tailieunhanh - Course 2830: Designing security for Microsoft networks - Module 11

Module 11 - Creating a security design for network perimeters. In this module, you will learn how to determine threats and analyze risks to network perimeters. You will also learn how to design security for network perimeters, including perimeter networks (also known as DMZs, demilitarized zones, and screened subnets), and for computers that connect directly to the Internet. | Module 11: Creating a Security Design for Network Perimeters Overview Determining Threats and Analyzing Risks to Network Perimeters Designing Security for Network Perimeters Lesson: Determining Threats and Analyzing Risks to Network Perimeters What Is the Perimeter of a Network? Why Perimeter Security Is Important Common Vulnerabilities to Perimeter Security Practice: Analyzing Risks to Network Perimeters What Is the Perimeter of a Network? Branch Office Corporate Headquarters Web Server Internet Server LAN LAN Remote User VPN Wireless User Direct Internet Connections Dedicated WAN links Screened subnets VPN clients Applications Wireless connections A network perimeter can include: Why Perimeter Security Is Important Attacker Threat Example External Information disclosure An attacker runs a series of port scans on a network and creates a virtual network diagram and vulnerability list. The attacker uses this information to attack the network systematically. Internal Denial of service An employee opens an e-mail message from an external Web-based e-mail account that contains a new worm virus. The virus infects the internal network from inside the perimeter. Internal Attacker External Attacker Internet Common Vulnerabilities to Perimeter Security Vulnerability Example Exposure of network information TCP and UDP port scans Internet Control Message Protocol (ICMP) packet scans of network perimeters Capturing of service banners Analysis of packets Lack of control over infrastructure Unauthorized Web servers Forgotten connections to the Internet Unmanaged VPN clients Uncontrolled use of applications Exposure of computers to attack Denial-of-service attacks Exposure of account information E-mail worms Unauthorized access to data Destruction of data Practice: Analyzing Risks to Network Perimeters Read the scenario Answer the questions Discuss answers as a class 1 2 3 Analysis Lesson: Designing Security for Network Perimeters Common Network Perimeter Designs Steps for . | Module 11: Creating a Security Design for Network Perimeters Overview Determining Threats and Analyzing Risks to Network Perimeters Designing Security for Network Perimeters Lesson: Determining Threats and Analyzing Risks to Network Perimeters What Is the Perimeter of a Network? Why Perimeter Security Is Important Common Vulnerabilities to Perimeter Security Practice: Analyzing Risks to Network Perimeters What Is the Perimeter of a Network? Branch Office Corporate Headquarters Web Server Internet Server LAN LAN Remote User VPN Wireless User Direct Internet Connections Dedicated WAN links Screened subnets VPN clients Applications Wireless connections A network perimeter can include: Why Perimeter Security Is Important Attacker Threat Example External Information disclosure An attacker runs a series of port scans on a network and creates a virtual network diagram and vulnerability list. The attacker uses this information to attack the network systematically. Internal Denial of .