Network Security in a

slurpslapoutΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 4 χρόνια και 5 μήνες)

84 εμφανίσεις

Network Security in a
Business Setting

By: Brian Haumschild

History of Business Networks

Computers connected inline to a single

Data/information runs past each

Data can be stolen by user it’s not
directed to

History of Business Networks

Each device has it’s own cable, connected to a switch

Not as easy to steal data from another computer

More secure

History of Business Networks

When connected to the internet,
the world has access to data if they
have the knowledge

Measures need to be taken to
keep the world out

Users still need to be monitored

History of Business Networks

There never was a standard for username
and password difficulty

General Format

Name: John Smith

Username: smithj

Most Commonly
Used Passwords:






New password standard: 8 characters total, 2
numbers, 2 capital letters

Good password:

Threats to Networks

People seeking valuable
information from the

People accessing the
network without

Employees using
information they have
permission to view/use,
but in an inappropriate



Trojan Horse Viruses


Can be hardware or

Larger networks require
separate firewall server

Keeps a boundary between
Internet and intranet

Everything on the inside
considered “safe”

Boundary between firewall
and Internet called
“demilitarized zone”

Can’t have a completely
safe network and have it be
completely functional

Security for Users: Solution

Active Directory


Allows users to access only what you want them to

Different groups are granted different access

Can change an entire groups access at once

Computers or users can be in groups


Users/computers can end up in different groups with different access

Users/computers can get lost within the groups

Users’ computer can override AD

Other Partial Software Solutions for

Automated Antivirus

Automatically runs

Can automatically
update all computers

Don’t have to worry
about forgetting to run it

Don’t detect

Other Malware detection:



Thin Clients

Simulates a normal desktop

Logs in using VPN

No hard drive, little memory

Easy to secure from server

If stolen, it contains no data

Users can log in or use some
other verification

Encrypted Networks

Partial Encryption

Hard drives can be encrypted using a
password as the key

Full disk encryption used to be “good enough”

Encryption and decryption is done at the hard drive level

As soon as data is off hard drive, it’s no longer encrypted

Total Encryption

Every piece of data is always encrypted

When data is passed between computers/servers, it is

Dozens of keys and types of encryption may need to be
used across the network

Also uses full disk encryption to be more secure

Encrypted Networks


Difficult to set up

Difficult to maintain

Can be very expensive

Every server and PC have to
have the ability to encrypt and
decrypt data


As safe as networks get

Basically uncrackable

Services available to set up
total encrypted networks

Intrusion Detection System (IDS)

Hardware or software solutions

Software is cheaper, but more work to set up

Can be set up on existing server

Hardware costs as much as a server, but basically plug and

Reactive or Passive

Reactive will stop intrusion by resetting the network
connection or reprogramming the firewall

Known as an Intrusion Protection System (IPS)

Passive will log the event and report to the Network

Actions are left up to the Administrator

Much cheaper than reactive

Problem With All of This

Hardware can run hundreds of thousands to millions of dollar

Requires a lot of setup, space and bandwidth

Can require full
time personnel to maintain

Sometimes incompatible with other devices