Communications and Network Security Part 1

                    Kelly School of Business Indiana University Information
                    Systems Graduate Programs
                  

Part 1 – Introduction

Dr. Bipin Prabhakar

Introduction

• Network security is often described as the cornerstone of IT security
• Security used to focus much on perimeter defense, but this is inadequate
• As the ‘traditional’ network boundaries disappear, resiliency of the internal network becomes equally important
• Tools without effective processes may be ineffective
• Availability of a network is its key business value

Role of the Network in IT Security

• Network as the target of attack
• Network as an enabler or a channel of attack
• Network as a channel is of greater concern and is more common
• Network as a bastion of defense
• The network is possibly the most valuable strategic asset in IT security

Network Security Objectives

• Foundations (CIA/ACI)
• Availability
• Confidentiality
• Integrity
• Access control
• Accountability
• Auditability

Methodology of an Attack

The attack tree model (A defenders view of an attack)

Source: http://www.schneier.com/paper-attacktrees-ddj-ft.html

The Attackers Methodology

• Target Acquisition
• Target Analysis
• Target Access
• Target Appropriation
• Sustain Control

Proactive Defense

Source: Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ISC² Press

Defense in Depth

Source: Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ISC² Press

Network Architecture

• Security Perimeter
• First line of protection; generally includes firewalls, proxies, and IDS
• Network Partitioning
• Segmenting networks into isolated domains of trust
• Dual-Homed Hosts
• Have two NICs, each on a separate Network Partitioning network

Network Architecture

• Bastion Host
• Gateway between trusted and untrusted network that gives limited authorized access to untrusted hosts
• Demilitarized Zone (DMZ)
• Isolated subnet that allows an organization to give external hosts limited access to public resources,

without granting them to internal DMZ network

• Intrusion Detection Systems (IDS)
  
• Network Taps (Intrusion Preventions Systems)
  
• Scanners
• Discovery scanning
• Compliance scanning
• Vulnerability scanning
• Scanning tools
• Nessus: A vulnerability scanner
• Nmap: A discovery scanner

Reference

• Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ISC ² Press

Cyber Security Homework Help

• Ethical Hacking
• Networking Basics homework assignment help
• Inter process Communication/Threads homework assignment help
• Introduction, Framing homework assignment help
• Error Detection homework assignment help
• Flow Control, Reliability homework assignment help
• Wireless - 802.11 homework assignment help
• Wi-Fi Wireless homework assignment help
• DSL homework assignment help
• PACKET SWITCHING (Network Layer) homework assignment help
• Routing - Link State and homework assignment help
• Distance Vector homework assignment help
• ATM homework assignment help
• PROTOCOL homework assignment help
• Network Hardware homework assignment help
• Internet Connection homework assignment help
• TCP Extensions and homework assignment help
• Performance Enhancements homework assignment help
• TCP/IP Networking homework assignment help
• Bridge homework assignment help
• IPv4, IPv6, ICMP, ARP homework assignment help
• IP Routing - CIDR, OSPF homework assignment help
• Proxy Server / Lists homework assignment help
• Multicast homework assignment help
• DNS homework assignment help
• VPN homework assignment help
• CONGESTION CONTROL homework assignment help
• Congestion Avoidance homework assignment help
• peer to peer (P2P) homework assignment help
• Virtual Clock homework assignment help
• Windows Network homework assignment help
• Bluetooth homework assignment help
• Free Practice Test homework assignment help