CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Tebyan

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید











  • Campus Module in Small Networks


    The Campus module of the small network design, which is shown in Figure 13-4, provides end-user workstations, corporate intranet servers, management servers, and the associated Layer 2 functionality via a single switch.

    Figure 13-4. Small Network Campus Module

    Four key devices make up the Campus module, which are highlighted in Table 13-5.

    Table 13-5. Campus Module Devices

    Device

    Description

    Corporate server

    Provides services to internal users such as e-mail, file, and printing services

    Layer 2 switch

    Provides Layer 2 connectivity and also supports private VLANs

    Management host

    Provides management services, such as authentication, through RADIUS and TACACS+, host-based IPS, syslog, and other general management services

    User workstation

    Provides data services to authorized users on the network

    Mitigating Threats in the Campus Module


    Within the small network Campus module, each device plays a threat-mitigation role, as shown in Figure 13-5. Table 13-6 lists the expected threats and mitigation actions found within this module.

    Figure 13-5. Small Network Campus Module Threat-Mitigation Roles

    Table 13-6. Campus Module Threats and Threat Mitigation

    Threat

    Threat Mitigation

    Application layer attacks

    Operating systems, devices, and applications are kept up to date with the latest security fixes and are protected by host-based IPSs.

    Packet sniffers

    A switched infrastructure limits the effectiveness of sniffing.

    Port redirection

    Host-based IPSs prevent port redirection agents from being installed.

    Trust exploitation

    Private VLANs prevent hosts on the same subnet from communicating unless necessary.

    Unauthorized access

    host-based IPSs and application access control are used to mitigate unauthorized access.

    Virus and Trojan-horse applications

    Host-based virus scanning and host intrusion prevention prevents most viruses and many Trojan horses.

    Design Guidelines for the Campus Module


    The small network Campus module provides connectivity for the corporate and management servers and also corporate users. Private VLANs can be used within the switch to mitigate trust-exploitation attacks between the devices. For example, corporate users might not require inter-user communications and only need to communicate directly with corporate servers. This functionality can be provided by using private VLANs.

    Because the Campus module has no Layer 3 services within its design, there is an increased emphasis on application and host security because of the open nature of the internal network. Consequently, host-based IPSs have been installed on key devices within the campus, including the corporate servers and management systems.

    Design Alternatives for the Campus Module


    The placement of a filtering device, such as a firewall or router, to control the flow of management traffic between the management server and the rest of the network provides an increased level of security. Also, if the level of trust within the organization is high, it is possible to consider removing the host-based IPS from the design but this is not recommended.

  • / 290