SlideShare ist ein Scribd-Unternehmen logo

Network Security

Als PPSX, PDF herunterladen
Eng Hasan Shamroukh CISCO Exams Author
Eng Hasan Shamroukh CISCO Exams Author

Network Security

Technologie
1 von 38
Speaker Eng Hasan Shamroukh https://www.youtube.com/watch?v=AmH2nKNPphM
Seminar Agenda •Security Definition •Security Solutions •VPN •Security Devices •AAA •Firewall Configuration
What is Security? •“The quality or state of being secure/to be free from danger” •multiple layers of security –Physical security –Personal security –Operations security –Communications security –Network security –Information security
Wireless Security BYOD
Security Elements •Bring Your Own Device (BYOD) •Adaptive Security Appliance (ASA) •Mobile Device Management (MDM) •RSA SecureID ( •Active Directory (AD) •Certificate Authority (CA) •Identity Service Engine (ISE)
Virtual Security Solution
Example of Security Attacks
VPN •Virtual Private Network •It is a Data Tunnel to pass safely without being seen by hacker (attacker) •VPN Types according to devices: •1- Site-to-Site: No host used generally •(router-router) (ASA-ASA) (router-ASA) •2- Remote Access (router-host) (Server-client)
•VPN Types according to layers: •IPSEC: L3 (IP) used for both site-to-site & remote access •SSL: Secure Socket Layer (TCP/L4) used for remote access
•MPLS VPN: Multi Protocol Label Switching •L2VPN: CE-CE •L3VPN: PE-CE
VPN Types
IPSEC
GRE Generic Routing Encapsulation VPN type with the same IP version in both the physical & logical network Both IPv4 or Both IPv6
Firewall
•3 ports : •In max. security level=100 •(private/local/internal) network •Out min. security level=0 •(public/global/external) network •DMZ fair security level=50 •Demilitarized Zone (Server Farm)
IPS/IDS
Cloud Email Security
ESA: Email Security Appliance
CWS: Cloud Web Security
WSA: Web Security Appliance 1. An internal user makes an HTTP request to an external website. The client browser is configured to send the request to the Cisco WSA. 2. The Cisco WSA connects to the website on behalf of the internal user. 3. The firewall (Cisco ASA) is configured to only allow outbound web traffic from the Cisco WSA, and it forwards the traffic to the web server.
Web Cache Communication Protocol (WCCP). 1. An internal user makes an HTTP request to an external website. 2. The internal router (R1) redirects the web request to the Cisco WSA using WCCP. 3. The Cisco WSA connects to the website on behalf of the internal user. 4. Also in this example, the firewall (Cisco ASA) is configured to only allow outbound web traffic from the WSA. The web traffic is sent to the Internet web server.
WSA Cluster
SMA: Security Management Appliance
AAA •Authentication – Authorization – Accounting •Authentication: username & password verification •Authorization: allowed services for user •Accounting: applied action towards user •TACACS+ (just CISCO) RADIUS (all vendors)
Internet Access by ASA
ASA – configuring VLAN 1 •()#interface Vlan1 •()#no ip add •()#nameif inside •()#security-level 100 •()#ip address 172.16.1.1 255.255.255.0 •()#exit •()#int e0/1 •()#switchport access vlan 1 •!
•()#interface Vlan2 •()#nameif outside •()#security-level 0 •()#ip address 203.1.1.2 255.255.255.0 •()#exit •()#int e0/0 •()#switchport access vlan 2 ASA – configuring VLAN 2
ASA – Configuring NAT •()#object network lan •()#subnet 172.16.1.0 255.255.255.0 •()#nat (inside,outside) dynamic interface •()#exit •()#route outside 0.0.0.0 0.0.0.0 203.1.1.1 1
ASA – Configuring ACL •()#access-list cisco extended permit tcp any any •()#access-list cisco extended permit icmp any any •()#access-group cisco in interface outside
ASA – Configuring DHCP •Be careful!! •Delete the default configuration •Convert the 2 PC from static to DHCP •()#No dhcpd address 192.168.1.5-192.168.1.35 inside •()#dhcpd address 172.16.1.5-172.16.1.6 inside •()#dhcpd dns 8.8.8.8 interface inside
ISP – IP/Routing •interface GigabitEthernet0/0 •ip address 203.1.1.1 255.255.255.0 •no shut •interface GigabitEthernet0/1 •ip address 8.8.8.1 255.255.255.0 •no shut •router ospf 1 •network 203.1.1.0 0.0.0.255 area 0 •network 8.8.8.0 0.0.0.255 area 0
Server Configuration •IP: 8.8.8.8 •SM: 255.255.255.0 •DGW: 8.8.8.1
Now •PC>ping 8.8.8.8 •Both hosts can ping the Google server
Network Security
Network Security

Empfohlen

Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
n|u - The Open Security Community
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security Deployment
Cisco Canada
 
Adopting Modern SSL / TLS
Adopting Modern SSL / TLSAdopting Modern SSL / TLS
Adopting Modern SSL / TLS
Avi Networks
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
NetSPI
 
BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...
BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...
BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...
Dzmitry Durasau
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking Authentication
Sam Bowne
 

Empfohlen

Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
n|u - The Open Security Community
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security Deployment
Cisco Canada
 
Adopting Modern SSL / TLS
Adopting Modern SSL / TLSAdopting Modern SSL / TLS
Adopting Modern SSL / TLS
Avi Networks
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
NetSPI
 
BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...
BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...
BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...
Dzmitry Durasau
 
Ch 6: Attacking Authentication
Ch 6: Attacking AuthenticationCh 6: Attacking Authentication
Ch 6: Attacking Authentication
Sam Bowne
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
ZIONSECURITY
 
Cisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in ShortCisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in Short
Priyank Sharma
 
Apache HttpD Web Server - Hardening and other Security Considerations
Apache HttpD Web Server - Hardening and other Security ConsiderationsApache HttpD Web Server - Hardening and other Security Considerations
Apache HttpD Web Server - Hardening and other Security Considerations
Andrew Carr
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
Madhu Akula
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CanSecWest
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my Honeypots
APNIC
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
NetSPI
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
Maarten Smeets
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
Lalit Rawat
 
Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018
Toni de la Fuente
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016
Rahul
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)
Sam Bowne
 
MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the Cloud
MongoDB
 
사물 인터넷을 위한 AWS FreeRTOS 소개
사물 인터넷을 위한 AWS FreeRTOS 소개사물 인터넷을 위한 AWS FreeRTOS 소개
사물 인터넷을 위한 AWS FreeRTOS 소개
Harry Oh
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context Training
Tariq Bader
 
El riesgo para tu negocio crece; cómo protegerte frente al Ransomware y otras...
El riesgo para tu negocio crece; cómo protegerte frente al Ransomware y otras...El riesgo para tu negocio crece; cómo protegerte frente al Ransomware y otras...
El riesgo para tu negocio crece; cómo protegerte frente al Ransomware y otras...
Plain Concepts
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
Shiu-Fun Poon
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
 
It’s All In The Name - Deral Heiland
It’s All In The Name - Deral HeilandIt’s All In The Name - Deral Heiland
It’s All In The Name - Deral Heiland
EC-Council
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
Sai Kesavamatham
 

Weitere ähnliche Inhalte

Was ist angesagt?

BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CanSecWest
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
NetSPI
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
Maarten Smeets
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context Training
Tariq Bader
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
 

Was ist angesagt? (20)

Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
 
Cisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in ShortCisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in Short
 
Apache HttpD Web Server - Hardening and other Security Considerations
Apache HttpD Web Server - Hardening and other Security ConsiderationsApache HttpD Web Server - Hardening and other Security Considerations
Apache HttpD Web Server - Hardening and other Security Considerations
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my Honeypots
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
 
Attack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration TestingAttack All the Layers - What's Working in Penetration Testing
Attack All the Layers - What's Working in Penetration Testing
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
 
Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)
 
MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the Cloud
 
사물 인터넷을 위한 AWS FreeRTOS 소개
사물 인터넷을 위한 AWS FreeRTOS 소개사물 인터넷을 위한 AWS FreeRTOS 소개
사물 인터넷을 위한 AWS FreeRTOS 소개
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context Training
 
El riesgo para tu negocio crece; cómo protegerte frente al Ransomware y otras...
El riesgo para tu negocio crece; cómo protegerte frente al Ransomware y otras...El riesgo para tu negocio crece; cómo protegerte frente al Ransomware y otras...
El riesgo para tu negocio crece; cómo protegerte frente al Ransomware y otras...
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 

Ähnlich wie Network Security

It’s All In The Name - Deral Heiland
It’s All In The Name - Deral HeilandIt’s All In The Name - Deral Heiland
It’s All In The Name - Deral Heiland
EC-Council
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
Lancope, Inc.
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
slavenvvv
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
Xavier Ashe
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
Northeast Ohio Information Security Forum
 

Ähnlich wie Network Security (20)

It’s All In The Name - Deral Heiland
It’s All In The Name - Deral HeilandIt’s All In The Name - Deral Heiland
It’s All In The Name - Deral Heiland
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Enterprise Network Design and Deployment
Enterprise Network Design and Deployment Enterprise Network Design and Deployment
Enterprise Network Design and Deployment
 
Networking & Security Fundamentals
Networking & Security FundamentalsNetworking & Security Fundamentals
Networking & Security Fundamentals
 
Networking & security
Networking & securityNetworking & security
Networking & security
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
Cyber Crime / Cyber Secuity Testing Architecture by MRITYUNJAYA HIKKALGUTTI (...
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
MongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud Security
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy Anton
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
 
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the RiskOpen and Secure SCADA: Efficient and Economical Control, Without the Risk
Open and Secure SCADA: Efficient and Economical Control, Without the Risk
 
4aa5 3404
4aa5 34044aa5 3404
4aa5 3404
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 

Mehr von Eng Hasan Shamroukh CISCO Exams Author

Mehr von Eng Hasan Shamroukh CISCO Exams Author (13)

Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Fiber optics
Fiber opticsFiber optics
Fiber optics
 
Public Artificial Intelligence الذكاء الاصطناعي الحكومي
Public Artificial Intelligence الذكاء الاصطناعي الحكومي Public Artificial Intelligence الذكاء الاصطناعي الحكومي
Public Artificial Intelligence الذكاء الاصطناعي الحكومي
 
Big data البيانات الضخمة
Big data البيانات الضخمةBig data البيانات الضخمة
Big data البيانات الضخمة
 
5G
5G 5G
5G
 
Big Data
Big DataBig Data
Big Data
 
Mobile security
Mobile securityMobile security
Mobile security
 
Iot security
Iot securityIot security
Iot security
 
Vsat
VsatVsat
Vsat
 
Wireless
WirelessWireless
Wireless
 
Vo ip
Vo ipVo ip
Vo ip
 
الاستثمار الأمثل للهواتف الذكية
الاستثمار الأمثل للهواتف الذكيةالاستثمار الأمثل للهواتف الذكية
الاستثمار الأمثل للهواتف الذكية
 
Telecom seminar
Telecom seminarTelecom seminar
Telecom seminar
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Kürzlich hochgeladen (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Network Security

  • 1.
  • 3.
  • 4. Seminar Agenda •Security Definition •Security Solutions •VPN •Security Devices •AAA •Firewall Configuration
  • 5. What is Security? •“The quality or state of being secure/to be free from danger” •multiple layers of security –Physical security –Personal security –Operations security –Communications security –Network security –Information security
  • 6.
  • 8. Security Elements •Bring Your Own Device (BYOD) •Adaptive Security Appliance (ASA) •Mobile Device Management (MDM) •RSA SecureID ( •Active Directory (AD) •Certificate Authority (CA) •Identity Service Engine (ISE)
  • 11. VPN •Virtual Private Network •It is a Data Tunnel to pass safely without being seen by hacker (attacker) •VPN Types according to devices: •1- Site-to-Site: No host used generally •(router-router) (ASA-ASA) (router-ASA) •2- Remote Access (router-host) (Server-client)
  • 12. •VPN Types according to layers: •IPSEC: L3 (IP) used for both site-to-site & remote access •SSL: Secure Socket Layer (TCP/L4) used for remote access
  • 13. •MPLS VPN: Multi Protocol Label Switching •L2VPN: CE-CE •L3VPN: PE-CE
  • 15. IPSEC
  • 16. GRE Generic Routing Encapsulation VPN type with the same IP version in both the physical & logical network Both IPv4 or Both IPv6
  • 18. •3 ports : •In max. security level=100 •(private/local/internal) network •Out min. security level=0 •(public/global/external) network •DMZ fair security level=50 •Demilitarized Zone (Server Farm)
  • 21. ESA: Email Security Appliance
  • 22. CWS: Cloud Web Security
  • 23. WSA: Web Security Appliance 1. An internal user makes an HTTP request to an external website. The client browser is configured to send the request to the Cisco WSA. 2. The Cisco WSA connects to the website on behalf of the internal user. 3. The firewall (Cisco ASA) is configured to only allow outbound web traffic from the Cisco WSA, and it forwards the traffic to the web server.
  • 24. Web Cache Communication Protocol (WCCP). 1. An internal user makes an HTTP request to an external website. 2. The internal router (R1) redirects the web request to the Cisco WSA using WCCP. 3. The Cisco WSA connects to the website on behalf of the internal user. 4. Also in this example, the firewall (Cisco ASA) is configured to only allow outbound web traffic from the WSA. The web traffic is sent to the Internet web server.
  • 27. AAA •Authentication – Authorization – Accounting •Authentication: username & password verification •Authorization: allowed services for user •Accounting: applied action towards user •TACACS+ (just CISCO) RADIUS (all vendors)
  • 29. ASA – configuring VLAN 1 •()#interface Vlan1 •()#no ip add •()#nameif inside •()#security-level 100 •()#ip address 172.16.1.1 255.255.255.0 •()#exit •()#int e0/1 •()#switchport access vlan 1 •!
  • 30. •()#interface Vlan2 •()#nameif outside •()#security-level 0 •()#ip address 203.1.1.2 255.255.255.0 •()#exit •()#int e0/0 •()#switchport access vlan 2 ASA – configuring VLAN 2
  • 31. ASA – Configuring NAT •()#object network lan •()#subnet 172.16.1.0 255.255.255.0 •()#nat (inside,outside) dynamic interface •()#exit •()#route outside 0.0.0.0 0.0.0.0 203.1.1.1 1
  • 32. ASA – Configuring ACL •()#access-list cisco extended permit tcp any any •()#access-list cisco extended permit icmp any any •()#access-group cisco in interface outside
  • 33. ASA – Configuring DHCP •Be careful!! •Delete the default configuration •Convert the 2 PC from static to DHCP •()#No dhcpd address 192.168.1.5-192.168.1.35 inside •()#dhcpd address 172.16.1.5-172.16.1.6 inside •()#dhcpd dns 8.8.8.8 interface inside
  • 34. ISP – IP/Routing •interface GigabitEthernet0/0 •ip address 203.1.1.1 255.255.255.0 •no shut •interface GigabitEthernet0/1 •ip address 8.8.8.1 255.255.255.0 •no shut •router ospf 1 •network 203.1.1.0 0.0.0.255 area 0 •network 8.8.8.0 0.0.0.255 area 0
  • 35. Server Configuration •IP: 8.8.8.8 •SM: 255.255.255.0 •DGW: 8.8.8.1
  • 36. Now •PC>ping 8.8.8.8 •Both hosts can ping the Google server