forever and ever .. ♥ ♥ ♥

F5108 -CHAPTER 1 -cont INTERNET SERVICES n ATTACK

INTERNET SERVICES

ELECTRONIC MAIL AND NEWS

• ways for people exchanging information without requiring immediate n interactive response.

FILE TRANSFER

• exchange files.

REMOTE ACCESS TO HOST

• log on from a distant location

REAL TIME CONFERENCING SERVICES

• Online (video conference)

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ATTACK

1. information theft

:: allow attacker to get data without directly use our computers. ::

how >> - dumpster diving n steal email

used for>> - to access bank account or to make loan

2. unauthorized disclosure

::employees leaking confidential information to attacker or attacker planted spies in order to steal information ::

how>> -planting virus, trojan horse or snooping software

3. information warfare

::remotely disabling target using software , disinformation >> false /inaccurate information that is spread deliberately ::

4. Accidental data loss

::caused by coincidently delete wrong file , usually causing by careless employee or untrained employee::

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

SECURITY THREAT

categories :

1. data disclosure - exposure data to third parties. key point to ensure that disclosure are relevant and necessary
2. data modification
3. data availability

activities :

1. hacking - modifying computer hardware n software
2. cracking -breaks into someone computers system pr bypass password or licence in computer programs.

F5108 -CHAPTER 1 -cont SECURITY MODEL

OPEN SECURITY MODEL

• easy to implement
• few security measures
• simple password
• assume all users are trusted protected asset minimal and threat are minimal.
• free access for user
• implement data backup system in most case.

RESTRICTIVE SECURITY MODEL

• More difficult to implement
• more security measures
• firewall and identity server.
• some user are not trustworthy , protected asset are substantial and threat are likely to occur
• LAN that connected to WAN or internet usually use this type of model.

CLOSED SECURITY MODEL

• most difficult to implement
• all security measures
• assume all user are not trustworthy, protected asset are premium
• user access is difficult
• organization require high number and trained network admin to maintain tight security
• network admin need to have high skills and more time to administer

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

SECURITY METHOD

• log on - log on form

• File system - can access only certain file + encrypt data along transmission

• Data Communication -encryption confidential data

• Administrative -different level user have different privilege access + admin define the rules.

F5108 -CHAPTER 1 -cont definition of ASSET OF IDENTIFICATIN, VULNERABILITIES ASSESSMENT AND THREAT IDENTIFICATION

(asset identification :

• tagging devices or intangible asset (database) with physical label (barcode) or Radio Frequency Asset
• to avoid competitors take an advantages when asset lost

Vulnerability Assessment :

• search for a weakness in order to apply a patch or fix to prevent a compromise
• ways: eg- installing vendor patches and implementing or virus scanning software.

threat identification :

• listing all possible threat that can be occur.

F5108 -CHAPTER 1

INTRODUCTION TO NETWORK SECURITY

definition :

- protection of network n their services

- protects from : unauthorized modification , destruction n disclosure

- ensure d network performs it function correctly n no harmful side effect. ~

concepts :

-start with authentication (user)

- Firewall enforces access policies (whether allowed or not )

- antivirus or IPS help to detect n inhibit action of such as malware.

-audit (for analysis purpose)

-communication in network must be encrypted.

goal:

• confidentiality - privacy .
• integrity
• availability- ensure that network doesn't down n still up every time.

potential risk :

• email attachment -open attachment n worms or virus will spread on to network

• diversionary tactics - slip in attack another part of network while admin recovering the services

• blended attack - virus or worm may be execute themself and attack more than one platform

• renaming document - subject name changed causing the document can't be open by receiver.

Cisco Lifecycle Services

• The Prepare Phase

- we must ensure that the network can be supported the goals of organization based on business case.

-establish financial justification for network strategy.. ~

• The Plan Phase

- identifying initial network requirement based on goal, facilities, user need n other factors.

- characterizing sites n existing network (only it is for upgraded)

- A project plan is useful to help>>>> manage the tasks, responsibilities, critical milestones, and resources required to implement changes to the network.

- Project Plan should align with the scope, cost, and resource parameters established in the original business requirements.

• The Design Phase

- Design based on information (goals, requirement n others) that are collected during prepare n plan phase. :)

• The Implement Phase

- after design approved, implementing the network will be build. >> according to design specification...

• The Operate Phase

-maintaining the netwirk day to day..

• The Optimize Phase

-redesign the network if the network not supported the requirement needed n maybe doesn't meet the expectation...~

shortcuts ...= >>> PPDIOO :)

♥ ♥ ♥

Terciptanya cinta terciptalah rasa

tercipta cinta tercipta rindu

tercipta episod penuh berwarna

antara kau dan aku...

terasa segalanya, sempurna tanpa cela

lihat dari hati bukannya diri

bagai puteri menanti putera

kasih antara kita

walau dipukul kuat ombak cinta

melayang jauh jauh seketika

kembali kerana cinta

terasa bagai dingeng kisah asmara

berputik kerna rasa

kasih yang tercipta antara kita

terciptanya kita tercipta rasa

tercipta cinta tercipta rindu

terasa semuanya sumpahan antara kita..

CHAPTER 1 F5221 DONE..~

ok,

entries below are about designing a good network. ~

it starts with steps to design network, then followed by hierarchical network design, requirements that affect weather portion of network or affects entire of network. last entry is about server farm. there is a big part that must be "master" in chapter 1. also including in chapter 1 are, DMZ, Firewall, Redundancy. all are about designing a network which is need to have availability, security, scalability and manageability.. ~

so has, u need to ensure that your brain can absorb all of this. and make sure u will remind it back before u sleep.. chaiyok2..;p

chapter 1 is already done. tomorrow we will continue with chapter 2.

interesting PPDIOO..;p

heeee .. ~

SERVER FARM

Managing and securing numerous distributed servers at various locations within a business network is difficult. so, we used ---> centralizes servers in server farms. Server farms typically located in computer rooms and data centers.

benefits:

• Network traffic enters and leaves the server farm at a defined point. This arrangement makes it easier to secure, filter, and prioritize traffic.

• Redundant, high-capacity links can be installed to the servers as well as between the server farm network and the main LAN. This configuration is more cost-effective than attempting to provide a similar level of connectivity to servers distributed throughout the network.

• Load balancing and failover can be provided between servers and between networking devices.

• The number of high-capacity switches and security devices is reduced, helping to lower the cost of providing services.

requirements affects... ~

click to make it showed larger. i don't know how to show it originally large..hhehe;p

HIERARCHICAL DESIGN

Goals of the Core Layer

The Core Layer design enables the efficient, high-speed transfer of data between one section of the network and another. The primary design goals at the Core Layer are to:

.... Provide 100% uptime...(availability)
.... Maximize throughput... (availability also)
.... Facilitate network growth...(scalability)


Core Layer Technologies

• Routers or multilayer switches that combine routing and switching in the same device
• Redundancy and load balancing
• High-speed and aggregate links
• Routing protocols that scale well and converge quickly, such as Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF) protocol

Distribution Layer Routing

The Distribution Layer represents a routing boundary between the Access Layer and the Core Layer. It also serves as a connection point between remote sites and the Core Layer.

The Access Layer is commonly built using Layer 2 switching technology. The Distribution Layer is built using Layer 3 devices. Routers or multilayer switches, located at the Distribution Layer, provide many functions that are critical for meeting the goals of the network design.

These goals include:

• Filtering and managing traffic flows
• Enforcing access control policies
• Summarizing routes before advertising the routes to the Core
• Isolating the Core from Access Layer failures or disruptions
• Routing between Access Layer VLANs

- Distribution Layer devices are also used to manage queues and prioritize traffic before transmission through the campus core.

Access Layer Management

Improving the manageability of the Access Layer is a major concern for the network designer. Access Layer management is crucial due to:

The increase in the number and types of devices connecting at the Access Layer

The introduction of wireless access points into the LAN

Designing for Manageability

In addition to providing basic connectivity at the Access Layer, the designer needs to consider:

• Naming structures
• VLAN architecture
• Traffic patterns
• Prioritization strategies

step to design a network and basic network requirements. ~

step required to design a good network.

• verify the technical needs.
• determine the features and function required to meet need identified above.
• perform a network readiness assessment.
• create a solution and site acceptance assessment.
• create a project plan.

basic network requirements

1. scalability

- to ensure that the network are able to growth or upgrade. mean that, if customer need to expand their network or business, the network that are applied before can be upgraded and expands.

2. availability

- network must be up 24 hours a day, 7 days a week. failure of a single link shouldn't impact the network performance. ~

3. security

- a good network design must be implemented with security such as firewall, IDS, IPS lagii apa ea..? emm. antivirus and so on..;p

4. manageability

- network that are complex will not work efficiently and effective. a staff management must be required to manage network.

mental dan fizikal... :P

Netrider ari tu x der rezeki.. x der dalam senarai top 10 pon. cik mimah (lect) cakap, saya no 11.. x to ler btol ke x.. ~ err. tekanan la jugak dengaq. x per la. redho saje. da x der rezeki nk wat cemana. but still puas ati sebab dapat markah round2 (praktikal) antara yg highest. heee. 9 org dapat markah terbaik. 3 org dari PUO.saya, faris dan nizam.. Alhamdulillah.. teori K.O.. kalo x, maybe boleyh bantu dapat top 10. hee.

da settle Netrider, skang nga fokus final exam. soalan sumer selaras seluruh Politeknik. doakan yg terbaik.. insyaAllah..

abes final, fokus CCNA. bootcamp 3 ari, then test.9 MEI. waa. tatot2.. bole ke x nak lulus. ;P ..

11 MEi plak, start kursus 3P. dapat course Council Network Security Certification (ENSA & ECSS).. waaa..tekanan btoi la tera nk tggu abeh sem ni.. aiyaa..~ try jer attend. lulus x lulus belakang kira. ;p

kesimpulannye, bln nanti ler baru nk leyh cari keje pe sume. x sabo da ni nk pegang duet sendiri.. tapi keje apa yer...............?