Date post: | 20-Dec-2015 |
Category: |
Documents |
View: | 216 times |
Download: | 1 times |
NETWORKS
Lauren Hickman
Patrick McCamy
Morgan Pace
Noah Ryder
Objectives
Types of Networks Components of Networks Risks to Networks Network Security/Controls Auditing Networks
What is a Network?
Two or more connected computers that allow the process of telecommunications to occur
Telecommunications is the transfer of text, audio, video, or other data formats
Types of Networks
Characterized in 3 categories: Distance Ownership Client/Server Networks
Distance
Local Area Network (LAN) Connected computers within a short
geographical distance of one another Wide Area Network (WAN)
Connects computer large geographic away from one another
Ownership
Intranet Internal network within a company
Extranet Connects internal network to outside
business partners Virtual Private Network (VPN)
Uses public internet connection but achieves privacy through encryption and authentication
Client/Server Networks
Network servers that manage the networks and host applications that are shared with client computers
Two types: Two-tiered Three-tiered
Network Security and Controls Authentication
Process of ensuring users are who they say they are
Encryption Scrambling or coding data so that anyone
who views will not be able to decode it without a decryption key
Firewalls Hardware and software to control outside
access to the network
Components of a Network
Computers and terminals Telecommunication channels Telecommunication processors Routers and Switching devices
Computers and Terminals
Computers process data in a network and send/receive information to and from terminals
Terminals serve as input/output devices
Telecommunications Channels Transmit data from computer to
computer Physical transmitters Wireless transmitters
Telecommunications Processors Most common is a modem
Transforms digital communication signals to analog signals for transfer and then back to digital signals
Digital communication networks
Routers and Switching Devices Switches: connect network components
and ensure messages are delivered to appropriate destinations
Routers: similar to switches but with more complex features based on protocols
Approaches to switching Message switching Packet switching Circuit switching
Risks to Networks
Social Engineering Physical Infrastructure Threats Programmed Threats Denial of Service Threats Software Vulnerabilities
Social Engineering Diversion
“Soc-ing”
VoIP Vulnerabilities – Can open channel to network that is not fire-walled
Phishing Scams – i.e. – emails from unknown persons containing malicious links.
Cross Site Scripting (XSS) – leads to account hijacking, changing of user settings, cookie theft/poisoning, or false advertising
Network Security
Network manager and network security administration
Authentication Encryption Firewalls
Auditing Networks
Perform risk assessment procedures to assess vulnerabilities
Evaluate controls and their effectiveness Auditing Network Security
Network diagrams Determine what assets, who has access,
and understand connections Penetration testing Benchmarking
Risk Assessment Procedures Basic vulnerabilities of a network
Interception- transmitted data is intercepted by a third party
Availability- unavailability of the network could result in losses for the firm
Access/Entry points- a weak point in access can make the information assets vulnerable to intruders
Evaluate Controls
Physical access controls Transmitted information should be
encrypted Network should have sufficient
management Controls to limit the type of traffic Passwords for everyone who has access
Auditing Networks
Network diagrams Determine what assets Who has access Understand connections Penetration testing
Questions?