The Four Planes Security MechanismsFirewallsIntrusion Detection Systems

EncryptionMutual AuthenticationSegmentation

Cisco

Wi-Fi

IPSec and CertificateUser PermissionsGroup PolicyISA

Microsoft

Cisco Router Security Strategies

Wireless Security Mechanisms

Windows Server Security

Implementing Network Security Mechanisms

Network Security Basics

Corporate security policy

1.Secure: Firewall, Encryption,

Authentication

2.Monitor:Intrusion Detection

(NetRanger)

3.Test:Vulnerability Scanning

4.Manage and

Improve

1.Data Plane Security Mechanisms

2.Control Plane Security Mechanisms

3.Management Plane Security Mechanisms

Router Security Strategies

4.Service Plane Security Mechanisms

Development of connected systemsremains costly and frustrating

The Placement of Security Planes

Data Plane

Interface ACL

Unicast RPF

Control Plane

Neighbor authentication (MD5)

Disabling unnecessary services:

CDPHTTPDNSConfiguration auto-loading

Management Plane

Network support and managed

services

Password securityDisabling idle

user sessionsSecure IOS

file systemsAutoSecure

Router Security Strategies

Service Plane

VPN:Confidentiality of informationIntegrity of dataAuthentication of users

MCSE

Implementing Windows Server Security

•Centralized User/Group authentication.•Centralized security.•Searchable database of resources.•Scalability.

SERVERS

DNS Server DHCP & Relay agent Server FTP Server VPN Server WINS Server ISA Server

SIMPLE SERVERS EXPLAINATION

DNS infrastructureResolving Name :IP addresses are more difficult for users to work with than names, but they are necessary for TCP/IPA query is a request for name resolution to a DNS server

DHCPDHCP reduces the complexity and amount of administrative work by using automatic TCP/IP configuration A scope is a range of valid IP addresses that are available for lease or assignment to client computers on a particular subnet.

Built on Microsoft Server Technology

ISA Server• Control all trafic coming

from internet to domain from domain to internet.•Manage the VPN clients.

VPN ServerAllow clients to log into the

domain through the internet connection from a remote location

FTP Server•Managers group.

•Doctors group.

•Secretary group.

•Student group.

•Workers group.

Managing to access resources in the network Using user permissions

• Permissions are:• defining the type of access granted to a user, group,

or computer for an object

•Permissions are cumulative•Deny permissions override all other permissions•Object owners can always change permissions•Retrieving effective permissions

Implementing Group Policy With group policy we can control of how can

users in the whole domain can work on their computers and their privilege on their computers.

•Helps to prevent from software damage by controlling the user applications

•With group policy we can deploy software to all user computers in one time and very easy way.

Microsoft ISA Server 2004

-Overview of Microsoft ISA Server 2004 -Versions of Microsoft ISA Server

Protocols

Users

Rule Source & Destination

Rule ActionAccess Rule

Elements

Connecting to the Internet

Caching with ISA Server

Overview of Caching Configuring Cache Rule HTTP Caching FTP Caching

Monitoring and Reporting

Alerts Sessions Services

Reports Logging

Dashboard:

FTP Server

FTP Server: Responsible for exchange files and folders and controlled it in

the network .

Types of FTP Permissions:

1.Standard permissions

2. Special permissions

What Are Shared Folders

•A shared folder:•Is afolder that is Published to all user in the network .

•Copy a shared folder•The original shared folder is still shared, but the copy of the folder is not shared•Move a shared folder•The folder is no longer shared•Hide a shared folder•Include a $ can access a hidden shared folder •Users can access a hidden shared folder by typing theUNC of the folder .

Managing Access to Shared Folders

Permission Read: View data in files and attributes and run program files.

Permission Change: Add files and subfolders and Change data in files and delete subfolders and files.

Full control: Includes all Read and Change permissions & Enables you to change NTFS files and folders permissions

Wireless

Standards Organizations Overview

Federal Communications Commission

Institute of Electrical and Electronics EngineersInternational Telecommunication Union Radio

communication Sector

International Organization for StandardizationWi-Fi Alliance

Standards Organizations

Wireless Wide Area Network (WWAN)

Wireless LAN Topologies

Wireless Metropolitan Area Network (WMAN)

Wireless Personal Area Network (WPAN)

Wireless Local Area Network (WLAN)

Access Point

Client Station

Distribution System (DS)

Wireless Distribution System (WDS)

Basic Service Set (BSS)

Service Set Identifier (SSID)

802.11 Topologies

Basic Service

Area

(BSA)

Independent Basic

Service Set (IBSS)

Extended Service

Set (ESS)

Basic Service Set Identifier (BSSID) Continue

802.11 Topologies

Wireless Devices

Radio Card Formats

Wireless Network Security Architecture

Encryption

Mutual authentication

Wireless Attacks , Intrusion Monitoring ,and Policy

Rogue Access Point

Peer-to-Peer Attacks

Encryption Cracking

Denial of Service (DoS)

Wireless Security

WEP

Provide weak security

WPA

Was a fast solution implemented by the Wi-Fi vendors to overcome the WEP security problem

WPA2/802.11i

Standard security mechanism applied by the IEEE 802.11 group.WPA2 is a subset of the abilities of IEEE 802.11i.USES 802.1x for authentication.Authenticate Uses via radius server. 4 Way hand shaking for key generation.AES for encryption .