F5108 -CHAPTER 1

INTRODUCTION TO NETWORK SECURITY

definition :

- protection of network n their services

- protects from : unauthorized modification , destruction n disclosure

- ensure d network performs it function correctly n no harmful side effect. ~

concepts :

-start with authentication (user)

- Firewall enforces access policies (whether allowed or not )

- antivirus or IPS help to detect n inhibit action of such as malware.

-audit (for analysis purpose)

-communication in network must be encrypted.

goal:

• confidentiality - privacy .
• integrity
• availability- ensure that network doesn't down n still up every time.

potential risk :

• email attachment -open attachment n worms or virus will spread on to network

• diversionary tactics - slip in attack another part of network while admin recovering the services

• blended attack - virus or worm may be execute themself and attack more than one platform

• renaming document - subject name changed causing the document can't be open by receiver.

Cisco Lifecycle Services

• The Prepare Phase

- we must ensure that the network can be supported the goals of organization based on business case.

-establish financial justification for network strategy.. ~

• The Plan Phase

- identifying initial network requirement based on goal, facilities, user need n other factors.

- characterizing sites n existing network (only it is for upgraded)

- A project plan is useful to help>>>> manage the tasks, responsibilities, critical milestones, and resources required to implement changes to the network.

- Project Plan should align with the scope, cost, and resource parameters established in the original business requirements.

• The Design Phase

- Design based on information (goals, requirement n others) that are collected during prepare n plan phase. :)

• The Implement Phase

- after design approved, implementing the network will be build. >> according to design specification...

• The Operate Phase

-maintaining the netwirk day to day..

• The Optimize Phase

-redesign the network if the network not supported the requirement needed n maybe doesn't meet the expectation...~

shortcuts ...= >>> PPDIOO :)

♥ ♥ ♥

Terciptanya cinta terciptalah rasa

tercipta cinta tercipta rindu

tercipta episod penuh berwarna

antara kau dan aku...

terasa segalanya, sempurna tanpa cela

lihat dari hati bukannya diri

bagai puteri menanti putera

kasih antara kita

walau dipukul kuat ombak cinta

melayang jauh jauh seketika

kembali kerana cinta

terasa bagai dingeng kisah asmara

berputik kerna rasa

kasih yang tercipta antara kita

terciptanya kita tercipta rasa

tercipta cinta tercipta rindu

terasa semuanya sumpahan antara kita..

CHAPTER 1 F5221 DONE..~

ok,

entries below are about designing a good network. ~

it starts with steps to design network, then followed by hierarchical network design, requirements that affect weather portion of network or affects entire of network. last entry is about server farm. there is a big part that must be "master" in chapter 1. also including in chapter 1 are, DMZ, Firewall, Redundancy. all are about designing a network which is need to have availability, security, scalability and manageability.. ~

so has, u need to ensure that your brain can absorb all of this. and make sure u will remind it back before u sleep.. chaiyok2..;p

chapter 1 is already done. tomorrow we will continue with chapter 2.

interesting PPDIOO..;p

heeee .. ~

SERVER FARM

Managing and securing numerous distributed servers at various locations within a business network is difficult. so, we used ---> centralizes servers in server farms. Server farms typically located in computer rooms and data centers.

benefits:

• Network traffic enters and leaves the server farm at a defined point. This arrangement makes it easier to secure, filter, and prioritize traffic.

• Redundant, high-capacity links can be installed to the servers as well as between the server farm network and the main LAN. This configuration is more cost-effective than attempting to provide a similar level of connectivity to servers distributed throughout the network.

• Load balancing and failover can be provided between servers and between networking devices.

• The number of high-capacity switches and security devices is reduced, helping to lower the cost of providing services.

requirements affects... ~

click to make it showed larger. i don't know how to show it originally large..hhehe;p

HIERARCHICAL DESIGN

Goals of the Core Layer

The Core Layer design enables the efficient, high-speed transfer of data between one section of the network and another. The primary design goals at the Core Layer are to:

.... Provide 100% uptime...(availability)
.... Maximize throughput... (availability also)
.... Facilitate network growth...(scalability)


Core Layer Technologies

• Routers or multilayer switches that combine routing and switching in the same device
• Redundancy and load balancing
• High-speed and aggregate links
• Routing protocols that scale well and converge quickly, such as Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF) protocol

Distribution Layer Routing

The Distribution Layer represents a routing boundary between the Access Layer and the Core Layer. It also serves as a connection point between remote sites and the Core Layer.

The Access Layer is commonly built using Layer 2 switching technology. The Distribution Layer is built using Layer 3 devices. Routers or multilayer switches, located at the Distribution Layer, provide many functions that are critical for meeting the goals of the network design.

These goals include:

• Filtering and managing traffic flows
• Enforcing access control policies
• Summarizing routes before advertising the routes to the Core
• Isolating the Core from Access Layer failures or disruptions
• Routing between Access Layer VLANs

- Distribution Layer devices are also used to manage queues and prioritize traffic before transmission through the campus core.

Access Layer Management

Improving the manageability of the Access Layer is a major concern for the network designer. Access Layer management is crucial due to:

The increase in the number and types of devices connecting at the Access Layer

The introduction of wireless access points into the LAN

Designing for Manageability

In addition to providing basic connectivity at the Access Layer, the designer needs to consider:

• Naming structures
• VLAN architecture
• Traffic patterns
• Prioritization strategies