12-1
PPA is done using the following means:
• Locks
• Barriers
• Guards
Security is provided for the following:
• Computer processing
• Large databases
• Communication networks
• Preventing a hacker from breaking into your computer
12-2
Why networks need security?
How to provide security!
Types of security threats
Network (NW)-Controls
Primary goal of the NW-Security
To protect the data and application-SW
12-3
For many people, security means
preventing unauthorized access, such as
preventing a hacker from breaking into your computer.
Security is more than that, it also includes being able to recover
from temporary service problems, or
from natural disasters.
12-4
Software(SW)
Hardware(HW)
Files and database
Data communication circuits
Threats are from different sources:
External and internal hacking
External —disaster, vandalism, fraud, theft
Personal errors, dishonesty, incompetence
12-5
12-6
In recent years, organizations have become increasingly dependent on the data communication networks for their daily business communications, database retrieval, distributed data processing, and the internetworking of LANs.
The losses associated with security failures can be huge.
More important than direct theft losses are the potential losses from the disruption of applications systems that run on computer networks.
12-7
Category-1: 3-Ds
-due to fire, flood, power-loss,circuit failure & virus --
• Disruption
• Destruction
• Disaster
Category-2: U nauthorized access
• Refers to intruders
• External hackers
• Internal hackers
12-8
Gain knowledge and Change files
• To Commit fraud, threat
• To destroy information
• To injure the organization
• To sadistic thrill for his misadventure
12-9
Disruptions (means what!)
• are the loss or reduction in NW-service.
• Could be minor, temporary and due to
• Switch-failure or circuit-cut
Destructions (of data):
• are caused by and/or result in the disruption
• could be due to virus or else
• Could be due to crash of hard-disk
Disasters (of network):
destroy host computers, sections of the NW
Could be manmade or natural
12-10
Principal causes which are responsible for the
Category-1: 3-D Threats:
Fires
Floods
Earthquakes
Mudslides
Storms
Tornadoes
Terrorist attacks
--All these can destroy buildings and networks---
12-11
Give rise to interruptions in the NW-Service
Cause loss of data due to NW-failure
FTS = Fault Tolerant Server
Contains many redundant components
(which) help prevent the NW-failure
Disk-Duplexing
• Is a disk-mirroring concept
• Provides backup against NW-failure
• (so that) even if the disk-controller fails, the server continues to operate
12-12
Smaller
Smarter
Simpler, Sophisticated
The NW-HW/SW being produced now always keep these 3-things in mind when developing their products.
12-13
Category-2:
Unauthorized Access is often viewed as hackers gaining access to organizational data files and resources.
• External intruders
• Internal intruders
• Eavesdropping
---(I.e, listening secretly to a private conversation---
Keep in mind, however, that most unauthorized access incidents involve employees.
12-14
Developing a secure network means developing controls---i.e, mechanisms that reduce or eliminate both Cat-1 and Cat-2 threats to network security.
There are 3-types of controls:
• P reventative controls---restrain, stop a person from acting or hinder an event from occurring.
• D etective controls---reveal or discover any kind of unwanted events.
• C orrective controls---rectify an unwanted event or a trespass.
PDC-controls should be periodically verified & tested
12-15
6- areas need NW-Controls in a network
Data Communication
• Client computers
• Host/server computers (mini/mainframe/LANs)
• Communication circuits
• NW-devices and components
• NW-Software
• Application-Software
12-16
It is important to remember that it is not enough to just establish a series of controls; someone or some department must be accountable for the control and security of the network.
PDC-Controls must be reviewed periodically to be sure that they are still useful, and should be:
• Verified - ensuring that the control is still present
• Tested - determining whether the control is working as originally specified.
(PDC = Preventive, Detective and Corrective)
12-17
12-18
One key step in developing a secure-NW is to conduct a risk assessment:
• This assigns a level of risk to various threats to the network security by comparing the nature of the threats to the controls designed to reduce them.
Threat could mean:
• Theft of data
• Destruction of data
• Damage to NW-HW, NW-SW and NW-Circuits
12-19
Virus-----------------------87%
Device failure------------52%
Internal hacker-----------51%
Equipment theft----------48%
External hacker----------30%
Natural disaster----------28%
Industrial espionage----10%
12-20
Cause destruction of data
Cause unwanted events/nuisances
Attach themselves to some programs
(and as a result) the viruses spread
How to prevent the spread of Viruses
Don’t share diskettes (37% due to sharing)
Don’t copy files or disks of unknown origin
Be careful about downloading files from the Web
Install ant-virus SW in your computer
12-21
To be sure that the data communications network and microcomputer workstations have the necessary controls and that these controls offer adequate protection, it is best to build a control spreadsheet.
12-22
Threats
Components
Host Computers
Client Computers
Communication Circuits
Disruption, Destruction, Disaster
Power Circuit
Unauthorized Access
External Internal
Fire Flood Loss Failure Virus Intruder Intruder Eavesdrop
Network Devices
Network Software
People
12-23
A threat to the data communications network is any potential adverse occurrence that can do harm, interrupt the systems using the network, or cause a momentary loss to the organizations.
Once the threats are identified they must be ranked on their importance.
12-24
12-25
The next step is to identify the network components. A network component is one of the individual pieces that compose the data communications network. They include:
• Servers
• Client computers
• Communications circuits
• Network devices
• Network software
• Application software
12-26
Once the specific network threats and controls have been identified, you can begin working on the network controls.
Begin by considering the network component and the specific threat, and then describe each control that prevents, detects or corrects that threat.
12-27
Threats Disruption, Destruction, Disaster Unauthorized Access
Power Circuit External Internal
Components Fire Flood Loss Failure Virus Intruder Intruder Eavesdrop
1,2 1,3 4 1,5,6 7,8 9,10,11,12 9,10
Host Computers
Client Computers
Communication Circuits
Network Devices
Network Software
People
1. Disaster recovery plan
2. Halon fire system/sprinklers
3. Host computer room on 5th floor
4. UPS on servers
5. Contract guarantees from IXCs
6. Extra backbone fiber laid between servers
7. Virus checking software present
8. Extensive user training on viruses
9. Strong password software
10. Extensive user training on security
11. Call-back modem system
12. Application Layer firewall
12-28
The last step in designing a control spreadsheet is to evaluate the adequacy of the existing controls, and the resulting degree of risk associated with each threat.
The assessment can be done by the network manager, but it is better done by a team of experts chosen for their in-depth knowledge about the network and environment being reviewed.
12-29
12-30
The key principle in preventing disruption, destruction and disaster - or at least reducing their impact - is redundancy.
• Disk mirroring
• Disk duplexing
• Fault-tolerant servers
• Uninterruptible power supplies (UPS)
Redundancy can be built into other network components as well.
12-31
Disasters are different, the best solution is to have a complete redundant network that duplicates every network component, but in a different location.
Generally speaking, preventing disasters is difficult. The most fundamental principle is to decentralize the network resources.
Other steps depend on the type of disaster to be prevented.
12-32
In some cases, the disruption is intentional
(i.e. theft).
Another special case is the denial-of-service attack, in which the hacker attempts to disrupt the network by sending messages to the network that prevent other’s messages from being processed.
12-33
Special attention also must be paid to preventing computer viruses - software designed to produce unwanted events. Most viruses attach themselves to other programs to special parts on disks.
How to prevent the spread of viruses
Do not to copy files or disks of unknown origin.
Use/Install anti-virus software packages that are available to check disks and files to ensure that they are virus-free.
12-34
NWM-software alerts network managers to problems so that they can be corrected.
Some intelligent NW-servers can be programmed to send an alarm to pager, if necessary!
On going monitoring for damaged cables which could result from hungry squirrels and rats eating the cables
12-35
Detecting minor disruptions can be more difficult. The network should routinely log fault information to enable network managers to recognize minor service problems. In addition, there should be a clear procedure by which network users can report problems.
12-36
A critical control is the disaster recovery plan, which should address various levels of response to a number of possible disasters and should provide for partial or complete recovery of all data, application software, network components, and physical facilities.
The most important element of the disaster recovery plan are backup and recovery controls that enable the organization to recover its data and restart its application software should some portion of the network fail.
12-37
Names of responsible individuals
Staff assignments and responsibilities
List of priorities of “fix-firsts”
Location of alternative facilities.
Recovery procedures for data communications facilities, servers and application systems.
Actions to be taken under various contingencies.
Manual processes
Updating and Testing procedures
Safe storage of data, software and the disaster recovery plan itself.
12-38
Backups ensure that important data is safe.
However it does not guarantee the data can be used.
Most large organizations have a two-level disaster recovery plan.
LVL 1: When they build networks they build enough capacity and have enough spare equipment to recover from a minor disaster, such as loss of a major server or portion of the network.
12-39
LVL2: most large organizations rely on professional disaster recovery firms to provide second level support for major disasters.
Disaster recovery firms provide a full range of services from secure storage for backups, to a complete networked data center that clients can use when they experience a disaster.
12-40
12-41
Four types of intruders attempt to gain unauthorized access to computer networks.
1. Casual computer users who only have limited knowledge of computer security.
2. Experts in security, but whose motivation is the thrill of the hunt.
3. Professional hackers who break into corporate or government computer for specific purposes.
4. Organization employees who have legitimate access to the network but who gain access to information they are not authorized to use.
12-42
The key principle in preventing unauthorized access is to be proactive. This means routinely testing your security systems before an intruder does.
Approaches to preventing unauthorized access:
• Developing a security policy
• Developing user profiles
• Plugging known security holes
• Securing network access points
• Preventing eavesdropping
• Using encryption
A combination of all techniques is best to ensure strong security.
12-43
The security policy should clearly define the important network components to be safeguarded and the important controls needed to do that.
The most common way for a hacker to break into a system, is through some social engineering (breaking security simply by asking).
12-44
Name of responsible individuals
Incident reporting system and response team
Risk assessment with priorities
Controls on access points to prevent or deter unauthorized external access.
Controls within the network to ensure internal users cannot exceed their authorized access.
An acceptable use policy
User training plan on security
Testing and updating plans.
12-45
The basis of network access is the user profile for each user’s account that is assigned by the network manager.
More and more systems are requiring users to enter a password in conjunction with something they have, such as a smart card.
In high-security applications, a user may be required to present something they are, such as a finger, hand or the retina of their eye for scanning by the system (biometric scanning).
12-46
User profiles can limit the allowable log-in days, time of day, physical locations, and the allowable number of incorrect log-in attempts.
Creating accounts and profiles is simple, as they are created when new personnel arrive. One security problem is the removal of user accounts when someone leaves an organization.
12-47
It is important to screen and classify both users and data (need to know).
The effect of any security software packages that restrict or control access to files, records, or data items should be reviewed.
Adequate user training on network security should be provided through self-teaching manuals, newsletters, policy statements, and short courses.
12-48
Many commonly used operating systems have major security problems well known to potential users (security holes), many of which are highly technical.
Some security holes are not really holes, but simply policies adopted by computer vendors that open the door for security problems, such as computer systems that come with a variety of preinstalled user accounts.
12-49
The U.S. Government requires certain levels of security in the operating systems and network operating systems it uses for certain applications.
12-50
There are three major ways of gaining access:
• Using a terminal or computer located in the organization’s offices
• Dialing into the network via modem
• Accessing the network from another network to which it is connected (e.g. Internet)
The physical security of the building or buildings that house any of the hardware, software or communications circuits must be evaluated.
12-51
The network components themselves also have a level of physical security.
Any organization that permits staff members to access its networks via dial-in modems opens itself to a broader range of intruders.
One strategy is to routinely change modem numbers, another is to use a call-back modem.
One-time passwords is another strategy for traveling employees for who call-back modems and automatic number identifications are inappropriate.
12-52
With the increasing use of the Internet, and information superhighway, it becomes important to prevent unauthorized access to your network from intruders on other networks. For this, we have to use a
Firewall!
What is a firewall?
12-53
A firewall is a router, gateway, or special purpose computer that examines packets flowing into and out of a network and restricts access to the organization’s network.
FW is designed so that it is placed on every NWconnection between the organization and the
Internet and
No access is permitted except thru the firewall
2-Types of firewall:
• PLF = packet level firewall
• ALF = application level firewall
12-54
A packet-level firewall examines the source and destination address of every network packet that passes through it and only allows packets that have acceptable source and destination addresses to pass.
Some packet-level firewalls are vulnerable to IP-level spoofing, accomplished by changing the source address on incoming packets from their real address to an address inside the organization’s network.
Many firewalls have had their security strengthened since the first documented case of IP spoofing in
December 1994.
12-55
An application-level firewall acts as an intermediate host computer or gateway between the Internet and the rest of the organization’s network.
In many cases, special programming code must be written to permit the use of application software unique to the organization.
A proxy server is a new type of application-level firewall that addresses some of the compatibility problems with traditional application-level firewalls.
12-56
The proxy server uses an address table to translate network addresses inside the organizations into fake addresses for use on the
Internet (network address translation or address mapping).
This way systems outside the organization never see the actual internal IP addresses.
Proxy servers work very well and are becoming the application-level firewall of choice.
Many organizations use a combination of packetlevel and application-level firewalls.
12-57
12-58
It is a card about the size of a credit card that contains a small processing chip and also a memory chip that can be read by a smart-device
To gain access to a NW:
The user must present both smart card and also password
The intruder must have access to both before they can breakin
12-59
ATM-NW = automated teller machine NW is a best, practical, example of a smart card
Before you can gain access to your account you must have both:
• ATM-card
• Access number
12-60
It is way to gain unauthorized access on network traffic (where)
the intruder inserts a listening device or computer into the organization’s network to record messages.
Two areas vulnerable to this type of unauthorized access:
• Network cabling
• Network devices
12-61
Network cables are the easiest target because they often run long distances and usually are not regularly checked for tampering.
Certain types of cable can impair or increase security by making eavesdropping easier (i.e. wireless) or more difficult (i.e. fiber optic).
Physical security of the network’s local loop and interexchange telephone circuits is the responsibility of the common carrier.
12-62
Network devices such as controllers, hubs, and bridges should be secured in a locked wiring closets.
A secure hub for Ethernet networks makes sniffer program eavesdropping more difficult, by requiring a special authorization code before new computers can be added to the hub.
A review of software controls that can be programmed into remote network devices is also needed.
12-63
IPS means sending packets to a target computer
IPS is done by changing the source address on the incoming packets from their real address inside the organization’s NW
12-64
Is a spy-software/program
(which is) installed in a computer
(which is subsequently) plugged into an unattended hub or bridge or router
(and as a result) it eavesdrop on all kinds of message traffic
Sniff (means what!)
To smell (forcibly thru the nose)
To inhale (forcibly thru the nose)
12-65
One of the best ways to prevent unauthorized access is encryption, which is a means of disguising information by the use of mathematical rules known as algorithms.
An encryption system has two parts: the algorithm itself and the key, which personalizes the algorithm by making the transformation of the data unique.
12-66
It’s the best way to prevent any attempt to gain unauthorized access
It means disguising info by the use of mathematical rules known as algorithms
Actually, it’s the CRYPTION!
• Encryption
• Decryption
Cryptic (means what!)
Secret and/or mystifying
12-67
• It means the information is in a readable form or format! This means that the info is in a decrypted form.
• It means the information is in an encrypted
(i.e, disguised) form or format!
12-68
Good encryption systems do not depend on keeping the algorithm secret, only the keys.
Today, the U.S. government considers encryption to be a weapon, and regulates its export in the same way it regulates the export of machine guns or bombs. The government is also trying to develop a policy called key escrow, requiring key registration with the government.
12-69
One commonly used encryption algorithm is the data encryption standard (DES). DES is a symmetric algorithm, which means the key used to decrypt a particular bit stream is the same one used to encrypt it.
Symmetric algorithms can cause problem with key management; keys must be dispersed and stored carefully.
A 56-bit version of DES is the most commonly used encryption technique today.
12-70
A second popular technique is public key encryption, the most popular of which is
RSA.
Public key encryption is inherently different from secret key systems like DES, because it is an asymmetric algorithms; there are two keys. The public key is used to encrypt the message, and the private key is used to decrypt it. Public key encryption greatly reduces the key management problem.
12-71
Private Key
12-72
Public key encryption also permits authentications
(digital signatures), using a process of encrypting with the private key, and decrypting with the public key providing irrefutable proof of origin.
A certificate authority is a trusted organization that can vouch for the authenticity of the person of organization using authentication. For higher level security certification, the CA requires that a unique “fingerprint” (key) be issued by the CA for each message sent by the user.
12-73
12-74
Detecting unauthorized access means looking for anything out of the ordinary. It means logging all messages sent and received by the network, all software used, and all logins (or attempted logins) to the network.
• Increases in the number of logins
• Unusual number of unsuccessful login attempts to a user’s or several users’ accounts.
Regular monitoring should also be extended to network hardware.
12-75
Once an unauthorized access is detected, the next step is to identify how the security breach occurred and fix it so that it will not reoccur.
Many organizations have taken their own steps to detect intruders by using entrapment techniques.
In recent years, there has been a stiffening of computer security laws and in the legal interpretation of other laws that pertain to computer networks.
12-76