Unit 7 Organisational Systems Security Mr Karaoglan
Learning Outcomes • Understand the impact of potential threats to IT systems • Know how organisations can keep systems and data secure • Understand the organisational issues affecting the security of IT systems Watch Out! This units covers ‘hacking technologies’. Carrying out some of the techniques explored in this unit on a network without the direct permission of the network manager is a criminal offence.
2. Know how organisations can keep systems and data secure Preventing a security incursion, like the attacks themselves, is a constantly evolving process. The security measures described in this section are a sample of those in use and are an introduction to what you may have to manage in the IT industry.
2.1 Physical Security • Lock and Key security – When essential systems are held in rooms and buildings which are secured under lock and lock. Laptops have a padlock slot. Building operate on a master/sub-master system. • Visitor passes – this system offers immediate authority for those who should be there to challenge unknown peoples right to be there. • Sign in/out systems – Instead of using lock/key you use swipe cards and dongles as keys. • Biometrics – The implementation of technology to use biological information about ourselves as a method of unique identification. It comes from the ancient Greek bios, meaning life and metron, meaning measure. (Fingerprint recognition, retinal scan and voice recognition) • Retinal scans – Everyone has a biological unique configuration. It remains the same from birth and acts as a reliable method. Glasses and contact lenses have to be removed. • Fingerprint recognition – Has been used for nearly 100 years. No two prints are the same. Our fingers secret a fine watery solution from the ridges, which allows detection and fingerprint scanners to operate. Used in USA. • Iris scanning – Same as retina scan but scan can be accomplished wearing glasses or contact lenses. Used at international airlines. • Voice recognition – Has a lot of limitations. Eg. Voices changes when we are stressed, ill or tired. I phone brought out SIRI. • Other biometric technology – Facial recognition systems in placed so CCTV can scan groups of people. • Cable shielding – signals travelling via a copper data cable can be accessed by others. Only Fibre-optic, you can not but this is expensive. Wireless technology is not safe but with the introduction of Wireless Encryption Protocol (WEP) does not allow anyone to join the network
Case study: Biometric • A well known resort and theme park uses biometric fingerprints scanners to prevent fraudulent sharing of multi-day passes among visiting families. • What is the cost implication of using such a system? • What are the benefits to the resort? • What are the potential legal implications?
Activity: Biometric • What biometric systems have you encountered? • How do you think biometric systems will evolve?
Activity: Stop and think • What physical security techniques should be employed to protect a computer system? • Biometric has many advantages. What are the weaknesses? • What software security techniques improve network security?
2.2 Software and network security • Encryption – A method of converting normal information such as text, images and media into a format which is unintelligible unless you are in possession of the key that is the basis of the conversion. Public/private keys: keys that are mathematically related. The public key can be widely distributed and is used to encrypt data. The private key can decrypt the data and I kept secret. It is not technically practical to derive the private key from the public key. • Handshaking – A process where two communication devices continuously agree a method of data communication. • Encryption • Call Back – Used on dial up systems where network administrators can dial into a network and the network device will call them back. Carries a username and password ensure channel is secure. It uses CHAP – Challenge handshake authentication protocol. • Diskless networks – It does not have a CD/DVD drive, USB ports or floppy disk drive. It stops users adding new devices so data is not being stolen stop data being easily transferred from a computer to a mobile storage device. A new technology being introduced is cloud computing. • Use of backups – • Incremental Backups: Involves storing only changed data since the last backup of any type. • Differential Backups: Involves storing only changed data since the last full backup. • Redundancy: A term in computing meaning duplication of information. • RIAD: Stands for redundant array of independent disks. It is used as a live backup mechanism wit multiple hard disks maintaining multiple images of the data. • Mirroring: A backup server that ‘mirrors’ the processes and actions of the primary server fails. If the primary server fails, the backup server can take over without any downtime because it has mirrored the content of the primary server. • Audit logs – are used to keep a record of network and database activity, recording who has done what, where they did it and when. • Firewall configurations – Purpose is to block unwanted traffic from entering the network, configuration must be done with care. Two or more firewalls must be installed if traffic has to reach a server such as email for zones of security. Many systems will not allow internal traffic to exit the systems unless it has been authenticated using internal directory systems. • Virus checking software – This often runs in the background of any system. It will scan each file as it is being opened for any fingerprints which match the virus definitions. It will also attempt to identify any suspicious activity from a program. • Definition: In the context of an anti-virus application, this is a rule explaining which applications are not trusted. • Heuristic: in computer science this is a method of arriving at a good solution that works, rather than a perfect solution.
Cont. • Use of Virtual Private Networks (VPNs) – Allows organisations to communicate from site to site across a public system like the internet, which is an agreed route for all encrypted traffic. VPNs create a trusted connection on a system which is not trusted. The purpose of a VPN is to prevent snooping (packet sniffing) and fraudulent activity. • Packet sniffing: looking for data on the network, by listening to network traffic on your connection. • Intrusion detection systems – Go beyond a firewall and monitor traffic from hackers and the tools they use. • Access-control List (ACL's): May be applied to routers and serves. Can be used to create traffic-based permit, for whole networks, individual devices. • Routing protocols: Enable routers to make decisions about which way and to whom network traffic can be sent. • Passwords – Many systems will log failed attempts when users fail forget their passwords, with their username being locked out after three failed attempts. • Strong passwords: uses letters (upper and Lower Case), numbers and symbols eg. Jac()b_$m1th instead of jacobsmith • Levels of access to data – Depending on which group you belong to your level for accessing data will be different. Eg. Pupil – Teacher – Network administrator. • Software updating – keeps the system safe from possible faults and vulnerabilities. For many, the update is automatic. • Disaster recovery – Ensuring you recover from any system loss. Having a disaster recovery policy and ensuring you can recover at least the data, may save the day. • Backup systems: Having mirror image of the data enables systems upon failure to switch to the alternative system. • Whole system replacement: This should be avoided at all times. If this happens you have either not planned very well or have experienced a disaster of unforeseen proportions. Many organisation have a contract with another provider (dark site) who, on system failure will hire their remote services as a duplicate of your system. • Tiers of recovery • Tier 0 – No off site data. Possibly no recovery. One power cut and all data is unsafe. • Tier 1 – Data backup with a no dark site. Backups are taken but no replacement location if system fails. • Tier 2 – Data backup with a dark site. Copies of data are taken and there is a centre available to transfer data. • Tier 3 – Electronic vaulting. Mirrored copies of the system state are continuously maintained. • Tier 4 - Point-In-Time copies. Remote copies of the data are the same as local data. • Tier 5 – Transaction integrity. The system ensures both copies are in tune with each other. • Tier 6 – Zero data loss. For fast systems, where a sudden fault, could result in some minor transactional data loss. • Tier 7 – Highly automated, business integrated solution. The system will do all the thinking for you.
Activity: Cloud bursting • Do some research on cloud computing and how it is being used, as well as popular machine technologies available to enable this to happen.
Activity: Security check • Check what security is on your home/school computer and assess the threats.
Assessment Activity 7.2 • Create a poster, which will be the thrust of your message, it must include: • What physical security measures can help keep systems secure [P2] • How software and network security can keep systems and data secure [P3-M2-D1] • Tips • Keep it visual, and keep the explanations, discussion and descriptions short and the point (P2-P3) • You need to explain the operations of an encryption technique and how this is used (M2) • Discuss different ways of recovering from a disaster using a poster/diagram showing clearly how this could be accomplished. As the verb ‘discuss’ is used, you can include short paragraphs as callouts (D1)
Unit Content P2 • Physical security: locks; visitors pass; sign in/out systems; biometrics eg retina scans, fingerprints, voice recognition; others eg guards, cable shielding You need to include suggestions for other methods that could be deployed. P3 & M2 • Software and network security: encryption techniques eg public and private key; call back; handshaking; diskless networks; use of backups; audit logs; firewall configuration; virus checking software; use of virtual private networks (VPN); intruder detection systems; passwords; levels of access to data; software updating Link to school D1 • Disaster recovery eg Backup systems, Whole system replacement, 7 Tiers of recovery Link to school
P3 & M2Software and network security: • Encryption techniques(eg public and private key) • Call back • Handshaking • Diskless networks • Use of backups (incremental backups & Differential Backups & Redundancy & RAID) • Audit logs • Firewall configuration • Virus checking software • Use of virtual private networks (VPN) (Packet sniffing) • Intruder detection systems (Access-control lists & Routing protocols) • Passwords (Also what makes a strong password) • levels of access to data (Read, Write and Execute privilege) • Software updating EXPLAIN WHAT THESE ARE AND HOW ARE THEY USED IN SCHOOL
D1Disaster recovery • Backup systems • Whole system replacement • 7 Tiers of recovery Link to school