UNIT 7 SEMINAR

Unit 7Unit 7Chapter 9, plus Lab 11 Chapter 9, plus Lab 11

Course Name – IT482-02 Network DesignInstructor – Jan McDanolds, MS, Security+Contact Information: AIM – JMcDanolds Email – jmcdanolds@kaplan.eduOffice Hours: Wednesday 9:00 PM ET and Thursday 5:00 PM ET

UNIT 6 REVIEW

Covered last week …Chapter 7 Network Management Architecture

Defining Network ManagementNetwork Devices and Characteristics

Network Management MechanismsMonitoring, Instrumentation and Configuration Mechanisms

Architectural ConsiderationsIn-band management, Out-of-band management, Centralized, distributed and

hierarchical management, Scaling network management traffic, Checks and balances, Managing network management data, MIB selection, Integration of OSS (operations support systems)

Chapter 8 Performance ArchitectureDeveloping Goals for PerformancePerformance Mechanisms

QoS, Prioritization, Traffic Management, Scheduling, Queuing, SLAsArchitectural Considerations

OPNET ITGuru Lab 10 Queuing Disciplines, Exercises 1, 2 & 3

UNIT 6 REVIEW

Quick check of Unit 6Network Management and Performance Architecture

#1 Components of SNMP network management

#2 What is FCAPS? Give two specific examples.

#3 What are the three traffic classes for DiffServ?

UNIT 7

Security and Privacy Architecture

Security – integrated within all areas of the network and impacts all other functions on the network.

Network Security - the protection of networks and their services from unauthorized access, modification, destruction and disclosure. Network Privacy – a subset of network security, focusing on protection of networks and their services from unauthorized access or disclosure.

Three security considerations: protecting the integrity, confidentiality and availability of the network and system resources and data (CIA)

UNIT 7

Developing a Security and Privacy Plan

What are we trying to solve, add, or differentiate by adding security mechanisms to this network?

Are security mechanisms sufficient for this network?

Common areas addressed: Which resources need to be protectedWhat problems (threats) are we protecting againstThe likelihood of each problem (threat)

UNIT 7

Security and Privacy Administration

Threat Analysis - a process used to determine which components of the system need to be protected and the types of security risks (threats) they should be protected from.

Potential Assets and Threats to be Analyzed

UNIT 7

Threat Analysis Worksheet

Developing a threat analysis identifies the assets to be protected and identifies the possible threats.

UNIT 7

Threat Analysis

SWOT analysis – used to examine these:S = strengths, W = weaknesses, O = opportunities, T = threats.

http://www.maxi-pedia.com/SWOT+analysis+matrix+method+modelhttp://www.maxi-pedia.com/security

SWOT analysis, method, or model - a way to analyze competitive position of your company. SWOT analysis uses so-called SWOT matrix to assess both internal and external aspects of doing your business. The SWOT framework is a tool for auditing an organization and its environment. SWOT is the first stage of planning and helps decision makers to focus on key issues. SWOT method is a key tool for company top officials to formulate strategic plans.

UNIT 7

Policies and ProceduresFormal statements on the rules for system, network, and information access and use, in order to minimize exposure to security threats. Clarifies for users what security threats are and what can be done to reduce them.

Types: Deny Specifics/ Accept Everything Else OR Accept Specifics/Deny Everything Else

UNIT 7

Policies and ProceduresExamples:Privacy statements like _____________________Accounting statements like __________________Authentication statements like ________________Reporting violations like _____________________

Acceptable Use PolicySecurity incident-handling proceduresConfiguration-modification policiesNetwork access control lists (ACLs)

UNIT 7

Physical Security and Awareness

Physical Security – protection of devices from physical access, damage, and theft. Examples: access-control rooms, backup power sources, off-sight storage, alarm systems, etc.

UNIT 7

Protocol and Application Security

Transport Mode of IPSec

Use of common protocol and application security mechanisms: IPSec, SNMP, and packet filtering

UNIT 7

Encryption and Decryption

A security mechanism where cypher algorithms are applied together with a secret key to encrypt data. Two types: public key and private key. Public Key Infrastructure (PKI) – combines security mechanisms with policies and directives. Secure Sockets Layer (SSL) and Transport Layer Security (TLS)- allow client/server applications to communicate across a network Tradeoff in performance

UNIT 7

Network Perimeter and Remote Access Security

Network Perimeter – protecting external interfaces – use of NAT and NAPT (network address port translation) and firewalls

Remote Access – protecting dial-in, point-to-point sessions and VPN connections. Authentication of users and authorization of devices, NAS (network access server), RADIUS, etc.

UNIT 7

Architectural Considerations

Security mechanisms applied where needed Example: Apply security mechanisms to architectural model

Access/Distribution/Core Architectural Model

UNIT 7

Architectural Considerations

Security zones - Embedded within each other

Defense-in-depth

UNIT 7

Security and Performance

Security architecture includes trade-offs, dependencies and constraintsHigh security can disrupt traffic flows and reduce performance.

LAB 11

Lab 11 in Experiments ManualRSVP - Providing QoS by Reserving Resources in the Network

The objective of this lab is to study the Resource Reservation Protocol (RSVP) as a part of the Integrated Services approach to providing Quality of Service (QoS) to individual applications or flows.

Set up a network that carries real-time applications and uses RSVP to provide QoSERROR – the page numbers on the project are incorrect

 

UNIT 7

Unit 7 AssignmentUnit 7 Project1. Create a threat analysis worksheet using a similar format to that of Figure 9.2 on p. 364 of your text. Use a network you are familiar with or the one on p. 383. Use numerical values for the effect and likelihood (i.e., Certain = 10, Impossible = 1). Explain your analysis.2. Discuss the development of security policies and procedures. Give at least three examples of what elements to include and the reasons behind them.3Apply the security mechanisms from this chapter to support the following requirements. Show where each mechanism might be applied.

a. An intranet between each of the routers connected to the WAN.b. Remote access security for each of the 15 dial-up routers connected to the LAN in Washington, DC.c. All traffic flows between Los Angeles and Minneapolis must be encrypted.

4. Outline the development of DMZs that would be applied at each site where connections are made to other autonomous systems (AS). What types of devices would be used at these sites?5. Figure 9.17 shows five security zones required by the customer. These zones are prioritized, such that Security Zone 5 provides basic security for the entire network, and Zones 2, 3, 4, and 1 have increasing degrees of security, with Zone 1 having the highest level of security. What security mechanisms can be applied within each security zone, and at the interfaces between security zones, to achieve increasing degrees of security? Which architectural models are most applicable to this network? Show how each model can be applied.

5 points for #1 and #2. 10 points for #3, #4, and #5. 10 points for the lab.