• Choose a category
• All
• Classic-Fiction

■ Default accounts

✓ 2.6 Explain the vulnerabilities and mitigations associated with various transmission media.

■ Vampire taps

✓ 3.7 Deploy various authentication models and identify the components of each.

■ RADIUS

■ RAS

■ Remote access policies

■ Remote authentication

■ VPN

■ 802.1x

■ TACACS

The previous two chapters focused more on theoretical concepts than purchasable components. They created the foundation on which the topics in this chapter will build as the discussion moves into actual implementation. Bear in mind that even though a variety of products exist to satisfy every need of the market, none are as successful as they need to be without education and training. One of your top priorities should always be to make certain your users understand every aspect of the security policies.

This chapter introduces the hardware used within the network. Your network is composed of a variety of media and devices that both facilitate communications and provide security. Some of these devices (such as routers, modems, and PBX systems) provide external connectivity from your network to other systems and networks. Some of the devices (such as CD-Rs, disks, USB thumb drives, and tape) provide both internal archival storage and working storage for your systems.

To provide reasonable security, you must know how these devices work and how they provide, or fail to provide, security. This chapter deals with issues of infrastructure and media. They’re key components of the Security+ exam, and it’s necessary that you understand them to secure your network. Like many certification exams, though, the Security+ test requires you to know not only current technologies, but some legacy components as well. Although there aren’t a whole lot of bus-based coaxial LANs being implemented today, you need to know the basics for this certification.

There is some overlap between the topics here and in other chapters, just as the Security+ exam objectives overlap one another in many places. In instances where a topic has already been addressed in an earlier chapter, I include references to that information.

Understanding Infrastructure Security

As the name implies, an infrastructure is the basis for all the work occurring in your organization. Infrastructure security deals with the most basic aspect of how information flows and how work occurs in your network and systems. When discussing infrastructures, keep in mind that this includes servers, networks, network devices, workstations, and the processes in place to facilitate work.

To evaluate the security of your infrastructure, you must examine the hardware and its characteristics as well as the software and its characteristics. Each time you add a device, change configurations, or switch technologies, you’re potentially altering the fundamental security capabilities of your network. Just as a chain is no stronger than its weakest link, it can also be said that a network is no more secure than its weakest node.

Networks are tied together using the Internet and other network technologies, thereby making them vulnerable to any number of attacks. The job of a security professional is to eliminate the obvious threats, to anticipate how the next creative assault on your infrastructure might occur, and to be prepared to neutralize it before it happens.

The following sections deal with the hardware and software components that make up a network.

Working with Hardware Components

Network hardware components include physical devices such as routers, servers, firewalls, workstations, and switches. Figure 3.1 depicts a typical network infrastructure and some of the common hardware components in the environment. From a security perspective, this infrastructure is much more than just the sum of all its parts. You must evaluate your network from the standpoint of each and every device within it. It cannot be overstated: The complexity of most networks makes securing them extremely complicated. To provide reasonable security, you must evaluate