gradution project
DESCRIPTION
TRANSCRIPT
The Four Planes Security MechanismsFirewallsIntrusion Detection Systems
EncryptionMutual AuthenticationSegmentation
Cisco
Wi-Fi
IPSec and CertificateUser PermissionsGroup PolicyISA
Microsoft
Cisco Router Security Strategies
Wireless Security Mechanisms
Windows Server Security
Implementing Network Security Mechanisms
Network Security Basics
Corporate security policy
1.Secure: Firewall, Encryption,
Authentication
2.Monitor:Intrusion Detection
(NetRanger)
3.Test:Vulnerability Scanning
4.Manage and
Improve
1.Data Plane Security Mechanisms
2.Control Plane Security Mechanisms
3.Management Plane Security Mechanisms
Router Security Strategies
4.Service Plane Security Mechanisms
Development of connected systemsremains costly and frustrating
The Placement of Security Planes
Data Plane
Interface ACL
Unicast RPF
Control Plane
Neighbor authentication (MD5)
Disabling unnecessary services:
CDPHTTPDNSConfiguration auto-loading
Management Plane
Network support and managed
services
Password securityDisabling idle
user sessionsSecure IOS
file systemsAutoSecure
Router Security Strategies
Service Plane
VPN:Confidentiality of informationIntegrity of dataAuthentication of users
MCSE
Implementing Windows Server Security
•Centralized User/Group authentication.•Centralized security.•Searchable database of resources.•Scalability.
SERVERS
DNS Server DHCP & Relay agent Server FTP Server VPN Server WINS Server ISA Server
SIMPLE SERVERS EXPLAINATION
DNS infrastructureResolving Name :IP addresses are more difficult for users to work with than names, but they are necessary for TCP/IPA query is a request for name resolution to a DNS server
DHCPDHCP reduces the complexity and amount of administrative work by using automatic TCP/IP configuration A scope is a range of valid IP addresses that are available for lease or assignment to client computers on a particular subnet.
Built on Microsoft Server Technology
ISA Server• Control all trafic coming
from internet to domain from domain to internet.•Manage the VPN clients.
VPN ServerAllow clients to log into the
domain through the internet connection from a remote location
FTP Server•Managers group.
•Doctors group.
•Secretary group.
•Student group.
•Workers group.
Managing to access resources in the network Using user permissions
• Permissions are:• defining the type of access granted to a user, group,
or computer for an object
•Permissions are cumulative•Deny permissions override all other permissions•Object owners can always change permissions•Retrieving effective permissions
Implementing Group Policy With group policy we can control of how can
users in the whole domain can work on their computers and their privilege on their computers.
•Helps to prevent from software damage by controlling the user applications
•With group policy we can deploy software to all user computers in one time and very easy way.
Microsoft ISA Server 2004
-Overview of Microsoft ISA Server 2004 -Versions of Microsoft ISA Server
Protocols
Users
Rule Source & Destination
Rule ActionAccess Rule
Elements
Connecting to the Internet
Caching with ISA Server
Overview of Caching Configuring Cache Rule HTTP Caching FTP Caching
Monitoring and Reporting
Alerts Sessions Services
Reports Logging
Dashboard:
FTP Server
FTP Server: Responsible for exchange files and folders and controlled it in
the network .
Types of FTP Permissions:
1.Standard permissions
2. Special permissions
What Are Shared Folders
•A shared folder:•Is afolder that is Published to all user in the network .
•Copy a shared folder•The original shared folder is still shared, but the copy of the folder is not shared•Move a shared folder•The folder is no longer shared•Hide a shared folder•Include a $ can access a hidden shared folder •Users can access a hidden shared folder by typing theUNC of the folder .
Managing Access to Shared Folders
Permission Read: View data in files and attributes and run program files.
Permission Change: Add files and subfolders and Change data in files and delete subfolders and files.
Full control: Includes all Read and Change permissions & Enables you to change NTFS files and folders permissions
Wireless
Standards Organizations Overview
Federal Communications Commission
Institute of Electrical and Electronics EngineersInternational Telecommunication Union Radio
communication Sector
International Organization for StandardizationWi-Fi Alliance
Standards Organizations
Wireless Wide Area Network (WWAN)
Wireless LAN Topologies
Wireless Metropolitan Area Network (WMAN)
Wireless Personal Area Network (WPAN)
Wireless Local Area Network (WLAN)
Access Point
Client Station
Distribution System (DS)
Wireless Distribution System (WDS)
Basic Service Set (BSS)
Service Set Identifier (SSID)
802.11 Topologies
Basic Service
Area
(BSA)
Independent Basic
Service Set (IBSS)
Extended Service
Set (ESS)
Basic Service Set Identifier (BSSID) Continue
802.11 Topologies
Wireless Devices
Radio Card Formats
Wireless Network Security Architecture
Encryption
Mutual authentication
Wireless Attacks , Intrusion Monitoring ,and Policy
Rogue Access Point
Peer-to-Peer Attacks
Encryption Cracking
Denial of Service (DoS)
Wireless Security
WEP
Provide weak security
WPA
Was a fast solution implemented by the Wi-Fi vendors to overcome the WEP security problem
WPA2/802.11i
Standard security mechanism applied by the IEEE 802.11 group.WPA2 is a subset of the abilities of IEEE 802.11i.USES 802.1x for authentication.Authenticate Uses via radius server. 4 Way hand shaking for key generation.AES for encryption .