proper use of right components may improve the performance and the security.

Infrastructure

2Prepared by Saher Hasan Mohammed

Prepared by Saher Hasan Mohammed 3

A complete network consist of many different types devices.

Every device in a network has a specific responsibility to perform.

Devices can be used to regulate the flow of data, expand the network and provide safe working environment.

Devices


Workstations are the most common, and integral part of any network.

Workstations are the machines that an end user uses to perform the daily work activities.

Workstations are also called a client terminals.

Workstations are prone to many security threats.

Examples of workstation OS are MS Windows 95/ 2000/ XP/ Vista/ 7

Workstations


Out-of-date OS: Install the latest OS/ Security patch.

No firewall between the workstation and the internet: Install a firewall.

No antivirus programs installed: Install an antivirus program, and update it periodically

Workstations – Threats


Unnecessary software application installed. Uninstall all the unnecessary software programs.

Unnecessary hardware installed. Uninstall all the unnecessary hardware devices

Unnecessary user accounts created. Remove all the user accounts, and protect the administrator account with a strong password.

Workstations – Threats


Workstations are the primary mode of entry for a virus into a network.

In a network, if one workstation is infected by a virus, then other workstations can also be infected.

A virus can propagate from one computer to another when an infected file is transferred from one computer to another via an email or an optical disk.

Workstation – Antivirus


Workstations should have up-to-date antivirus program installed.

Antivirus programs should be updated periodically.

If a workstation is infected, disconnect it from the network, remove all the file, format the workstation, install a fresh copy of up-to-date OS and antivirus program and then connect the workstation to the network.

Workstation – Antivirus


Workstation


The servers are the computers in a network that host applications and data for everyone to share.

Serves can host applications like email, database, print, websites.

Servers use a more robust and sophisticated OS.

While setting up a server, only the specific applications needed to perform an activity should be installed.

Examples of Sever OS are MS Windows 2003/ 2008 Server.

Server


The need for antivirus on a server depends on the use of the server.

If the server is used as a DNS server or remote access server, then antivirus is not mandatory.

If the server is used as email server or a file server, then an antivirus plays a very important role, and it must be installed and updated periodically.

Server – Antivurus


To connect any workstation, server, MFP, or any network device, NIC is used.

NIC can be a single port NIC or multiport NIC.

The purpose of NIC is to provide lower-level functionality from the OSI model.

Network Interface Card (NIC)


A repeater is a simple hardware device that receives a weak signal and regenerates it.

Since the repeater creates a new signal, the distortion or attenuation is removed and the signal is made stronger.

Repeaters are used at Layer 1( Physical) of the OSI Model.

Repeaters are generally used to extend the coverage of a network by extending the length of the segment.

Repeater


Repeater


A hub is a hardware device that physically connects multiple cables, providing a common connection point.

Hubs are passive devices. They will forward a message to all the nodes connected via the ports.

Hubs will divide the bandwidth among all the nodes.

Hubs have a single collision domain, thus collisions are more.

Hubs are used at Layer 1( Physical) of the OSI Model.

Hub


Hub


A switch is a special type of hub.

A switch is an active device.

Switch operates at the second layer (DLL) of OSI model.

A switch will forward the packets only the correct destination.

A switch will not divide the bandwidth, thus the transmission speed is higher.

Switches have 2 collision domains, thus reducing the amount of collisions

Switch


Switch


A bridge is software or a hardware device that connects two LAN’s or two segments of the same LAN.

Bridge is a layer 2 (DLL) device.

Two LAN’s or the two segments of the same LAN must use the same data link protocol.◦ Example (Ethernet, Token, Ring)

Bridges


Transparent Bridge: Connects two LAN’s that use the same data link protocol.◦ Ethernet network– Ethernet network.◦ Token ring network – Token ring network.

Translating Bridge: Connects two LAN’s that use different data link protocol.◦ Ethernet network– Token ring network.◦ Token ring network – Ethernet network.

Bridges Types


Bridges


Routers are hardware devices used to forward the data packets between different networks.

Routers intelligent devices, they have routing protocols and store the path information in the routing tables.

Routers operate at the third layer (Network) of OSI model.

Since the routers are geographically separated, they can be accessed remotely via SNMP. This poses a security threat.

Router


Routers can be static or dynamic.◦ Static – the routing table cannot be changes.◦ Dynamic – the routing table can change depending on the situation to

find the next best route.

Routers


Router


A gateway is a node on a network that serves as an entrance to another network.

Gateway is a device that uses software to connect networks with different architecture by performing protocol conversion at the application level.

Gateway operates at all the 7 layers of the OSI Model.

Gateways


Gateways


A firewall is a network device-hardware, software, or a combination.

The main purpose of a firewall is to enforce a security policy across its connections.

Security policies are a series of rules that define what traffic is permissible and what traffic is to be blocked or denied.

The corporate connection to the internet must go through a firewall, this blocking all the unwanted access to the internet.

Firewalls


Firewalls can enforce the security policies through the following mechanisms:◦ Network Address Translation ◦ Basis Packet Filtering◦ Access Control Lists

Firewall


Firewall


Wireless devices being additional security concerns.

Since wireless devices do not have any physical medium, and used radio waves and infrared to carry out the data transmission, it is very difficult to control who can view the data.

Unsecured and unprotected wireless routers can pose a severe security threat to the corporate network.

Wireless


Wireless


Modem is a short name for modulator/ demodulator.

It converts analog signals to digital signals and vice versa.

A digital subscriber line (DSL) modem provides a direct digital connection between a subscribers computer and an Internet connection at the local telephone company’s switching station.

This private connection offers some degree of security and privacy.

Modems


Cable modems are set up in a shared arrangement, this allows the neighbor to sniff the network traffic.

Cable modems were designed to share the party line in the terminal signal area.

Cable modems use Data Over Cable Service Interface Specification (DOCSIS) standard to facilitate the communication.

Cable and DSL services were designed for continuous connection.

Modems


Modem


The modem connection provides a direct network connection between the modem equipment and the client computer. There is no inherent security mechanism in this setup.

The best security measure in the Cable/ DSL setup is the use of a firewall.

Cable/ DSL Security


Private branch exchanges are an extension of the public telephone network into a business.

PBX serves a particular business or an office.

PBX’s are computer based switching equipment designed to connect telephones into the local phone system.

PBX’s can be hacked via a phone hacker, also called as phreakers.

Telephone firewalls must be used to regulate the telecommunication.

Telecom/ PBX


Telecom/ PBX


IDS are systems designed to detect, log, and respond to unauthorized network or host use, both in real time and after the fact.

IDS are of two types, network-based systems and host based systems.

IDS have two primary methods of detection, signature-base and anomaly-base.

Intrusion Detection System (IDS)


Network-based IDS solutions are connected to a segment of network where they examine all of the passing packets.

Using signature of known attacks, a network IDS can observe misuse of the network.

Network IDS should be placed at critical parts of the corporate network. Ideally, at the port of entry into the network.




Segment 1

Segment 2

Switch A

Switch B

Router

FIREWALL

Internet

IDS


A host based IDS works by collecting the information from all of the servers on the network.

The IDS collects all this information and analyze it to detect any pattern of unauthorized usage.

Host based IDS works well for small networks, but for large networks, its becomes an issue to collect and analyze all the information.



The anomaly method works by analysis statistical patterns of usage of a network.

A network pattern is prepared under normal operating conditions. If there is any significant deviation from this normal pattern, an alert is generated.

This method is good for detecting a large scale deviation.

For a smaller deviation, anomaly method can raise a false alarm.



Mobile devices like PDS’s, smart phones and tablets can add security threats to a corporate network.

When synchronizing the mobile device with the office computer, there are chances of introducing a virus/ bug into the network.

Mobile Devices


Any network device can be hacked and misused if it is not properly configured and physically secured.

The best way to secure a network device is by correctly configuring it, setting the correct access controls and using strong passwords.

Security Concerns for the Devices


Media is the base for communication between devices.

Media operates at the layer 1 (physical layer) of the OSI model.

Common types of media used are,◦ Coaxial cable◦ Twisted-pair cable◦ Fiber-optics◦Wireless

Media


Coaxial cables are very common in connecting TV’s to cable services or satellite.

It is used in these areas because of its high bandwidth and shielding capabilities.

Coax cables are less prone to the external interferences, but very costly to run.

Coaxial Cable (coax)


Coaxial Cable (coax)


Twisted-pair cables have replaced the coax cables in the Ethernet networks.

Twisted-pair cables use the same technology used by the phone company for the movement of electrical signals.

Twisted-pair cables come if two forms,◦ Unshielded Twisted-pair cables◦ Shielded Twisted-pair cables

Twisted-pair Cable


Shielded twisted-pair Cable (STP) has a foil shield around the pairs to provide extra shielding from electromagnetic interference.

Unshielded twisted-pair Cable (UTP) has no such foil around it. It uses the actual twists to eliminate interference.

STP provides better communication, but it is expensive compared to UTP.

Twisted-pair Cable


The standard method of connecting twisted-pair cables is via a 8-pin connector called RJ-45 connector.

Twisted-pair cables are divided into three categories depending upon their transmission speed.

Twisted-pair Cable

Designation Category Description

10BaseT Category 3 10 Mbps baseband Ethernet over twisted pair cable with a maximum length of 100 meters.

100BaseT Category 5 100 Mbps baseband Ethernet over twisted pair cable.

1000BaseT Category 6 1000 Mbps baseband Ethernet over four pairs of category 5 unshielded twisted pair cables.


Twisted-pair Cable


Fiber optic cable uses a beam of laser light to connect devices over a thin glass wire.

The biggest advantage of fiber optic cables is the higher bandwidth. These cables are used as a backbone to all the large networks and internet.

The biggest disadvantage of fiber optic cables is the cost.

Fiber Optic Cables


Making connection to a fiber optic cable is very difficult/ impossible.

It is very difficult to splice a fiber optic. Making the precise connections on the end of fiber optic line is a highly skilled job and is done by a specifically trained professionals.

Once the connector is fitted on the end, several forms of connectors and blocks are used to make new connections.

Fiber Optic Cables


Fiber Optic Cable


Unguided media is a phrase used to cover all transmission media not guided by wire or fiber.

Unguided media includes radio frequency (RF), infrared (IR) and microwave methods.

Unguided media have one attribute in common, that they are unguided and can travel to many machines simultaneously.

Unguided Media


Radio Frequency (RF) is the most common and widely used method of wireless communication.

RF waves uses variety of frequency bands, each with special characteristics.

Microwave is used to describe a specific portion of the RF spectrum that is used for communication as well as other tasks such as cooking.

RF/Microwave


Advantages of Microwaves ◦Microwaves can penetrate through thick walls◦Microwaves can propagate through rough terrain◦Microwaves have broadcast capability ◦Microwaves provide cost-effective solutions

RF/Microwave


IR is a band of electromagnetic energy just beyond the red end of the visible spectrum.

IR is commonly used in remote control devices, wireless devices like printers, keyboards, mice and PDA’s.

Drawbacks of IR◦ Slow◦ Cannot penetrate thick walls

Infrared (IR)


Obtaining physical, unauthorized access to the media can have severe consequences.

The ability to observe the network traffic; username, password and data is called as sniffing.

War driving involves using a laptop and software to find wireless networks from outside the premises. It is mainly used to locate a wireless network with poor or no security and obtaining free internet access.

Security Concerns for Transmission Media


Advancement of technology has reduced the size of storage devices, cost and increased the storage capacity.

Examples of removable media are◦ Hard drives (portable external HD)◦ Diskettes (floppy drives)◦ Tapes (magnetic tapes)◦ Optical media (CD and DVD)◦ Electronic media (SD cards)

Removable Media


Since the removable media is portable and small in size, it can easily be stolen. This results in the loss of critical information.

Common way to prevent this loss ◦ Store all the important information on a server, not on a portable

media◦ If portable media is not necessary then remove it from the computer

Security Concerns for Removable Media


Security Topology - DMZ

Un-trusted Zone – Internet

Outer Firewall

Semi-trusted Zone - DMZ

Inner Firewall

Trusted Zone – Internal Network

Server

Server


The DMZ acts like a buffer zone between the Internet (un-trusted zone) and internal network (trusted zone).

A firewall is used to clearly demarcate the zones and enforce the separation of zones.

Special attention must be given to all the devices within the DMZ as they can be accessed by unauthorized users. Special security measures are used for all the devices within the DMZ.

Any server directly accessed from un-trusted zone must be present in a DMZ.

Security Topology - DMZ


Tunneling is a method of packaging packets so that they can travel a network in a secure and confidential manner.

Each network uses a IPSec router, these routes establish a secure and confidential path by using VPN.

These encrypted packets are not visible to outside routers, thus creating a tunnel across the Internet and establish a private connection, secure from outside use.

Security Topology – Tunneling


Security Topology – Tunneling

Public Internet

IPSec Routers

Tunnel

Jeddah OfficeRiyadh Office

IPSec Routers

Chapter 7. Infrastructure is the basic physical structures (devices) in an organization required...

Documents

Transcript of Chapter 7. Infrastructure is the basic physical structures (devices) in an organization required...