P rofessional Development * L ife Skills * A cademic Development * N etworking.
P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.
-
Upload
emery-hodge -
Category
Documents
-
view
213 -
download
0
Transcript of P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.
![Page 1: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/1.jpg)
PRINCIPLES OF NETWORKING SECURITYCHAPTERS 3 & 4Matt Lavoie
NST281-01
![Page 2: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/2.jpg)
![Page 3: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/3.jpg)
Matt Lavoie
NST281-01
CHAPTER 3:
OPERATIONAL AND ORGANIZATIONAL SECURITY
![Page 4: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/4.jpg)
Security in Your Organization
Policy: A broad statement of accomplishment
Procedure: The step-by-step method to implement a policy
Standards: Mandatory elements of implementing a policy
Guidelines: Recommendations related to a policy
![Page 5: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/5.jpg)
Security in Your Organization Policy Lifecycle:
Plan Implement Monitor Evaluate
Establish a security perimeter
![Page 6: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/6.jpg)
Physical Security
Mechanisms to restrict physical access to computers and networks
Locks (combination/biometric/keyed) Video surveillance, logs, guards A room has six sides Physical barriers (gates/walls, man-traps,
open space)
![Page 7: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/7.jpg)
Environmental Issues
HVAC Systems: Climate control
UPS/Generators: Power failure
Fire Protection: Detect/suppress
Off-Site Backups: Bad stuff happens
![Page 8: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/8.jpg)
Other Issues
Wireless Wi-Fi / Cellular / Bluetooth
Electromagnetic Eavesdropping TEMPEST
Location Bury the sensitive stuff
![Page 9: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/9.jpg)
![Page 10: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/10.jpg)
Matt Lavoie
NST281-01
CHAPTER 4:
THE ROLE OF PEOPLE IN SECURITY
![Page 11: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/11.jpg)
Social Engineering
Making people talk Questions, emotions, weaknesses
Obtaining insider info (or having it) Knowledge of security procedures
Phishing Impersonation
![Page 12: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/12.jpg)
Social Engineering
Vishing Trust in voice technology (VoIP, POTS)
Shoulder surfing Observation for passcodes, PINs, etc
Reverse social engineering Victim initiates contact
![Page 13: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/13.jpg)
Poor Security Practices
Password selection Too short Not complicated Easy to guess Information on a person
Password policies Can encourage bad behavior
![Page 14: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/14.jpg)
Poor Security Practices
Same password, multiple accounts One compromises all
Piggybacking Controlled access points
Dumpster Diving Sensitive information discarded
![Page 15: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/15.jpg)
Poor Security Practices
Installing software/hardware Backdoors/rogue access points
Physical access by non-employees Control who gets in Pizza and flowers Legitimate access, nefarious intentions
![Page 16: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/16.jpg)
People as a Security Tool
Security Awareness Training/refreshers Be alert Don’t stick your head in the sand
Individual User Responsibilities Keep secure material secure
![Page 17: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/17.jpg)
![Page 18: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/18.jpg)
In a properly secured environment, people are the weakest link
A system with physical access is a compromised system
What Have We Learned?
![Page 19: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.](https://reader036.fdocuments.us/reader036/viewer/2022082816/56649f505503460f94c73676/html5/thumbnails/19.jpg)
Questions and Answers