154 Chapter 3

Infrastructure and Connectivity
Flash Cards
Flash cards, also referred to as memory sticks, are small memory cards that
can be used to store information. A system that has a flash card interface
usually treats flash cards as if they were a hard drive. Flash cards can carry
viruses, or they can be used to steal small amounts of information from
systems that support them.
Flash cards are coming down in price and are becoming standard on many
computer systems. Most PDA devices have the ability to accept flash cards,
making them susceptible to viruses that are targeted at PDAs. So far, this has
not been a big threat, but you can bet it will become one as these devices
become more popular.
Smart Cards
Smart cards are usually used for access control and security purposes. The
card itself usually contains a small amount of memory that can be used to
store permissions and access information. Smart cards are difficult to coun-
terfeit, but they are easy to steal. Once a thief has a smart card, they have all
the access that the card allows. To prevent this, many organizations do not
put any identifying marks on their smart cards, making it harder for some-
one to utilize them.
Many European countries are beginning to use smart cards instead of
magnetic strip credit cards because they offer additional security and can
contain larger amounts of information. The use of smart cards is also grow-
ing because they offer more security than traditional magnetic strip cards.
Summary
In this chapter, we covered the key elements of the infrastructure and
the various components involved in networking. Your infrastructure is the
backbone and key to the entire security capabilities of your network.
Infrastructure includes the hardware and software necessary to run your

network. The key elements used in security are routers and firewalls. Proper
configuration is the key to providing services the way your network needs
them. If your network security devices are improperly configured, you may
be worse off than if you did not have them at all. It is a dangerous situation
when you think you are secure, when in actuality you are not.
Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.
Summary 155
Networks are becoming more complicated, and they are being linked to
other networks at an accelerating speed. Several tools are available to help
you both link and secure your networks. These tools include:

VPNs

Tunneling protocols

Remote access
The connections you make using TCP/IP are based primarily on IP addresses.
When coupled with a port, these addresses form a socket. Sockets are the
primary method used to communicate with services and applications such as
WWW and Telnet. Most services have standard sockets that operate by
default. Sockets are changeable for special configurations and additional
security. Changing default ports requires that users know which ports
provide which services.
Network monitors are primarily troubleshooting tools, and they can be
used to eavesdrop on networks. Intrusion Detection Systems take an active
role and can control traffic and systems. IDS uses extensive rules-based
procedures to check audit files and network traffic. They can make decisions
based upon those rules. In conjunction with a firewall, IDS can offer very
high levels of security.
The communication media used determines the security of the communi-

cations from a physical perspective. Several different types of media are
available for networks, including:

Coax

UTP/STP

Fiber

Infrared

RF

Microwave
Each of these media provides a unique challenge that requires attention to
ensure that security requirements are met.
Removable media can be a carrier or storage vessel for viruses. Make sure
they are scanned with antivirus software to verify that they remain clean.
Removable media are also easily transportable, and they can disappear
rather easily. Physical security measures are important to prevent this from
happening.
Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.
156 Chapter 3

Infrastructure and Connectivity
Exam Essentials
Be able to describe the various components and the purpose of an infra-
structure. Your network’s infrastructure is the backbone of your systems
and network operations. The infrastructure includes all of the hardware,
software, physical security, and operational security methods in place.

Be able to describe the various network components in an infrastruture
and how they function. The key components of your infrastructure
include devices such as routers, firewalls, switches, modems, telecommu-
nications systems, and the other devices used in the network.
Know the characteristics of the connectivity technologies available to you
and the security capabilities associated with each. Remote Access, SLIP,
PPP, tunneling protocols, and VPNs are your primary tools. PPTP and
L2TP are two of the most common protocols used for tunneling. IPSec,
while not a tunneling protocol, provides encryption to tunneling proto-
cols. IPSec is often used to enhance tunnel security.
Familiarize yourself with the technologies used by TCP/IP and the
Internet. IP addresses and port numbers are combined to create an
interface called a socket. Most TCP and UDP protocols communicate
using this socket as the primary interface mechanism. Clients and servers
communicate using ports. Ports can be changed to enhance security.
WWW services use HTML and other technologies to allow rich and
animated websites. These technologies potentially create security prob-
lems, as they may have their own individual vulnerabilities. Verify what
problems exist from a security perspective before enabling these technol-
ogies on your systems.
Be able to describe the two primary methods used for network monitoring.
The primary methods used for network monitoring are sniffers and IDS.
Sniffers are passive and can provide real-time displays of actual network
traffic. They are intended to be used primarily for troubleshooting purposes,
but they are one of the tools used by attackers to determine what pro-
tocols and systems you are running. IDS are active devices that operate
to alert administrators of attacks and unusual events. This is accom-
plished by automatically reviewing log files and system traffic, and by
applying rules on how to react to events. IDS, when used in conjunction
with firewalls, can provide excellent security for a network.

Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.
Key Terms 157
Understand the various types and capabilities of the network media used
in a network. Network media is wire-, fiber-, or wireless-based. Each of
these media presents challenges to security that must be evaluated. Never
assume that a wireless connection is secure.
Be able to describe the vulnerabilities of removable media and what steps
must be taken to minimize these risks. Removable media are used for
backup, archives, and working storage. The capacity and capabilities
of these types of devices has increased dramatically over the last few
years. Most of this media is very small and easily hidden. Physical security
measures are necessary to keep them from walking off. In addition, media
can be copied to other systems, presenting confidentiality issues. Make
sure you know how to safeguard this technology.
Key Terms
Before you take the exam, be certain you are familiar with the follow-
ing terms:
accounting cookies
ActiveX diskettes
anonymous authentication dual-homed
appliances File Transfer Protocol (FTP)
auditing flash cards
Border Gateway Protocol (BGP) hard drives
border routers hoaxes
buffer overflows HTTP Secure (HTTP/S)
CD Recordable (CD-R) Hypertext Markup Language
(HTML)
circuit-level IEEE 802.11 (also known as
Wireless Ethernet)
CO (Central Office) infrastructure

Common Gateway Interface (CGI) infrastructure security
Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.
158 Chapter 3

Infrastructure and Connectivity
Internet Control Message Protocol
(ICMP)
Private Branch Exchange (PBX)
Internet Group Message Protocol
(IGMP)
protocols
Internet Mail Access Protocol
(IMAP)
proxy firewall
Intrusion Detection Systems (IDS) Radio Frequency (RF)
IPSec Remote Access Services (RAS)
LAN framing Remote Authentication Dial-In
User Service (RADIUS)
Layer 2 Forwarding (L2F) Routing Information Protocol (RIP)
Layer 2 Tunneling Protocol (L2TP) sandbox
Link Control Protocol (LCP) Secure Socket Layer (SSL)
media Serial Line Internet Protocol (SLIP)
modem server authentication
multicasting Shielded Twisted Pair (STP)
Network Control Protocol (NCP) signed applets
Network Operations Center (NOC) Simple Mail Transport Protocol
SMTP
Open Shortest Path First (OSPF) Simple Network Management
Protocol (SNMP)
OS hardening SMTP relay

packet filter sniffers
Point-to-Point Protocol (PPP) sockets
Point-to-Point Tunneling Protocol
(PPTP)
Spam
port stateful packet filtering
Post Office Protocol (POP) Switches
Plain Old Telephone Service
(POTS)
tape
Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.
Key Terms 159
Terminal Access Controller Access
Control System (TACACS)
Virtual Private Network (VPN)
terminating resistor WAN framing
transceiver wireless access point
Transport Layer Security (TLS) wireless technologies
tunneling zones
Unshielded Twisted Pair (UTP)
Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.
160 Chapter 3

Infrastructure and Connectivity
Review Questions
1. Which of the following devices is the most capable of providing infra-
structure security?
A. Hub
B. Switch
C. Router

D. Modem
2. A packet filter performs which function?
A. Prevents unauthorized packets from entering the network
B. Allows all packets to leave the network
C. Allows all packets to enter a network
D. Eliminates collisions in the network
3. Which device stores information about destinations in a network?
A. Hub
B. Modem
C. Firewall
D. Router
4. Which device acts primarily as a tool to improve network efficiency?
A. Hub
B. Switch
C. Router
D. PBX
Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.
Review Questions 161
5. Which device is often used to integrate voice and data services onto a
single WAN?
A. Router
B. PBX
C. HUB
D. Server
6. Which protocol is widely used today as a transport protocol for Internet
dial-up connections?
A. SLIP
B. PPP
C. PPTP
D. L2TP

7. Which protocol is unsuitable for WAN VPN connections?
A. PPP
B. PPTP
C. L2TP
D. IPSec
8. Which protocol is not a tunneling protocol but is used by tunneling
protocols for network security?
A. IPSec
B. PPTP
C. L2TP
D. L2F
Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.
162 Chapter 3

Infrastructure and Connectivity
9. A socket is a combination of which components?
A. TCP and port number
B. UDP and port number
C. IP and session number
D. IP and port number
10. Which protocol is becoming the newest standard for Internet mail
applications?
A. SMTP
B. POP
C. IMAP
D. IGMP
11. Which protocol is primarily used for network maintenance and desti-
nation information?
A. ICMP
B. SMTP

C. IGMP
D. Router
12. Which protocol is used for group messages or multicast messaging?
A. SMTP
B. SNMP
C. IGMP
D. L2TP
13. Which device monitors network traffic in a passive manner?
A. Sniffer
B. IDS
C. Firewall
D. Web browser
Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.
Review Questions 163
14. Which system performs active network monitoring and analysis and
can take proactive steps to protect a network?
A. IDS
B. Sniffer
C. Router
D. Switch
15. Which media is broken down into seven categories depending on
capability?
A. Coax
B. UTP
C. Infrared
D. Fiber optic cable
16. Which media is the least susceptible to interception or tapping?
A. Coax
B. UTP
C. STP

D. Fiber
17. Which media offers line-of-sight broadband and baseband capabilities?
A. Coax
B. Infrared
C. Microwave
D. UTP
18. Which media is used primarily for backup and archiving purposes?
A. Tape
B. CD-R
C. Memory stick
D. Removable hard drives
Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.
164 Chapter 3

Infrastructure and Connectivity
19. Which media is susceptible to viruses?
A. Tape
B. Memory stick
C. CD-R
D. All of the above
20. Which device is used for access control as well as storage of information?
A. CD-R
B. Smart card
C. Flash card
D. Tape
Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.
Answers to Review Questions 165
Answers to Review Questions
1. C. Routers can be configured in many instances to act as packet-filtering
firewalls. When configured properly, they can prevent unauthorized

ports from being opened.
2. A. Packet filters prevent unauthorized packets from entering or leaving
a network. Packet filters are a type of firewall that block specified port
traffic.
3. D. Routers store information about network destinations in routing
tables. These tables contain information about known hosts on both
sides of the router.
4. B. Switches create virtual circuits between systems in a network. These
virtual circuits are somewhat private and reduce network traffic
when used.
5. B. Many modern PBX or Private Branch Exchange systems integrate
voice and data onto a single data connection to your phone service
provider. In some cases, this allows an overall reduction in costs of
operations. These connections are made using existing network con-
nections such as a T1 or T3 network.
6. B. SLIP connections have largely been replaced by PPP connections in
dial-up Internet connections. SLIP passes only TCP/IP traffic, and PPP
can pass multiple protocols.
7. A. PPP provides no security and all activities are unsecure. PPP is
primarily intended for dial-up connections and should never be used
for VPN connections.
8. A. IPSec provides network security for tunneling protocols. IPSec
can be used with many different protocols besides TCP/IP, and it has
two modes of security.
9. D. A socket is a combination of IP address and port number. The
socket identifies which application will respond to the network request.
10. C. IMAP is becoming the most popular standard for e-mail clients
and is replacing POP protocols for mail systems. IMAP allows mail to
be forwarded and stored in information areas called stores.
Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved.