Security: Network Administration Principles - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • Rule-based management

    • The use of operational rules or restrictions to govern the security of an organization's infrastructure. A security policy used to determine how employees can access the Internet and other network resources is an example of rule-based management.

  • Firewall rules

    • Used to control traffic flowing through a firewall device.
      • Inbound rules: Define the action to be performed by the firewall on the data that enters the system from another system.
      • Outbound rules: Define the action to be performed by the firewall on the data that flows out of the system.

  • VLAN management

    • Can be complex. Most organizations will keep track of VLAN configuration using diagrams and documentation.

  • Secure router configuration

    • Ensuring that all routers on the network are properly secured to protect your network from attacks and can also prevent routing loops.

  • Access control lists

    • Networking ACLs
      • On routers and switches, rules that are applied to port numbers or IP addresses to control both inbound and outbound traffic
    • Filesystem ACLs
      • A table that contains entries that specify individual user or group rights to specific system objects such as programs, processes or files.

  • Port security

    • Disable unnecessary services.
    • Close ports that are by default open or have limited functionality.
    • Regularly applying the appropriate patches.
    • Hiding responses from ports that indicate their status and allow access to pre-configured connections only.

  • 802.1x

    • IEEE standard used to provide a port-based authentication mechanism for wireless communications. It uses the Extensible Authentication Protocol (EAP) to provide user authentication against a directory service.

  • Flood guards

    • Used to protect resources from flooding attacks, such as Distributed Denial of Service (DDoS) attacks.
    • Detectors are placed throughout the network and will react and apply the appropriate mitigation techniques when an attack occurs.

  • Loop protection

    • Occurs when one or more pathways exist between the endpoints in a network and packets get forwarded over and over again.
    • Loop protection is done by applying proper router configuration and manufacturer recommended configurations.

  • Implicit deny

    • Principle of denying all traffic unless it is specifically allowed.

  • Network separation

    • Splitting your network into two or more logically separated networks in order to separate critical network functions from non-critical network functions.
    • It can also prevent intruders from getting to other systems, and helps enforce access control efforts.

  • Log analysis

    • Logs must be regularly monitored and analyzed to detect any unauthorized intrusion attempts, and to assess any data leaks and insider threats.

  • Unified threat management

    • A system that centralized various security techniques like firewall, anti-malware, network intrusion prevention, URL filtering, content inspection, malware inspection, etc., into a single appliance.
    • They usually include a single manangement interface.
    • A downsides to UTM is can become a single point of failure that could affect an entire network.

  • WPA

    • Provides improved data encryption through the Temporal Key Integrity Protocol (TKIP), which is a security protocol created by the IEEE 802.11i task group to replace WEP.
    • It is combined with the existing WEP encryption to provide a 128-bit encryption key that fixes the key length issues of WEP

  • WPA2

    • In addition to TKIP, WPA2 adds Advanced Encryption Standard (AES) encryption for even greater security and to replace TKIP. It provides 128-bit encryption

  • WEP

    • Provides 64-bit, 128-bit, and 256-bit encryption using the Rivest Cipher 4 (RC4) algorithm.
    • WEP is considered a security hazard and had been depreciated due to vulnerabilities to initialization vector (IV) attacks

  • EAP

    • A framework that allows clients and servers to authenticate with each other using one of a variety of plug-ins.
    • It can be used with a wide range of current authentication methods, and is extensible for use with future authentication methods.

  • PEAP

    • Open standard implementation of EAP, developed by a coalition made up of Cisco System, Microsoft, and RSA Security

  • LEAP

    • Cisco System's proprietary implementation of EAP. Uses MS-CHAP, which is not considered secure

  • MAC filtering

    • The technique of allowing or denying devices with certain MAC addresses to connect to a network. A whitelist is used to specify which MAC addresses are granted access.
    • A blacklist is used to specify which MAC addresses are explicitly blocked.

  • Disable SSID broadcast

  • TKIP

  • CCMP

    • Counter Mode Cipher Block Chaining Message Authentication Code Protocol or Counter Mode CBC-MAC Protocol

  • Antenna placement

    • The radio frequency range of each access point should not extend beyond the physical boundaries of the organization's facilities

  • Power level controls

    • Used to reduce your wireless LAN transmitter power. Also helps to minimize power consumption within the wireless network

  • Captive portals

    • A technique that requires a client attempting to connect to the Internet to authenticate through a web page.
    • Commonly used by free and / or public Wi-Fi hotspots in order to get the user to agree to an acceptable use policy before they begin using the service

  • Antenna types

    • Omni-directional
      • Rubber duck
        • Small omni-directional antenna, usually sealed in a rubber jacket. They are ideal for mobility and are often used in walkie-talkies or other two-way radios
      • Ceiling dome
        • Omni-directional antenna is installed in ceilings and is commonly used to cover rooms in a building with a wireless signal
    • Directional
      • Yagi
        • A directional antenna used primarily in radio, but also used in long distance wireless networking to extend the range of hotspots
      • Parabolic
        • A very precise directional antenna often used in satellite dishes. Because it is so precise it is somewhat more difficult to establish a connection
      • Backfire
      • "Cantenna"

  • Site surveys

    • the collection of information on a location, including access routes, potential obstacles and best positioning of materials for the purpose of constructing a wireless network that provides quality coverage and bandwidth while at the same time being conscious of security protocols and requirements

  • VPN (over open wireless)

    • Used to provide authentication techniques and encrypt your data in transit over the network even when using an insecure wireless hotspots