Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Network security
1.
2. ACLs typically reside on routers to determine which
devices are allowed to access them based on the
requesting device’s Internet Protocol (IP) address.
3. Basicly ACL use IP address for filtering packet but
now also use port number.
4.
5. ACLs are configured either to apply to inbound
traffic or to apply to outbound traffic.
6. ACLs are configured either to apply to inbound
traffic or to apply to outbound traffic.
7. There are two types of Cisco ACLs, standard and
extended.
Standard ACLs allow you to permit or deny traffic
from source IP addresses.
Extended ACLs filter IP packets based on several
attributes, for example, protocol type, source
and IP address, destination IP address, source
TCP or UDP ports, destination TCP or UDP ports,
and optional protocol type information for finer
granularity of control.
8. The first is a concept called tunneling, which
basically means encapsulating one protocol within
another to ensure that a transmission is secure.
10. This security protocol was developed by Netscape to work
with its browser. It’s based on Rivest, Shamir, and Adleman
(RSA) public-key encryption and used to enable secure
Session-layer connections over the Internet between a web
browser and a web server
11. Layer 2 Tunneling Protocol (L2TP), which was
created by the Internet Engineering Task
Force (IETF). It comes in handy for supporting
non-TCP IP protocols in VPNs over the
Internet.
12. just mentioned Point to Point Tunneling Protocol
(PPTP).
PPTP acts by combining an unsecured Point to Point
Protocol (PPP) session with a secured session using
the Generic Routing Encapsulation (GRE) protocol.
13.
14. The two major protocols you’ll find working in
IPSec are the Authentication Header (AH) and
Encapsulating Security Payload (ESP). AH serves up
authentication services only—no encryption but ESP
provides both authentication and encryption
abilities.
15.
16.
17. Encryption works by running the data (which
when encoded is represented as numbers)
through a special encryption formula called a
key that the designated sending and receiving
devices both ―know.‖
18. Private Encryption Keys
Private keys are commonly referred to as symmetrical keys.
Using private-key encryption, both the sender and receiver
have the same key and use it to encrypt and decrypt all
messages
DES 56-bit key
3DES 168 – bit key
The Advanced Encryption Standard (AES) 128, 192, or
256 bits
19. Public Key Encryption
Public key encryption uses the Diffie-Hellman algorithm, which
employs a public key and a private key to encrypt and decrypt data.
The sending machine’s public key is used to encrypt a message to
the receiving machine that it uses to decrypt the message with a
private key.
20. Disabling Accounts
Managing Account
Password-Management Features
21. Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) is a system that links
users to public key that verifies the user’s identity
by using a certificate authority (CA).
23. Kerberos, created at MIT, isn’t just a protocol, it’s
an entire security system that establishes a user’s
identity when they first log on to a system that’s
running it.
24. RADIUS
RADIUS is an authentication and accounting service that’s used for
verifying users over various types of links, including dial-up. Many
ISPs use a RADIUS server to store the usernames and passwords of
their clients in a central spot through which connections are
configured to pass authentication requests
25. The Terminal Access Controller Access-Control System Plus
(TACACS+) protocol is an alternative AAA method to RADIUS.
Here are two major differences between TACACS+ and
RADIUS:
RADIUS combines user authentication and authorization i
NN nto one profile, but TACACS+ separates the two.
TACACS+ utilizes the connection-based TCP protocol, but
RADIUS uses UDP instead.
26.
27. Denial of Service (DoS)
A denial of service (DoS) attack does exactly what it sounds
like it would do—it prevents users from accessing the
network and/or its resources.
Example of DoS:
The Ping of Death
Ping 192.168.131.67 -l 65000
28. It’s a version of a DoS attack that floods its
victim with spoofed broadcast ping messages
29. They’re called distributed denial of service (DDos)
attacks and also make use of IP spoofing
31. Functionally, or not so much if your computer
happens to have been infected with one, worms are
a lot like viruses—only worse because they’re much
harder to stop. Worms can actively replicate
without requiring you to do anything like open an
infected file.
32. IP Spoofing
IP spoofing is the process of sending packets with
a fake source address that makes it look like those
packets actually originate from within the network
that the hacker is trying to attack.
33. Backdoors
Backdoors are simply paths leading into a
computer or network. From simple invasions to
elaborate Trojan Horses, villains can use their
previously placed inroads into a specific host or a
network whenever they want to.
34. Packet Sniffers
A packet sniffer is a software tool that can be
incredibly effective in troubleshooting a
problematic network but that can also be a
hacker’s friend.
35. A man-in-the-middle attack happens when
someone intercepts packets intended for one
computer and reads the data.
36. rogue access point is one that’s been
installed on a network without the
administrator’s knowledge.
37. Social engineering, or phishing, refers to the
act of attempting to illegally obtain sensitive
information by pretending to be a credible
source.
38. Active Detection
Passive Detection
Proactive Defense
39. Security Policies
It should precisely define how security is to
be implemented within an organization and
include physical security, document security,
and network security.
Security Audit
A security audit is a thorough examination of
your network that includes testing all its
components to make sure everything is
secure.
40. Security Policies
It should precisely define how security is to
be implemented within an organization and
include physical security, document security,
and network security.
Security Audit
A security audit is a thorough examination of
your network that includes testing all its
components to make sure everything is
secure.
41. Firewalls are usually a combination of hardware
and software. The hardware part is usually a
router, but it can also be a computer or a
dedicated piece of hardware called a black box
that has two Network Interface Cards (NICs) in it.
One of the NICs connects to the public side, and
the other one connects to the private side. The
software part is configured to control how the
firewall actually works to protect your network by
scrutinizing each incoming and outgoing packet
and rejecting any suspicious ones.
42.
43. A network-based firewall is what companies use to protect
their private network from public networks. The defining
characteristic of this type of firewall is that it’s designed to
protect an entire network of computers instead of just one
system, and it’s usually a combination of hardware and
software
44. host-based firewall is implemented on a single machine so it
only protects that one machine. This type of firewall is usually
a software implementation, because you don’t need any
additional hardware in your personal computer to run it. All
current Windows client operating systems come with Windows
Firewall, which is a great example of a host-based solution
45. Demilitarized Zone (DMZ)
Most firewalls in use today implement something called a
demilitarized zone (DMZ), which, as its name implies, is a
network segment that isn’t public or local but halfway
between the two.
A standard DMZ setup typically (but not always) has two or
three network cards in the firewall computer.
The first goes to the Internet
Second one goes to the network segment where the
commonly targeted servers exist that I recommended be
placed in the DMZ
Third connects to your intranet.
46. Proxy Services
Firewalls can also implement something called proxy services,
which actually makes them proxy servers, or proxies for
short.
Let’s say an internal client sends a request to an external host
on the Internet. That request will get to the proxy server first,
where it will be examined, broken down, and handled by an
application that will create a new packet requesting
Information from the external server.
48. The first firewalls that were developed functioned solely at
the Network layer, and the earliest of these were known as
packet-filter firewalls. I covered packet filtering a bit earlier in
this chapter; as a refresher, all it means is that the firewall
looks at an incoming packet and applies it against the set of
rules in the ACL(s).
49. Basic packet filter doesn’t care about whether the packet it is
examining is stand-alone or part of a bigger message stream.
That type of packet filter is said to be stateless, in that it does
not monitor the status of the connections passing through it.
Stateful firewall is one that keeps track of the various data
streams passing through it. If a packet that is a part of an
established connection hits the firewall, it’s passed through.
50. There are two ways IDS systems can detect attacks or
intrusions. The first is based on the signature of an intrusion
that’s often referred to as a misuse-detection IDS (MD-IDS).
There are two ways IDS systems can detect attacks or
intrusions. The first is based on the signature of an intrusion
that’s often referred to as a misuse-detection IDS (MD-IDS),
51.
52. network-based IDS (NIDS), where the IDS system is a separate
device attached to the network via a machine like a switch or
directly via a tap.
53. In a host-based IDS (HIDS), software runs on one
computer to detect abnormalities on that system
alone by monitoring applications, system logs, and
event logs—not by directly monitoring network
traffic.
54. A VPN concentrator is a device that creates remote access for
virtual private networks (VPNs) either for users logging in
remotely or for a large site-to-site VPN.
VPNs often allow higher data throughput and provide
encryption
VPN through a concentrator is usually handled by Internet
Protocol Security (IPSec) or by Secure Sockets Layer (SSL), and
user authentication can be achieved via Microsoft’s Active
Directory, Kerberos, Remote Authentication Dial In User
Service (RADIUS), Rivest, Shamir, and Adleman (RSA), and
digital certificates.