CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
5. Page 5
Modern networks are
composed of multiple layers
of devices and applications,
which can lead to issues with
security.
While this does make the issue of security more
complex, it has the benefit of supporting the concept
of layered security (which is also called security in
depth).
Each layer or device can contain its own security
methods. This means that if a breach occurs in one
area of the network, the rest of the network will
remain secure (hopefully).
It is a best practice to use a layered approach when
implementing network security.
Introduction to network devices II.
6. Page 6
Many security devices are
triggered by a specific
action occurring (e.g., a
network packet crosses an
interface).
This creates a situation in which those devices are only capable
of reacting to perceived threats.
On the other hand, some devices are capable of application
awareness. This feature allows security devices to make better
decisions based on which applications are allowed to operate on
the network and which applications are not allowed to cross
through it. This is another layer that can be added to the
network’s security. Some devices that may be application aware
include firewalls, proxy servers, and network intrusion
detection/prevention systems.
Introduction to network devices II.
8. Page 8
A virtual private network
(VPN) concentrator will
facilitate multiple secure
VPN connections to a
network.
The type of VPN connection to the network will determine
what tunneling and encryption the VPN concentrator will
implement. Most concentrators can function at multiple
layers of the OSI model (specifically Layer 2, Layer 3,
and Layer 7).
Outside of Internet transactions (which use SSL VPN
connections at Layer 7), most concentrators will function
at the network layer (Layer 3) of the OSI model, providing
IPsec encryption through a secure tunnel.
Introduction to network devices II.
9. Page 9
Introduction to network devices II.
– Network intrusion detection system (NIDS).
» A NIDS is a passive system designed to identify when a
network breach or attack against the network is occurring.
• Usually designed to inform a network administrator when a
breach or attack has occurred through log files, SMS, and/or
an email notification.
» A NIDS cannot prevent or stop a breach or attack on its own.
» It receives a copy of all traffic and evaluates it against a set of
standards.
• Signature based: evaluates network traffic for known
malware or attack signatures.
• Anomaly based: evaluates network traffic for suspicious
changes.
• Policy based: evaluates network traffic against a specific
declared security policy.
• Heuristic based: evaluates network traffic against past
network behavior (looks for changes in expected patterns).
» May be deployed at the host level.
• Host-based intrusion detection system (HIDS).
10. Page 10
Introduction to network devices II.
– Network-based intrusion prevention
system (NIPS).
» A NIPS is an active system designed stop a breach or attack
from succeeding in damaging the network.
• Usually designed to perform an action or set of actions to stop
the malicious activity.
• Will inform a network administrator through the use of log
files, SMS, and/or an email notification.
» All traffic on the network segment flows through the NIPS to
either enter or leave the segment.
• Like the NIDS, all traffic is evaluated against a set of
standards.
» The best placement on the network is between a router (with a
firewall) and the destination network segment.
» It is programmed to make an active response to the situation.
• Block the offending IP address.
• Close down the vulnerable interface.
• Terminate the network session.
• Redirect the attack.
• Perform additional actions.
11. Page 11
Introduction to network devices II.
– Unified Threat Management (UTM) security
appliance.
» A possible all-in-one security solution.
• Contains firewall features.
• Contains IDS features.
• Contains antivirus and antimalware features.
• Contains anti-spam features.
• Can perform content and URL (website) filtering.
• Can also perform additional functions.
» Usually in the form of a network appliance.
• A specifically designed piece of hardware with an integrated
software package—creating a closed system.
» Positive aspects: provides multiple security features in a central
location, simplifies management of security, and eases
updating security.
» Negative aspects: concentrates security in a single system or
location, which can create a single point of failure for both the
network and for security.
12. Page 12
Introduction to network devices II.
The complexity of modern networks increases the need to use a layered
security model. Each device and layer can implement its own method of
security, thus increasing the overall security of the network. Some devices
are capable of application awareness, which allows them to make better
decisions based on what applications are allowed or not allowed.
Topic
Introducing the layered
security concept.
Summary
A VPN concentrator can facilitate multiple secure VPN connections to a
single network system. NIDS are passive systems that can be used to
determine when a breach has occurred or when a network attack is
underway. NIPS are active systems that can be used to help stop a breach
or network attack from succeeding. A UTM security appliance combines
multiple security features into a single network appliance.
Network devices.
14. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.