Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Unit 2 Power Point

IS3220 Information Technology
Infrastructure Security
Unit 2
Network Security Basics
© ITT Educational Services, Inc. All rights reserved.
Unit 2 Class Agenda 12/17/15
 Learning Objectives
 Lesson Presentation and Discussions.
 Lab Activities will be performed in class.
 Assignments will be given in class.
 Break Times. 10 Minutes break in every 1
Hour.
 Assignment and labs are posted to the
website.
 http://obinkyerehclassess.weebly.com
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 2
Discussion on How to use the
Virtual Lab
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 3
EXPLORE: CONCEPTS
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 4
Learning Objective
 Explain the fundamental concepts of network
security
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 5
Key Concepts
 Confidentiality, integrity, and availability
mandates for network resource security
 Network security and its value to the enterprise
 Roles and responsibilities in network security
 Impact of network infrastructure design on
security
 Features, uses, and benefits of network security
countermeasures
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 6
Primary Goals of Information Security
Confidentiality
Security
Integrity
IS3220 Information Technology Infrastructure Security
Availability
© ITT Educational Services, Inc. All rights reserved.
Page 7
Secondary Goals of Information Security
Authentication
Privacy
Confidentiality
Authorization
Integrity
Availability
Non-Repudiation
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 8
Seven Domains of a Typical IT
Infrastructure
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 9
The Need for Information Security
 Risk
 Threat
 Vulnerability
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 10
Information Assurance
Authentication
Non-repudiation
Seven Domains of a Typical IT Infrastructure
Availability
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 11
Security Policy
 Establish goals
 Address risk
 Provide roadmap for security
 Set expectations
 Link to business objectives
 Map of laws and regulations
 Supported by standards,
procedures, and guidelines
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 12
Examples of Network Infrastructures
 Workgroup
 SOHO
 Client/Server
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 13
General Terms








Confidentiality
Integrity
Availability
Trust
Privacy
Authentication
Authorization
Non-repudiation
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 14
Networking Terminology








Network
Firewall
Router
Virtual Private Network
IPSec
Demilitarized Zone
Intrusion Detection System (IDS)
Intrusion Prevention System (IPS)
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 15
EXPLORE: PROCESS
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 16
Policy, Awareness, and Training
 Policy ~
− sets expectations
 Awareness ~
− promotes security
 Training ~
− defines roles and responsibilities
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 17
Security Countermeasures
Common
Countermeasures
Uses
Benefits
Limitations
Firewalls
 Filter traffic
 Segmentation
 Hardware
 Software
 First defense
 Keep noise out
 Perimeter defense
 Not content oriented
 Limited to yes or no
Virtual Private
Network (VPN)
 Remote access
 Encrypted tunnel
 Private tunnel
 Extends Cover
 Man-in-the-middle
 Not traffic oriented
Intrusion
Detection/Prevention
System
 Monitor traffic
 Notification
 May block attacks  Prevention
 Host or Network
IS3220 Information Technology Infrastructure Security
 Relies on signatures
 False positives
© ITT Educational Services, Inc. All rights reserved.
Page 18
Security Countermeasures (Continued)
Common
Countermeasures
Uses
Benefits
Limitations
Data Loss Prevention
 Monitor data loss
 Block data loss
 Sensitive Config
 Breach Notification
Security Incident and
Event Management
 Aggregate sec logs
 Correlate sec logs
 Monitor and review  False positives
 Generate alerts
 Data heavy
 Limit to log info
IS3220 Information Technology Infrastructure Security
 Signature reliant
 False positives
 Circumventable
© ITT Educational Services, Inc. All rights reserved.
Page 19
Security Countermeasures (Continued)
Common
Countermeasures
Uses
Benefits
Limitations
Continuous Control
Monitoring
 Checks config
 Automate monitors
 Standard compliant  Self correction
 Real time monitor
 Emerging tech
 Policy dependent
Vulnerability
Assessment
 Tests systems
 Limited to known
 Create noise
IS3220 Information Technology Infrastructure Security
 Proactive address
 Centralize tracking
© ITT Educational Services, Inc. All rights reserved.
Page 20
EXPLORE: CONTEXT
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 21
Consider Business Requirements
 Availability of the network and its components
• Redundancy
• High availability
• Single point of failure
• Denial of service
 Sensitivity of the data
• Encryption
• Access control
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 22
Internet Exposure
 Remote access
• Will a VPN work?
• Is direct internet access required?
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 23
Wired Networks
 Lack of external connectivity creates
physical isolation
• Can rely on physical controls to protect network
• External threats must breach physical barrier
 If external connectivity is required
• No control is the same as physical isolation but
security must enable the business
• Consider segmentation
• Rigorous front door screening
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 24
Benefits of Wireless Networking
 Can be inexpensive to deploy
• No need to run wires
• Quick connectivity for multiple users
 Convenience
 Mobility
 Ubiquity
• All laptops now come equipped with wireless
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 25
Wireless Concerns
 Introduces new attack surface
• Require additional design considerations to mitigate
attack
 Data is transmitted over the air and accessible
• Use of encryption technology
• Consider implementing segmented wireless networks
• Require VPN authentication for wireless access
 Network can be directly accessed from a distance
• Shielding
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 26
Mobile Networking
 Allows user to be completely mobile
 Requires considerations for central management
 Potential for device to be lost
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 27
Unit 2 Assignment and Lab
 Discussion 2.1 Familiar Domains
 Assignment 2.3 Selecting Security
Countermeasures
 Assignment is due next Class
 Class Project:Discussion
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 28
Unit 2 Lab Activities
 Lab 1.2 Analyze Essential TCP/IP Networking
Protocols
 Lab 2.2 Network Documentation
 Lab should be completed using VLab on the
school website
 Labs should be completed in Class. If not
completed should be submitted in the class.
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved.
Page 29
Related documents
ITT Technical Institute
ITT Technical Institute
ITT Tech ADV Committee Minutes
ITT Tech ADV Committee Minutes
2012 FIRST ITT Tech Scholarship Application
2012 FIRST ITT Tech Scholarship Application
Research Assignment
Research Assignment
10web - Temple University
10web - Temple University
ITT TECH PARTNERS WITH IMAGINEDESIGN TO LAUNCH PRO
ITT TECH PARTNERS WITH IMAGINEDESIGN TO LAUNCH PRO
Download