NET180 - Chapter 7: Network Security

This week's topic was network and server security. We learned about the many methods and tools used to secure a network and server.

Firewalls are a means to filter traffic to and from the network from the outside. Many people misinterpret the firewall as something like an anti-malware application, but it isn't. Solely installing a firewall will not prevent malware. There are two types of firewalls: network based and host based. Network based serve as a first line of defense and protects the entire network from unwanted network traffic. Often this type of firewall is included with network hardware like routers and servers acting as routers. Host based firewalls protect the host - so the individual computer or device on the network.

Port security is a way to manage ports on a switch. They are a layer 2 security and not a high level. They mostly deal with MAC addresses. They serve a very basic form of security. 802.1x is a high level security set up to the IEEE standard. It centralizes AAA (authorization, accounting, authentication)security.

Router Access Lists control traffic from one network segment to another.

Authentication protocols:

LDAP (lightweight directory access protocol) -- used to accesss & query directory service systems

RADIUS (remote authentication dial in service) -- similar to 802.1x, can work in conjunction with 802.1x & has AAA security

TACACS (terminal access controller access control system) -- Cisco proprietary service, operates in Cisco devices and can act as an authenticator in an 802.1x architecture

TACACS+ -- latest version of TACACS, provides full AAA & is Cisco specific

PKI (public key interface) -- asymmetric key cryptography used to secure data

Types of encryption were discussed. There were:

VPN (virtual private network) -- can connect over a public network to a private network, creates an encryption tunnel to transmit and receive data through the internet

PPTP (point-to-point tunneling protocol) -- Uses MPPE (Microsoft point to point encryption)

L2TP (layer 2 tunneling protocol) -- more secure than PPTP, combined with IPsec

IPsec (internet protocol security) -- a suite of protocols, creates a secure channel between two devices.

Network separation is used to assist in securing a network. It takes the concept of permissions in a manner of dividing and keeping those who do not need access out of different segments of the network. A VLAN - virtual local area network - is a logical subdivision of a switch which will separate ports and make the ports behave as if they are on different network segments. This will keep hosts who should not have access to one segment from entering. A DMZ -demilitarized zone - is an area between firewalls on a network. It sits behind the first line of firewalls to allow some access to certain servers - for example a web server you need customers to access - and deny access to sensitive information - for example information which may sit on a SQL server which houses customer or business data - which sits behind a second firewall with stricter restrictions on filtering.

Multifactor authentication was another subject discussed. There are three ways to authenticate - something you know, something you have and who you are. Something you know would be a username-password or a PIN. Something you have would be like a keycard, a picture ID or a smartcard. Who you are would be authenticated with a biometric scan, a fingerprint scanner, retinal scanner, etc. There are also physical security barriers which would prevent access to server rooms. A mantrap, for example, is a small vestibule where when one enters there is another door which needs to be entered.