A.Sai Thishok
BSc (Hons) Management of IT
University of Wolverhampton
Learning Outcome - 02
IT Security Solutions
IT SECURITY SOLUTIONS
• NETWORK SECURITY INFRASTRUCTURE
• NETWORK PERFORMANCES
• DATA SECURITY
• DATA CENTRE
• SECURITY VULNERABILITY
NETWORK SECURITY INFRASTRUCTURE
•
•
•
•
•
•
•
•
•
VPN - Virtual Private Network
Clever firewall solution
Intrusion Detection and Prevention
Identity and Access Management (IAM)
Antivirus/antimalware solutions
Disaster recovery
Cryptography
Web filtering
DMZ
VPN - Virtual Private Network
• Encrypted
• No Logs Policy
• Location is private
Paid
* Strong Data Encryption
* Online Privacy Protection
* Lightning fast servers
* No logs policy
Free (3rd Party)
* Less secure protocols
* Lower Connection servers
* Poor Support Assistance
Clever firewall solution
• 3 Types
– Packet Filtering Firewall
– Application / Proxy Firewall
– Hybrid Firewall
• Proxy Firewall
• This don’t let internet know which computer wants to request the
website. This hides us from the attackers in internet
Intrusion Detection and Prevention
• Network Monitoring tools
• IDS – Intrusion Detection System
• IPS – Intrusion Prevention System
Identity and Access Management (IAM)
•
Defining and Managing the roles and access privilege of individual Network Users
•
The Solutions which users have permission (Allowed / Denied)
•
IAM can be
– Customer IAM
– Employee IAM
•
One digital identity per individual, once that individual identity has been established, it
must be maintained & monitored
IAM TOOLS
•
•
•
•
•
Password Management
Security Management
Reporting & Monitoring
Cryptography
Antivirus/antimalware solutions
•
To Prevent, Detect and Remove malicious Software / Apps
Disaster recovery
•
•
•
•
•
•
Create DR Team
Identify and Assess Disaster Risk
Determine critical App. Doc and Resources
Specify Backup & Off-Site Storage procedure
Test & Maintain the DRP
Emergency Contact
•
•
DR Considered as a subset of Business Continuity
Companies with Major loss of Data from 2015
– 43% never able to recover data
– 29% closed in 2 years minimum
Data Backup
– Frequency – Depend on data some data backed up continuously / Real Time (Capturing at real times)
– Retention
•
Disaster recovery (Contd..)
•
Best Practices
•
•
•
•
Practice the Recovery
Review Regularly
Back up confirmation
Elements of DR
• Create DR Team
• Identify and Assess Disaster Risk
• Determine Critical Apps / Docs / Resources
• Specify Backup & Off-Site Software Procedure
•
•
What to backup / by whom / how to perform the backup / how frequently backup should happen / location of backup
Test & Maintain the DRP
Cryptography
• Encryption – Decryption
• Symmetric Key
• Asymmetric Key
• Hash Function
Web filtering
• Commonly referred as “Content Control Software”
• Commonly used for
• Prevention tool for Malware / Host Malware
•
Web Filtering Software
–
–
–
–
–
–
Net Nanny
Web Titan
K9
Save Squid
Dans Guardian (Best for Linux)
Open DNS
DMZ
•
•
A real DMZ is a separate network which has no or only very restricted access to the internal
network
A DMZ, short for demilitarized zone, is a network (physical or logical) used to connect hosts that
provide an interface to an untrusted external network – usually the internet – while keeping the
internal, private network – usually the corporate network – separated and isolated form the
external network.
NETWORK PERFORMANCES
•
•
•
•
RAID - Redundant Array of Independent Disks
Stand Alone / Stand By
Dual LAN
Web Server Load Balancing
RAID - Redundant Array of Independent Disks
•
•
RAID is a DATA storing Technology
This is use to
– Data Redundancy
– Performance Improvement
– Fault Tolerance
•
•
•
•
•
•
•
RAID 0
RAID 1
RAID 2
RAID 3
RAID 4
RAID 5
RAID 6
STANDARD LEVEL
•
RAID 10
HYBRID LEVEL
RAID (Contd..)
•
•
•
•
•
•
RAID 0 – DATA Stripping
RAID 1 – DATA Mirroring
RAID 4 – DATA Parity
RAID 5 – DATA Stripping with Parity
RAID 6 – DATA Dual Parity
RAID 10 (Hybrid) – DATA Stripping & Mirroring
Stand Alone / Stand By
• A PC That is used on its own without requiring a connection to
LAN
• Damage Control
• Does not affect other pcs
Dual LAN
•
Computers with Dual Gigabit connections can also use them to connect simultaneously with
different network
•
Network Connect to
• Customer Accessible Public Network
• Own Private Network
•
•
Highest level of Security
Frees-Up all the bandwidth of in-house Network
Web Server Load Balancing
• Features of Load balancing
–
–
–
It will distribute the incoming traffic to the server / network to the multiple server
Internally Load balancer health check the servers. If anything offline automatically it will switch on
the system
Depends on the request of the service it will add more servers
»
•
If more users access one service it will scale up (Demand)
Benefits
–
–
Security
» A load balancer can add an additional layer of security to the website / network /
servers
» The Web Application Firewall (WAF) in the load balancer protects the website from
hackers. This runs with a rule set like a virus scanner
Authenticate Access of user
» If one of the servers fails, providing service with remaining servers without any impact
to the user
Web Server Load Balancing (Contd..)
Load Balancing Algorithm
•
Round Robin
– The request will be redirect to different servers
•
Least Connection
– Request will be sent to the least sed sever in the network or which process no of
services. To do this load balancer need no know which process / servers having least no
of resources. It will find by doing some additional computing.
•
IP Hash
– When user makes a request that should go to set of servers. Redirecting done by using
clients IP Address . Some servers connected to that only that servers will be connected
DATA SECURITY
• IT Asset Management
• Image Differential & Incremental Backups
• Differential Backup .vs Full Backup
• SAN Servers
IT Asset Management (ITAM)
•
•
•
•
Basically Managing all the asset in an organization connected to IT infrastructure.
Hardware, Servers, Computer, Hardware Devices / Parts, Software (Ex- Anti-Virus, Office
Packages)
ITAM is Highly process oriented
Important of keeping / managing in IT Asset
– Keep tracking the asset
•
Which will help us with all our IT Task
– Support for operational function
– End User Satisfaction & Performance
– Plays major role with maintaining & protecting Ourselves as a company from regulatory
concern
Image Differential & Incremental Backups
•
It is a backup type
•
These type can be applied for all the storage devices
•
There are 3 types of Backup
– Full Backup
– Incremental Backup
– Differential Backup
Image Differential & Incremental Backups (Contd..)
Full Backup
• Common Backup Type (Full Disk Backup)
• This type should be backed up in all backup types
• Advantages
• If want to restore the Data using that single Disk / Storage device we can backup
• Better storage management
– Since it is stored in one single backup file
• Disadvantages
• It will take more time to restore the backed up data. Will be long process
• When back up some huge data (in bulk). So it needs high capacity & hardware requirements & speed.
Image Differential & Incremental Backups (Contd..)
Incremental Back Up
• This is based on updating of files / data
Monday
Backup
Tuesday
Backup
Wednesday
Backup
Thursday
Backup
Friday
Backup
• Advantages
• If we make a mistake in the current file, it can be restored from the previous versions
• Backup time is decreased as only data that is changed since the last backup is needed
Image Differential & Incremental Backups (Contd..)
Differential Back Up
• Bit similar to Increment backup. Because here also backup happens depend on updates
Tuesday
Backup
Tuesday
Backup
Monday
Full
Backup
Tuesday
Backup
• Advantages
• Restoring is faster
• Back up is faster
Tuesday
Backup
Wednesday
Backup
Wednesday
Backup
Thursday
Backup
Wednesday
Backup
Thursday
Backup
Friday
Backup
SAN Servers
•
DAS
– Direct Area Storage (PC -> HDD)
•
NAS
– Network Attached Storage
– NAS Called Centralized storage device
– Will have multiple hard drives in a RAID Configuration
– Good for medium / home level business
SAN Servers (Contd..)
•
SAN ( Storage Area Network)
– Special High Speed Network
– Where we can store & Access Large amount of Data
– Data I shared among different disk arrays
–
If any disk array / server / switch goes down still we can access to data.
DATA CENTRE
• Data Center Replication
• Virtualization
• Secure Transport Protocol
Data Center Replication
•
•
•
•
If one data center goes down another Data center is fully capable of picking its
load & Data
Each Replication cluster will be synched consistently
2 Clusters
– Master Cluster
– Replica Cluster
Advantages
– Data Availability
– Performance improvement (Read / Write)
Virtualization
•
Virtualization is the process of running a virtual instance of a computer system in a
layer abstracted from the actual hardware.
•
Physical Architecture
Physical H/W
Motherboard /HDD / RAM / ROM / NIC
Operating System
Win / Linux
App1
App1
App1
Application S/W
Virtualization (Contd..)
•
Virtual Architecture
Physical H/W
Motherboard /HDD / RAM / ROM / NIC
Operating System
Win / Linux
App1
Virtualization S/W
Application S/W (VMWare / Oracle
Virtual Box / Hyper-V)
Virtualization (Contd..)
Virtualization S/W
Virtualization H/W
Virtual
Machine 1
Virtual
Machine 2
Virtual
Machine 2
Windows
OS
Linux OS
Cent OS
1
1
App
1
2
2
2
VMWare / Oracle
Virtual H/W (NIC, Mother Board, Sound Card, etc.)
Virtual Machine
OS
Related Applications
Virtualization (Contd..)
•
Advantages
–
–
–
–
–
–
–
Reduced capital and operating costs.
Minimized or eliminated downtime.
Increased IT productivity, efficiency, agility and responsiveness.
Faster provisioning of applications and resources.
Greater business continuity and disaster recovery.
Simplified data center management.
Availability of a true Software-Defined Data Center..
• Disadvantages
–
–
–
–
High Cost – Powerful H/W Need
Risk in Physical Session
Implementation
Limitations
Secure Transport Protocol
• Also called Transport Layer Security
• A protocol to secure the communication between Client – Server
• Using encryption to protect the transfer of data and information.
• Basically uses HTTPS
• SSL & TLS are same (LS is an improved version of SSL)
– SSL Versions are 1.0, 2.0, 3.0
•
•
After 3.0 new version introduced with TLS (TLS1.0, 1.2)
Latest version is TLS 1.2
SECURITY VULNERABILITY
•
•
•
•
Logs
Honeypots
Data mining algorithms
Vulnerability testing.
Logs
• A log file is a computer-generated data file that contains information about usage patterns,
activities, and operations within an operating system, application, server or another device.
• These files normally contains messages.
• The message can be about
–
–
–
–
The system
About kernel
Services
Apps / Programs running in PC
• Different types of Logs file
– Log file for System-Log
– Log file for Security-Log
Honeypots
• A honeypot is a security mechanism that creates a virtual trap to lure attackers. An intentionally
compromised computer system allows attackers to exploit vulnerabilities so you can study them
to improve your security policies.
• Advantages
–
–
–
–
Can observe he hackers & get to know about the tricks
Get the details of hackers
Improve our security by observing their work
Identify cyberattacks and assign hackers a passive-fingerprint
Data mining algorithms
• An algorithm in data mining (or machine learning) is a set of analytical and calculations that
creates a model from data. ... The mining model that an algorithm creates from your data can
take various forms, including: A set of clusters that describe how the cases in a dataset are
related
Vulnerability testing.
• Vulnerability is any mistakes or weakness in the system security
• Setup
–
–
–
–
Documentation
Secure Permission
Update / Find Tools
Configure Tools
• Test
– Run the tools
– Run the captured Data packet
Vulnerability testing (Contd..)
• Vulnerability Analysis
– Defining & Classifying Network / System
– Assigning priority to the resource (High / Medium / Low)
• Test
–
–
–
–
–
Run the tools
Run the captured Data packet
Identifying potential threats to each source
Developing a strategy
Define & implement the strategy to minimize threats
• Reporting
• Remediation
• Process of fixing vulnerabilities
Vulnerability testing (Contd..)
• Tools to Test Vulnerability
–
–
–
–
Wireshark
OpenVAS
Air crack / Nikto / Retinal CS Community
Microsoft Baseline Security Analyzer (MBSA)