6. Fiber Optic
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
Signal sent by light
No eavesdropping
No interference
Two cables needed for full duplex
Surrounded by Kevlar
Max length: 2-100 km
1Gbps & 10Gbps implementations
Difficult to install
Expensive (Cable, Install, Maintenance)
Information Security Š 2006 Eric Vanderburg
7. Fiber Optic Connectors
ST (Straight Tip)
SC (Straight
Connection)
LC (Link Control)
MIC (Medium Interface
Connector)
MT-RJ
two cables in one
RJ-45 clone
SMA (Subminiature
Type A)
Information Security Š 2006 Eric Vanderburg
8. Fiber Optic cable types
⢠Single mode
â
â
â
â
Laser based
Spans longer distance
One piece of glass
Core: 2-9 microns
⢠Multi-mode
â
â
â
â
LED based
Shorter distance
Multiple pieces of glass
Core: 25-200 microns
Information Security Š 2006 Eric Vanderburg
10. Sniffers
⢠Captures all data packets that travel on a
network.
⢠Designed for use in network diagnostics
⢠Hard to trace because it is passive
⢠Can be used to find passwords or other
sensitive information
⢠Mitigate with switched networks
⢠Protect the physical environment
⢠Watch out for comprimised hosts
Information Security Š 2006 Eric Vanderburg
11. Removable Media
⢠Optical Media
â CD
â DVD
⢠Magnetic Media
â
â
â
â
Floppy disk
Hard drive
Micro drive
Tape
⢠Flash Media
â USB Stick, CF (non microdrive), SD, MMC,
SmartMedia, Game cartridge, PCMCIA, Rom Chips
Information Security Š 2006 Eric Vanderburg
12. Securing Removable Media
⢠Encrypt USB Sticks
⢠Disable or lock USB ports on the computer
⢠Physical check that devices are not
brought in
Information Security Š 2006 Eric Vanderburg
15. Server Vendors
â˘
⢠Sun Microsystems
Microsoft
â Solaris
â Looking Glass
â Windows NT
â Windows 2000
â Windows 2003
â˘
â˘
â˘
Linux (Various Distributions)
Novell Netware
OS/2
⢠Apple
â Mac OSX Server
⢠FreeBSD
⢠NeXT
Operating Systems
Microsoft
Linux
UNIX
BSD
NeXT
MacOSX
NetWare v1-5
Mac OS 1-9
NetWare 6
Information Security Š 2006 Eric Vanderburg
OS/2
16. Equipment
⢠Repeater
⢠Hubs
â Active (powered â regenerates signal)
â Passive (unpowered)
⢠Bridge
â Translation bridge â translates differing frame types for different
architectures (ATM, Ethernet)
⢠Router
â Reduces the broadcast domain
â Looks at packets
â Can filter by packets
Information Security Š 2006 Eric Vanderburg
17. Equipment
⢠Switches
â Cut-through switching â reads only the first part of the frame to
forward it.
â Store & forward switching
⢠Reads entire frame before forwarding. Also does error checking
using the CRC field, discards if errors.
⢠Saves bandwidth because bad frames are not forwarded. Requires
faster switches
⢠Fragment free switching â reads enough to know it is not a
malformed or damaged frame
â
â
â
â
Reduces the collision domain
Looks at frames
VLANs (Virtual LAN)
Core switch â central to the network. Other switches connect
into it
â Workgroup switch â connects to network nodes
Information Security Š 2006 Eric Vanderburg
18. Network Management
⢠SNMP (Simple Network Management
Protocol)
â Agents
â MIB (Management Information Base)
â Ports 161 & 162 UDP
â SNMP enabled devices are called managed
devices
Information Security Š 2006 Eric Vanderburg
19. Securing Network Devices
⢠Create a custom logon prompt to remove
any info about the device
⢠Disable HTTP or SNMP access if they are
not used
â If used, try SSL instead of HTTP
â Use SNMP version 3
⢠Limit access to certain machines or
subnets
⢠Log activity
⢠Encrypt management communications
Information Security Š 2006 Eric Vanderburg
20. Communication Devices
⢠Modem (Modulator / Demodulator)
⢠DSL (Digital Subscriber Line) â uses phone lines
on a much higher frequency. Dedicated line.
⢠Cable Modem â faster max speed but a shared
medium
⢠Central Office (CO) or Head in â local
connection point where a neighborhood of
connections terminate and are connected into
the ISPâs network.
⢠Always-on connections can be tempting for
attackers. Firewalls are a must.
Information Security Š 2006 Eric Vanderburg
21. Remote Access
⢠RAS (Remote Access Server) â A
computer that allows others to connect
into it.
â Modem
â VPN
⢠Protect using
â Authentication
â Privileges
â Account lockout policies
â Firewalls & ACL
Information Security Š 2006 Eric Vanderburg
22. File Browsing
⢠UNC (Universal Naming Convention)
â Windows shares are named
computernamesharename
Information Security Š 2006 Eric Vanderburg
23. Telcos
⢠PBX (Private Branch Exchange) â private
switching station for voice and data
services
⢠PBX attacks
â Data modification
â Denial of service
â Information disclosure
â Traffic analysis â where calls go to and from,
frequency, time
â Theft of service
Information Security Š 2006 Eric Vanderburg
24. Network Security Devices
⢠Firewalls â filters packets based on criteria
such as an ACL or a rule base
⢠Routers can serve this purpose but they
are not as efficient as a dedicated device
⢠Personal firewall (host based)
⢠Enterprise software firewall â designed to
run on a powerful machine that analyzes
all network traffic running through it.
⢠Hardware firewall â engineered to be able
to process packets quickly and efficiently.
Information Security Š 2006 Eric Vanderburg
25. Firewalls
⢠Packet filtering
â Stateless â allows or denies packets based on rules
â Stateful â keeps a state table of outgoing connections
and allows corresponding incoming connections.
⢠Advanced firewalls
â Antivirus scanning
â Content filtering â looks at web sites and such. Could
use a database from another vendor which is updated
regularly. Enable and disable types of content
â Application layer firewall â looks at many packets
together to determine whether to let them in.
Information Security Š 2006 Eric Vanderburg
26. Firewalls
⢠DMZ (Demilitarized Zone) â area that is
closer to the untrusted network than the
rest of the LAN. Used for services made
available to the Internet.
⢠These servers may reside there:
â Web server
â Email server
â RAS server
â FTP server
â Proxy server
Information Security Š 2006 Eric Vanderburg
27. IDS (Intrusion Detection System)
⢠Monitors the packets on the network for
signatures.
â Network based - Looks at the overall flow. Positioned
where a lot of traffic flows
â Host based â resides on one machine and monitors
the data coming to that machine. It may
communicate with a central device. (Agent based)
â Active IDS â can take action when an attack happens.
â Passive IDS â alerts the administrator when there is
an attack.
â Anomaly based IDS or IPS (Intrusion Prevention
System) â looks at behavior rather than signatures.
May result in more positives.
Information Security Š 2006 Eric Vanderburg
29. Acronyms
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
CD-ROM, Compact Disk Read Only Memory
CD-R, Compact Disk Recordable
CD-RW, Compact Disk Rewritable
DMZ, Demilitarized Zone
DSL, Digital Subscriber Line
DVD, Digital Versatile Disk
DVD-R, Digital Versatile Disk Recordable
DVD-RAM, Digital Versatile Disk Random
Access Memory
⢠DVD-RW, Digital Versatile Disk Rewritable
⢠IDS, Intrusion Detection System
Information Security Š 2006 Eric Vanderburg
30. Acronyms
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
MIB, Management Information base
NAT, Network Address Translation
PAT, Port Address Translation
PBX, Private Branch Exchange
RAS, Remote Access Server
STP, Shielded Twisted Pair
SNMP, Simple Network Management Protocol
UNC, Universal Naming Convention
UTP, Unshielded Twisted pair
VLAN, Virtual Local Area Network
Information Security Š 2006 Eric Vanderburg