- Cover
- Title Page
- Copyright Page
- Brief Contents
- Contents
- Dedication
- Preface
- Acknowledgments
- About the Authors
- CHAPTER 1 Evolution of Communication Technologies
- Today’s Hyperconnected World
- From Analog to Digital to IP
- Internet and IP Connectivity Are Pervasive
- How Unified Communications Connect People and Businesses
- How Communications Have Evolved
- Snail Mail
- Store-and-Forward Messages
- Real-Time Communication
- Social Media
- The Web’s Impact on Business
- E-commerce Business Models
- Solving E-commerce Business Challenges
- The Internet of Things’ Impact on Business
- The Cloud’s Impact on Business
- Virtualization
- Types of Cloud Services and Delivery Models
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 1 ASSESSMENT
- CHAPTER 2 Solving Today’s Business Communication Challenges
- Introducing Organizational Communication Challenges
- Enterprise Challenges
- Government Challenges
- SMB/SOHO Challenges
- Solving Enterprise Business Communication Challenges
- Banking and Financial Services Challenges
- Healthcare and Patient Care Services Challenges
- K–12 and Higher Education Services Challenges
- Commercial Retail Products and Services Challenges
- Manufacturing Services Challenges
- Travel and Transportation Services Challenges
- Solving Government Business Communication Challenges
- Solving SMB Business Communication Challenges
- Solving SOHO Business Communication Challenges
- Transforming Communication Requirements into Network Solutions
- Defining Your Organization’s Networking Requirements
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 2 ASSESSMENT
- CHAPTER 3 Circuit-Switched, Packet-Switched, and IP-Based Communications
- Open Systems Interconnection Reference Model
- TCP/IP Reference Model
- Application Layer
- Transport Layer
- Internet Layer
- Network Access Layer
- TCP/IP Suite
- Circuit Switching Versus Packet Switching
- Circuit Switching
- Packet Switching
- IP-Based Communications
- Network Topology Overview
- Point-to-Point Networks
- Bus
- Ring
- Star
- Mesh
- Fully Connected Mesh
- Hybrid
- Internetworking
- Internetworking with Bridges
- Internetworking with Switches
- Internetworking with Routers
- Internetworking with a Bridge/Router
- Internetworking with a Gateway
- Switching Concepts
- Switch Functionality
- Switch Forwarding Methods
- Routing Concepts
- Network Layer Address
- Static Route
- Dynamic Route
- Resiliency and Redundancy
- Layer 2 Resiliency
- Layer 3 Resiliency
- Virtual Networking Components
- Network Storage Types
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 3 ASSESSMENT
- CHAPTER 4 The Physical and Data Link Layers
- Physical Layer and Data Link Layer
- Physical Layer: OSI Layer
- Data Link Layer: OSI Layer
- Ethernet and IEEE 802.3 Frame Formats
- Ethernet Evolution
- IEEE 802.3 Standards and Specifications
- Solving Business Challenges
- IEEE 802.3 CSMA/CD Standards
- How Multiple Nodes Share Network Media
- Internetworking LANs: Bridging Versus Routing
- Repeaters and Hubs: Layer 1 Forwarding
- Bridges and Switches: Layer 2 Forwarding
- Ethernet Network Design Fundamentals
- Edge Network: Workgroup LANs
- Edge Network: Use of PoE Switches
- Edge Network: Departmental LAN
- Building Backbone: Collapsed Backbones
- Campus Backbone: Collapsed Data Center Backbone
- Metropolitan Area Backbone: Metro Ethernet Backbone
- GigE and 10 GigE Specifications
- 25, 40, and 100 GigE: Server Farms and Backbone Trunking
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 4 ASSESSMENT
- CHAPTER 5 The Network and Transport Layers
- Network and Transport Layers
- Network Layer: OSI Layer
- Transport Layer: OSI Layer
- The Internet Protocol
- IP Addressing: IPv4 versus IPv6
- IPv4
- IPv6
- IPv4 to IPv6
- IP Communications
- Connectionless Versus Connection-Oriented Communications
- Scenario 1: Connection-Oriented Conversation
- Scenario 2: Connectionless Conversation
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 5 ASSESSMENT
- CHAPTER 6 The Session, Presentation, and Application Layers
- Session, Presentation, and Application Layers
- Session Layer: OSI Layer 5
- Presentation Layer: OSI Layer 6
- Application Layer: OSI Layer 7
- Application Architectures
- Architecture Types and Examples
- Features and Benefits of Each Architecture Type
- Aligning Architecture with Business Requirements
- Application Layer Ports and Sockets
- World Wide Web
- From the Internet to the Web: How the World Wide Web Works
- HTTP: The Web’s Workhorse
- Impact on Security
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 6 ASSESSMENT
- CHAPTER 7 Layer 2 Networking
- Layer 2 Networking Basics
- Layer 1 and Layer 2 Evolution
- What Layer 2 Networking Means
- Ethernet LAN Topologies
- Layer 2 Network Redundancy and Resiliency
- VLAN Tagging
- IEEE 802.3ad Link Aggregation
- Network Backbones
- Network Power
- Layer 2 Business Solutions
- SOHO Organization
- SMB Organization
- Enterprise Organization
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 7 ASSESSMENT
- CHAPTER 8 Layer 3 Networking
- Network Layer Basics
- Network Layer Protocols
- Router Protocols
- Convergence
- Load Balancing
- Traffic Flow
- Internetwork Routing Functions
- LAN-to-LAN Routing
- LAN-to-WAN Routing
- Routing Metrics and Protocols
- Exterior Versus Interior Routing Protocols
- Routing Information Protocol (RIP)
- RIP Version 2 (RIPv2)
- Open Shortest Path First Version 2 (OSPFv2)
- Intermediate System-to-Intermediate System (IS-IS)
- Interior Gateway Routing Protocol (IGRP)
- Enhanced Interior Gateway Routing Protocol (EIGRP)
- Border Gateway Protocol (BGP)
- Layer 3 Network Redundancy and Resiliency
- Configuring Resilience
- Routing Protocol Resilience
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 8 ASSESSMENT
- CHAPTER 9 Network Infrastructure Implementations
- Physical Infrastructures
- Hosting Infrastructures
- Foundational Network Services
- IP Address Management (IPAM)
- Dynamic Host Control Protocol (DHCP)
- Domain Name System (DNS)
- Network Time Protocol (NTP)
- Network Devices and Where to Position Them
- Asset Visibility
- Creating an IT Asset Inventory
- Access Controls
- Identification, Authentication, Authorization, and Accounting
- Remote Access Controls and Multifactor Authentication
- Network Access Controls
- Visibility
- Control
- Device Identification
- Advanced Networking Devices
- Advanced Switching Devices
- Layered Security Solutions
- Performance-Enhancing Devices
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 9 ASSESSMENT
- CHAPTER 10 Wireless Networks
- Supporting the Mobile Worker
- Wired Versus Wireless
- Evolution of Wireless LAN Networking
- IEEE 802.11 Family of Standards
- The IEEE 802.11 Legacy Standard
- The IEEE 802.11b WLAN Standard
- The IEEE 802.11a WLAN Standard
- The IEEE 802.11g WLAN Standard
- The IEEE 802.11n WLAN Standard
- The IEEE 802.11ac WLAN Standard
- The IEEE 802.11ax WLAN Standard
- WLAN Security
- Authentication and Access Control
- Security Threats to WLANs
- IEEE 802.1X Security
- Encryption and Data Privacy
- Security Protocols and Access Control
- Security Practices
- Unauthorized Access to Shared Resources
- WLAN Planning and Design
- RF Design Issues
- Capacity and Coverage
- Speed and Distance Requirements
- Channel Bandwidth
- Channel Bonding
- MIMO/MU-MIMO
- Unidirectional/Omnidirectional
- Performing a Site Survey
- Conducting the Site Tests
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 10 ASSESSMENT
- CHAPTER 11 Wide Area Networks
- WAN Business Drivers
- WANs and Service Providers
- WAN and SD-WAN Business Drivers
- Evolution of WAN Technologies
- WAN Technologies in the 1970s
- WAN Technologies in the 1980s
- WAN Technologies in the 1990s
- WAN Technologies in the 2000s
- WAN Technologies in the 2010s
- WAN Management and Requirements
- Fault Management Requirements
- Configuration Management Requirements
- Accounting Management Requirements
- Performance Management Requirements
- Security Management Requirements
- WAN Solutions for Different Scenarios
- Enterprise Business
- Small to Medium Business (SMB)
- Small Office/Home Office (SOHO)
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 11 ASSESSMENT
- CHAPTER 12 Network Operations and Management
- The Scope of Network Operations and Management
- IT and IT Security Policy Framework
- Policy and Procedure Best Practices
- Network Operations and Management
- Staffing and Resources
- Real-Time Availability
- Audit and Monitoring
- Collecting Data
- Reporting Information
- Configuration Change Management
- Change Control Board Membership
- Change Control Board Function
- Change Control Board Policies and Practices
- Capacity Planning and Readiness
- IT Asset Inventory
- Network Performance
- Service Providers
- Network Management
- Simple Network Management Protocol (SNMP)
- Management Information Bases (MIBs)
- SNMP Traps
- FCAPS: Fault Management
- FCAPS: Configuration Management
- FCAPS: Accounting Management
- FCAPS: Performance Management
- FCAPS: Security Management
- Network Security
- Physical Security
- Access Controls
- Wireless Security
- Common Network Attacks
- Network Device Hardening
- Network Mitigation Solutions
- Changing Attacks
- Blended Response
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 12 ASSESSMENT
- CHAPTER 13 Network Auditing, Monitoring, and Incident Response
- Security Auditing and Analysis
- Purpose of Audits
- Customer Confidence
- Auditing Benchmarks
- Security Monitoring
- Security Monitoring for Computer Systems
- Types of Log Information to Capture
- Responding to Security Incidents
- Incident Response Plan, Policies, Procedures, and Guidelines
- Incident Response Team
- Phases of an Incident and Response
- The Role of Business Continuity and Disaster Recovery Plans
- Recovering Systems
- Business Impact Analysis
- Risk Assessment
- Risk Management
- Planning for Disaster and Recovery
- Policies, Procedures, Priorities, and Practices
- Testing and Evaluation
- Preparation and Staging of Testing Procedures
- Frequency of Tests
- Analysis of Test Results
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 13 ASSESSMENT
- CHAPTER 14 Network Security
- Network Security Essentials
- What Is Confidentiality?
- What Is Integrity?
- What Is Availability?
- Network Security Scope
- Network Risks, Threats, and Vulnerabilities
- Conducting a Network Security Risk Assessment
- Layered Network Security Architectures
- Network Security Controls
- How to Implement Security Controls
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 14 ASSESSMENT
- CHAPTER 15 Network Troubleshooting
- Network Operations Center
- Network Troubleshooting and Ticketing
- NOC and IT Service Desk Structure
- Network Troubleshooting Approach
- Network Troubleshooting Tools
- Physical Layer Tools
- Network Performance Monitoring Tools
- Network Traffic Tools
- Network Connectivity Tools
- Network Scanning and Discovery Tools
- Vulnerability Assessment Tools
- Protocol Analyzer Tools
- Network Troubleshooting Using Protocol Analysis
- How Protocols Behave
- Network Troubleshooting Scenarios
- Names Not Resolving
- Incorrect Gateway Definition
- Incorrect Netmask
- Duplicate IP Address
- Duplicate MAC Addresses
- Expired IP Address
- Rogue DHCP Server
- Untrusted SSL Certificate
- Incorrect Time
- Exhausted DHCP Scope
- Blocked TCP/UDP Ports
- Incorrect Host-Based Firewall Settings
- Incorrect ACL Settings
- Unresponsive Service
- CHAPTER SUMMARY
- KEY CONCEPTS AND TERMS
- CHAPTER 15 ASSESSMENT
- APPENDIX A Answer Key
- APPENDIX B IP Addressing Primer
- APPENDIX C Structured Wiring System Primer
- APPENDIX D Sample Security Policies and Templates
- APPENDIX E Standard Acronyms
- Glossary of Key Terms
- References
- Index
© escyth/Shutterstock
Network Security |
CHAPTER |
THE NETWORK is the lifeblood of your organization. Without it, you cannot access or share information with your peers or clients. Thus, networks are strategic assets to the organization. Network security is needed for organizations that access, transmit, and store sensitive data. Your network and data may be under a regulatory compliance law. What do we mean by regulatory compliance? Regulatory compliance laws define and mandate what organizations must do and how they must do it in terms of security and privacy of the sensitive data. Compliance laws and mandates will be presented in this chapter.
Security will be defined by the three tenets of information systems security: availability, integrity, and confidentiality. Each of these topic areas will be described in relation to network security in this chapter.
Finally, this chapter will cover common network risks, threats, and vulnerabilities and how to mitigate them with a layered security architecture and security controls.
Chapter 14 Topics
This chapter covers the following topics and concepts:
- What network security is
- What the scope of network security is
- What network risks, threats, and vulnerabilities are
- How to conduct a network security risk assessment
- What a layered network security architecture is
- What network security controls are
- How layered network security solutions are implemented
Chapter 14 Goals
When you complete this chapter, you will be able to:
- Define network security
- Describe the scope of network security
- Define requirements for conducting a network security assessment
- Align network security controls to mitigate network risks and weaknesses
- Design a layered IT security architecture
- Apply defense-in-depth strategies to your Internet Protocol (IP) data network and sensitive data
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.