PACE-IT: Physical Network Security Control
•Als PPTX, PDF herunterladen•
2 gefällt mir•793 views
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology) "Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53" Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (18)
Ähnlich wie PACE-IT: Physical Network Security Control
Ähnlich wie PACE-IT: Physical Network Security Control (20)
Mehr von Pace IT at Edmonds Community College
Mehr von Pace IT at Edmonds Community College (17)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
PACE-IT: Physical Network Security Control
- 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certifications PC Hardware Network Administration IT Project Management Network Design User Training IT Troubleshooting Qualifications Summary Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
- 3. Page 3 PACE-IT. – The why of physical network security. – Physical network security practices.
- 4. Page 4 Physical network security control.
- 5. Page 5 Security begins at the door. The boundaries of your building should be your first line of defense. If an attacker has physical access to the network resources, then there is a high probability that the network can be breached. The level of security that gets deployed should be driven by the amount of security that is needed. As the need for overall security increases, so should the level of physical security. Physical network security control.
- 6. Page 6 Physical network security control. – The dangers of unauthorized physical access. » Theft of network resources: they’re expensive to replace. » Damaged network resources: it only takes a spilled drink to destroy a server, or a router, or a switch. » Reconfigured network resources: this can result in a breached network. – Credential workaround. » Some networking equipment comes with a known workaround for when administrator credentials needs to be recovered. • An administrator leaves an organization without disclosing his/her login credentials. • An administrator forgets his/her credentials. » Cisco even publishes the steps of its workaround on its website: http://www.cisco.com/c/en/us/support/docs/routers/2600-series- multiservice-platforms/22188-pswdrec-2600.html. • This well known vulnerability is an easy exploit for anyone with physical access to the equipment.
- 7. Page 7 Physical network security control.
- 8. Page 8 Physical network security control. – Basic physical security. » Know who is in the building and who has access to equipment. • Employee badges. • Security check-in for visitors. • All vulnerable network resources—servers and networking equipment—are kept in a secure (e.g., locked) area. – Intermediate physical security. » Access to all vulnerable network resources is controlled and logged. • Radio frequency identification (RFID) badges or cipher locks are used to gain access to the resources. » Switches and routers are secured separately from servers with different access levels. – Advanced physical security. » A zoned approach to physical security. • A layering of security in which multiple barriers—security tests—must be passed before physical access is granted.
- 9. Page 9 Physical network security control. – Methods of physical security. » Security guards. • Requiring all authorized personnel to have some form of ID. » Door locks. • Simple keyed locks: the analog approach. • Cipher locks: allow for logging who has unlocked the lock. • RFID magnetic locks: also allow for logging who has unlocked the lock. • Biometric keyed locks: make the person gaining access prove who they are. » Video monitoring. • Recording who has had access; remember to store the recordings separately from the resources being monitored. » Separation of resources. • Networking equipment is separated from servers, and the methods of access are different. » Mantraps. • Usually involve at least two doors. Access is granted through one door, but the next door cannot be opened until further verification has been achieved; ideally, the person between the two doors is trapped until some action is taken.
- 10. Page 10 Physical network security control. If an attacker has physical access to networking resources, there is a high probability that the network can be breached. Unrestricted physical access can also lead to theft of resources, damage to resources, or to networking equipment being reconfigured, which can lead to a breached network. Topic The why of physical network security. Summary The best approach to physical network security practices uses a zoned approach—implementing several different barriers before access can be achieved. Some physical access methods that can be put in place include: security guards, door locks, video monitoring, separation of resources, and mantraps. Physical network security practices.
- 12. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.