Networking Chapter 12 Homework The Difference That Each Compartment Has Door

Unlock access to all the studying documents.

View Full Document

Chapter 12: Network Security

Core Idea

The central idea of this chapter is an introduction to the field of network security, including the

risks to network devices and the countermeasures to protect them.

Instructor Focus

This topic is obviously vast and constitutes its own course of study and research. The

instructor’s role is not to cover everything, but to help students gain understanding with the

more difficult concepts. One of the most difficult concepts to grasp is cryptography, but an

Exam Objectives Covered by this Chapter/Lesson

x 4.2 Explain authentication and access controls

x 4.5 Given a scenario, implement network device hardening

x 4.6 Explain common mitigation techniques and their purposes

Terminology

Make an effort to define the following terms for the designated areas. After defining these,

calling on the students for repeat definitions as you progress through the slide deck will help

them retain the terminology.

Cryptosystems:

x Symmetric encryption

x Asymmetric encryption (Contrast Symmetric vs Asymmetric)

x Advanced Encryption Standard (AES)

x RSA

Network Threats:

x Denial of service (DoS)

x Social engineering

x FTP bounce

x Distributed denial of service (DDoS)

x Buffer overflow

Network Protection Mechanisms:

x Security policy

x Acceptable use policy (AUP)

x Nessus

x Nmap

x Honey pot

x Honey net

Virtualization and Tunneling:

x Virtual private network (VPN)

x Site-to-site VPN

x Client-to-site VPN

x Remote-access VPN

x IP security (IPsec)

x Internet Key Exchange (IKE)

x Internet Security Association and Key Management Protocol (ISAKMP)

x Security association (SA)

x Authentication Header (AH)

Intrusion Detection and Prevention:

x Intrusion detection system (IDS)

x Intrusion prevention system (IDS)

x Network-based IDS (NIDS)

x Network-based IPS (NIPS)

x Host-based IPS (HIPS)

Chapter 12: Network+ Simulator Matching Activities

x Security Terminology and Descriptions

x Network Vulnerabilities

x Secure Protocols vs Unsecure Protocols

Focus Questions

x What are the goals of network security, and what sorts of attacks do you need to defend

against?

x What best practices can be implemented to defend against security threats?

x What are the characteristics of various remote-access security technologies?

x How can firewalls be used to protect an organization’s internal network, while allowing

Icebreaker Discussion

Choose one or both of the following:

1. What are the biggest threats to a network in terms of security?

There are a variety of answers to this and it should give you an idea of the students’

background in this area to listen to what they suggest. Some of the threats that should be

2. What measures should be taken to protect a network from attack?

This is another question to determine the students’ awareness of network security and their

thought process on how to protect networks from attack. This chapter does not make them

Icebreaker Activity

1. Given the network configuration shown, what steps should be taken to protect it from

attack?

In this example, either PC would be the most likely target because these would have the

most information to extract. One PC could be used to attack the other as well, especially

given the close, almost direct connection of R1. To protect the PCs, you would want some

form of physical protection to keep intruders away from the computers and off the network;

building security would likely accomplish this for most organizations. You would then want

The router would be the second most likely target and it is predominantly subject to

physical compromise since direct access is most likely needed to reconfigure elements of

the device or to inject traffic. Because this device is likely located in a more secure area with

Network+ Simulator Matching Activities

x Types of Network Threats and Attacks

x Wireless Security Terminology

x Security Appliance Terminology and Methods

SW1

SW2

Main Activities

1. Cryptography Overview

There are two main categories of cryptography: symmetric and asymmetric. These can be

applied in different situations. The complexities of the cryptosystems are beyond the scope of

the chapter and indeed the content of the course. However, it will be beneficial for students to

have an understanding of how cryptography works and how it is able to protect messages from

eavesdropping.

Symmetric (secret key) cryptography: This system uses the same key for encrypting (changing the

readable message to an unreadable format) a message and for decrypting (changing the unreadable

message to a readable message) the message. The key (called a secret key) must be kept secret by both

parties because a compromise of the key on either end can allow the messages sent in both directions

to be read by unauthorized persons. A model of symmetric encryption is shown here.

Insert Figure 12-1 Symmetric Encryption Example

Asymmetric (public key) cryptography: Asymmetric cryptography uses two different keys (a public key

and a private key): one is used to encrypt the message (most often the public key) and the other is used

to decrypt the message (most often the private key, though these can be reversed for other purposes).

Understanding Asymmetric Encryption:An alternate

analogy

Imagine a special kind of mailbox hanging on an office door. It has two compartments, one on top of the

other, with a trap door separating the two. If mail is dropped into the top compartment, it goes into the

bottom compartment, kind of like a postal service drop box. The difference is that each compartment

Network+ Simulator Matching Activity

x Cryptographic Authentication Terminology

2. Firewall Operation

A firewall is a device used to keep unwanted traffic out of a network. These are not foolproof

devices, but they do present a good means of limiting a large amount of malicious traffic from a

network. These cannot stop attacks such as a denial-of-service attack, but they can prevent

certain traffic based on their configuration and purpose. Firewalls may be either hardware

based or software based.

sensitivity of the protected network, different solutions may be necessary.

Packet-filtering firewall: This type of firewall filters traffic based only on the packet header

information of incoming and outgoing packets. This type of device is configured similar to an

access control list (ACL), where external addresses or traffic types can be explicitly denied.

Stateful firewall: This is a more complex type of firewall that filters traffic based on established

states of connectivity. For instance, an unsolicited HTTP reply will violate the stateful rules of

connection if there is no corresponding HTTP request, so the HTTP reply message will be filtered

out. In this type of firewall, traffic patterns must be explicitly defined in different states.

Network+ Simulator Labs

x Configuring Port Security

x Configuring a Small Office/Residential Router

x Folder Sharing and Security

x Using Encrypting File System(EFS) to Encrypt Data Files

x Configuring a VPN Client

3. IPsec Basics

One of the most common Internet protocols for establishing secure connections between two

hosts in an end-to-end communication is IPsec. This protocol has a variety of options and

configurations, but its main use is to provide traffic protection over untrusted networks. The

two modes for IPsec that are of most concern for this topic are the tunneling and transport

modes.

Quiz Questions

You can ask the following questions either in class for a group discussion or for individual practice. If

you ask them for individual practice, review in class to make sure everyone properly understands

the content.

1. What is the risk posed by social engineering to a network?

Social engineering is the practice of exploiting the human element in an organization to

compromise computing resources. This often involves pretending to be someone the attacker is

not to gain missing information. A common technique is masquerading as tech support to get

2. Why is cryptography alone insufficient to protect network traffic?

Cryptography is a great tool, but it can only provide message confidentiality (meaning that

anyone who is not authorized cannot read the message). The easiest way to address this

3. What are the benefits and drawbacks of IPsec tunneling mode and IPsec transport mode?

IPsec is a protocol used to establish encryption on end-to-end communication between two

devices. A common application of IPsec is to create virtual private networks (VPNs). The two

4. What is a denial-of-service (DoS) attack and what impact does it have on a target network?

A DoS attack is when a large volume of illegitimate traffic is forced onto a network such that it is

not part of normal operation but must be dealt with by the devices connected to the network.