PACE-IT, Security+1.1: Introduction to Network Devices (part 2)

Introduction to network devices II.

Page 2

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Page 3

Introduction to network devices II.PACE-IT.

– Introducing the layered security concept.

– Network devices.

Page 4

Introducing the layered security concept.Introduction to network devices II.

Page 5

Modern networks are composed of multiple layers of devices and applications, which can lead to issues with security.

While this does make the issue of security more complex, it has the benefit of supporting the concept of layered security (which is also called security in depth).Each layer or device can contain its own security methods. This means that if a breach occurs in one area of the network, the rest of the network will remain secure (hopefully).It is a best practice to use a layered approach when implementing network security.


Page 6

Many security devices are triggered by a specific action occurring (e.g., a network packet crosses an interface).

This creates a situation in which those devices are only capable of reacting to perceived threats. On the other hand, some devices are capable of application awareness. This feature allows security devices to make better decisions based on which applications are allowed to operate on the network and which applications are not allowed to cross through it. This is another layer that can be added to the network’s security. Some devices that may be application aware include firewalls, proxy servers, and network intrusion detection/prevention systems.


Page 7

Network devices.Introduction to network devices II.

Page 8

A virtual private network (VPN) concentrator will facilitate multiple secure VPN connections to a network.

The type of VPN connection to the network will determine what tunneling and encryption the VPN concentrator will implement. Most concentrators can function at multiple layers of the OSI model (specifically Layer 2, Layer 3, and Layer 7). Outside of Internet transactions (which use SSL VPN connections at Layer 7), most concentrators will function at the network layer (Layer 3) of the OSI model, providing IPsec encryption through a secure tunnel.


Page 9


– Network intrusion detection system (NIDS).

» A NIDS is a passive system designed to identify when a network breach or attack against the network is occurring.

• Usually designed to inform a network administrator when a breach or attack has occurred through log files, SMS, and/or an email notification.

» A NIDS cannot prevent or stop a breach or attack on its own.

» It receives a copy of all traffic and evaluates it against a set of standards.

• Signature based: evaluates network traffic for known malware or attack signatures.

• Anomaly based: evaluates network traffic for suspicious changes.

• Policy based: evaluates network traffic against a specific declared security policy.

• Heuristic based: evaluates network traffic against past network behavior (looks for changes in expected patterns).

» May be deployed at the host level.• Host-based intrusion detection system (HIDS).

Page 10


– Network-based intrusion prevention system (NIPS).

» A NIPS is an active system designed stop a breach or attack from succeeding in damaging the network.

• Usually designed to perform an action or set of actions to stop the malicious activity.

• Will inform a network administrator through the use of log files, SMS, and/or an email notification.

» All traffic on the network segment flows through the NIPS to either enter or leave the segment.

• Like the NIDS, all traffic is evaluated against a set of standards.

» The best placement on the network is between a router (with a firewall) and the destination network segment.

» It is programmed to make an active response to the situation.

• Block the offending IP address.• Close down the vulnerable interface.• Terminate the network session.• Redirect the attack.• Perform additional actions.

Page 11


– Unified Threat Management (UTM) security appliance.

» A possible all-in-one security solution.• Contains firewall features.• Contains IDS features.• Contains antivirus and antimalware features.• Contains anti-spam features.• Can perform content and URL (website) filtering.• Can also perform additional functions.

» Usually in the form of a network appliance.• A specifically designed piece of hardware with an

integrated software package—creating a closed system.

» Positive aspects: provides multiple security features in a central location, simplifies management of security, and eases updating security.

» Negative aspects: concentrates security in a single system or location, which can create a single point of failure for both the network and for security.

Page 12

What was covered.Introduction to network devices II.

The complexity of modern networks increases the need to use a layered security model. Each device and layer can implement its own method of security, thus increasing the overall security of the network. Some devices are capable of application awareness, which allows them to make better decisions based on what applications are allowed or not allowed.

Topic

Introducing the layered security concept.

Summary

A VPN concentrator can facilitate multiple secure VPN connections to a single network system. NIDS are passive systems that can be used to determine when a breach has occurred or when a network attack is underway. NIPS are active systems that can be used to help stop a breach or network attack from succeeding. A UTM security appliance combines multiple security features into a single network appliance.

Network devices.

Page 13

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.