1 / 28

MODULE 2

MODULE 2. Protection Of Information Assets. Samir Shah CA, CISA, DISA, CIA, CISSP, CFE Director – Eduassure Knowledge Solutions. 3 Network Security Controls. Introduction

studs
Télécharger la présentation

MODULE 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MODULE 2 Protection Of Information Assets Samir Shah CA, CISA, DISA, CIA, CISSP, CFE Director – Eduassure Knowledge Solutions

  2. 3 Network Security Controls Introduction In this section, we examine the risks and controls that are specific to networked computers. It is rare these days to find a standalone computer in any commercial environment, as networks offer tremendous advantages that far outweigh the cost of creating them. Network Characteristics The characteristics of a network are: Anonymity: removes most of the clues, such as appearance, voice, or context Automation: communication through machines with only minimal human supervision. Distance: speed of communication is so fast that humans cannot usually tell whether a remote site is near or far Opaqueness: users cannot tell whether a remote host is in the room next door or in a different country Routing diversity: routings between two endpoints are usually dynamic

  3. Threats and Vulnerabilities The threats and vulnerabilities are listed under the following heads: Information Gathering Communication Subsystem Vulnerabilities Protocol Flaws Impersonation Message Confidentiality Threats Message Integrity Threats Web Site Defacement Denial of Service

  4. Network Vulnerabilities

  5. Information Gathering A serious attacker will spend a lot of time obtaining as much information as s/he can about the target before launching an attack Port Scan Social Engineering Reconnaissance / dumpster diving Operating System and Application Fingerprinting Bulletin Boards and Chats Documentation by Vendors

  6. Communication Subsystem Vulnerabilities Eavesdropping and Wiretapping Microwave signal tapping: intercept a microwave transmission by interfering with the line of sight Satellite Signal Interception: High Cost Wireless: A strong signal can be picked up easily Optical Fiber: Not possible to tap Protocol Flaws: TCP SYN Attack

  7. Impersonation In many instances, an easy way to obtain information about a network is to impersonate another person or process Authentication foiled by guessing: Authentication foiled by eavesdropping or wiretapping Authentication Foiled by Avoidance: Fixed size buffer Nonexistent Authentication Well-Known Authentication Spoofing and Masquerading Session Hijacking Man-in-the-Middle Attack

  8. Message Confidentiality Threats An attacker can easily violate message confidentiality (and perhaps integrity) because of the public nature of networks. Eavesdropping and impersonation attacks can lead to a confidentiality or integrity failure. Here we consider several other vulnerabilities that can affect confidentiality. Misdelivery: Machine error are “random” events and are uncommon. More frequent than network flaws are human errors, caused by typing a wrong address. Exposure: message may be exposed in temporary buffers, at switches, routers, gateways, and intermediate hosts throughout the network Traffic Analysis (or Traffic Flow Analysis): messages sent from the president of a company to the president of its competitor could lead to speculation about a takeover or a conspiracy to fix prices

  9. Message Integrity Threats In most cases, the integrity or correctness of a communication is more important than its confidentiality. Some of the threats which could compromise integrity are by: • Changing some part or all of the content of a message • Replacing a message entirely, including the date, time, and sender/ receiver identification • Reusing (replaying) an old message • Combining pieces of different messages into one false message • Changing the source of a message • Redirecting a message • Destroying or deleting a message These attacks can be perpetrated in the ways already stated, including: • Active wiretap • Trojan horse • Impersonation • Compromised host or workstation

  10. Website Defacement (website) Website defacement is common not only because of its visibility but also because of the ease with which it can be done. Websites are designed so that their code is downloaded and executed in the client (browser). This enables an attacker to obtain the full hypertext document and all programs and references programs embedded in the browser. He gets the information necessary to attack the website. Most websites have quite a few common and well known vulnerabilities that an attacker can exploit.

  11. Denial of Service Denial of Service (DoS) attacks lead to loss of network availability Connection Flooding Ping of death Traffic Redirection DNS Attacks Distributed Denial of Service In distributed denial of service (DDoS) attack more than one machine is used to attack the target. These multiple machines are called zombies that act on the direction of the attacker, but they don’t belong him/her. These machines are vulnerable but can be exploited to attack another machine. The attacker takes advantage of this and uses them to attack the target simultaneously. In addition to their tremendous multiplying effect, they can also cause serious problems, because they are easily launched by using scripts

  12. Threats from Cookies, Scripts and Active or Mobile Code Some of the vulnerabilities relating to data or programs that are downloaded from the server and used by the client are: Cookies Scripts Active Code C:\Users\samir\AppData\Local\Microsoft\Windows\Temporary Internet Files

  13. Network Security Controls Architecture Cryptography/Encryption Content Integrity Strong Authentication Remote Access Security Firewalls Intrusion Detection Systems

  14. Architecture The architecture or design of a network has a significant effect on its security. Some of the major considerations are: Segmentation / Zoning Redundancy Eliminate Single Points of Failure

  15. Cryptography/Encryption Link Encryption End-to-End Encryption PKI and Certificates SSL Encryption IPSec Signed Code Encrypted E-Mail

  16. Data is encrypted just before the system places them on the physical communications link, that is, encryption occurs at the Data Link layer of the OSI model. Correspondingly, decryption occurs at the Data Link layer of the receiving host. Link Encryption

  17. End-to-End Encryption Encryption is performed at the higher layers, usually application or presentation layer. When end-to-end encryption is used, messages, even when sent through several insecure intermediate hosts, are protected.

  18. SSL & IPSEC Encryption SSL SSL interfaces between applications (such as browsers) and server. It provides server authentication, optional client authentication, and an encrypted communications channel between clients and servers. It is also known now as TLS, transport layer security. Generally all web based applications are compatible with SSL IPSec IPSec is implemented at the IP layer, so it affects all layers above it. Specific client is required for IPSEC implementation on desktops and workstations.

  19. Content Integrity Content integrity is automatically implied when cryptographic systems are used. • Error Correcting Codes • Parity Check - parity bit is set so that the sum of all data bits plus the parity bit is even • Checksum and CRCs - adding up the basic components of a message, usually the bits or bytes, and storing the resulting value • Message Digests (Cryptographic Checksums)

  20. Strong Authentication A security policy specifies who, that is, individuals, groups, subjects who can access which resource and objects One Time Passwords: Each user is issued a different device (that generates a different key sequence). The user reads the number from the device’s display and types it in as a one time password. Challenge Response Systems: Challengeand response device looks like a pocket calculator. The user first authenticates the device, usually by means of a PIN. The remote system sends a random number, called the “challenge” which the user enters into the device. The device responds to the challenge with another number, which the user then transmits to the system. Kerberos: Ticket based authentication naming a user and a service that user is allowed to obtain. It also contains a time value and some control information.

  21. Remote Access Security Remote access technologies can be defined as data networking technologies that are focused on providing the remote user with access into a network, while striving to maintain the principal tenets of confidentiality, availability, and integrity Virtual Private Networking (VPN) Dial back procedures: When a user dials into the server and identifies himself. The server hangs up and calls the user at a predetermined telephone number and then enables the user to access the resources based on password authentication. Authentication Servers: Two of the popular applications of remote authentication mechanisms depending on centralized/decentralized access authentication implementations are TACACS (Terminal Access Controller Access Control System) and RADIUS (Remote Authentication Dial in User Service).

  22. Secure VPN

  23. Intrusion Detection Systems Intrusion detection systems complement Firewall preventive controls as the next line of defence. An intrusion detection system (IDS) is a device, usually another separate computer, which monitors activity to identify malicious or suspicious events. The two general types of intrusion detection systems are signature based and heuristic. Signature-based intrusion detection systems perform simple pattern matching and report situations that match a pattern corresponding to a known attack type. Heuristic intrusion detection systems, also known as anomaly based, build a model of acceptable behaviour and flag exceptions to that model; For example, if an intrusion detection system detects a denial of service attack in progress, it can instruct certain firewalls to automatically block the source of the attack Intrusion detection devices can be network-based or host-based.

  24. Intrusion Detection System

  25. Penetration Testing Penetration testing includes a series of activities undertaken to identify and exploit security vulnerabilities. The idea is to find out how easy or difficult it might be for someone to “penetrate” an organization’s security controls or to gain unauthorized access to its information systems. A penetration test typically involves a small team of people sponsored by the organization asking for the test. The team attempts to exploit vulnerabilities in the organization’s information security by simulating an unauthorized user (or “hacker”) attacking the system by using similar tools and techniques.

  26. Penetration Testing Strategies Various strategies for penetration testing, based on the specific objectives to be achieved External vs. internal Testing From Internet / extranet from within the organization’s technology environment Blind testing: testing team is provided with only limited information concerning the organization’s information systems configuration. The penetration team uses publicly available information Double-blind testing: extends the blind testing strategy in that the IT and security staff of the organization are not informed beforehand about the planned testing activities, and are thus “blind” to them. Double-blind testing can test the security monitoring and incident identification of the organization, escalation and response procedures. Targeted testing: “lights-turned-on” approach – involves both the organization’s IT team and the penetration testing team who are aware of the testing activities and provided with information concerning the target and the network design.

  27. Types of Penetration Testing In addition to the penetration testing strategies, consideration should be given to the types of testing the testing team is to carry out Application security testing Denial of Service (DoS) testing War Dialing – modem search Wireless network penetration testing Social Engineering

More Related