Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Chapter 12: Network Security
Core Idea
The central idea of this chapter is an introduction to the field of network security, including the
risks to network devices and the countermeasures to protect them.
Instructor Focus
This topic is obviously vast and constitutes its own course of study and research. The
instructor’s role is not to cover everything, but to help students gain understanding with the
more difficult concepts. One of the most difficult concepts to grasp is cryptography, but an
Exam Objectives Covered by this Chapter/Lesson
x 4.2 Explain authentication and access controls
x 4.5 Given a scenario, implement network device hardening
x 4.6 Explain common mitigation techniques and their purposes
Terminology
Make an effort to define the following terms for the designated areas. After defining these,
calling on the students for repeat definitions as you progress through the slide deck will help
them retain the terminology.
Cryptosystems:
x Symmetric encryption
x Asymmetric encryption (Contrast Symmetric vs Asymmetric)
x Advanced Encryption Standard (AES)
x RSA
Network Threats:
x Denial of service (DoS)
x Social engineering
x FTP bounce
x Distributed denial of service (DDoS)
x Buffer overflow
Network Protection Mechanisms:
x Security policy
x Acceptable use policy (AUP)
x Nessus
x Nmap
x Honey pot
x Honey net
Virtualization and Tunneling:
x Virtual private network (VPN)
x Site-to-site VPN
x Client-to-site VPN
x Remote-access VPN
x IP security (IPsec)
x Internet Key Exchange (IKE)
x Internet Security Association and Key Management Protocol (ISAKMP)
x Security association (SA)
x Authentication Header (AH)
Intrusion Detection and Prevention:
x Intrusion detection system (IDS)
x Intrusion prevention system (IDS)
x Network-based IDS (NIDS)
x Network-based IPS (NIPS)
x Host-based IPS (HIPS)
Chapter 12: Network+ Simulator Matching Activities
x Security Terminology and Descriptions
x Network Vulnerabilities
x Secure Protocols vs Unsecure Protocols
Focus Questions
x What are the goals of network security, and what sorts of attacks do you need to defend
against?
x What best practices can be implemented to defend against security threats?
x What are the characteristics of various remote-access security technologies?
x How can firewalls be used to protect an organization’s internal network, while allowing
Icebreaker Discussion
Choose one or both of the following:
1. What are the biggest threats to a network in terms of security?
There are a variety of answers to this and it should give you an idea of the students’
background in this area to listen to what they suggest. Some of the threats that should be
2. What measures should be taken to protect a network from attack?
This is another question to determine the students’ awareness of network security and their
thought process on how to protect networks from attack. This chapter does not make them
Icebreaker Activity
1. Given the network configuration shown, what steps should be taken to protect it from
attack?
In this example, either PC would be the most likely target because these would have the
most information to extract. One PC could be used to attack the other as well, especially
given the close, almost direct connection of R1. To protect the PCs, you would want some
form of physical protection to keep intruders away from the computers and off the network;
building security would likely accomplish this for most organizations. You would then want
The router would be the second most likely target and it is predominantly subject to
physical compromise since direct access is most likely needed to reconfigure elements of
the device or to inject traffic. Because this device is likely located in a more secure area with
Network+ Simulator Matching Activities
x Types of Network Threats and Attacks
x Wireless Security Terminology
x Security Appliance Terminology and Methods
SW1
SW2
R1
Main Activities
1. Cryptography Overview
There are two main categories of cryptography: symmetric and asymmetric. These can be
applied in different situations. The complexities of the cryptosystems are beyond the scope of
the chapter and indeed the content of the course. However, it will be beneficial for students to
have an understanding of how cryptography works and how it is able to protect messages from
eavesdropping.
Symmetric (secret key) cryptography: This system uses the same key for encrypting (changing the
readable message to an unreadable format) a message and for decrypting (changing the unreadable
message to a readable message) the message. The key (called a secret key) must be kept secret by both
parties because a compromise of the key on either end can allow the messages sent in both directions
to be read by unauthorized persons. A model of symmetric encryption is shown here.
Insert Figure 12-1 Symmetric Encryption Example
Asymmetric (public key) cryptography: Asymmetric cryptography uses two different keys (a public key
and a private key): one is used to encrypt the message (most often the public key) and the other is used
to decrypt the message (most often the private key, though these can be reversed for other purposes).
Understanding Asymmetric Encryption:An alternate
analogy
Imagine a special kind of mailbox hanging on an office door. It has two compartments, one on top of the
other, with a trap door separating the two. If mail is dropped into the top compartment, it goes into the
bottom compartment, kind of like a postal service drop box. The difference is that each compartment
Network+ Simulator Matching Activity
x Cryptographic Authentication Terminology
2. Firewall Operation
A firewall is a device used to keep unwanted traffic out of a network. These are not foolproof
devices, but they do present a good means of limiting a large amount of malicious traffic from a
network. These cannot stop attacks such as a denial-of-service attack, but they can prevent
certain traffic based on their configuration and purpose. Firewalls may be either hardware
based or software based.
sensitivity of the protected network, different solutions may be necessary.
Packet-filtering firewall: This type of firewall filters traffic based only on the packet header
information of incoming and outgoing packets. This type of device is configured similar to an
access control list (ACL), where external addresses or traffic types can be explicitly denied.
Stateful firewall: This is a more complex type of firewall that filters traffic based on established
states of connectivity. For instance, an unsolicited HTTP reply will violate the stateful rules of
connection if there is no corresponding HTTP request, so the HTTP reply message will be filtered
out. In this type of firewall, traffic patterns must be explicitly defined in different states.
Network+ Simulator Labs
x Configuring Port Security
x Configuring a Small Office/Residential Router
x Folder Sharing and Security
x Using Encrypting File System(EFS) to Encrypt Data Files
x Configuring a VPN Client
3. IPsec Basics
One of the most common Internet protocols for establishing secure connections between two
hosts in an end-to-end communication is IPsec. This protocol has a variety of options and
configurations, but its main use is to provide traffic protection over untrusted networks. The
two modes for IPsec that are of most concern for this topic are the tunneling and transport
modes.
Quiz Questions
You can ask the following questions either in class for a group discussion or for individual practice. If
you ask them for individual practice, review in class to make sure everyone properly understands
the content.
1. What is the risk posed by social engineering to a network?
Social engineering is the practice of exploiting the human element in an organization to
compromise computing resources. This often involves pretending to be someone the attacker is
not to gain missing information. A common technique is masquerading as tech support to get
2. Why is cryptography alone insufficient to protect network traffic?
Cryptography is a great tool, but it can only provide message confidentiality (meaning that
anyone who is not authorized cannot read the message). The easiest way to address this
3. What are the benefits and drawbacks of IPsec tunneling mode and IPsec transport mode?
IPsec is a protocol used to establish encryption on end-to-end communication between two
devices. A common application of IPsec is to create virtual private networks (VPNs). The two
4. What is a denial-of-service (DoS) attack and what impact does it have on a target network?
A DoS attack is when a large volume of illegitimate traffic is forced onto a network such that it is
not part of normal operation but must be dealt with by the devices connected to the network.
