LOCAL AREA NETWORK SECURITY Jeff Warnock COSC 352

LOCAL AREA NETWORK SECURITY Jeff Warnock COSC 352 Indiana University of Pennsylvania Spring 2010

Why LAN Security? Goals of LAN Security Threats and Vulnerabilities Security Mechanisms Risk Management

� LANs share data, processing and communication � As the area a LAN spans becomes greater, so does the chance of interception � Information security – Protecting data traveling throughout the network �Authentication, confidentiality, access control � Mail v E-mail

Applications � Distributed Downfalls File Sharing �Client access control to server �Protected server to unprotected client � Remote computing �Authentication and access restrictions � Messaging services �Confidentiality and integrity of messages Home

� Goals of stored, processed and transmitted data �Confidentiality �Integrity �Availability � Goals of information sharing �Authentication of senders and receivers Home

� Access � Unauthorized � Inappropriate � Disclosure � Data � Traffic � Unauthorized Modification � LAN Spoofing � LAN Disruption Home

� Authentication � Access control � Confidentiality � Integrity � Non-repudiation � Logging and Monitoring Home

� Estimate losses �Use or dependency � Analyze threats and vulnerabilities � Determine security mechanisms Reduce risk to acceptable level

� Define the Scope and Boundary and Methodology � Identify and Value Assets � Identify Threats and Determine Likelihood � Measure Risk � Select Appropriate Safeguards � Implement and Test Safeguards � Accept Residual Risk • (Federal Information Processing Standards, 1994) Home

Federal Information Processing Standards. (1994). Guideline for The Analysis Local Area Network Security. Federal Information Processing Standards Publication 191 , 6 -30