CCNA Dis2 - Chapter 8 ISP Responsibility_ppt [Compatibility Mode]

8/3/2019 CCNA Dis2 - Chapter 8 ISP Responsibility_ppt [Compatibility Mode]

http://slidepdf.com/reader/full/ccna-dis2-chapter-8-isp-responsibilityppt-compatibility-mode 1/51

Chapter 8 – ISP Responsibility

CCNA Discovery 4.0



Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com

Objectives

• Describle ISP security policies and procedures.

• Describle the tools used in implementing security at theISP.

• Describle the monitoring and managing of the ISP.

• Describle the responsibility of the ISP with regard tomaintenance and recovery.

http://www.bkacad.com/





ISP Security Considerations

ISP security• Malware, or malicious software such as a computer virus, worm, or spyware,

can arrive in an email or be downloaded from a website.

• If the ISP is hosting any web or e-commerce sites, the ISP may haveconfidential files with financial data or bank account information stored on theirservers.

• The ISP is required to maintain the customer data in a secure way.

• ISPs play a big role in helping to protect the home and business users thatutilize their services.







ISP security• If an ISP is providing web hosting or email services for a customer, it is

important that the ISP protect that information from malicious attack.

• To help prevent attacks on these vulnerabilities, many ISPs provide manageddesktop security services for their customers.

• Some of the security services that an ISP support technician can provideinclude:

ü Helping clients to create secure passwords for devices

ü Securing applications using patch management and software upgrades

ü Removing unnecessary applications and services that can createvulnerabilities

ü Ensuring applications and services are available to the users that needthem and no one else

ü Configuring desktop firewalls and virus checking software

ü Performing security scans on software and services to determinevulnerabilities that the technician must protect from attack







Best Practices for SecurityCommon data security features and procedures

include:

• Encrypting data stored on server hard drives

• Using permissions to secure access to files

and folders• Permit or deny access based on the useraccount or group membership

• If access is permitted, assign various levels ofaccess permissions based on a the useraccount or on group memberships







Best Practices for SecurityAuthentication, authorization, and accounting (AAA) is a three-step process used by

network administrators to make it difficult for attackers to gain access to anetwork.

• Authentication:

üRequires users to prove their identity using a username and password.

• Authentication databases are typically stored on servers called RADIUS orTACACS.

• Authorization: Gives a user rights to use specific resources and perform specifictasks.

• Accounting: Tracks which applications are used and length of time they are used.







Data Encryption• By default, data sent over the network is unsecured and transmitted in clear text.

• Digital encryption is the process of encrypting all transmitted data between theclient and the server.







Data Encryption• Web Servers:

ü Web servers use the HTTP protocol by default.

ü This is not a secure protocol.

ü Switching to HTTPS enables the exchange of data to be done securely.

• Email Servers:ü Email servers use several different protocols, including SMTP, POP3 or

IMAP.

ü When a user logs on to an email server, POP3 and IMAP require a usernameand password for authentication

ü By default, this submission is sent without security and can be captured.

POP3 can be secured by using Secure Socket Layer (SSL).ü SMTP and IMAP can use either SSL or Transport Layer Security (TLS) as a

security protocol.







Data Encryption• Telnet Servers

ü Using telnet to remotely log into a Cisco router or Cisco switch creates anunsecure connection.

ü Telnet sends authentication information, as well as any commands a usertypes across the network in basic clear text.

ü Use SSH to authenticate and work with the router or switch securely.

• FTP Server

ü The FTP protocol is also an unsecure protocol.

ü When logging in to an FTP server, authentication information is sent in cleartext.

ü FTP can use SSL to securely exchange authentication and dataü Some versions of FTP can also use SSH.







Data Encryption• File Servers

ü In most cases, file server protocols do not offer a secure version.

ü Another security protocol exists called IP security (IPSEC).

ü IPSEC is a network layer security protocol that can be used to secure any

Application Layer protocol used for communication






Security Tools

Access lists and Port Filtering• ISPs are especially vulnerable to Denial of Service attacks

• Currently there are three key types of denial of service attacks.:

ü DoS: A standard denial-of-service (DoS) attack takes place when a server orservice is attacked to prevent legitimate access to that service. Someexamples of standard DoS attacks are SYN flood, ping flood, LAND attack,bandwidth consumption attacks, and buffer overflow attacks.






Security Tools

Access lists and Port Filteringü DDoS: A distributed denial-of-service (DDoS) attack occurs when multiple

computers are used to attack a specific target. In DDoS attacks, the attackerhas access to many compromised computer systems, usually on the Internet.






Security Tools

Access lists and Port Filteringü DRDoS: A distributed reflected denial-of-service (DRDoS) attack occurs

when an attacker sends a spoofed, or mock, request to many computersystems on the Internet, with the source address modified to be the targetedcomputer system.






Security Tools

Access lists and Port Filtering• Port Filtering

Port filtering is the ability to control the flow of traffic based on a specific TCP or UDPport.

Port filtering is also used by network routers and switches to help control traffic flowand to secure access to the device.






Security Tools

Access lists and Port Filtering• Access Lists

Access lists are used to define traffic that is permitted or denied through the networkbased on the source and/or destination IP addresses.

Access Lists can also permit or deny traffic on the source and/or destination port ofthe protocol being used.






Security Tools

Firewalls• A firewall is network hardware or software that defines what traffic can

come into and go out of sections of the network, as well as how traffic ishandled.

• Access-lists are one of the tools used by firewalls.

• Using access-lists, the type of traffic that is allowed to pass through thefirewall is controlled.

• In a medium-sized network, the amount of traffic and networkingprotocols needing to be controlled is quite large and firewall access listscan become very complicated.

• Firewalls use access lists to control which traffic is passed or blocked.






Security Tools

Firewalls• Firewalls can provide perimeter security for the entire network, as well as for

internal local network segments, such as server farms.

• Within an ISP network or a medium-sized business, firewalls are typicallyimplemented in multiple layers.

• Traffic that comes in from an untrusted network first encounters a packet filter onthe border router.

• Permitted traffic goes through the border router to an internal firewall to routetraffic to a demilitarized zone (DMZ).






Security Tools

IDS and IPS• An intrusion detection

system (IDS) is asoftware- or hardware-based solution thatpassively listens to

network traffic.• Network traffic does not

pass through an IDSdevice.

• IDS device monitorstraffic through a network

interface.• When the IDS detects

malicious traffic, it sendsan alert to apreconfiguredmanagement station






Security Tools

IDS and IPS• An intrusion prevention

system (IPS) is an activephysical device orsoftware feature.

• Traffic travels in one

interface of the IPS andout the other.

• The IPS examines theactual data packets thatare in the network trafficand works in real time to

permit or deny packetsthat want access into thenetwork






Security Tools

Wireless Security• MAC Address Filtering: MAC Address Filtering prevents unwanted

computers from connecting to your network by restricting MAC addresses.

• WEB:

ü Wired Equivalent Privacy (WEP) provides data security by encrypting datathat is sent between wireless nodes.

ü WEP uses a 64, 128 or 256 bit pre-shared hexadecimal key to encrypt thedata.

• WPA:

ü Wifi Protected Access (WPA) is a newer wireless encryption protocol thatuses an improved encryption algorithm called Temporal Key IntegrityProtocol (TKIP).

ü TKIP generates a unique key for each client and rotates the security keysat a configurable interval

• WPA2: Wifi Protected Access 2 (WPA2) is a new, improved version of WPA.WPA2 uses the more secure Advanced Encryption Standard (AES) encryptiontechnology.






Security Tools

Host Security• A host-based firewall is software that runs directly on a host operating system.

• It protects the host from malicious attacks that might have made it through allother layers of defense.

• These firewalls allow filtering based on a computer's IP address and port,therefore offering additional protection over regular port filtering.

• ISPs use host-based firewalls to restrict access to the specific services aserver offers.






Security Tools

Host Security• Known Attacks

ü Host-based firewalls recognize malicious activity based on updatablesignatures or patterns.

ü They detect a known attack and block traffic on the port used by the attack.






Security Tools

Host Security• Exploitable Services

ü Some host-based firewalls can also inspect the contents of a packet to seeif it contains malicious code

ü Web and email servers are common targets for service exploits, and canbe protected if the host-based firewall is capable of performing packet

inspection.






Security Tools

Host Security• Worms and Viruses:

ü Worms propagate by exploiting vulnerabilities in services and otherweaknesses in operating systems.

ü Host-base firewalls prevent worms from gaining access to servers.

ü They can also help prevent the spread of worms and viruses by controllingoutbound traffic originating from a server.






Security Tools

Host Security• Back Doors and Trojans

ü Back doors or Trojans allow hackers to remotely gain access to servers ona network.

ü The software typically works by sending a message to let the hacker knowof a successful infection.

ü Host-based firewalls can prevent a Trojan from sending a message bylimiting outbound network access.






Security Tools

Host Security• In addition to host-based firewalls, Anti-X software can also be installed on the

host.

• Anti-X software is software that protects computer systems from viruses,worms, spyware, malware, phishing, and even spam.

• Many Anti-X software packages allow for remote management.

• This includes a notification system that can alert the administrator or supporttechnician about an infection, via email or pager. Immediate notification to theproper individual can drastically reduce the impact of the infection.

• Incident management is required by ISP's that manage and maintain customerdata, because the ISP has committed to the protection and the integrity of thedata they host for their customers.

• For example, if the ISP network was the target of a hacker and, as a result,thousands of credit card numbers that were stored in a database that the ISPmanages were stolen, the customer would need to be notified so they couldnotify the card holders.






Monitoring and Managing the ISP

Service Level AgreementsAn ISP and a user typically have a contract known as a service level agreement

(SLA).

• Service Description

ü Define range of services tha an ISP will provide

ü Includes the service amount or service volume and the times when theservice is and is not covered by the SLA.

• Availability, Performance, and Reliability

ü availability - hours and days per month per year that service is availabale

ü Performance - a measure of service capability expectaitons during peakdata volumes

üReliability - a measure of how fast an ISP can respond to unexpectedevents that cause the service to stop

• Tracking and Reporting

ü Defines how often reports, such as performance reports, will be provided tothe customer

ü Includes a written explanation of what level of network service users are

experiencing








(SLA).

• Problem Management

ü Defines the process that will be used to handle and resolve unplannedincidents

ü Defines what the different levels of a problem are and who should be calledfor each problem level

• Security

ü Defines security measures that are the ISPs responsibility versus customerresponsibility

ü Determines how network services that the ISP offers fit within thecustomer's and the ISP's security policies

• Termination

ü Defines termination agreement and costs if services are terminated early.Typically SLA's are renegotiated annually and coincide with the budgetcycle of the customer








(SLA).

• Penalties for Service Outages

ü Describle the penalties for a network service failure, this is especiallyimportant if the ISP is providing services critical for business operation

• Costs

ü Describle the charges to the customer by defining services rather thanequipment. The ISP is able to cost out the services needed and thecustomer only pays for the services they use







Monitoring Network Link Performance• Monitoring and configuration can be performed either out-of-band with a direct

console connection, or in-band using a network connection.







Selecting In-Band and Out-of Band Tools• SNMP is a network management protocol that enables network administrators

to gather data about the network and corresponding devices.

• SNMP is made up of four main components:

ü Management station - computer, with the SNMP management applicationloaded, is used by the administrator to monitor and configure the network.

ü Management agent - software installed on a device managed by SNMP

ü Management information base (MIB) - a database that a device keepsabout itself concerning network performance parameters

ü Network management protocol - the communication protocol usedbetween the management station and the management agent.







Selecting In-Band and Out-of Band Tools• Storing device logs and reviewing them periodically is an important part of

network monitoring.

• Syslog is the standard for logging system events.

• Like SNMP, Syslog is an Application Layer protocol that enables devices tosend information to a Syslog Daemon that is installed and running on a

management station.• A Syslog system is composed of Syslog servers and Syslog clients.

• These servers accept and process log messages from Syslog clients.

• Clients are the devices that are monitored.

• A Syslog client generates and forwards log messages to Syslog servers.

• Log messages normally consist of a log message ID, type of message, a timestamp (Date, Time), which device has sent the message, and the messagetext. Depending on which network equipment is sending the Syslog messages,a Syslog message can contain more items than those listed.







Selecting In-Band and Out-of Band Tools






Backups and Disaster Recovery

Backup Media• Network management and monitoring helps ISPs and businesses identify and

correct network issues.

• This software can also help to correct the causes of network failures.

• This includes failures caused by malware and malicious activity, networkfunctionality and other issues such as failed devices.







Backup Media• The choice of backup media can be complex since there are many factors that

affect the choice.

• Some of the factors include:

ü Amount of data

ü Cost of media

ü Performance of media

ü Reliability of media

ü Ease of offsite storage







Backup Media• Tape Media Backup

ü Tape remains one of the most common types of backup media available.

ü Tapes have large capacities and remain the most cost-effective media onthe market.

ü For data volumes in excess of a single tape, tape autoloaders and librariescan swap tapes during the backup procedure, allowing the data to bestored on as many tapes as required.

ü Tape media is prone to failure, and tape drives require regular cleaning tomaintain functionality.

ü Tapes should only be used for a fixed amount of time before removingthem from circulation

ü Some of the different types of tapes are: Digital data storage (DDS),Digital audio tape (DAT), Digital linear tape (DLT), Linear tape-open (LTO)







Backup Media• Optical

ü Optical media is a common choice for smaller amounts of data.

ü CDs have a storage capacity of 700MB, DVDs can support up to 8.5GB ona single-sided dual layer disk, and HD-DVD and Blu-Ray disks can havecapacities in excess of 25GB per disk.

ü ISPs may use optical media for transferring web content data to theircustomers.

ü Customers may also use this media to transfer web site content to the ISPweb hosting site.







Backup Media• Hard disk

ü Hard disk-based backup systems are becomingmore and more popular due to the low cost ofhigh capacity drives.

ü However, hard disk-based backup systems

make offsite storage difficult.

ü Large disk arrays such as Direct AttachedStorage (DAS), Network Attached Storage(NAS), and Storage Area Networks (SANs) arenot transportable

ü Many implementations of hard disk-based

backup systems work in conjunction with tapebackup systems for offsite storage.

ü Using both hard disks and tapes in a tieredbackup solution can give you a quick restoretime with the data available locally on the harddisks, as well as a long term archival solution.







Backup Media• Solid State

ü Solid state storage refers to all non-volatilestorage media that does not have any movingparts.

ü Examples of solid state media range from small

postage-stamp sized drives holding 1GB ofdata, to router-sized packages capable ofstoring 1000GB (1TB) of data.

ü Solid state storage is ideal for storage of datawhen fast storage and retrieval is important.

ü Applications for solid state data storage

systems include database acceleration, highdefinition video access and editing, dataretrieval, and SANS. High capacity solid statestorage devices can still be extremelyexpensive, but as the technology matures, theprices will come down.







Methods of File Backup• Normal (full):

ü A normal (or full) backup copies all selected files and marks each file as havingbeen backed up.

ü With normal backups, only the most recent backup is required to restore allfiles, speeding up and simplifying the restore process.

ü However, since all data is being backed up, a full backup takes the mostamount of time.

• Differential:

ü A differential backup copies only the files that have been changed since thelast full backup.

ü The differential backup process continues until another full backup is run.

ü This reduces the amount of time required to perform the backup.

ü When it is time to restore data, the last normal backup is restored and thelatest differential backup restores all changed files since the last full backup.







Methods of File Backup• Incremental:

ü An incremental backup differs from a differential backup on one importantpoint.

ü Whereas a differential backup saves files that were changed since the last fullbackup, an incremental backup only saves files that were created or changed

since the last incremental backup.







Methods of File Backup• Backup systems require regular maintenance to keep them running properly.

• Some steps to ensure the successful completion of backup include:

• Swap Media:

ü Data loss could occur if the tape or disk is not swapped daily.

ü Since swapping the tapes is a manual task, it is prone to failure.

ü Users need to use a notification method, such as calendar or task scheduling.

• Review Backup Logs

ü Virtually all backup software produces backup logs.

ü These logs report on the success of the backup, specifying where the backupfailed

ü Regular monitoring of backup logs allows for quick identification of any backupissues that require attention.







Methods of File Backup• Perform Trial Restores

ü Monitoring backup logs regularly does not mean that the procedure wassuccessful.

ü To verify that backup data is usable and that the restore procedure works,periodically perform a trial restore of data.

ü This ensures the backup procedures work.

• Perform Drive Maintenance

ü Many backup systems require special hardware to perform the backups.

ü Tape backup systems use a tape backup drive to read and write to the tapes

ü Tape drives can become dirty from use and can lead to mechanical failure.

üPerform routine cleaning of the tape drive using designated cleaning tapes

ü Hard drive-based backup systems can benefit from an occasionaldefragmentation to improve the overall performance of the system.







Best practives for Disaster Recovery• Data backup is an important part of any disaster recovery plan.

• A disaster recovery plan is a comprehensive document that describes how torestore operation quickly and keep a business running during or after a disasteroccurs.

• The disaster recovery plan can include information such as offsite locations where

services can be moved, information on switching out network devices and servers,as well as backup connectivity options.

• Services that might need to be available during a disaster include:

ü Database

ü Application servers

ü System management servers

üWeb

ü Data stores

ü Directory







Best practives for Disaster Recovery• Data backup is an important part of any disaster recovery plan.

• A disaster recovery plan is a comprehensive document that describes how torestore operation quickly and keep a business running during or after a disasteroccurs.

• The disaster recovery plan can include information such as offsite locations where

services can be moved, information on switching out network devices and servers,as well as backup connectivity options.

• Services that might need to be available during a disaster include:

ü Database

ü Application servers

ü System management servers

üWeb

ü Data stores

ü Directory







Best practives for Disaster Recovery• When designing a disaster recovery plan, it is important to understand the needs

of the organization.







Best practives for Disaster Recovery• Steps to creating the plan include:

1. Network Design Recovery Strategy

o Analyze the network design.

o Some aspects of the network design that should be included in the disasterrecovery are:

§ Is the network designed to survive a major disaster? This includes the useof backup connectivity options and redundancy in the network design

§ Availability of off-site servers that can support applications such as emailand database services

§ Availability of backup routers, switches, and other network devices shouldthey fail

§ Location of services and resources the network needs. Are they spreadover a wide geography?

2. Inventory and Documentation:








3. Verification : Create a verification process to prove that the disaster recoverstrategy works. Practice disaster recovery exercises to ensure that the plan is up-to-date and workable.

4. Approval and Implementation : Obtain senior management approval and obtain

a budget to implement the disaster recovery plan.5. Review: After the disaster recovery plan has been implemented for a year, review

the plan.













Summary

• Desktop security services for custumer, include: creatingsecure passwords, securing application with patchs andupgrades…

• Authentication, authorization, and accounting (AAA) is athree-step process used to monitor and control access on

a network.

• There are many security threats including DoS, DDoS,DRDoS attacks.

• IDS, IPS

• A Service level Agreement (SLA)• Backup solutions

• Disaster recovery plan








Date post:	06-Apr-2018
Category:	Documents
Upload:	httpheiserzcom
View:	225 times
Download:	0 times

CCNA Dis2 - Chapter 8 ISP Responsibility_ppt [Compatibility Mode]

Documents