INFORMATION

ASSURANCE &
SECURITY 1
 MODULE 4
IMPLEMENTING
NETWORK SECURITY
OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Define the Network components;
▪ Demonstrate the concepts of network analysis tools;
▪ Enumerate the types of network analysis tools
▪ Explain the types of network monitoring systems;
▪ Discuss how Network Address Translation operations;
▪ Give different deployment models of cloud computing
OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Explain the types of networking protocols and services;
▪ Discuss how each networking protocols operates;
▪ Give different FTP protocols
▪ Explain the types of network administration security;
▪ Discuss how each wireless security protocols works;
▪ Give different wireless security methods
 CONFIGURE SECURITY
PARAMETERS ON NETWORK
DEVICES AND TECHNOLOGIES
Network Components
There are several common components that make up a network:
❑ Device
❑ Media
❑ Network adapter
❑ Network operating system
❑ Protocol
Network Devices
❑Router
❑Switch
❑Firewall
❑Load balancer
❑All-in-one security appliance
Using Dedicated Firewalls to Protect a Network

A firewall is a system that is designed to protect a computer or a computer

network from network-based attacks. A firewall does this by filtering the
data packets traversing the network.
OSI Model and Security

❑Identify threats and targets.

❑Identify how threats will impact your network.
❑Secure your network by layers.
When to Use a Hardware Firewall Instead of a Software Firewall
There are two basic types of software firewall:
▪ Host firewall
▪ Network firewall
Network Analysis Tools
❑Sniffers
❑Protocol analyzers

With an understanding of the network infrastructure, the next step is to analyze

the logs to see which traffic is allowed and which traffic is blocked.

▪ Ingress traffic
▪ Egress traffic
VLAN - Virtual Local Area Network

VLAN1 VLAN2

A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a
computer network at the data link layer
Subnet

Human Resources Accounting

Network

It is any broadcast domain that is partitioned and isolated in a computer

network at the data link layer
IDS - Intrusion Detection Systems

Sensor scans for

signs of attack

INTRUSION DETECTION SYSTEMS (IDS) are designed to detect unauthorized user

activities, attacks, and network compromises.
 IPS - Intrusion Prevention System
Monitors and blocks
suspicious activity

An intrusion prevention system (IPS) is very similar to an IDS, except that in

addition to detecting and alerting, an IPS can also take action to prevent the
breach from occurring.
NIDS - Network-based Intrusion Detection System

Monitors traffic and sends alerts

when suspicious traffic is detected

A network-based IDS (NIDS) monitors network traffic using sensors that are located
at key locations within the network, often in the demilitarized zone (DMZ) or at
network borders.
Wireless IDS

Monitors wireless traffic

and sends alerts when
suspicious activity is
detected

The WIDS is the software that detects an attack on a wireless network or

wireless system.
Network IPS

Monitors and blocks

suspicious activity on
the network

Intrusion Prevention System (IPS) is a network security/threat prevention

technology that examines network traffic flows to detect and prevent
vulnerability exploits.
Wireless IPS Monitors for and blocks
rogue access points on
the network

A wireless intrusion prevention system (WIPS) is a network device that monitors

the radio spectrum for the presence of unauthorized access points (intrusion
detection), and can automatically take countermeasures (intrusion prevention).
Guidelines for Applying Network Security Administration Principles

❑Manage network devices so that they are configured according to security policies.
❑Maintain documentation for all current server configurations.
❑Establish and document baselines.
❑Implement strong ACLs and implement implicit deny.
❑Update antivirus software regularly.
❑Configure only required network services.
❑Disable unused interfaces and unused application service ports.
❑Create and implement a DRP.
❑Apply security updates and patches.
❑Encrypt sensitive data.
❑Check event logs for unusual activity.
❑Monitor network activity.
NETWORK DESIGN ELEMENTS,
IMPLEMENT NETWORKING
PROTOCOLS AND SERVICES
Network Monitoring Systems

Network monitoring software is designed to monitor and manage the

network traffic flow over a network.
Types of Network Monitoring Systems

❑Behavior-based
❑Signature-based
❑Anomaly-based
❑Heuristic.
Web Security Gateway

Web Security
Gateway

Blocked Websites List

Tracking Software

A Web security gateway is a type of security solution that prevents

unsecured traffic from entering an internal network of an organization.
DMZ - Demilitarized Zones
DMZ
Web Server

DMZs are designed to provide access to systems without jeopardizing the

internal network.
NAT - Network Address Translation

NAT Server

24.96.83.120

192.168.12.20 192.168.12.30 192.168.12.100

Network Address Translation (NAT) is a technique used to modify the network

address information of a host while traffic is traversing a router or firewall.
There are two main types of NAT:

Static NAT is used when the

translated device needs to be
accessible from the public network.

Dynamic NAT. This is more

commonly used when many hosts
on the internal network need to
access the internet and don’t have a
requirement for a static address.
VPN - Virtual Private Network

VPN (Virtual Private Network) is a technology that uses encrypted tunnels to create
secure connections across public networks like the internet
 Main Office
VPN Concentrator

VPN
Concentrator

Remote User Branch Office Remote User

A VPN concentrator is a type of networking device that provides secure

creation of VPN connections and delivery of messages between VPN nodes.
Virtualization

Virtualization is the process of running a virtual instance of a computer system in a

layer abstracted from the actual hardware.
Cloud Computing

Cloud computing means storing and

accessing data and programs over the
Internet instead of your computer's
hard drive.
Cloud Computing Deployment Models

❑Private
❑Public
❑Community
❑Hybrid
Cloud Computing Service Types
• SaaS - Software as a Service
• PaaS - Platform as a Service
• IaaS - Infrastructure as a Service
DNS - Domain Name System (or Service or Server)

DNS Server

www.comptia.org

comptia.org
209.117.62.36
209.117.62.36
HTTP - Hypertext Transfer Protocol.

HTTP

Web Client Web Server

HTTP is the protocol used to transfer data over the web.

HTTPS

SSL/TLS

HTTPS, the secure version of HTTP web browsing, uses the SSL protocol.
SSL/TLS
1 Request secure connection

2 Send certificate and public key

3 Negotiate encryption
SECURE SHELL (SSH)
Session is encrypted

SSH Tunnel

Secure Shell (SSH) is a cryptographic network protocol for operating network

services securely over an unsecured network
Telnet

Man-in-the-Middle

TELNET (TELecommunication NETwork) is a network protocol used

on the Internet or local area network (LAN) connections.
Some of the applications supported with SSH include the following:
❑ Secure logon
❑ Secure remote command execution
❑ Secure file transfer
❑ Secure backup, copy, and mirroring of files
❑ Creation of VPN connections (when used in conjunction with the
OpenSSH server and client)
SNMP - Simple Network Management Protocol
SNMP Agents

Server Router Printer

s s s

SNMP Management System

Simple Network Management Protocol (SNMP) is a set of protocols for network

management and monitoring.
ICMP

Sending Node Receiving Node

Data Router Buffer Flood Warning

The Internet Control Message Protocol (ICMP) is a supporting protocol in the

Internet protocol suite.
IPSec
❑Data security in transit
❑Data authenticity and integrity
❑Anti-replay protection
❑Non-repudiation
❑Eavesdropping and sniffing protection

IPSec Standards

Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates
and encrypts the packets of data sent over an Internet Protocol network
 NetBIOS
❑Applications communicate across network
❑Connection communication over sessions
❑Connectionless datagram communication
❑Name registration
❑Vulnerable to analysis by malicious users
❑Implement strong passwords
❑Disallow root access
❑Disable null sessions

The BIOS provides an interface between the computer's operating system and the hardware.
File Transfer Protocols

FTP is used to transfer files between computers on a network.

File Transfer Protocols

SFTP (SSH File Transfer Protocol) is a network protocol that provides file transfer
and manipulation functionality over any reliable data stream.
File Transfer Protocols

FTPS (FTP/SSL) is a name used to provide a number of ways that FTP software
can perform secure file transfers.
File Transfer Protocols
TFTP - Trivial File Transfer Protocol is a file transfer protocol similar to FTP, but is
much more limited.
Ports and Port Ranges

A port is:
❑Endpoint of logical connections

❑Numbered from 0 to 65,535

❑Split into three blocks:

✓Well-known ports
✓Registered ports
✓Dynamic ports
 APPLY SECURE NETWORK
ADMINISTRATION PRINCIPLES
/ SECURE WIRELESS TRAFFIC
Network Administration Security Methods
❑Flood guards
❑Loop protection
❑Port security
❑MAC limiting
❑MAC filtering
❑Network separation
❑VLAN management
❑Implicit deny
❑Log analysis
Network Administration Security Methods

Flood guards serves as preventive control against denial-of-service (DoS) or

distributed denial-of-service (DDoS) attacks.

Loop protection increases the efficiency of STP, RSTP, and MSTP by preventing
ports from moving into a forwarding state that would result in a loop opening up in
the network.

Port Security enables an administrator configure individual switch ports to allow

only a specified number of source MAC addresses ingressing the port.
Network Administration Security Methods

MAC LIMITING protects against flooding of the Ethernet switching table,

and is enabled on Layer 2 interfaces (ports).

MAC FILTERING refers to a security access control method whereby the

MAC address assigned to each network card is used to determine access to
the network.

NETWORK SEPARATION is the tool used for dividing a network into smaller
parts which are called subnetworks or network segments.
Network Administration Security Methods

VLAN MANAGEMENT is a network switch that contains a mapping of

device information to VLAN.

IMPLICIT DENY is a security stance treats everything not given specific and
selective permission as suspicious.

LOG ANALYSIS is the term used for analysis of computer-generated records

for helping organizations, businesses or networks in proactively and
reactively mitigating different risks.
Guidelines for Applying Network Security Administration Principles

✓ Manage network devices so that they are configured according to security policies.
✓ Maintain documentation for all current server configurations.
✓ Establish and document baselines.
✓ Implement strong ACLs and implement implicit deny.
✓ Update antivirus software regularly.
✓ Configure only required network services.
Guidelines for Applying Network Security Administration Principles

✓ Disable unused interfaces and unused application service ports.

✓ Create and implement a DRP.
✓ Apply security updates and patches.
✓ Encrypt sensitive data.
✓ Check event logs for unusual activity.
✓ Monitor network activity.
Wireless Networks

❑Portable
❑Inexpensive
❑No obtrusive cabling
❑Introduces new, significant security issues

A wireless LAN (WLAN) allows users to connect to a network while allowing

them to remain mobile.
WIRELESS STANDARDS

Wireless standards are a set of services and protocols that dictate how your Wi-
Fi network (and other data transmission networks) acts.
WIRELESS STANDARDS
802.11: There were actually two variations on the initial 802.11 wireless standard.
Both offered 1 or 2Mbps transmission speeds and the same RF of 2.4GHz.
WIRELESS STANDARDS
802.11a - The first “letter” following the June 1997 approval of the 802.11 standard,
this one provided for operation in the 5GHz frequency, with data rates up to
54Mbps.
WIRELESS STANDARDS
802.11b - Released in September 1999, it’s most likely that your first home router
was 802.11b, which operates in the 2.4GHz frequency and provides a data rate up
to 11 Mbps.
WIRELESS STANDARDS
802.11g offers wireless transmission over distances of 150 feet and speeds
up to 54Mbps compared with the 11Mbps of the 802.11b standard.
WIRELESS STANDARDS
802.11n (Wi-Fi 4)
WIRELESS STANDARDS
802.11ac (Wi-Fi 5) - Current home wireless routers are likely 802.1ac-
compliant, and operate in the 5 GHz frequency space.
Wireless Security Protocols

Wireless security is the anticipation of unauthorized access or breaks to

computers or data by means of wireless networks.
Wireless Security Protocols

WEP was included as part of the original IEEE 802.11

standard and was intended to provide privacy

WPA was designed as the interim successor to WEP.

WPA2 is the security method added to WPA for wireless networks that provides
stronger data protection and network access control

WPA3, released in June 2018, is the successor to WPA2, which security experts
describe as “broken.”
Wireless Security Methods

❑Configure access point settings.

❑Adjust SSID settings.
❑Enable encryption.
❑Configure network security settings.
❑Adjust antenna and power source placement.
❑Adjust client settings.
Understanding Service Set IDentifier (SSID)
The most basic component of the wireless network is the SSID

While there aren’t any specific security capabilities associated with the SSID, there
are some security considerations that should be taken into account:

✓ Choose your own SSID

✓ Follow naming conventions
✓ Turn off your SSID
Captive Portals
A captive portal is a web page
accessed with a web browser that
is displayed to newly connected
users of a Wi-Fi or wired network
before they are granted broader
access to network resources.
Site Surveys

Site surveys are inspections of an area where work is proposed, to

gather information for a design or an estimate to complete the initial
tasks required for an outdoor activity.
Guidelines for Securing Wireless Traffic
❑Keep sensitive data off of wireless devices.
❑Install antivirus software on wireless devices.
❑Harden wireless devices and routers.
❑Use a VPN with IPSec.
❑Conduct a site survey.
❑Implement security protocols.
Guidelines for Securing Wireless Traffic
❑Implement authentication and access control.
❑Implement an IDS.
❑Avoid relying on MAC filtering and disabling SSID broadcasts.
❑Implement captive portals that require login credentials.
❑Follow hardware and software vendors’ security recommendations.
❑Document all changes.
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)