Guide to Operating
System Security
Chapter 7
Physical and Network
Topology Security
Objectives




Explain physical security methods for
workstations, servers, and network devices
Implement a network topology for security
Explain network communications media in
relation to security
Use structured network design for security
Guide to Operating System Security
2
Physical Security




Limiting physical access
Location of equipment
Construction quality
Devices to protect



Workstations
Servers
Network devices and communications media
Guide to Operating System Security
3
Workstation Security






Password protect user accounts
Configure screen saver with a password
Log off or turn off computers when not in use
Lock office doors
Keep ventilation holes unobstructed
Keep liquids away from computer
Guide to Operating System Security
4
Workstation Security
Guide to Operating System Security
5
Server Security (Continued)





Centralized versus decentralized
considerations
Environmentally controlled computer room
Strong access controls
Cipher locks on locked doors
Power regulation devices
Guide to Operating System Security
6
Server Security (Continued)




Motion sensors
Camera-monitored entrances and equipment
Fire detection and suppression equipment
Screen savers for servers
Guide to Operating System Security
7
Configuring Screen Savers

Windows Server


Red Hat Linux 9.x


Use screen saver options with passwords for
servers
Lock a screen using screen saver
NetWare


SCRSAVER command at the console
SECURE CONSOLE command
Guide to Operating System Security
8
Configuring a NetWare Screen
Saver (Continued)
Guide to Operating System Security
9
Configuring a NetWare Screen
Saver
Guide to Operating System Security
10
Network Devices






Access servers
Bridges
Chassis hubs
Firewalls
Hubs
Multiplexers
Guide to Operating System Security





Repeaters
Routers
Switches
Transceivers
UPS
11
Securing Network Devices

Place central wiring and network devices in
wiring closets that follow EIA/TIA-569
standards




Telecommunications room
Main cross-connect
Intermediate cross-connect
Locate wiring closets away from sources of
EMI and RFI
Guide to Operating System Security
12
Designing a Network Topology
for Security

Main network topologies




Bus
Ring
Star
Bus-star
Guide to Operating System Security
13
Bus Topology



Cable runs from one computer to the next, like
a chain
Terminators connect to each bus cable segment
Disadvantages


Easily compromised by removing a terminator
Easy for unauthorized person to tap into cable
segment
Guide to Operating System Security
14
Bus Topology
Guide to Operating System Security
15
Ring Topology



Continuous path for data; no logical beginning
or ending point; no terminators
Easier to manage, more reliable, and more
secure than the bus
More expensive than the bus
Guide to Operating System Security
16
Ring Topology
Guide to Operating System Security
17
Star Topology


Multiple stations attached to central hub or
switch
Allows you to emphasize security, efficiency,
and reliability
Guide to Operating System Security
18
Star Topology
Guide to Operating System Security
19
Star Topology

Advantages





Wide variety of equipment available
Unauthorized taps are difficult
Easier to manage than the bus
Expansion options
Disadvantages


Hub or switch is single point of failure
Requires more cable than bus
Guide to Operating System Security
20
Logical Bus Networks in a
Physical Star Layout


Most common topology
Advantages


No exposed terminators to pose security risk
Expansion capabilities
Guide to Operating System Security
21
Communications Media and
Network Security




Coaxial cable
Twisted-pair cable
Fiber-optic cable
Wireless technologies
Guide to Operating System Security
22
Coaxial Cable



Copper wire construction
Thick and thin varieties
Suitability


Older LANs
LANs with strong sources of signal interference
Guide to Operating System Security
23
Thick Coaxial Cable
Guide to Operating System Security
24
Thin Coaxial Cable (Thinnet)
Guide to Operating System Security
25
Twisted-Pair Cable



Copper wire construction
Shielded twisted-pair (STP) and unshielded
twisted-pair (UTP)
Most commonly used cabling
Guide to Operating System Security
26
Twisted-Pair Cable
Guide to Operating System Security
27
Fiber-Optic Cable



Glass (usually) or plastic cable
Single mode and multimode
Suitability




High-speed LAN and WAN access
To connect networks between different locations
In situations with significant electrical interference
Where security is a concern
Guide to Operating System Security
28
Fiber-Optic Cable
Guide to Operating System Security
29
Wireless Technologies


Radio, infrared, or microwave
Suitability


Difficult or too expensive to use cable
When flexibility to move network hosts and
devices is required
Guide to Operating System Security
30
Comparing Cable Types
Guide to Operating System Security
31
Using Structured Design



Follow accepted guidelines for cable
installation
Deploy structured wiring design
Implement structured network design
Guide to Operating System Security
32
Guidelines for Cable Installation
(Continued)





Meet or exceed maximum bandwidth
requirements
Category 5 or better UTP cable
Multimode fiber-optic riser cable between
floors
IEEE specifications
Single-mode fiber-optic cable for long runs
Guide to Operating System Security
33
Guidelines for Cable Installation
(Continued)





Wireless options where needed
Star-based cable plants
High-quality cable
Building codes (eg, plenum cable)
Do not exceed tension limits of twisted-pair
cable
Guide to Operating System Security
34
Guidelines for Cable Installation
(Continued)





Follow rules for cable bend radius
Extra cable at endpoints
Qualified contractor
Label all cable
Ground cable plants (EIA/TIA-607 standard)
Guide to Operating System Security
35
Structured Wiring Requirements




Flexible cabling
Wiring stations into a physical star
Adherence to EIA/TIA-568-A/EIA-TIA-568-B
standards for horizontal wiring
Centralizing cable plant in chassis hubs or
switches
Guide to Operating System Security
continued… 36
Structured Wiring Requirements



Intelligence built into chassis hubs and
switches to detect problems at stations
Ability to isolate hosts and servers on their
own cable segments
Ability to provide high-speed links to hosts
and servers and other network devices
Guide to Operating System Security
37
Structured Wiring Design
Guide to Operating System Security
38
Structured Network Design

Solid horizontal and vertical wiring design
enables:



Centralizing a network at strategic points
Customization for security and efficiency
Linking together by a fast backbone
Guide to Operating System Security
39
Structured Network for
Centralized Management
Figure 7-10 Structured network for centralized management
Guide to Operating System Security
40
Vertical Wiring Principles


Extended star topology between devices
High-speed cable
to reduce congestion
 not susceptible to EMI and RFI
EIA/TIA-568-A/EIA-TIA-568-B standards for
vertical or backbone cabling
Riser-rated cable for cable runs through cable ports or
vertical shafts
Fire-stop material to cover cable between floors




Guide to Operating System Security
41
Centralized Management


Central points are established for critical
network functions
Simple Network Management Protocol
(SNMP)



Community name
Network management station (NMS)
Network agents
Guide to Operating System Security
42
Using Virtual LANs


Can be used as a central management tool
Potential problems


Improper configuration exposes network to
security risks
Trunks are vulnerable to attacks
Guide to Operating System Security
43
Using Network Redundancy for
Security

Vital network areas remain running even if
equipment fails or an attack occurs
Guide to Operating System Security
44
Designing for Redundancy
Figure 7-11 Designing for redundancy
Guide to Operating System Security
45
Building Multiple Redundant
Pathways
Figure 7-12 Building multiple redundant pathways
Guide to Operating System Security
46
Summary




How to physically secure workstations and
servers
How network topologies can be used to
enhance security
Which network media offer the best security
How to combine network topology and media
in a structured wiring and networking design
for efficiency and security
Guide to Operating System Security
47