Network Infrastructure Security
By Michael Takeuchi
Cyber Security Marathon
25 February 2018, Hotel Bumi Wiyata (Depok)
1
�Little Things About Me
• My name is Michael Takeuchi
• Was MikroTik Certified on MTCNA, MTCRE,
MTCINE, MTCUME, MTCWE, MTCTCE, MTCIPv6E
• MikroTik Certified Consultant on mikrotik.com
• Was Juniper Certified on JNCIA-Junos
• Was Cisco Cerfied on CCNA-RS
• January 2017 – June 2017 Work as Remote
Network Engineer at Middle East
• July 2017 – Now Work as Network Analyst at
Internet Service Provider (AS38320)
2
�Objective
Understand information security aspect
Understand What is Network Infrastructure
Helps minimize the cost of security incidents
Understand how to defend yourself & your network
Understand the difference between conventional & hardened
network infrastructure
Educate users on their responsibility to help protect the
confidentiality, availability and integrity of their organization's
information and information assets
3
�Presentation Outline
IT Security Basic Architecture
Confidentiality
Integrity
Availability
Network Infrastructure Security
Network? / Computer Network
Infrastructure? / IT Infrastructure
Why need to be secured?
How?
Network Infrastructure Topology
Conventional Network Infrastructure
Hardern Network Infrastructure
4
�IT Security Basic Architecture
5
� IT Security Basic Architecture
http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA
6
�Confidentiality
Confidentiality is roughly equivalent to privacy. Measures
undertaken to ensure confidentiality are designed to prevent
sensitive information from reaching the wrong people, while
making sure that the right people can in fact get it: Access
must be restricted to those authorized to view the data in
question. It is common, as well, for data to be categorized
according to the amount and type of damage that could be
done should it fall into unintended hands. More or less stringent
measures can then be implemented according to those
categories.
7
�Integrity
Integrity involves maintaining the consistency, accuracy, and
trustworthiness of data over its entire life cycle. Data must not
be changed in transit, and steps must be taken to ensure that
data cannot be altered by unauthorized people (for example,
in a breach of confidentiality). These measures include file
permissions and user access controls. Version control maybe
used to prevent erroneous changes or accidental deletion by
authorized users becoming a problem.
8
�Availability
Availability is best ensured by rigorously maintaining all
hardware, performing hardware repairs immediately when
needed and maintaining a correctly functioning operating
system environment that is free of software conflicts. It’s also
important to keep current with all necessary system upgrades.
Providing adequate communication bandwidth and
preventing the occurrence of bottlenecks are equally
important. Redundancy, failover, RAID even high-availability
clusters can mitigate serious consequences when hardware
issues do occur.
9
�Network Infrastructure Security
10
�Network?
11
�Computer Network
A computer network, or data network, is
a digital telecommunications network which allows nodes to
share resources.
- Wikipedia,
https://en.wikipedia.org/wiki/Computer_network
Nodes = PC/Networking Devices
Resources = Data/Information
12
�Infrastructure?
Infrastructure is the fundamental facilities and systems serving a
country, city, or other area, including the services and facilities
necessary for its economy to function. It typically characterises
technical structures such as roads, bridges, tunnels, water
supply, sewers, electrical grids,
telecommunications (including Internet
connectivity and broadband speeds), and so forth, and can
be defined as "the physical components of interrelated
systems providing commodities and services essential to
enable, sustain, or enhance societal living conditions.
- Wikipedia,
https://en.wikipedia.org/wiki/Infrastructure
13
�IT Infrastructure
Information technology infrastructure is defined broadly as a
set of information technology (IT) components that are the
foundation of an IT service: typically physical components
(computer and networking hardware and facilities), but also
various software and network components
- Wikipedia,
https://en.wikipedia.org/wiki/IT_infrastructure
14
�Why need to be secured?
Network infrastructure can be a good investment if you know
how to take care of it. Keeping it secure may not be an easy
task, but its’ well worth it in the end and Why need to be
secured? The answer is “Because all of your data is pass
through the network”
15
�How?
Understand your network design.
Review your applications.
Find holes in your network.
Build a firewall.
Control circumventors.
Use Secure Socket Layer.
Don’t overcomplicate your network.
Protect your network inside and out.
Combat problems before they come.
16
�How?
Perform auditing and mapping
Keep the network up-to-date
Physically secure the network
Consider MAC address filtering
Implement VLANs to segregate traffic
Use 802.1X for authentication
Use VPNs to encrypt select PCs or servers
Encrypt the entire network
17
�How? (My Version)
1. Audit your network
2. Hardern your network
3. Do a Penetration Testing to your network
4. Go to number 1 until your network be hard
18
�Network Infrastructure Topology
19
�Conventional Network
20
�Services Installed
ISP Router
Routing
NAT
Core Switch
Switching
End-user
Routing
Networking
21
�Pro & Con
Pro
Simple
Low Cost
Con
Unmanageable
Data can be sniffed
All in one broadcast domain
Encryption must be applied on the end-user
Firewall setup must be applied on the end-user
22
�Hardern Network (1)
23
�Services Installed (1)
ISP Router
Routing
Firewall
NAT
IPS
Filtering Malicious Traffic
Edge Router
Inter-VLAN Routing
VLAN Trunking
24
�Services Installed (2)
Core Switch
VLAN
Switching
Port Mirroring
IDS
Catch All Traffic
Give Alert If Intrusion Detected
SIEM
Log Management
Convert From RAW Log to Human Readable
25
�Services Installed (3)
Active Directory/LDAP
Domain Controller
Access Control for end-user
End-user
Routing & Networking
Domain Group
Anti Virus
Anti Malware
Inernet Security
26
�Pro & Con
Pro
Manageable
Different Broadcast Domain (make management easier)
More be secure (but not 100%)
Encryption can be applied on the network easier
Firewall can scan entire network
All of traffic can be monitored
Con
Cost
Complex
Qualified HR Needed
27
�Hardern Network (2)
28
�Services Installed (1)
ISP Router
Routing
Unified Threat Management (UTM) a.k.a. All in One Box
Firewall
AD/LDAP
NAT
IDS
IPS
VLAN Trunking
Routing & Inter-VLAN Routing
29
�Services Installed (2)
Core Switch
VLAN
Switching
End-user
Routing & Networking
Domain Group
Anti Virus
Anti Malware
Inernet Security
30
�(FW, IDS, IPS, SIEM) VS UTM
1st Option
2nd Option
31
�Summary
What You See Is What You Get
&
Secure ≠ Easy
32
�Frequently Asked Question
1. Am i need to buy UTM and all of these services?
o No, just buy what you need
2. If i want to buy a devices, what brand is good?
o See gartner survey
3. Am i need to hardening my network?
o No, if you don’t care about your privacy, it’s just wasting your money
33
�Help
Feel So Hard To Securing, Auditing, Hardening Your Network?
Let Me Help You !
[email protected] http://www.facebook.com/mict404
https://www.linkedin.com/in/michael-takeuchi
34
�35
