Network Security in a

slurpslapoutΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

73 εμφανίσεις

Network Security in a
Business Setting

By: Brian Haumschild

History of Business Networks



Computers connected inline to a single
cable



Data/information runs past each
computer



Data can be stolen by user it’s not
directed to

History of Business Networks
(continued)



Each device has it’s own cable, connected to a switch



Not as easy to steal data from another computer



More secure

History of Business Networks
(continued)



When connected to the internet,
the world has access to data if they
have the knowledge



Measures need to be taken to
keep the world out



Users still need to be monitored

History of Business Networks
(continued)

There never was a standard for username
and password difficulty


General Format



Name: John Smith



Username: smithj

Most Commonly
Used Passwords:

12345

qwerty

god

master

password

New password standard: 8 characters total, 2
numbers, 2 capital letters

Good password:
c3A8etEk


Threats to Networks



People seeking valuable
information from the
outside



People accessing the
network without
permission



Employees using
information they have
permission to view/use,
but in an inappropriate
way



Viruses



Worms



Trojan Horse Viruses

Firewall



Can be hardware or
software



Larger networks require
separate firewall server



Keeps a boundary between
Internet and intranet



Everything on the inside
considered “safe”



Boundary between firewall
and Internet called
“demilitarized zone”



Can’t have a completely
safe network and have it be
completely functional

Security for Users: Solution

Active Directory

PROs



Allows users to access only what you want them to



Different groups are granted different access



Can change an entire groups access at once



Computers or users can be in groups


CONs



Users/computers can end up in different groups with different access



Users/computers can get lost within the groups



Users’ computer can override AD

Other Partial Software Solutions for
Security

Automated Antivirus
Software



Automatically runs



Can automatically
update all computers



Don’t have to worry
about forgetting to run it



Don’t detect
hackers/intruders

Other Malware detection:



Adware



Phishing

Thin Clients



Simulates a normal desktop



Logs in using VPN
-
type
software



No hard drive, little memory



Easy to secure from server



If stolen, it contains no data



Users can log in or use some
other verification

Encrypted Networks

Partial Encryption



Hard drives can be encrypted using a
password as the key



Full disk encryption used to be “good enough”



Encryption and decryption is done at the hard drive level



As soon as data is off hard drive, it’s no longer encrypted


Total Encryption



Every piece of data is always encrypted




When data is passed between computers/servers, it is
encrypted/decrypted




Dozens of keys and types of encryption may need to be
used across the network




Also uses full disk encryption to be more secure


Encrypted Networks

CONs



Difficult to set up



Difficult to maintain



Can be very expensive



Every server and PC have to
have the ability to encrypt and
decrypt data

PROs



As safe as networks get



Basically uncrackable



Services available to set up
total encrypted networks

Intrusion Detection System (IDS)



Hardware or software solutions



Software is cheaper, but more work to set up



Can be set up on existing server



Hardware costs as much as a server, but basically plug and
play



Reactive or Passive



Reactive will stop intrusion by resetting the network
connection or reprogramming the firewall



Known as an Intrusion Protection System (IPS)



Passive will log the event and report to the Network
Administrator



Actions are left up to the Administrator



Much cheaper than reactive

Problem With All of This



Hardware can run hundreds of thousands to millions of dollar



Requires a lot of setup, space and bandwidth



Can require full
-
time personnel to maintain



Sometimes incompatible with other devices

Questions?