Networking+Security+

Securing the Network

Securing the Network: Obviously, network security is broad topic, and it will be addressed throughout these articles However, there are some essential concepts identified on the CompTIA Security + exam that are discussed in this section:

MAC Limiting and Filtering: Limit access to the network to MAC addresses that are known, and filter out those that are not.

Even in a home network, you can implement MAC filtering with most routers, and you typically have the option of choosing to allow or deny only those computers with MAC addresses that you list.

NOTE: If you don’t know a workstation’s MAC address, use ipconfig /all to find it in the Windows-based world (it is listed as physical address). Use ifconfig or ip a in Unix/Linux.

 

MAC Filtering is not foolproof, and a quick look in a search engine will turn up tools that can be used to change the MAC address and help attackers circumvent this control.

802.1X: This is discussed in the following section, but adding port authentication to MAC filtering takes security for the network down to the switch port level and increases your security exponentially. The IEEE standard 802.1X defines port-based security for wireless network access control.

As such, it offers a means of authentication and defines the Extensible Authentication Protocol (EAP) over IEEE 802, “Access Control, Authentication and Authorization.” It is often known as EAP over LAN (EAPOL).

The biggest benefit of using 802.1X is that the access points and the switches do not need to do the authentication but instead rely on the authentication server to do the actual work.

Disable Unused Ports: Remember, a port is a connection, like a channel. For example, SMTP uses port 25. For the reason these are sometimes called application ports.

All ports not in use should be disabled. Otherwise, they present an open door for an attacker to enter. Essentially, you disable a port by disabling the service and block the port with Windows Firewall (doing one and not the other can result in a single point of failure).

Rogue Machine Detection: On any sizable network it is always possible that someone has added an unauthorized machine.

A rogue machine could be an intruder in a neighboring office connecting to your wireless network or an employee adding an unauthorized machine by plugging directly into a network Rj45 jack.

Rogue machines pose a serious security risk. Party of your monitoring strategy must be to scan for rogue machines on your network.

Related Articles

Leave a Reply

Back to top button