Welcome to the Lesson 11.Our goal here is to give you the terminology,
the words that your customers are going to want you to know and want you to be
able to converse with.
Networks Need Security?
Authorization, and Accounting (AAA)
and Accounting Protocols
Kerberos Authentication technology
- Network Availability
Control Lists and Firewalls
Requirements in a Firewall and IPSec
Audit Network Vulnerability Assessment
All Networks Need Security
Security is very important. The Internet is a wonderful tool.
Meteoric growth like that of Cisco from nowhere to a multi-billion dollar company
in a decade would not be possible without leveraging the tools available with
the internet and intranet.
But without well defined security, the Internet can be a dangerous place. The
good news is that the tools are available to make the Internet a safe place for
your business. Some people think that only large sites are hacked. In reality,
even small company sites are hacked.
There’s a false impression from many small company owners that, "Hey,
who would want to break into my company? I’m a nobody.
I’m not a big corporation like IBM or the Pentagon or something like that,
so why would somebody want to break into my company?"
The reality is that even small companies are hacked into very, very often.
Why network security? There’s three primary reasons to explore network
- One is policy vulnerabilities.
- Another one, configuration vulnerabilities.
- Lastly, there’s technology vulnerabilities.
And the bottom line is there are people that are willing and eager to take advantage
of these vulnerabilities.
So these are some of the different things that we need to protect against:
Loss of privacy: Without encryption, every message sent
may be read by an unauthorized party. This is probably the largest inhibitor of
business-to-business communications today.
Impersonation: You must also be careful to protect your
identity on the Internet. Many security systems today rely on IP addresses to
uniquely identify users. Unfortunately this system is quite easy to fool and has
led to numerous break-ins.
Denial of service:And you must ensure that your systems
are available. Over the last several years, attackers have found deficiencies
in the TCP/IP protocol suite that allows them to arbitrarily cause computer systems
Loss of integrity:Even for data that is not confidential,
one must still take measures to ensure data integrity. For example, if you were
able to securely identify yourself to the your bank using digital certificates,
you would still want to ensure that the transaction itself is not modified in
some way, such as by changing the amount of the deposit.
Security Objective: Balance Business Needs with Risks
Objectives for security need to balance the risks of providing
access with the need to protect network resources. Creating a security policy
involves evaluating the risks, defining what’s valuable, and determining
whom you can trust. The security policy plays three roles to help you specify
what must be done to secure company assets.
-It specifies what is being protected and why, and the responsibility
for that protection.
-It provides grounds for interpreting and resolving conflicts
in implementation, without listing specific threats, machines,
or individuals. A well-designed policy does not change much over time.
-It addresses scalability issues
Employees expect access but an enterprise requires security. It is important to
plan with scalability and deployment of layered technologies in mind. Security
policies that inhibit productivity may be too restrictive.