Check Your Understanding—Secure WLANs (39.6.15)
Refer to the online course to complete this activity.
Packet Tracer—Configure Basic Wireless Security (39.6.16)
In this activity, you will configure wireless security using WPA2-Personal.
Refer to the online course to complete this Packet Tracer.
Network Security Summary (39.7)
The following is a summary of each topic in the chapter and some questions for your reflection.
What Did I Learn in This Chapter? (39.7.1)
• Security Foundations—The cybersecurity cube provides a useful way to think about protecting data. The first dimension of the cube identifies the goals of confidentiality, integrity, and availability (CIA). Confidentiality concerns preventing disclosure of information to unauthorized persons. Integrity refers to the accuracy, consistency, and trustworthiness of data. Data states are in transit, at rest in storage, or in process. The pillars of defense are people, technology, and policies and practices. Confidentiality, integrity, and availability are also referred to as the CIA triad.
Data integrity ensures that data is unaltered by unauthorized entities while it is captured, stored, retrieved, updated, and transferred. Methods used to ensure data integrity include hashing, data validation checks, data consistency checks, and access controls.
Availability refers to the need to make data accessible to all authorized users whenever they need it. Cyberattacks and system failures can disconnect users from the data they need. Availability can be ensured by properly maintaining equipment, keeping software and systems up to date, testing backups and fallbacks, implementing new technologies, monitoring network activity, and analyzing vulnerabilities to detect threats.
• Access Control—Physical access controls prevent unauthorized users from physically accessing networks, data, and equipment. Physical access controls determine who, where, and when people can enter or exit a facility. Physical access controls include guards, perimeter fences, motion detectors, devices locks, and locked doors that can only be accessed with swipe cards or combinations. Additional physical security measures are guard dogs, video cameras, and alarms.
Logical access controls are the hardware and software solutions used to manage access to resources and systems. These technology-based solutions include tools and protocols that computer systems use for identification and authentication, authorization, and accounting (AAA). Examples of these controls are encryption, smart cards with embedded chips, passwords, biometrics, access control lists (ACLs), firewalls, and intrusion detection systems.
Administrative access controls are the policies and procedures defined by organizations to implement and enforce all aspects of controlling unauthorized access. Examples are approved policies, defined procedures, background checks, and data classification.
Administrative access controls involve three security services: authentication, authorization, and accounting (AAA). Authentication is the verification of the identity of each user, to prevent unauthorized access. Authorization services determine which resources users can access, along with the operations that users can perform, and even when they can perform them. Accounting keeps track of what users do on the network, such as what they access, when they access it, and what they do with it. This information is compiled in logs.
Identification enforces the rules established by the authorization policy. Unique identifiers are usernames and passwords, personal identification numbers, or biometrics such as fingerprints, retina scans, or voice recognition.
Federated identity management (FIM) refers to multiple enterprises that let their users use the same identification credentials to gain access to the networks of all enterprises in the group. While FIM provides convenience to users and administrators, if the system is exploited by hackers, they will have access to many systems or applications instead of just one.
Password policies help ensure that passwords meet length and complexity requirements. Passwords should be at least 8 to 10 characters. Passwords should include a mix of upper- and lowercase characters, numbers, and symbols.
Combining other means of identity with passwords, such as multi-factor authentication, is increasingly popular.