1 / 22

Networks

Networks . Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder. Objectives. Types of Networks Components of Networks Risks to Networks Network Security/Controls Auditing Networks. What is a Network?.

storm
Télécharger la présentation

Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Networks Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder

  2. Objectives • Types of Networks • Components of Networks • Risks to Networks • Network Security/Controls • Auditing Networks

  3. What is a Network? • Two or more connected computers that allow the process of telecommunications to occur • Telecommunications is the transfer of text, audio, video, or other data formats

  4. Types of Networks • Characterized in 3 categories: • Distance • Ownership • Client/Server Networks

  5. Distance • Local Area Network (LAN) • Connected computers within a short geographical distance of one another • Wide Area Network (WAN) • Connects computer large geographic away from one another

  6. Ownership • Intranet • Internal network within a company • Extranet • Connects internal network to outside business partners • Virtual Private Network (VPN) • Uses public internet connection but achieves privacy through encryption and authentication

  7. Client/Server Networks • Network servers that manage the networks and host applications that are shared with client computers • Two types: • Two-tiered • Three-tiered

  8. Network Security and Controls • Authentication • Process of ensuring users are who they say they are • Encryption • Scrambling or coding data so that anyone who views will not be able to decode it without a decryption key • Firewalls • Hardware and software to control outside access to the network

  9. Components of a Network • Computers and terminals • Telecommunication channels • Telecommunication processors • Routers and Switching devices

  10. Computers and Terminals • Computers process data in a network and send/receive information to and from terminals • Terminals serve as input/output devices

  11. Telecommunications Channels • Transmit data from computer to computer • Physical transmitters • Wireless transmitters

  12. Telecommunications Processors • Most common is a modem • Transforms digital communication signals to analog signals for transfer and then back to digital signals • Digital communication networks

  13. Routers and Switching Devices • Switches: connect network components and ensure messages are delivered to appropriate destinations • Routers: similar to switches but with more complex features based on protocols • Approaches to switching • Message switching • Packet switching • Circuit switching

  14. Risks to Networks • Social Engineering • Physical Infrastructure Threats • Programmed Threats • Denial of Service Threats • Software Vulnerabilities

  15. Social Engineering Diversion

  16. “Soc-ing” VoIP Vulnerabilities – Can open channel to network that is not fire-walled Phishing Scams – i.e. – emails from unknown persons containing malicious links. Cross Site Scripting (XSS) – leads to account hijacking, changing of user settings, cookie theft/poisoning, or false advertising

  17. Network Security • Network manager and network security administration • Authentication • Encryption • Firewalls

  18. Auditing Networks • Perform risk assessment procedures to assess vulnerabilities • Evaluate controls and their effectiveness • Auditing Network Security • Network diagrams • Determine what assets, who has access, and understand connections • Penetration testing • Benchmarking

  19. Risk Assessment Procedures • Basic vulnerabilities of a network • Interception- transmitted data is intercepted by a third party • Availability- unavailability of the network could result in losses for the firm • Access/Entry points- a weak point in access can make the information assets vulnerable to intruders

  20. Evaluate Controls • Physical access controls • Transmitted information should be encrypted • Network should have sufficient management • Controls to limit the type of traffic • Passwords for everyone who has access

  21. Auditing Networks • Network diagrams • Determine what assets • Who has access • Understand connections • Penetration testing

  22. Questions?

More Related