154 Chapter 3  Infrastructure and Connectivity Flash Cards Flash cards, also referred to as memory sticks, are small memory cards that can be used to store information. A system that has a flash card interface usually treats flash cards as if they were a hard drive. Flash cards can carry viruses, or they can be used to steal small amounts of information from systems that support them. Flash cards are coming down in price and are becoming standard on many computer systems. Most PDA devices have the ability to accept flash cards, making them susceptible to viruses that are targeted at PDAs. So far, this has not been a big threat, but you can bet it will become one as these devices become more popular. Smart Cards Smart cards are usually used for access control and security purposes. The card itself usually contains a small amount of memory that can be used to store permissions and access information. Smart cards are difficult to coun- terfeit, but they are easy to steal. Once a thief has a smart card, they have all the access that the card allows. To prevent this, many organizations do not put any identifying marks on their smart cards, making it harder for some- one to utilize them. Many European countries are beginning to use smart cards instead of magnetic strip credit cards because they offer additional security and can contain larger amounts of information. The use of smart cards is also grow- ing because they offer more security than traditional magnetic strip cards. Summary In this chapter, we covered the key elements of the infrastructure and the various components involved in networking. Your infrastructure is the backbone and key to the entire security capabilities of your network. Infrastructure includes the hardware and software necessary to run your network. The key elements used in security are routers and firewalls. Proper configuration is the key to providing services the way your network needs them. If your network security devices are improperly configured, you may be worse off than if you did not have them at all. It is a dangerous situation when you think you are secure, when in actuality you are not. Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. Summary 155 Networks are becoming more complicated, and they are being linked to other networks at an accelerating speed. Several tools are available to help you both link and secure your networks. These tools include:  VPNs  Tunneling protocols  Remote access The connections you make using TCP/IP are based primarily on IP addresses. When coupled with a port, these addresses form a socket. Sockets are the primary method used to communicate with services and applications such as WWW and Telnet. Most services have standard sockets that operate by default. Sockets are changeable for special configurations and additional security. Changing default ports requires that users know which ports provide which services. Network monitors are primarily troubleshooting tools, and they can be used to eavesdrop on networks. Intrusion Detection Systems take an active role and can control traffic and systems. IDS uses extensive rules-based procedures to check audit files and network traffic. They can make decisions based upon those rules. In conjunction with a firewall, IDS can offer very high levels of security. The communication media used determines the security of the communi- cations from a physical perspective. Several different types of media are available for networks, including:  Coax  UTP/STP  Fiber  Infrared  RF  Microwave Each of these media provides a unique challenge that requires attention to ensure that security requirements are met. Removable media can be a carrier or storage vessel for viruses. Make sure they are scanned with antivirus software to verify that they remain clean. Removable media are also easily transportable, and they can disappear rather easily. Physical security measures are important to prevent this from happening. Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. 156 Chapter 3  Infrastructure and Connectivity Exam Essentials Be able to describe the various components and the purpose of an infra- structure. Your network’s infrastructure is the backbone of your systems and network operations. The infrastructure includes all of the hardware, software, physical security, and operational security methods in place. Be able to describe the various network components in an infrastruture and how they function. The key components of your infrastructure include devices such as routers, firewalls, switches, modems, telecommu- nications systems, and the other devices used in the network. Know the characteristics of the connectivity technologies available to you and the security capabilities associated with each. Remote Access, SLIP, PPP, tunneling protocols, and VPNs are your primary tools. PPTP and L2TP are two of the most common protocols used for tunneling. IPSec, while not a tunneling protocol, provides encryption to tunneling proto- cols. IPSec is often used to enhance tunnel security. Familiarize yourself with the technologies used by TCP/IP and the Internet. IP addresses and port numbers are combined to create an interface called a socket. Most TCP and UDP protocols communicate using this socket as the primary interface mechanism. Clients and servers communicate using ports. Ports can be changed to enhance security. WWW services use HTML and other technologies to allow rich and animated websites. These technologies potentially create security prob- lems, as they may have their own individual vulnerabilities. Verify what problems exist from a security perspective before enabling these technol- ogies on your systems. Be able to describe the two primary methods used for network monitoring. The primary methods used for network monitoring are sniffers and IDS. Sniffers are passive and can provide real-time displays of actual network traffic. They are intended to be used primarily for troubleshooting purposes, but they are one of the tools used by attackers to determine what pro- tocols and systems you are running. IDS are active devices that operate to alert administrators of attacks and unusual events. This is accom- plished by automatically reviewing log files and system traffic, and by applying rules on how to react to events. IDS, when used in conjunction with firewalls, can provide excellent security for a network. Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. Key Terms 157 Understand the various types and capabilities of the network media used in a network. Network media is wire-, fiber-, or wireless-based. Each of these media presents challenges to security that must be evaluated. Never assume that a wireless connection is secure. Be able to describe the vulnerabilities of removable media and what steps must be taken to minimize these risks. Removable media are used for backup, archives, and working storage. The capacity and capabilities of these types of devices has increased dramatically over the last few years. Most of this media is very small and easily hidden. Physical security measures are necessary to keep them from walking off. In addition, media can be copied to other systems, presenting confidentiality issues. Make sure you know how to safeguard this technology. Key Terms Before you take the exam, be certain you are familiar with the follow- ing terms: accounting cookies ActiveX diskettes anonymous authentication dual-homed appliances File Transfer Protocol (FTP) auditing flash cards Border Gateway Protocol (BGP) hard drives border routers hoaxes buffer overflows HTTP Secure (HTTP/S) CD Recordable (CD-R) Hypertext Markup Language (HTML) circuit-level IEEE 802.11 (also known as Wireless Ethernet) CO (Central Office) infrastructure Common Gateway Interface (CGI) infrastructure security Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. 158 Chapter 3  Infrastructure and Connectivity Internet Control Message Protocol (ICMP) Private Branch Exchange (PBX) Internet Group Message Protocol (IGMP) protocols Internet Mail Access Protocol (IMAP) proxy firewall Intrusion Detection Systems (IDS) Radio Frequency (RF) IPSec Remote Access Services (RAS) LAN framing Remote Authentication Dial-In User Service (RADIUS) Layer 2 Forwarding (L2F) Routing Information Protocol (RIP) Layer 2 Tunneling Protocol (L2TP) sandbox Link Control Protocol (LCP) Secure Socket Layer (SSL) media Serial Line Internet Protocol (SLIP) modem server authentication multicasting Shielded Twisted Pair (STP) Network Control Protocol (NCP) signed applets Network Operations Center (NOC) Simple Mail Transport Protocol SMTP Open Shortest Path First (OSPF) Simple Network Management Protocol (SNMP) OS hardening SMTP relay packet filter sniffers Point-to-Point Protocol (PPP) sockets Point-to-Point Tunneling Protocol (PPTP) Spam port stateful packet filtering Post Office Protocol (POP) Switches Plain Old Telephone Service (POTS) tape Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. Key Terms 159 Terminal Access Controller Access Control System (TACACS) Virtual Private Network (VPN) terminating resistor WAN framing transceiver wireless access point Transport Layer Security (TLS) wireless technologies tunneling zones Unshielded Twisted Pair (UTP) Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. 160 Chapter 3  Infrastructure and Connectivity Review Questions 1. Which of the following devices is the most capable of providing infra- structure security? A. Hub B. Switch C. Router D. Modem 2. A packet filter performs which function? A. Prevents unauthorized packets from entering the network B. Allows all packets to leave the network C. Allows all packets to enter a network D. Eliminates collisions in the network 3. Which device stores information about destinations in a network? A. Hub B. Modem C. Firewall D. Router 4. Which device acts primarily as a tool to improve network efficiency? A. Hub B. Switch C. Router D. PBX Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. Review Questions 161 5. Which device is often used to integrate voice and data services onto a single WAN? A. Router B. PBX C. HUB D. Server 6. Which protocol is widely used today as a transport protocol for Internet dial-up connections? A. SLIP B. PPP C. PPTP D. L2TP 7. Which protocol is unsuitable for WAN VPN connections? A. PPP B. PPTP C. L2TP D. IPSec 8. Which protocol is not a tunneling protocol but is used by tunneling protocols for network security? A. IPSec B. PPTP C. L2TP D. L2F Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. 162 Chapter 3  Infrastructure and Connectivity 9. A socket is a combination of which components? A. TCP and port number B. UDP and port number C. IP and session number D. IP and port number 10. Which protocol is becoming the newest standard for Internet mail applications? A. SMTP B. POP C. IMAP D. IGMP 11. Which protocol is primarily used for network maintenance and desti- nation information? A. ICMP B. SMTP C. IGMP D. Router 12. Which protocol is used for group messages or multicast messaging? A. SMTP B. SNMP C. IGMP D. L2TP 13. Which device monitors network traffic in a passive manner? A. Sniffer B. IDS C. Firewall D. Web browser Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. Review Questions 163 14. Which system performs active network monitoring and analysis and can take proactive steps to protect a network? A. IDS B. Sniffer C. Router D. Switch 15. Which media is broken down into seven categories depending on capability? A. Coax B. UTP C. Infrared D. Fiber optic cable 16. Which media is the least susceptible to interception or tapping? A. Coax B. UTP C. STP D. Fiber 17. Which media offers line-of-sight broadband and baseband capabilities? A. Coax B. Infrared C. Microwave D. UTP 18. Which media is used primarily for backup and archiving purposes? A. Tape B. CD-R C. Memory stick D. Removable hard drives Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. [...]... such as a T1 or T3 network 6 B SLIP connections have largely been replaced by PPP connections in dial-up Internet connections SLIP passes only TCP/IP traffic, and PPP can pass multiple protocols 7 A PPP provides no security and all activities are unsecure PPP is primarily intended for dial-up connections and should never be used for VPN connections 8 A IPSec provides network security for tunneling protocols... 164 Chapter 3 Infrastructure and Connectivity 19 Which media is susceptible to viruses? A Tape B Memory stick C CD-R D All of the above 20 Which device is used for access control as well as storage of information? A CD-R B Smart card C Flash card D Tape Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501 World rights reserved Answers to Review Questions 165 Answers... connections and should never be used for VPN connections 8 A IPSec provides network security for tunneling protocols IPSec can be used with many different protocols besides TCP/IP, and it has two modes of security 9 D A socket is a combination of IP address and port number The socket identifies which application will respond to the network request 10 C IMAP is becoming the most popular standard for e-mail . Ports can be changed to enhance security. WWW services use HTML and other technologies to allow rich and animated websites. These technologies potentially create security prob- lems, as they may. and key to the entire security capabilities of your network. Infrastructure includes the hardware and software necessary to run your network. The key elements used in security are routers and. rules. In conjunction with a firewall, IDS can offer very high levels of security. The communication media used determines the security of the communi- cations from a physical perspective. Several