IS 6973 - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

IS 6973

Description:

Expected Threats at the Edge (Table 13-1) ... Ingress/Egress Filtering. Unicast Reverse Path Forwarding (RPF) mechanism for implementing ingress/egress filtering ... – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0
Slides: 12
Provided by: alanandj
Category:
Tags: ingress

less

Transcript and Presenter's Notes

Title: IS 6973


1
IS 6973
  • Chapter Thirteen
  • Edge Security Design

2
Potential Network Edges
  • Private WAN links
  • Internet WAN links
  • Public servers
  • Site-to-site VPN tunnels
  • Remote user VPN tunnels
  • PSTN dial-up
  • Extranet connection
  • E-commerce networks

3
Expected Threats at the Edge (Table 13-1)
  • Presented in order of overall threat value
    according to Converys assessment (This order may
    not apply to your given network)
  • What would cause this order to change?

4
Identity Considerations of Network Edges
  • Private WAN links usually IP at L3 and user
    name/password at L7
  • Internet WAN links- IP address cannot determine
    if IP from acceptable IP range is spoofed
  • Public servers may accept all requests, or
    limit (HTTPS)
  • Site-to-site VPN tunnels often same as private
    WAN, except data is encrypted
  • Remote user VPN tunnels- username and password
    (OTP best) can use digital certificates
  • PSTN dial-up usernames and p/w OTP best
  • Extranet connection varies, depending upon
    purpose of extranet
  • E-commerce networks IP if browsing more
    detailed user identity if buying

5
Network Design Considerations for Networks of all
Sizes
  • ISP Router
  • Number of public servers
  • Branch versus head-end design
  • Remote access alternatives

6
ISP Router Design See the following
  • Ingress/Egress Filtering
  • Unicast Reverse Path Forwarding (RPF) mechanism
    for implementing ingress/egress filtering
  • Routing protocol authentication time consuming
    for the ISP
  • DDoS best practices do they follow them?

7
Number of Public Servers
  • Greater the number of public servers, the greater
    the ability to segment the provided services,
    which increases security
  • If segmented, compromise of one service does not
    automatically imply compromise of others

8
Branch Versus Head-End Design
  • Extent of security required at remote locations
    varies with their connectivity choices
  • If IT staff is centralized, still need to provide
    some way to manage remote systems

9
Remote Access Alternatives
  • Must have some level of trust with remote systems

10
Small vs. Large Network Design
  • What is wrong with designing a secure network
    based on its size?????
  • What is a better way?????
  • ONLY view pages 489-531 as potential options.

11
Chapter 13 Review Questions
  • What is a network edge? Provide examples of
    potential network edges.
  • Discuss 5 potential threat to the network edge
  • Discuss how users/devices are identified at the
    network edge
  • Discuss how your ISPs router could impact your
    level of security
  • Discuss the significance of the number of public
    servers in regard to secure network design.
  • If IT staffing is centralized, how can you manage
    remote sites?
  • What is wrong with designing a secure network
    based on its size? What is a better way?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "IS 6973" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!