LAS TIC EN LA EDUCACION BASICA Y MEDIA

Cisco Secure Consulting Services are targeted to large corporate and gov- ernment customers. Consulting services is beyond the scope of this book, but it does round out the Cisco Secure product line for those of you who need expert assistance. It offers two types of professional services:

Security Posture Assessments This service provides comprehensive secu- rity analysis of large, complex networks. Cisco will test your network secu- rity from the perspective of external attackers, disgruntled employees, or contractors. They will make recommendations on security measures needed to improve network security.

Incident Control and Recovery This service is an emergency response to a hostile network incident. Cisco can provide short-notice assistance to restore control and availability of your network.

Summary

The growth of the Internet and its reach into the fabric of business and personal life has outdistanced most organizations’ ability to protect the confidentiality and integrity of information. Many organizations are increasing their use of electronic commerce for business-to-business and business-to-consumer transactions. This increased exposure and the con- stant escalation of threats to network security have increased the need for effective controls that can restore availability, confidentiality, and integrity to information systems. Although no one product or system can provide complete protection, security can be layered to provide reasonable risk management reduction of vulnerabilities.

The TCP/IP stack consists of four layers and provides data communica- tions under a diversity of conditions. The application layer provides file transfer, print, message, terminal emulation, and database services. The transport layer provides duplex, end-to-end data transport services between applications. The TCP port determines which application on the end system is sending and receiving data. The Internet layer provides routing and delivery of datagrams to end nodes. The IP address determines the end system to send or receive communications. The network layer communicates directly with the network media. The hardware address is translated to an IP address to allow IP to traverse each network segment. Any of the protocol layers are vulnerable to attack.

Network security continues to be a very dynamic area as new protocols and technologies are evolving. Security can be provided in TCP/IP at any layer, but each approach has advantages and disadvantages. Application layer security protocols require modifications to each application that will use them, but they can provide fine granularity of control. Transport layer security protocols can also require modifications at the application layer and have been limited in practice to a few specific applications. Network layer security protocols promise to become widely used and will likely replace many of the more limited solutions in use today. Cisco offers a

number of products that together can provide a fairly complete security solution. Firewalls provide network access control at security zone perime- ters. The PIX firewall can also be the endpoint of a VPN tunnel from site to site or site to end-user. Cisco Secure Scanner tests system security with vulnerability assessment. Cisco Secure Intrusion Detection System moni- tors network traffic for unauthorized activity. Management tools allow you to improve the consistency and effectiveness of security policies with improved efficiency.

FAQs

Q:

Why are local area networks more vulnerable to data abuse than main- frame computers?

A:

The mainframe environment is referred to as the “glass house” and is a static, centrally controlled environment. LANs provide multiple points of access in a dynamic, distributed environment. Anyone can connect a self-contained, locally controlled computer to a LAN port. Implementing security services in a complex, networked environment requires con- trols to be coordinated at many points.

Q:

What is the difference between IPSec and IP Security?

A:

IP Security is a broad term that describes securing communications at the IP protocol layer. For example, packet filtering could provide some level of IP Security. IPSec is IP Security Protocols, a standard architec- ture defined by the Internet Engineering Task Force in RFCs

2401–2411 and 2451. IPSec is the dominant security solution at the IP layer because it is a global standard supported by many vendors.

Q:

What authentication mechanisms can be used with IKE?

A:

Preshared keys (HASH), public key cryptography (NONCE), and digital signatures (SIG) are commonly implemented generic authentication mechanisms.

Q:

Why should Telnet or other unencrypted protocols not be used to manage routers, firewalls, switches, servers, or other infrastructure devices?

A:

If someone can acquire the passwords or community names to your network infrastructure devices, they have the keys to the kingdom. The dangers of packet sniffing on shared network media have been known for a long time, but many people mistakenly believe that switched net- works protect from sniffing by reducing the collision domain to each port on the switch. Although limited to the same subnet as one of the communicating devices, ARP spoofing is an easy and effective tech- nique that negates the protection of a switched network. It fools devices into communicating with a different hardware address than that of the intended IP destination. ARP spoofing allows the capture of cleartext passwords, and other interesting information.

Q:

While traveling and using a VPN tunnel from my laptop to the corporate headquarters, is my e-mail protected from disclosure?

A:

The encryption of the VPN would protect your e-mail and any other data in transit between the endpoints of the tunnel. Copies of the mes- sage stored on the mail server, your laptop, or the recipient’s computer would not be protected unless some other measures are taken. PGP, S/MIME, or some other means of encrypting the message would protect it from end-to-end.

Traffic Filtering on

In document Caracterización del uso académico de las TIC en la enseñanza del inglés por parte de los docentes del grado décimo del Colegio San Simón de Ibagué, Tolima (página 41-44)