Network Security Illustrated in Software

Print PDF-417 2d barcode in Software Network Security Illustrated

176 Network Security Illustrated
PDF 417 Reader In None
Using Barcode Control SDK for Software Control to generate, create, read, scan barcode image in Software applications.
PDF-417 2d Barcode Creation In None
Using Barcode generator for Software Control to generate, create PDF-417 2d barcode image in Software applications.
A Typical Insecure Network Design
Read PDF-417 2d Barcode In None
Using Barcode decoder for Software Control to read, scan read, scan image in Software applications.
PDF 417 Drawer In C#
Using Barcode creator for .NET Control to generate, create PDF417 image in Visual Studio .NET applications.
A common network design mistake is overextending trust Here, the firewall protects the internal network from the Internet That's good, but what's protecting A's servers from A's workstations or workgroup B Nothing
PDF 417 Maker In .NET
Using Barcode generation for ASP.NET Control to generate, create PDF 417 image in ASP.NET applications.
PDF 417 Encoder In Visual Studio .NET
Using Barcode encoder for .NET framework Control to generate, create PDF417 image in Visual Studio .NET applications.
A's Servers
PDF 417 Creator In VB.NET
Using Barcode generator for .NET framework Control to generate, create PDF 417 image in .NET applications.
Barcode Maker In None
Using Barcode encoder for Software Control to generate, create barcode image in Software applications.
EAN13 Maker In None
Using Barcode creation for Software Control to generate, create GS1 - 13 image in Software applications.
DataMatrix Creation In None
Using Barcode generator for Software Control to generate, create DataMatrix image in Software applications.
A's Workstations
Bar Code Maker In None
Using Barcode maker for Software Control to generate, create barcode image in Software applications.
Make GS1 - 12 In None
Using Barcode generation for Software Control to generate, create UPC-A Supplement 2 image in Software applications.
Workgroup B
2 Of 5 Standard Generator In None
Using Barcode generation for Software Control to generate, create Code 2 of 5 image in Software applications.
EAN / UCC - 13 Printer In Objective-C
Using Barcode creation for iPad Control to generate, create EAN13 image in iPad applications.
A More Secure Network Design
GS1 - 12 Recognizer In Java
Using Barcode decoder for Java Control to read, scan read, scan image in Java applications.
EAN / UCC - 13 Generation In Visual Studio .NET
Using Barcode printer for ASP.NET Control to generate, create EAN 13 image in ASP.NET applications.
A better solution is to use the firewall to segment the network into three groups: A's servers, A's workstations and B's workgroup Some firewalls have extra network ports, allowing them to create these new segments Multiple firewalls can achieve the same effect
DataMatrix Creator In .NET Framework
Using Barcode maker for Visual Studio .NET Control to generate, create DataMatrix image in .NET applications.
Painting GS1 DataBar-14 In Java
Using Barcode generation for Java Control to generate, create DataBar image in Java applications.
A's Servers
Scanning GTIN - 13 In None
Using Barcode reader for Software Control to read, scan read, scan image in Software applications.
Data Matrix Encoder In Objective-C
Using Barcode encoder for iPhone Control to generate, create ECC200 image in iPhone applications.
Internet A's Workstations
Concept by
(wwwsagesecurecom) | 2003 XPLANEcom
Workgroup B
I Figure VI-1
Part VI Connecting Networks 177 Is the network segmented into functional units Keep in mind that network areas don t always need to openly communicate with each other to provide Part VI services Very often restricting what hardware can communicate with what Connecting Networks hardware will offer tremendous improvements in security This process of segmenting network communications is often referred to as subnetting When a network is subnetted it relies on connecting hardware to control communications This is why connecting hardware is such an important tool in network security
Final Thoughts
Designing a new network, or restructuring a network that has been in existence for a long time may not be an easy task It certainly is not an enviable task It will, however, force any company to take a hard look at how convenience and connectivity relate to their overall data security and integrity Connecting hardware plays a special, centralized role in any network and if used properly can help guarantee improved security and performance Once a network has reached a certain point of complexity, the process of design becomes closely intertwined with the process of hardening Choosing the type of networking equipment and the ways in which the network will be connected is part of network design, but using hardware to control access to individual servers and services is really part of network hardening, which the next chapter covers To make an analogy: if design is the foundation and structure of the house, hardening is putting the locks on the doors and windows A house can t stand without a good structure, but even the most well built house needs a door, and that door needs a lock
This page intentionally left blank
Connecting Networks: Networking Hardware
Hubs, routers, and switches are the three basic joints used to connect computers and networks together
Technology Overview
When many people think of big networks they also think complicated This is for good reason, as big networks are undoubtedly complicated They contain millions of nodes connected by hundreds of thousands of specialized network devices, not to mention a whole lot of copper wire If someone told you that giant networks, such as the Internet, were simple and manageable beasts that anyone could understand you might second-guess their sanity It takes an engineering degree and years of experience to even begin to understand the complex issues that major network carriers face Networks can become complicated, but the fundamental concepts are actually pretty simple In fact, powerful and effective network strategies can be created after understanding just a few basic networking tools and concepts
Copyright 2004 by J a s on Alba ne s e a nd We s S onne nre ich Click He re for Te rms of Us e
180 Network Security Illustrated
The simplest type of networking device is the hub It s the networking equivalent of a basic power strip Intelligence is not present in a hub; it just ties all the network wires together Data sent down one wire goes into the hub and travels to every other wire It s a simple and effective way to connect computers together The downside to hubs is that, like a power strip, the devices plugged in share the available resources If one device on the hub uses too much bandwidth, the other devices can t communicate In the most basic type of network found today, nodes are simply connected together using hubs As a network grows, there are some potential problems with this configuration: Scalability: In a hub network, the limited shared bandwidth makes it difficult to accommodate significant growth without sacrificing performance Applications today need more bandwidth than ever before Quite often, the entire network must be redesigned periodically to accommodate growth Chaining limits: When a signal goes into a hub, it gets copied and sent to every other port on the hub The copying process is done with simple electronics (resistors, capacitors, and so on) and simply replicates and boosts the signal But this introduces a certain amount of distortion If a hub is connected directly to another hub (chaining), the second hub increases the distortion even further In general, a third hub raises the distortion to the point where the data becomes garbled As a result, there can be no more than a maximum of two hubs between any two computers on a network This makes it difficult to use hubs for networks with hundreds of nodes, as most hubs support no more than 32 connections Distance limits: Ethernet signals degrade over distances larger than 100 meters This, combined with the chaining limits, makes it difficult to use just hubs for networks that occupy a physically large space Other devices, such as repeaters must be used to extend cables for longer distances Latency: This is the amount of time that it takes a packet to get to its destination Since each node in a hub-based network has to wait for an opportunity to transmit in order to avoid collisions, the latency can increase significantly as you add more nodes Or, if someone is transmitting a large file across the network, then all of the other nodes have to wait for an opportunity to send their own packets You have probably seen this before at work, when attempting to access a server or the Internet and suddenly everything slows down to a crawl Network failure: In a typical network, one device on a hub can cause problems for other devices attached to the hub due to incorrect speed settings (100 Mbps on a 10-Mbps hub) or excessive broadcasts Switches can be configured to limit broadcast levels Collisions: Ethernet uses a process called Carrier Sense Multiple Access with Collision Detection (CSMA/CD) to communicate across the network
Part VI Connecting Networks 181 Under CSMA/CD, a node will not send out a packet unless the network is clear of traffic If two nodes send out packets at the same time, a collision occurs and the packets are lost Then both nodes wait a random amount of time and retransmit the packets Any part of the network where a possibility that packets from two or more nodes will interfere with each other is considered to be part of the same collision domain A network with a large number of nodes on the same segment will often have a lot of collisions and therefore a large collision domain Collisions can have serious repercussions If too many occur it is possible that the network breaks down Each time two frames collide they need to be retransmitted Each frame ends up appearing on the network twice If the volume of traffic is high at a time when frame collisions occur, the entire network can seriously deteriorate An increasing amount of the total network bandwidth is taken up by frame retransmissions As a result, an increasing amount of legitimate traffic becomes involved in the collisions Depending on the severity of the collisions, as much as 70% of total network capacity may be rendered unusable Segmenting: Although hubs provide an easy way to quickly add computers to a network, they do not break up the actual network into discrete segments Every computer connected to the hub can talk to every other computer Splitting up computers into functional groups is often desired for both management and security reasons
Copyright © . All rights reserved.