Networking Fundamentals, 3rd Edition page 480

Copyright Goodheart-Willcox Co., Inc. 480 Networking Fundamentals a single PC it can also be used to access a network workgroup or domain. Access to the network is limited to the permissions assigned to the user account by the system administrator. In addition to physical access control, the Network+ Exam discusses gener- al physical security mechanisms. For example, video surveillance is highly recom- mended. Th is can be combined with motion detection. For valuable equipment such as company-owned laptops or smartphones, asset-tracking tags that identify the lo- cation of the asset can also be valuable. Th is can be done with radio frequency iden- tifi er (RFID) chips. Common Mitigation Techniques In addition to the processes and devices already described in this chapter, there are other common mitigation techniques. One technique is the network design itself. For example, a network can be segmented. Network segmentation divides a network into diff erent sections, each with diff erent security needs. Th is can include a DMZ. As you may recall from earlier in this chapter, DMZs are zones between two fi rewalls. Often, public-facing devices, such as web servers, are placed in DMZs. Virtual local area networks (VLANs) are used to segment a network further. In a VLAN, a group of ports on one or more switches is treated as a separate network, a virtual LAN. VLANs must be confi gured properly to prevent VLAN hopping. Th is is the process of jumping from one VLAN to another. Th e goal of VLAN hopping is for an attacker to gain access to traffi c on other VLANs that would be inaccessible under typical circumstances. If the VLANs were confi gured securely, this would be very dif- fi cult. An easy way to secure a VLAN is to change the native VLAN. Another security technique involves user accounts. User accounts have a va- riety of security measures. Th e fi rst is the principle of least privileges. Th at means each account is only given just enough privileges to do its job. In addition to neces- sary privileges to do a job, privileged user accounts, such as domain administrator accounts, are given extra security measures. Th ere is also the issue of separation of roles, often called separation of duties. Th is means that if there is some critical task, one that could be used to cause great harm to a system, no single user can do that task. At least two users must collaborate to do the task. Access control lists (ACLs) are commonly used to limit access to any system, de- vice, or data. It is also recommended that any network at least periodically be given a penetration test. A penetration test is a formal process, whereby someone uses actual hacking techniques to attempt to gain access. Th e techniques used, the results, and remediation steps are all documented. 1.3, 4.4, 4.6 NET Figure 15-23 A smart card security system typically uses a smart card and a PIN for authentication. Gemplus

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 480 (502 of 720)

Resources and Downloads

Help