Chapter 5: Securing the Network
Infrastructure
Security+ Guide to Network Security
Fundamentals
Second Edition


Objectives
• Work with the network cable plant
• Secure removable media
• Harden network devices
• Design network topologies


Working with the Network
Cable Plant
• Cable plant: physical infrastructure of a network
(wire, connectors, and cables) used to carry data
communication signals between equipment
• Three types of transmission media:
– Coaxial cables
– Twisted-pair cables
– Fiber-optic cables


Coaxial Cables
• Coaxial cable was main type of copper cabling used
in computer networks for many years
• Has a single copper wire at its center surrounded by
insulation and shielding
• Called “coaxial” because it houses two (co) axes or

shafts―the copper wire and the shielding
• Thick coaxial cable has a copper wire in center
surrounded by a thick layer of insulation that is
covered with braided metal shielding


Coaxial Cables (continued)
• Thin coaxial cable looks similar to the cable that
carries a cable TV signal
• A braided copper mesh channel surrounds the
insulation and everything is covered by an outer
shield of insulation for the cable itself
• The copper mesh channel protects the core from
interference
• BNC connectors: connectors used on the ends of a
thin coaxial cable


Coaxial Cables (continued)


Twisted-Pair Cables
• Standard for copper cabling used in computer
networks today, replacing thin coaxial cable
• Composed of two insulated copper wires twisted
around each other and bundled together with other
pairs in a jacket


Twisted-Pair Cables (continued)

• Shielded twisted-pair (STP) cables have a foil
shielding on the inside of the jacket to reduce
interference
• Unshielded twisted-pair (UTP) cables do not have
any shielding
• Twisted-pair cables have RJ-45 connectors


Fiber-Optic Cables
• Coaxial and twisted-pair cables have copper wire at
the center that conducts an electrical signal
• Fiber-optic cable uses a very thin cylinder of glass
(core) at its center instead of copper that transmit
light impulses
• A glass tube (cladding) surrounds the core
• The core and cladding are protected by a jacket


Fiber-Optic Cables (continued)
• Classified by the diameter of the core and the
diameter of the cladding
– Diameters are measured in microns, each is about
1/25,000 of an inch or one-millionth of a meter
• Two types:
– Single-mode fiber cables: used when data must be
transmitted over long distances
– Multimode cable: supports many simultaneous light
transmissions, generated by light-emitting diodes



Securing the Cable Plant
• Securing cabling outside the protected network is not
the primary security issue for most organizations
• Focus is on protecting access to the cable plant in
the internal network
• An attacker who can access the internal network
directly through the cable plant has effectively
bypassed the network security perimeter and can
launch his attacks at will


Securing the Cable Plant (continued)
• The attacker can capture packets as they travel
through the network by sniffing
– The hardware or software that performs such functions
is called a sniffer

• Physical security
– First line of defense
– Protects the equipment and infrastructure itself
– Has one primary goal: to prevent unauthorized users
from reaching the equipment or cable plant in order to
use, steal, or vandalize it


Securing Removable Media
• Securing critical information stored on a file server
can be achieved through strong passwords, network
security devices, antivirus software, and door locks
• An employee copying data to a floppy disk or CD and

carrying it home poses two risks:
– Storage media could be lost or stolen, compromising
the information
– A worm or virus could be introduced to the media,
potentially damaging the stored information and
infecting the network


Magnetic Media
• Record information by changing the magnetic
direction of particles on a platter
• Floppy disks were some of the first magnetic media
developed
• The capacity of today’s 3 1/2-inch disks are 1.4 MB
• Hard drives contain several platters stacked in a
closed unit, each platter having its own head or
apparatus to read and write information
• Magnetic tape drives record information in a serial
fashion


Optical Media
• Optical media use a principle for recording
information different from magnetic media
• A high-intensity laser burns a tiny pit into the surface
of an optical disc to record a one, but does nothing to
record a zero
• Capacity of optical discs varies by type
• A Compact Disc-Recordable (CD-R) disc can record
up to 650 MB of data

• Data cannot be changed once recorded


Optical Media (continued)
• A Compact Disc-Rewriteable (CD-RW) disc can be
used to record data, erase it, and record again
• A Digital Versatile Disc (DVD) can store much larger
amounts of data
– DVD formats include Digital Versatile Disc-Recordable
(DVD-R), which can record once up to 3.95 GB on a
single-sided disc and 7.9 GB on a double-sided disc


Electronic Media
• Electronic media use flash memory for storage
– Flash memory is a solid state storage device―
everything is electronic, with no moving or mechanical
parts

• SmartMedia cards range in capacity from 2 MB to
128 MB
• The card itself is only 45 mm long, 37 mm wide, and
less than 1 mm thick


Electronic Media (continued)
• CompactFlash card
– Consists of a small circuit board with flash memory
chips and a dedicated controller chip encased in a
shell

– Come in 33 mm and 55 mm thicknesses and store
between 8MB and 192 MB of data

• USB memory stick is becoming very popular
– Can hold between 8 MB and 1 GB of memory


Keeping Removable Media Secure
• Protecting removable media involves making sure
that antivirus and other security software are installed
on all systems that may receive a removable media
device, including employee home computers


Hardening Network Devices
• Each device that is connected to a network is a
potential target of an attack and must be properly
protected
• Network devices to be hardened categorized as:
– Standard network devices
– Communication devices
– Network security devices


Hardening Standard Network
Devices
• A standard network device is a typical piece of
equipment that is found on almost every network,
such as a workstation, server, switch, or router
• This equipment has basic security features that you

can use to harden the devices


Workstations and Servers
• Workstation: personal computer attached to a
network (also called a client)
– Connected to a LAN and shares resources with other
workstations and network equipment
– Can be used independently of the network and can
have their own applications installed

• Server: computer on a network dedicated to
managing and controlling the network
• Basic steps to harden these systems are outlined on
page 152


Switches and Routers
• Switch
– Most commonly used in Ethernet LANs
– Receives a packet from one network device and sends
it to the destination device only
– Limits the collision domain (part of network on which
multiple devices may attempt to send packets
simultaneously)

• A switch is used within a single network
• Routers connect two or more single networks to form
a larger network



Switches and Routers (continued)
• Switches and routers must also be protected against
attacks
• Switches and routers can be managed using the
Simple Network Management Protocol (SNMP), part
of the TCP/IP protocol suite
• Software agents are loaded onto each network
device to be managed


Switches and Routers (continued)
• Each agent monitors network traffic and stores that
information in its management information base
(MIB)
• A computer with SNMP management software
(SNMP management station) communicates with
software agents on each network device and collects
the data stored in the MIBs
• Page 154 lists defensive controls that can be set for
switches and routers