SlideShare ist ein Scribd-Unternehmen logo

Network & security startup

‱Als PPSX, PDF herunterladen‱
‱
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS

Kick start for network security components

Technologie
1 von 22
Finto Thomas Created 18 Nov 2011 Reviewed : Mar 2015 Ver 3.0 Network & security Startup Before we enter to LAB 1
Agenda  OSI Model Overview  Function of network & security devices  Routers / Switches  Firewall  Proxy firewall  State full firewall  Packet filter firewall  IDS /IPS  Web Application Firewall – WAF  File Integrity manager – FIM  Anti Spam / MTA / Email Gateway (MX)  Encryption - VPN  File & Whole Disk Encryption  Vulnerability Vs Risk  Security Event & Incident Management - SIEM  Network Cheat Sheet  Linux overview  CASE STUDY 2
Open Systems Interconnection model (OSI model) Application 7 Presentation 6 Session 5 Transport 4 Network 3 Data Link 2 Physical 1 DATA Format Logical Connection TCP /UDP / ICMP IP / IPX / SNA MAC bit DATA Segment Packet Frames bit Layers Function DATA UNIT Why ISO – OSI Model To be in standardized communication between multivendor devices in networked scenarios, else we have to strict to purchase always one vendor products to communicate each other !!! 3
 Application (7) – is provide end-user interface & process Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer.  Presentation (6) - provides independence from differences in data representation, which format we save the content and processing while accessing the from file system. . It is sometimes called the syntax layer.  Session (5) - , manages and terminates connections between applications and between hosts The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end machines. It deals with session and connection coordination.  Transport (4) - This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer. By define the traffic TCP/ UDP. And for PING using ICMP protocol.  Network (3) - provides routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing. By define routing & routed protocols. Routed protocol are IP , IPX and IBM’s SNA. Routing protocal are OSPF, EIGRP.. etc (Routers & layer 3 Switches)  Data link (2) - At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking. (Switches)  Physical (1) - This layer conveys the bit stream - electrical impulse, light or radio signal -- GoldenRulesofNetwork& Security 4
Function of network & security devices In present Network infrastructure we can meet multiple types of devices, each devices have its own functions, Routers - Layer 3 Routing device working routed Protocols like IP, IPX. If there is two different subnet machine must need a router to communicate between those. Also known as Packet filter Firewall because it can block or allow traffic on packet based (IP based). (Cisco IOS, 7500, Juniper JUNOS) Switches – Layer 2 Switching devices for switching the path between hosts with MAC on same subnet. If we have only two machine we can setup direct connection, but if have more then two we bring Switches or HUB to interconnects.(Cisco IOS, Juniper , Nortel). There are Two kind – Manageable & non Manageable Switches for VLAN creation. Note : Layer 3 switches are capable with routing function. HUB – Layer 1 device older version for interconnect multiple machine in same subnet, with single broadcast & Collision domain, which was over come in Switches. (Dlink, Netgear) State full Firewall – Layer 7 Device for Gate way function to allow or deny the network traffic passing though this device based on IP address or/and TCP/ UDP port. And its keep a state table of each session passing through this FW, so when a return packet came will match to this table to allow to inside back.(Juniper Screen OS, Cisco PIX /ASA, Microsoft ISA, Check point, Cross beam, Nokia, Sonicwall) Load Balancers (LB) - Load balancers used for Network or Server based 5
 Computers are working on all Layers, so its can show all natures of any network security device, still we are going for specific appliance because of performance and reliability.  When a packet passing through L2 Switch always its modify the MAC address of Source and Destination.  When a packet passing through Router its always change MAC address and may IP for NATing  When a packet pass through IPS, its will alter the MAC. IP address according to device deployment mode  When a packet pass through Firewall , will change MAC. IP address & port number can change according to deployment – NAT & PAT.  NAT - IP Address Translation can we achieved in different way according to architecture of network customers needed. Routers & Firewalls can perform these actions. One to One is Static NAT, Group of Private IPs to one or more IP translations known as PAT (Port address translation.)  MIP & VIP - Statically mapped Public IP’s known as MIP (Mapped IP). Group based (Server Forms ) to limited Public knowm VIP. Client PC Switch -L2 Router – L3 IDS/IPS Firewall 6
IDS/ IPS –all Layer 7, can report or block significant traffic/code on specific ports, Example – firewall can block/allow entire traffic through port http (80), IPS can block content based filtering on (Suspicious) traffic and genuine packets still allow to inside through HTTP port. Host based IDS/IPS can install over a OS to protect the specific machine (Proventia for Windows, Endpoint security.) Network based IDS/IPS using to monitor the traffic over a network. Draw back is only can block (Inline protection) the traffic if the packet passing through the appliance. Example, if need to monitor a traffic on single switch can only do Detection, but between two switch / Router /firewall can put in inline protection mode to block suspicious traffic. An IDS can only configure as Detection only mode but IPS can be both Detection (Promiscuous) or Prevention mode (Inline). Note : Please refer next page Diagram to understand better.  ISS have two line of product Proventia (IPS) and real sensor (IDS), Proventia have Software version for Linux & windows serves and Desktop along with Appliance (HW + customized OS + Application) GX series.  Other vendors are Cisco’s IDM, Juniper IDM, Soucrefire (Snort IDS), McAfee’s Intrushield 7 IDS or IPS
Promiscuous / TAP mode: Here we can only put the agent in Detection mode only even its IPS support Inline mode: Here we can put the agent in Detection / Prevention mode according to device capability or design wise. PIC -1 PIC - 2 8
Web Application Firewall 9 A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked ; Wiki-OWASP  ADC – Application Defense Center (Research-Driven Security Policies)  Threat Radar  Drop in deployment  Four Mode of Implementations  OWASP_Best_Practices:_Use_of_Web_Application _Firewalls Cont.
10 Imperva– SecureSphere
File Integrity Manager - FIM 11 File integrity monitoring (FIM) is an internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and the known, good baseline. This comparison method often involves calculating a known cryptographic checksum of the file's original baseline and comparing with the calculated checksum of the current state of the file.[1] Other file attributes can also be used to monitor integrity.[2] Generally, the act of performing file integrity monitoring is automated using internal controls such as an application or process. Such monitoring can be performed randomly, at a defined polling interval, or in real-time.  Regulatory requirement
 Proxy – work on upper layer (7,6 5 & 4 layers). Its also known as Application firewall or Proxy firewall. where both ends of a connection are forced to conduct the session through the proxy. turns a two-party session into a four-party session, with the middle process emulating the two real hosts. So firewall proxy servers centralize all activity for an application into a single server for SMTP (Emails), HTTP (Internets), etc.. Below picture is an example of forward Proxy. (Blucoat, Websense, Iron Port)  Note :A reverse proxy taking requests from the Internet and forwarding them to servers in an internal network. So Serve identity is safe, LB and SSL will doing by these reverse proxies. PIC – 3 12 Proxy Server
Web & Mail | Anti Spam Traffic flow PIC - 4 Web traffic (http & https) will choose Proxy server route by PROXY setting on web browser. If there is no PROXY setting will take the default routing route available on machine. Note : To see Routes & Default Route on machine use command ‘route print’ Or ‘netstat –r’.13
Email Gateway & Anti Spam  mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client– server application architecture (MS exchange server Or Lotus Domino Server). An MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol.  The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services  Anti Spam & anti virus appliances will use at gate way level to reduce the SPAM coming inside. (Proventia Mail scanner, Iron port ) 14 PIC - 5
 Encryption is the process of transforming data into an unintelligible form to prevent the unauthorized use of the data. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text; encrypted data is called cipher text. A cipher is an encryption- decryption algorithm.  User ID & Password | Documents & mails - Certificates  Desktop / removable disk Encryption - PGP  VPN - Site to Site , Client access & SSL - HTTPS & Cisco / Juniper VPN client Encryption 15 PIC – 6
VPN  A virtual private network (VPN) is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network.  VPNs typically require remote users of the network to be authenticated, and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.  VPNs may serve any network functionality that is found on any network, such as sharing of data and access to network resources, printers, databases, websites, etc. A VPN user typically experiences the central network in a manner that is identical to being connected directly to the central network. VPN technology via the public Internet has replaced the need to requisition and maintain expensive dedicated leased-line telecommunication circuits once typical in wide-area network installations. ‱ Between Offices (Sites) using Site to Site VPN (IPSec), other name is LAN to LAN Tunnel. ‱ Remote single users using ‘Client VPN’ or ‘Remote User VPN ‘ (Exp BHPB- Cisco VPN, SSB – Juniper) IPSec framework. ‱ SSL VPN is different than IPSec, used on WEB based VPNs – HTTPS and citrix VPN (SSB citrix connection) ‱ SOCKS is again a different frame work for Secure communications. 16 PIC - 7
File & Whole disk Encryption 17
Threat Vs Vulnerability Vs Risk  The term “vulnerability” refers to the security flaws (Weakness ) in a system that allow an attack to be successful.  Threat is the frequency of potentially adverse events.  Risk = Threat * Vulnerability * Asset Value Scenario 1: forgot the Car key in side the Car is an Vulnerability, threat here is where we put the car & key, in City or Village, ie how potential on vulnerability. Asser value is what kind car we using Maruti or Ferrari  . Scenario 2:Think we left server / laptop unlocked in home or office  a vulnerability assessment is the process of identifying and quantifying vulnerabilities in an environment. It is an in-depth evaluation of your posture, indicating weaknesses as well as providing the appropriate mitigation procedures required to either eliminate those weaknesses or reduce them to an acceptable level of risk.  On the other hand, a pen test simulates the actions of an external and/or internal attacker that aims to breach the security of the organization. Using many tools and techniques, the penetration tester attempts to exploit critical systems and gain access to sensitive data. Depending on the scope, a pen test can expand beyond the network to include social engineering attacks or physical security tests. (White Box, Gray Box, Black Box) (Back Track 5 - OS)18
SIEM 19  Event & Log Collection to a centralized console  Normalize the event  Correlate the events  Identify the suspected activity  Link to the VA reports  Report and visibility to the security.
20 CCNA Cheat Sheet - Network Overview
Linux Overview 21  Everything in Linux is a file including the hardware and even the directories.  # : Denotes the super(root) user  $ : Denotes the normal user  No capital letters on linux commands / file names . And all are case sensitive.  /root: Denotes the super user’s directory  /home: Denotes the normal user’s directory.  Up arrow key: To redisplay the last executed command. The Down arrow key can be used to print the next command used after using the Up arrow key previously.  cd : The cd command can be used trickily in the following ways:  cd : To switch to the home user  cd * : To change directory to the first file in the directory (only if the first file is a directory)  cd .. : To move back a folder  cd - : To return to the last directory you were in  Files starting with a dot (.) are a hidden file.  To view hidden files: ls -a  ls: The ls command can be use trickily in the following ways:  ls *.* : To view a list of all the files with extensions only.  Pwd : to show the present location we stand
Thank you Case Study : ‱Why need Site to Site VPN instead more secure and reliable Leased line ? ‱Why Firewall not placed directly from internet and link terminations ‱How Failover Works ‱Why need VLANs ‱Where and all can placed IDS or IPS 22 PIC- 8

Empfohlen

Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
Rishabh Dangwal
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigation
Rishabh Dangwal
 
Cours Cisco
Cours CiscoCours Cisco
Cours Cisco
123addou
 
CCNA PPP and Frame Relay
CCNA PPP and Frame RelayCCNA PPP and Frame Relay
CCNA PPP and Frame Relay
Dsunte Wilson
 
Ccna notes
Ccna notesCcna notes
Ccna notes
Ramesh Kumar
 
Tutorial on IEEE 802.11 - MAC Protocols and Frames
Tutorial on IEEE 802.11 - MAC Protocols and FramesTutorial on IEEE 802.11 - MAC Protocols and Frames
Tutorial on IEEE 802.11 - MAC Protocols and Frames
Dheryta Jaisinghani
 
L2 tp
L2 tpL2 tp
L2 tp
Ramya Chowdary
 
Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 Switches
Navaneetha Sankar
 

Empfohlen

Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
Rishabh Dangwal
 
Introduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigationIntroduction to layer 2 attacks & mitigation
Introduction to layer 2 attacks & mitigation
Rishabh Dangwal
 
Cours Cisco
Cours CiscoCours Cisco
Cours Cisco
123addou
 
CCNA PPP and Frame Relay
CCNA PPP and Frame RelayCCNA PPP and Frame Relay
CCNA PPP and Frame Relay
Dsunte Wilson
 
Ccna notes
Ccna notesCcna notes
Ccna notes
Ramesh Kumar
 
Tutorial on IEEE 802.11 - MAC Protocols and Frames
Tutorial on IEEE 802.11 - MAC Protocols and FramesTutorial on IEEE 802.11 - MAC Protocols and Frames
Tutorial on IEEE 802.11 - MAC Protocols and Frames
Dheryta Jaisinghani
 
L2 tp
L2 tpL2 tp
L2 tp
Ramya Chowdary
 
Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 Switches
Navaneetha Sankar
 
Dynamic routing protocols (CCNA)
Dynamic routing protocols (CCNA)Dynamic routing protocols (CCNA)
Dynamic routing protocols (CCNA)
Varinder Singh Walia
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
samis
 
CCNA ppt
CCNA pptCCNA ppt
CCNA ppt
Sumant Garg
 
200-125-ccna-v3
200-125-ccna-v3200-125-ccna-v3
200-125-ccna-v3
Ibby Nuj
 
L2 tp., ip sec
L2 tp., ip secL2 tp., ip sec
L2 tp., ip sec
ZekriaMuzafar
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Sumutiu Marius
 
Presentation of the IEEE 802.11a MAC Layer
Presentation of the IEEE 802.11a MAC LayerPresentation of the IEEE 802.11a MAC Layer
Presentation of the IEEE 802.11a MAC Layer
Mahdi Ahmed Jama
 
CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5
Nil Menon
 
Brk 135 t-ccna_switching
Brk 135 t-ccna_switchingBrk 135 t-ccna_switching
Brk 135 t-ccna_switching
parthasn83
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
sandy_vasan
 
Vlan
VlanVlan
Vlan
PAF-KIET
 
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Julien Vermillard
 
Kurose ross wi_fi
Kurose ross wi_fiKurose ross wi_fi
Kurose ross wi_fi
Gopi Saiteja
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
P1Security
 
I ptable
I ptableI ptable
I ptable
Sandeep Gupta
 
Ccna interview questions
Ccna interview questionsCcna interview questions
Ccna interview questions
Sanjay Thakare
 
CCNAv5 - S4: Chapter 4 Frame Relay
CCNAv5 - S4: Chapter 4 Frame RelayCCNAv5 - S4: Chapter 4 Frame Relay
CCNAv5 - S4: Chapter 4 Frame Relay
Vuz Dở HÆĄi
 
Common types of networks(networking)
Common types of networks(networking)Common types of networks(networking)
Common types of networks(networking)
welcometofacebook
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
saad504633
 
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Vanitha Joshi
 
Basic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesBasic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notes
Vamsi Krishna Kalavala
 

Weitere Àhnliche Inhalte

Was ist angesagt?

200-125-ccna-v3
200-125-ccna-v3200-125-ccna-v3
200-125-ccna-v3
Ibby Nuj
 
Brk 135 t-ccna_switching
Brk 135 t-ccna_switchingBrk 135 t-ccna_switching
Brk 135 t-ccna_switching
parthasn83
 
Kurose ross wi_fi
Kurose ross wi_fiKurose ross wi_fi
Kurose ross wi_fi
Gopi Saiteja
 
Ccna interview questions
Ccna interview questionsCcna interview questions
Ccna interview questions
Sanjay Thakare
 
Common types of networks(networking)
Common types of networks(networking)Common types of networks(networking)
Common types of networks(networking)
welcometofacebook
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin
 

Was ist angesagt? (19)

Dynamic routing protocols (CCNA)
Dynamic routing protocols (CCNA)Dynamic routing protocols (CCNA)
Dynamic routing protocols (CCNA)
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
 
CCNA ppt
CCNA pptCCNA ppt
CCNA ppt
 
200-125-ccna-v3
200-125-ccna-v3200-125-ccna-v3
200-125-ccna-v3
 
L2 tp., ip sec
L2 tp., ip secL2 tp., ip sec
L2 tp., ip sec
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
 
Presentation of the IEEE 802.11a MAC Layer
Presentation of the IEEE 802.11a MAC LayerPresentation of the IEEE 802.11a MAC Layer
Presentation of the IEEE 802.11a MAC Layer
 
CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5
 
Brk 135 t-ccna_switching
Brk 135 t-ccna_switchingBrk 135 t-ccna_switching
Brk 135 t-ccna_switching
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
 
Vlan
VlanVlan
Vlan
 
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
 
Kurose ross wi_fi
Kurose ross wi_fiKurose ross wi_fi
Kurose ross wi_fi
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
 
I ptable
I ptableI ptable
I ptable
 
Ccna interview questions
Ccna interview questionsCcna interview questions
Ccna interview questions
 
CCNAv5 - S4: Chapter 4 Frame Relay
CCNAv5 - S4: Chapter 4 Frame RelayCCNAv5 - S4: Chapter 4 Frame Relay
CCNAv5 - S4: Chapter 4 Frame Relay
 
Common types of networks(networking)
Common types of networks(networking)Common types of networks(networking)
Common types of networks(networking)
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
 

Ähnlich wie Network & security startup

Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Vanitha Joshi
 
Basic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesBasic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notes
Vamsi Krishna Kalavala
 
Ccna introduction
Ccna introductionCcna introduction
Ccna introduction
Mukesh Gautam
 
Ccent notes part 1
Ccent notes part 1Ccent notes part 1
Ccent notes part 1
ahmady
 

Ähnlich wie Network & security startup (20)

CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
 
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
 
Basic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesBasic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notes
 
Ccna introduction
Ccna introductionCcna introduction
Ccna introduction
 
pppppppppppppppppjjjjjjjjjjjpppppppp.pptx
pppppppppppppppppjjjjjjjjjjjpppppppp.pptxpppppppppppppppppjjjjjjjjjjjpppppppp.pptx
pppppppppppppppppjjjjjjjjjjjpppppppp.pptx
 
Gateway and firewall
Gateway and firewallGateway and firewall
Gateway and firewall
 
Ccent notes part 1
Ccent notes part 1Ccent notes part 1
Ccent notes part 1
 
Introduction to OSI and QUIC
Introduction to OSI and QUICIntroduction to OSI and QUIC
Introduction to OSI and QUIC
 
Network architecture - part-I
Network architecture - part-INetwork architecture - part-I
Network architecture - part-I
 
IPS_3M_eng
IPS_3M_engIPS_3M_eng
IPS_3M_eng
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
Data Link Layer _latest development_project.pptx
Data Link Layer _latest development_project.pptxData Link Layer _latest development_project.pptx
Data Link Layer _latest development_project.pptx
 
Computer networks - CBSE New Syllabus (083) Class - XII
Computer networks - CBSE New Syllabus (083) Class - XIIComputer networks - CBSE New Syllabus (083) Class - XII
Computer networks - CBSE New Syllabus (083) Class - XII
 
Network architecture
Network architectureNetwork architecture
Network architecture
 
PT.pptx
PT.pptxPT.pptx
PT.pptx
 
Networkswitch
Networkswitch Networkswitch
Networkswitch
 
Network switch
Network switchNetwork switch
Network switch
 
Basics of Computer Networks
Basics of Computer NetworksBasics of Computer Networks
Basics of Computer Networks
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
 
computer network NCC l4dc assingment
computer network NCC l4dc assingment computer network NCC l4dc assingment
computer network NCC l4dc assingment
 

Mehr von Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS

Mehr von Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS (9)

Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
 
Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0
 
Deception ey
Deception ey Deception ey
Deception ey
 
Threathunting v0.1
Threathunting v0.1Threathunting v0.1
Threathunting v0.1
 
Vulnerability manager v1.0
Vulnerability manager v1.0Vulnerability manager v1.0
Vulnerability manager v1.0
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0
 
Virtualization & tipping point
Virtualization & tipping pointVirtualization & tipping point
Virtualization & tipping point
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 

KĂŒrzlich hochgeladen

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel AraĂșjo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

KĂŒrzlich hochgeladen (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Network & security startup

  • 1. Finto Thomas Created 18 Nov 2011 Reviewed : Mar 2015 Ver 3.0 Network & security Startup Before we enter to LAB 1
  • 2. Agenda  OSI Model Overview  Function of network & security devices  Routers / Switches  Firewall  Proxy firewall  State full firewall  Packet filter firewall  IDS /IPS  Web Application Firewall – WAF  File Integrity manager – FIM  Anti Spam / MTA / Email Gateway (MX)  Encryption - VPN  File & Whole Disk Encryption  Vulnerability Vs Risk  Security Event & Incident Management - SIEM  Network Cheat Sheet  Linux overview  CASE STUDY 2
  • 3. Open Systems Interconnection model (OSI model) Application 7 Presentation 6 Session 5 Transport 4 Network 3 Data Link 2 Physical 1 DATA Format Logical Connection TCP /UDP / ICMP IP / IPX / SNA MAC bit DATA Segment Packet Frames bit Layers Function DATA UNIT Why ISO – OSI Model To be in standardized communication between multivendor devices in networked scenarios, else we have to strict to purchase always one vendor products to communicate each other !!! 3
  • 4.  Application (7) – is provide end-user interface & process Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer.  Presentation (6) - provides independence from differences in data representation, which format we save the content and processing while accessing the from file system. . It is sometimes called the syntax layer.  Session (5) - , manages and terminates connections between applications and between hosts The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end machines. It deals with session and connection coordination.  Transport (4) - This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer. By define the traffic TCP/ UDP. And for PING using ICMP protocol.  Network (3) - provides routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing. By define routing & routed protocols. Routed protocol are IP , IPX and IBM’s SNA. Routing protocal are OSPF, EIGRP.. etc (Routers & layer 3 Switches)  Data link (2) - At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking. (Switches)  Physical (1) - This layer conveys the bit stream - electrical impulse, light or radio signal -- GoldenRulesofNetwork& Security 4
  • 5. Function of network & security devices In present Network infrastructure we can meet multiple types of devices, each devices have its own functions, Routers - Layer 3 Routing device working routed Protocols like IP, IPX. If there is two different subnet machine must need a router to communicate between those. Also known as Packet filter Firewall because it can block or allow traffic on packet based (IP based). (Cisco IOS, 7500, Juniper JUNOS) Switches – Layer 2 Switching devices for switching the path between hosts with MAC on same subnet. If we have only two machine we can setup direct connection, but if have more then two we bring Switches or HUB to interconnects.(Cisco IOS, Juniper , Nortel). There are Two kind – Manageable & non Manageable Switches for VLAN creation. Note : Layer 3 switches are capable with routing function. HUB – Layer 1 device older version for interconnect multiple machine in same subnet, with single broadcast & Collision domain, which was over come in Switches. (Dlink, Netgear) State full Firewall – Layer 7 Device for Gate way function to allow or deny the network traffic passing though this device based on IP address or/and TCP/ UDP port. And its keep a state table of each session passing through this FW, so when a return packet came will match to this table to allow to inside back.(Juniper Screen OS, Cisco PIX /ASA, Microsoft ISA, Check point, Cross beam, Nokia, Sonicwall) Load Balancers (LB) - Load balancers used for Network or Server based 5
  • 6.  Computers are working on all Layers, so its can show all natures of any network security device, still we are going for specific appliance because of performance and reliability.  When a packet passing through L2 Switch always its modify the MAC address of Source and Destination.  When a packet passing through Router its always change MAC address and may IP for NATing  When a packet pass through IPS, its will alter the MAC. IP address according to device deployment mode  When a packet pass through Firewall , will change MAC. IP address & port number can change according to deployment – NAT & PAT.  NAT - IP Address Translation can we achieved in different way according to architecture of network customers needed. Routers & Firewalls can perform these actions. One to One is Static NAT, Group of Private IPs to one or more IP translations known as PAT (Port address translation.)  MIP & VIP - Statically mapped Public IP’s known as MIP (Mapped IP). Group based (Server Forms ) to limited Public knowm VIP. Client PC Switch -L2 Router – L3 IDS/IPS Firewall 6
  • 7. IDS/ IPS –all Layer 7, can report or block significant traffic/code on specific ports, Example – firewall can block/allow entire traffic through port http (80), IPS can block content based filtering on (Suspicious) traffic and genuine packets still allow to inside through HTTP port. Host based IDS/IPS can install over a OS to protect the specific machine (Proventia for Windows, Endpoint security.) Network based IDS/IPS using to monitor the traffic over a network. Draw back is only can block (Inline protection) the traffic if the packet passing through the appliance. Example, if need to monitor a traffic on single switch can only do Detection, but between two switch / Router /firewall can put in inline protection mode to block suspicious traffic. An IDS can only configure as Detection only mode but IPS can be both Detection (Promiscuous) or Prevention mode (Inline). Note : Please refer next page Diagram to understand better.  ISS have two line of product Proventia (IPS) and real sensor (IDS), Proventia have Software version for Linux & windows serves and Desktop along with Appliance (HW + customized OS + Application) GX series.  Other vendors are Cisco’s IDM, Juniper IDM, Soucrefire (Snort IDS), McAfee’s Intrushield 7 IDS or IPS
  • 8. Promiscuous / TAP mode: Here we can only put the agent in Detection mode only even its IPS support Inline mode: Here we can put the agent in Detection / Prevention mode according to device capability or design wise. PIC -1 PIC - 2 8
  • 9. Web Application Firewall 9 A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked ; Wiki-OWASP  ADC – Application Defense Center (Research-Driven Security Policies)  Threat Radar  Drop in deployment  Four Mode of Implementations  OWASP_Best_Practices:_Use_of_Web_Application _Firewalls Cont.
  • 11. File Integrity Manager - FIM 11 File integrity monitoring (FIM) is an internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and the known, good baseline. This comparison method often involves calculating a known cryptographic checksum of the file's original baseline and comparing with the calculated checksum of the current state of the file.[1] Other file attributes can also be used to monitor integrity.[2] Generally, the act of performing file integrity monitoring is automated using internal controls such as an application or process. Such monitoring can be performed randomly, at a defined polling interval, or in real-time.  Regulatory requirement
  • 12.  Proxy – work on upper layer (7,6 5 & 4 layers). Its also known as Application firewall or Proxy firewall. where both ends of a connection are forced to conduct the session through the proxy. turns a two-party session into a four-party session, with the middle process emulating the two real hosts. So firewall proxy servers centralize all activity for an application into a single server for SMTP (Emails), HTTP (Internets), etc.. Below picture is an example of forward Proxy. (Blucoat, Websense, Iron Port)  Note :A reverse proxy taking requests from the Internet and forwarding them to servers in an internal network. So Serve identity is safe, LB and SSL will doing by these reverse proxies. PIC – 3 12 Proxy Server
  • 13. Web & Mail | Anti Spam Traffic flow PIC - 4 Web traffic (http & https) will choose Proxy server route by PROXY setting on web browser. If there is no PROXY setting will take the default routing route available on machine. Note : To see Routes & Default Route on machine use command ‘route print’ Or ‘netstat –r’.13
  • 14. Email Gateway & Anti Spam  mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client– server application architecture (MS exchange server Or Lotus Domino Server). An MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol.  The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services  Anti Spam & anti virus appliances will use at gate way level to reduce the SPAM coming inside. (Proventia Mail scanner, Iron port ) 14 PIC - 5
  • 15.  Encryption is the process of transforming data into an unintelligible form to prevent the unauthorized use of the data. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text; encrypted data is called cipher text. A cipher is an encryption- decryption algorithm.  User ID & Password | Documents & mails - Certificates  Desktop / removable disk Encryption - PGP  VPN - Site to Site , Client access & SSL - HTTPS & Cisco / Juniper VPN client Encryption 15 PIC – 6
  • 16. VPN  A virtual private network (VPN) is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network.  VPNs typically require remote users of the network to be authenticated, and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.  VPNs may serve any network functionality that is found on any network, such as sharing of data and access to network resources, printers, databases, websites, etc. A VPN user typically experiences the central network in a manner that is identical to being connected directly to the central network. VPN technology via the public Internet has replaced the need to requisition and maintain expensive dedicated leased-line telecommunication circuits once typical in wide-area network installations. ‱ Between Offices (Sites) using Site to Site VPN (IPSec), other name is LAN to LAN Tunnel. ‱ Remote single users using ‘Client VPN’ or ‘Remote User VPN ‘ (Exp BHPB- Cisco VPN, SSB – Juniper) IPSec framework. ‱ SSL VPN is different than IPSec, used on WEB based VPNs – HTTPS and citrix VPN (SSB citrix connection) ‱ SOCKS is again a different frame work for Secure communications. 16 PIC - 7
  • 17. File & Whole disk Encryption 17
  • 18. Threat Vs Vulnerability Vs Risk  The term “vulnerability” refers to the security flaws (Weakness ) in a system that allow an attack to be successful.  Threat is the frequency of potentially adverse events.  Risk = Threat * Vulnerability * Asset Value Scenario 1: forgot the Car key in side the Car is an Vulnerability, threat here is where we put the car & key, in City or Village, ie how potential on vulnerability. Asser value is what kind car we using Maruti or Ferrari  . Scenario 2:Think we left server / laptop unlocked in home or office  a vulnerability assessment is the process of identifying and quantifying vulnerabilities in an environment. It is an in-depth evaluation of your posture, indicating weaknesses as well as providing the appropriate mitigation procedures required to either eliminate those weaknesses or reduce them to an acceptable level of risk.  On the other hand, a pen test simulates the actions of an external and/or internal attacker that aims to breach the security of the organization. Using many tools and techniques, the penetration tester attempts to exploit critical systems and gain access to sensitive data. Depending on the scope, a pen test can expand beyond the network to include social engineering attacks or physical security tests. (White Box, Gray Box, Black Box) (Back Track 5 - OS)18
  • 19. SIEM 19  Event & Log Collection to a centralized console  Normalize the event  Correlate the events  Identify the suspected activity  Link to the VA reports  Report and visibility to the security.
  • 20. 20 CCNA Cheat Sheet - Network Overview
  • 21. Linux Overview 21  Everything in Linux is a file including the hardware and even the directories.  # : Denotes the super(root) user  $ : Denotes the normal user  No capital letters on linux commands / file names . And all are case sensitive.  /root: Denotes the super user’s directory  /home: Denotes the normal user’s directory.  Up arrow key: To redisplay the last executed command. The Down arrow key can be used to print the next command used after using the Up arrow key previously.  cd : The cd command can be used trickily in the following ways:  cd : To switch to the home user  cd * : To change directory to the first file in the directory (only if the first file is a directory)  cd .. : To move back a folder  cd - : To return to the last directory you were in  Files starting with a dot (.) are a hidden file.  To view hidden files: ls -a  ls: The ls command can be use trickily in the following ways:  ls *.* : To view a list of all the files with extensions only.  Pwd : to show the present location we stand
  • 22. Thank you Case Study : ‱Why need Site to Site VPN instead more secure and reliable Leased line ? ‱Why Firewall not placed directly from internet and link terminations ‱How Failover Works ‱Why need VLANs ‱Where and all can placed IDS or IPS 22 PIC- 8