1 / 80

Network Security  

This discussion board assignment requires students to reflect on the most compelling topics learned in the course, discuss how participating in discussions helped their understanding, clarify any unclear concepts, and suggest approaches for additional valuable information.

tguinn
Télécharger la présentation

Network Security  

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security   Instructor: Professor Stephen Osborne

  2. Task Type: Discussion Board 3   Deliverable Length: See assignment details    Points Possible: 50   Due Date: 9/16/2011 11:59:59 PM  CT Review and reflect on the knowledge you have gained from this course. Based on your review and reflection, write at least 3 paragraphs on the following: What were the most compelling topics learned in this course? How did participating in discussions help your understanding of the subject matter? Is anything still unclear that could be clarified? What approaches could have yielded additional valuable information? Respond to another student: Respond to 1 of your fellow classmates with a reply of at least 100 words about his or her primary task response regarding items you found to be compelling and enlightening.

  3. Phase 5 Discussion Board 3 Resolution Think about and then answer the below three questions. What were the most compelling topics learned in this course? How did participating in discussions help your understanding of the subject matter? Is anything still unclear that could be clarified? What approaches could have yielded additional valuable information? Please respond to at least one others classmates’ post.

  4. Task Type: Individual Project 2   Deliverable Length: 3–5 pages    Points Possible: 100   Due Date: 9/17/2011 11:59:59 PM  CT In the context of e-mail communications security, prepare a 3–5 page white paper that describes the difference between Pretty Good Privacy (PGP) and Secure/MIME (S/MIME) Be sure to reference all sources using APA style. Please submit your assignment.

  5. Individual Project 2 Resolution Gather information from the CTU Library or the Internet on Pretty Good Privacy and Secure/MIME (S/MIME). Once you have collected all of your research, provide an overview of each.

  6. Are online backup services safe for our company data? • This is an open-ended question. A better question is whether online backup services can be safe for company data, and the answer is “yes.” There are several questions you should ask before using an online backup service. • Where is the data actually stored? Is it secure and safe from natural disasters or other more ordinary threats like temperature and humidity? Is the media high quality? Are redundancies in place?

  7. Under what conditions can data be recovered? Are you allowed to inspect the physical premises? Are backup power systems in place? As the value of your data increases, the depth of your questions will also increase. • Online backup services might not be appropriate for your primary backups, but they may serve well for a level of redundancy.

  8. How can I establish redundancy for my hosted Internet website? • Many businesses are highly dependent on their Internet presence as a primary part of business. From sales to actual business processes and communications, the web servers and the functions they support are extremely important. • Many of these same businesses have all the Internet operations located on a single hosted computer at another provider’s location.

  9. Although reputable hosting sites have reasonably good availability, it may not always be good enough if problems occur. Most hosts provide service-level guarantees and, for a price, many will offer redundancy for your host site. • The next best level of redundancy is another hosted system through another provider. If the primary host has long-term difficulties, one can switch to a secondary host on relatively short notice. As a final measure of protection, make sure to have a system capable of running the basic operations internally, if necessary.

  10. If I encrypt the data on my systems, how can I make sure someone will be able to decrypt it should a disaster occur? • Encryption is the process of combining one or more keys with data to make it unreadable without the key used for encryption. If only one person knows the key and that person leaves the company or is not available for some other reason, a company could be in a bad situation and unable to access important information. • Failure to consider this kind of circumstance could be catastrophic. To avoid losing vital data, encryption should also be accompanied by a method to recover the data. Key individuals in the company could be given the decryption key, but this is not always adequate protection.

  11. An additional method is to create decryption tools that can recover the important data in the event of an emergency. Treat the encrypted data as one would treat important documents kept in a safe. • How many people should have the combination, and would someone also store the combination in other safe places to provide some redundancy?

  12. Is the backup software that came with my operating system (OS) good enough for company backups? • The answer to this question lies in an understanding of what makes an excellent backup program. Basic backup features aside, the most critical part of a backup are ensuring the data are recoverable. • If a backup program merely writes the data to the backup media, then there is no assurance the data can be recovered, if necessary.

  13. High quality backup programs are able to perform some checks on the data while the backup is being made to ensure it is recoverable. • The backup software that comes with the operating systems can do this kind of check, but as the sophistication of the software increases, so does the ability to verify integrity of the backups. The amount an organization wants to invest in backup software is related to the value of those backups.

  14. How often should I perform backups? • The simple answer is another question. How much data can you afford to lose? Keeping in mind that backups slow down system operation and also consume disk space, a system administrator needs to look at how much time would be spent recreating the lost data if something happens to the data. • Some data cannot be recreated easily at all, so some form of ongoing redundancy should be considered.

  15. Other data, while not easy to recreate, are also not highly valuable, so a system administrator could afford to lose more. If business operations would be significantly interrupted by loss of data, then nightly backups should be performed. • With less valuable data, data that do not change often, or data that are easily recreated, weekly or even monthly backups are sufficient.

  16. How can I test my backups if there is not sufficient disk space to restore the data to a secondary location? • The best way to test a backup is to actually restore and test the resultant information. This is seldom possible though because disk space to hold the restored data is not always available. One alternative is to stream test the information. To stream test, individual files are restored and tested. • During this process, the backup media can also be verified for integrity. The problem with this approach is many of the applications and associated data cannot be tested in isolation, but at least the integrity of the files can be checked.

  17. Do backups go bad after time? • This was a larger problem in the past when backups were made to more sensitive media like floppy disks and tape drives. Backups are now often made to secondary hard drives and CD or DVD media, which is generally more durable and less prone to problems. • These media are not without their problems though, and while time may not be the biggest contributor to problems, environmental exposure combined with time can be. The answer to the question is that backup media does go bad, but it does not happen very often if the media are kept under appropriate conditions.

  18. How much can I justify spending on disaster recovery plans? • A system administrator can begin to address this question by determining how much a disaster would cost the business. After these values are established, the administrator can attempt to assign some probabilities to the types of problems the business might encounter. • Although a flood might present an almost catastrophic situation to the business, if the business is in an area where this is extremely unlikely, then preparation for a flood would not make a lot of sense.

  19. Preparation for an earthquake in San Francisco might not be a bad idea though. How much do you spend in preparation for disaster? When one combines the cost of an event with the risk, one will have a sense of the threat to the business. • Treat these disaster recovery plans somewhat as an individual would treat insurance. As a system administrator, one might want to discuss this topic with the person responsible for insurance coverage in the company.

  20. More on Disaster Recovery • Disaster recovery is critical for today's organization because weather-related or man-made disasters can occur at any time. Examples of disasters are extensive, from weather-related disasters like hurricanes and tornadoes to man-made disasters such as riots. • Unfortunately, these events happen, but businesses must have operations back up and running as soon as possible.

  21. Disasters like the tsunami that struck Southeast Asia in December 2004 or Hurricane Katrina that hit the Gulf Coast region of the United States in August 2005 provide real-life examples that disasters can happen in any form and at any time. Businesses must have systems in place to protect themselves.

  22. Network outages can create the same damage to a business as a natural disaster. Although a network outage pales in comparison to a natural disaster, the effect on a business can be the same. The business is shut down. Money and time are lost. If steps are not taken quickly, the business may not recover.

  23. Defining Disaster Recovery • Disaster recovery planning, sometimes called business continuity planning, is defined by the Disaster Recovery Journal (DRJ) editorial review board as "The ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization's critical functions" (Disaster Recovery Journal, n.d.). • The definition encompasses the activities that restore health to the system stricken by disaster. It is critical to understand that disaster recovery planning refers to a set of activities and processes to restore the health of a business to an acceptable state.

  24. Disaster Recovery Teams • Teamwork is an important component in disaster recovery planning. If a disaster occurs, many individuals are coordinated to restore business functions. When natural disasters occur, teams of personnel will be disbursed to provide help to people affected in the natural disaster's stricken areas. • This is no different in business disaster recovery; each person on the disaster recovery team has a role to play. It is his or her job to coordinate an area of responsibility to bring the business network back up and operating.

  25. Disaster recovery teams develop long before a disaster occurs. Teams are created from different departments across the organization. They have members with a mix of technical and business skills who work together to identify critical resources and to prioritize critical operations for the organization.

  26. Disaster Recovery Steps There are a number of steps involved in developing a disaster recovery plan. These steps include the following (Erbschloe, 2003): • Organization of the team • Assessing the potential risks • Establishing roles and responsibilities • Development of policies • Documentation • Preparation • Training and testing • Maintenance

  27. These steps illustrate that disaster recovery planning is more than a plan; it is a company-wide philosophy that enables the company to pull together all the pieces and use its resources to get the business back up and running.

  28. Disaster Recovery Management • Disaster Recovery Management Teams (DRMTs) are not necessarily included in disaster recovery plans, but they are necessary. DRMT are the managers and executives who are responsible for overseeing a disaster recovery plan and making sure the rules that were developed are followed. • The leadership of the organization has to be sure that these knowledgeable workers get the resources they need, give the necessary support, and make sure the plan is being carried out as effectively as possible.

  29. Introduction to Cyber Crimes and Networks • Cyber crime is a term that many people are now familiar with; however, it is a term that was not a part of the common vernacular until recent years. As computers and computer networks, including the Internet, have increased in popularity, so have the opportunities to use these tools as systems to commit policy violations as well as civil and criminal activities. • When considering cyber crime, one must remember there are many types of crimes commonly committed using computer systems.

  30. To understand cyber crimes in relation to computer network penetration, one must first understand the concept of computer networks. At its most basic level, a computer network is two or more computers connected together to allow communications between two users. • When considering computer network penetration, it is important to consider the types of attacks that can occur and where these attacks may originate. It is common for security professionals to focus on the possibility of external attacks and not put sufficient focus on the potential for internal attacks.

  31. Computer users connected to a network must realize that in today’s society there is always a possibility of interception of any information on a networked computer or one shared over an Internet connection. • Standard security recommends that users look for “the lock” that indicates the security of a Web site or HTTPS in the Web address, again to indicate security. These are good indications of the security of the Web site; however, this does not indicate the security of the user’s Internet connection.

  32. Challenges of Information Security • Attackers are always interested in gaining something from the organization or person attacked. It may be the notoriety of having performed the attack, the data gained during the attack, or any of the other results when a network attack occurs.

  33. There are six significant challenges outlined, which include the following (Egan & Mather, 2005): • E-commerce is where the attack could occur to the organization selling the product or service or to the purchaser where the attacker is attempting only to gain the individual’s purchase information. • The information security requirements of the organization must be maintained. Organizations must maintain the security of their data. In today’s marketplace, the importance of an organization's customer database, employee records, product plans, and other data are the backbone of the organization; the loss of this information could cause lawsuits and other situations that can lead to the organization’s failure. • The immature information security market is a problem that many do not readily recognize; however, many areas of information security still do not meet the needs of consumers or organizations.

  34. Organizations may also lack experienced information security personnel. • With the increase in government legislation and industry regulations, organizations must not only ensure compliance with company policies but also all of the government and other regulations. • The final challenge for organizations to face is the increasing mobile workforce and wireless computing. The mobile workforce has increased physical security risks related to the mobility of the data through mobile devices such as laptops and smart phones. In addition, to be considered are the information risks related to employees using unsecured networks at airports or other public locations or attackers using the convenience of public access to observe users and gain access to information that would have been unavailable if the employee was within the organization’s business environment.

  35. Internal Crackers • In today's corporate world internal crackers are serious threats possibly even more so than external crackers since internal crackers already have access to the network. But all hope is not lost there are lots that can be done to combat internal hacking.

  36. Firstly, one should set clearly defined policies for what is and is not acceptable use of the corporate network. The policies should define what acceptable use of network resources is and what resources one is allowed to access and the ones they are not allowed to access depending on there role within the company. • A part of this policy should also be controls to police the network security personal, administrators, and anyone else with access to sensitive information.

  37. Some such controls could be background checks, making sure old user accounts are disabled, make sure to check for backdoors, and educating employees about the security policies. • Another good practice is to make sure security responsibilities are distributed amount many people. This way no one person has access to everything so no one person can be comprised or paid-off to take down the entire network security.

  38. The policy should also clearly define the consequences of violating the policy. And the most important part is the policy should be enforced because if the policy is not enforced it is completely useless and you might as well not have one.

  39. Secondly, file and folder security should be implemented such as NTFS permissions embedded in the newer versions of windows. It allows the admin to set up access control lists (ACL) to control what each user as access to and how much access they have. • For example it can be set up the ACL to allow John Smith the read and open files in the Corporate Manuals folder but not delete or change them.

  40. File and folder security is important because it would be ideal for every employee to follow the security policy but in reality that is not always the case and that is were file and folder security comes in. • Although not all internal hacking attempts are from malicious means some are just out of curiosity or just a plain accident but if the file and folder security is configured properly it should stop most internal hacking attempts. • This idea ties into the concept of "Least Privilege" which is the idea that employees should only get permissions and access to what they need to complete the role of their jobs.

  41. Finally, an audit policy should be implemented to monitor high risk resources or the resources that have the highest impact on the companies operations. The audit policy will help to determine possible hacking attempts and the areas that require better security. • An audit policy will also keep a record of activity that would allow activity to be tracked and provide evidence in the event of prosecution become necessary. • Internal crackers can be a serious threat but there is a lot that can be done to combat them. But like all things in life there is no answer all solution that will prevent internal hacking 100%, but listed above are many ways in which we can reduce and mitigate the risk of internal crackers.

  42. Access Control Lists (ACLs) • Access Control List (ACL) are filters that enable you to control which routing updates or packets are permitted or denied in or out of a network. They are specifically used by network administrators to filter traffic and to provide extra security for their networks. This can be applied on routers (Cisco). • ACLs provide a powerful way to control traffic into and out of your network; this control can be as simple as permitting or denying network hosts or addresses.  You can configure ACLs for all routed network protocols. • The most important reason to configure ACLs is to provide security for your network. However, ACLs can also be configured to control network traffic based on the TCP port being used.

  43.  How ACLs work • A router acts as a packet filter when it forwards or denies packets according to filtering rules. As a Layer 3 device, a packet-filtering router uses rules to determine whether to permit or deny traffic based on source and destination IP addresses, source port and destination port, and the protocol of the packet. These rules are defined using access control lists or ACLs. •  To simplify how ACL or a router uses packet filtering work, imagine  a guard stationed at a locked door. The guard's instruction is to allow only people whose names appear on a quest list to pass through the door. The guard is filtering people based on the condition of having their names on the authorized list.

  44. When a packet arrives at the router, the router extracts certain information from the packet header and makes decisions according to the filter rules as to whether the packet can pass through or be dropped. Packet filtering process works at the Network layer of the Open Systems Interconnection (OSI) model, or the Internet layer of TCP/IP.

  45. Why use ACLs • Limits network traffic to increase network performance. • ACLs provides traffic flow control by restricting the delivery of routing updates. • It can be used as additional security. • Controls which type of traffic are forwarded or blocked by the router. • Ability to control which areas a client access.

  46. Types of Access Control Lists Standard access-list • Standard access lists create filters based on source addresses and are used for server based filtering. Address based access lists distinguish routes on a network you want to control by using network address number (IP). • Address-based access lists consist of a list of addresses or address ranges and a statement as to whether access to or from that address is permitted or denied.

  47. Extendedaccess lists • Extendedaccess lists create filters based on source addresses, destination addresses, protocol, port number and other features and are used for packet based filtering for packets that traverse the network.

  48. Role-Based Access Control (RBAC) • RBAC appears to be a promising method for controlling what information computer users can utilize, the programs that they can run, and the modifications that they can make. Only a few off-the-shelf systems that implement RBAC are commercially available; however, organizations may want to start investigating RBAC for future application in their multi-user systems. • RBAC is appropriate for consideration in systems that process unclassified but sensitive information, as well as those that process classified information.

  49. What is Role-Based Access Control? • Access is the ability to do something with a computer resource (e.g., use, change, or view). Access control is the means by which the ability is explicitly enabled or restricted in some way (usually through physical and system-based controls). • Computer- based access controls can prescribe not only who or what process may have access to a specific system resource, but also the type of access that is permitted. These controls may be implemented in the computer system or in external devices.

  50. With role-based access control, access decisions are based on the roles that individual users have as part of an organization. Users take on assigned roles (such as doctor, nurse, teller, manager). • The process of defining roles should be based on a thorough analysis of how an organization operates and should include input from a wide spectrum of users in an organization.

More Related