Network Security 12 -1 Physical Protection of

Network Security 12 -1

Physical Protection of Assets and Security u PPA is done using the following means: • Locks • Barriers • Guards u Security • • is provided for the following: Computer processing Large databases Communication networks Preventing a hacker from breaking into your computer 2

3 -things to know in security u Why networks need security? u How to provide security! u Types of security threats u Network (NW)-Controls Primary goal of the NW-Security u To protect the data and application-SW 3

Introduction For many people, security means u preventing unauthorized access, such as u preventing a hacker from breaking into your computer. Security is more than that, it also includes being able to recover u from temporary service problems, or u from natural disasters. 4

Security Threats to -----! u Software(SW) u Hardware(HW) u Files and database u Data communication circuits Threats are from different sources: u External and internal hacking u External—disaster, vandalism, fraud, theft u Personal errors, dishonesty, incompetence 5

Introduction 6

Why Networks Need Security In recent years, organizations have become increasingly dependent on the data communication networks for their daily business communications, database retrieval, distributed data processing, and the internetworking of LANs. The losses associated with security failures can be huge. More important than direct theft losses are the potential losses from the disruption of applications systems that run on computer networks. 7

2 -Types of Security Threats u Category-1: 3 -Ds --due to fire, flood, power-loss, circuit failure & virus- • Disruption • Destruction • Disaster u Category-2: Unauthorized access • Refers to intruders • External hackers • Internal hackers 8

What an intruder will achieve! u Gain • • knowledge and Change files To Commit fraud, threat To destroy information To injure the organization To sadistic thrill for his misadventure 9

Types of Security Threats Category-1: 3 -Ds! Disruptions (means what!) • are the loss or reduction in NW-service. • Could be minor, temporary and due to • Switch-failure or circuit-cut u Destructions (of data): • are caused by and/or result in the disruption • could be due to virus or else • Could be due to crash of hard-disk u Disasters (of network): u destroy host computers, sections of the NW u Could be manmade or natural 10

Natural and Man-made disasters Principal causes which are responsible for the Category-1: 3 -D Threats: u Fires u Floods u Earthquakes u Mudslides u Storms u Tornadoes u Terrorist attacks u --All these can destroy buildings and networks--11

What the 3 -Ds do! u Give rise to interruptions in the NW-Service u Cause loss of data due to NW-failure FTS = Fault Tolerant Server u Contains many redundant components u (which) help prevent the NW-failure Disk-Duplexing • Is a disk-mirroring concept • Provides backup against NW-failure • (so that) even if the disk-controller fails, the server continues to operate 12

What are the 3 -S! u Smaller u Smarter u Simpler, Sophisticated The NW-HW/SW being produced now always keep these 3 -things in mind when developing their products. 13

Types of Security Threats Category-2: UA u Category-2: u Unauthorized Access is often viewed as hackers gaining access to organizational data files and resources. • External intruders • Internal intruders • Eavesdropping ---(I. e, listening secretly to a private conversation--Keep in mind, however, that most unauthorized access incidents involve employees. 14

Network Controls Developing a secure network means developing controls---i. e, mechanisms that reduce or eliminate both Cat-1 and Cat-2 threats to network security. There are 3 -types of controls: • Preventative controls---restrain, stop a person from acting or hinder an event from occurring. • Detective controls---reveal or discover any kind of unwanted events. • Corrective controls---rectify an unwanted event or a trespass. u PDC-controls should be periodically verified & tested 15

Network Controls u 6 - areas need NW-Controls in a network Data Communication • • • Client computers Host/server computers (mini/mainframe/LANs) Communication circuits NW-devices and components NW-Software Application-Software 16

Network Controls u It is important to remember that it is not enough to just establish a series of controls; someone or some department must be accountable for the control and security of the network. u PDC-Controls must be reviewed periodically to be sure that they are still useful, and should be: • Verified - ensuring that the control is still present • Tested - determining whether the control is working as originally specified. (PDC = Preventive, Detective and Corrective) 17

RISK ASSESSMENT 12 -18

Risk Assessment u One key step in developing a secure-NW is to conduct a risk assessment: • This assigns a level of risk to various threats to the network security by comparing the nature of the threats to the controls designed to reduce them. u Threat could mean: • Theft of data • Destruction of data • Damage to NW-HW, NW-SW and NW-Circuits 19

7 Most Common Threats to NW u Virus------------87% u Device failure------52% u Internal hacker------51% u Equipment theft-----48% u External hacker-----30% u Natural disaster-----28% u Industrial espionage----10% 20

About Computer Viruses u Cause destruction of data u Cause unwanted events/nuisances u Attach themselves to some programs u (and as a result) the viruses spread How to prevent the spread of Viruses u Don’t share diskettes (37% due to sharing) u Don’t copy files or disks of unknown origin u Be careful about downloading files from the Web u Install ant-virus SW in your computer 21

Developing a Control Spreadsheet To be sure that the data communications network and microcomputer workstations have the necessary controls and that these controls offer adequate protection, it is best to build a control spreadsheet. 22

Developing a Control Spreadsheet Threats Components Disruption, Destruction, Disaster Power Circuit Fire Flood Loss Failure Virus Unauthorized Access External Intruder Eavesdrop Host Computers Client Computers Communication Circuits Network Devices Network Software People 23

Threats A threat to the data communications network is any potential adverse occurrence that can do harm, interrupt the systems using the network, or cause a momentary loss to the organizations. Once threats are identified they must be ranked on their importance. 24

Threats 25

Network Components The next step is to identify the network components. A network component is one of the individual pieces that compose the data communications network. They include: • • • Servers Client computers Communications circuits Network devices Network software Application software 26

Identify and Document the Controls Once the specific network threats and controls have been identified, you can begin working on the network controls. Begin by considering the network component and the specific threat, and then describe each control that prevents, detects or corrects that threat. 27

Identify and Document the Controls 1, 2 1. 2. 3. 4. 5. 6. 1, 3 4 1, 5, 6 Disaster recovery plan Halon fire system/sprinklers Host computer room on 5 th floor UPS on servers Contract guarantees from IXCs Extra backbone fiber laid between servers 7, 8 9, 10, 11, 12 9, 10 7. Virus checking software present 8. Extensive user training on viruses 9. Strong password software 10. Extensive user training on security 11. Call-back modem system 12. Application Layer firewall 28

Evaluate the Network’s Security The last step in designing a control spreadsheet is to evaluate the adequacy of the existing controls, and the resulting degree of risk associated with each threat. The assessment can be done by the network manager, but it is better done by a team of experts chosen for their in-depth knowledge about the network and environment being reviewed. 29

CONTROLLING DISRUPTION, DESTRUCTION, AND DISASTER 12 -30

Preventing Disruption, Destruction and Disaster The key principle in preventing disruption, destruction and disaster - or at least reducing their impact - is redundancy. • • Disk mirroring Disk duplexing Fault-tolerant servers Uninterruptible power supplies (UPS) Redundancy can be built into other network components as well. 31

Preventing Disruption, Destruction and Disasters are different, the best solution is to have a complete redundant network that duplicates every network component, but in a different location. Generally speaking, preventing disasters is difficult. The most fundamental principle is to decentralize the network resources. Other steps depend on the type of disaster to be prevented. 32

Preventing Disruption, Destruction and Disaster In some cases, the disruption is intentional (i. e. theft). Another special case is the denial-of-service attack, in which the hacker attempts to disrupt the network by sending messages to the network that prevent other’s messages from being processed. 33

Preventing Disruption, Destruction and Disaster Special attention also must be paid to preventing computer viruses - software designed to produce unwanted events. Most viruses attach themselves to other programs to special parts on disks. How to prevent the spread of viruses u Do not to copy files or disks of unknown origin. u Use/Install anti-virus software packages that are available to check disks and files to ensure that they are virus-free. 34

NW-Monitoring Software and other means for Detecting 3 -Ds u NWM-software alerts network managers to problems so that they can be corrected. u Some intelligent NW-servers can be programmed to send an alarm to pager, if necessary! u On going monitoring for damaged cables which could result from hungry squirrels and rats eating the cables 35

Other means for Detecting 3 -Ds! Detecting minor disruptions can be more difficult. The network should routinely log fault information to enable network managers to recognize minor service problems. In addition, there should be a clear procedure by which network users can report problems. 36

Correcting Disruption, Destruction and Disaster A critical control is the disaster recovery plan, which should address various levels of response to a number of possible disasters and should provide for partial or complete recovery of all data, application software, network components, and physical facilities. The most important element of the disaster recovery plan are backup and recovery controls that enable the organization to recover its data and restart its application software should some portion of the network fail. 37

Elements of a Disaster Recovery Plan u Names of responsible individuals u Staff assignments and responsibilities u List of priorities of “fix-firsts” u Location of alternative facilities. u Recovery procedures for data communications facilities, servers and application systems. u Actions to be taken under various contingencies. u Manual processes u Updating and Testing procedures u Safe storage of data, software and the disaster recovery plan itself. 38

Correcting Disruption, Destruction and Disaster Backups ensure that important data is safe. However it does not guarantee the data can be used. Most large organizations have a two-level disaster recovery plan. LVL 1: When they build networks they build enough capacity and have enough spare equipment to recover from a minor disaster, such as loss of a major server or portion of the network. 39

Correcting Disruption, Destruction and Disaster LVL 2: most large organizations rely on professional disaster recovery firms to provide second level support for major disasters. Disaster recovery firms provide a full range of services from secure storage for backups, to a complete networked data center that clients can use when they experience a disaster. 40

CONTROLLING UNAUTHORIZED ACCESS 12 -41

Controlling Unauthorized Access Four types of intruders attempt to gain unauthorized access to computer networks. 1. Casual computer users who only have limited knowledge of computer security. 2. Experts in security, but whose motivation is the thrill of the hunt. 3. Professional hackers who break into corporate or government computer for specific purposes. 4. Organization employees who have legitimate access to the network but who gain access to information they are not authorized to use. 42

Preventing Unauthorized Access The key principle in preventing unauthorized access is to be proactive. This means routinely testing your security systems before an intruder does. Approaches to preventing unauthorized access: • • • Developing a security policy Developing user profiles Plugging known security holes Securing network access points Preventing eavesdropping Using encryption A combination of all techniques is best to ensure strong security. 43

Developing a Security Policy The security policy should clearly define the important network components to be safeguarded and the important controls needed to do that. The most common way for a hacker to break into a system, is through some social engineering (breaking security simply by asking). 44

Elements of a Security Policy u Name of responsible individuals u Incident reporting system and response team u Risk assessment with priorities u Controls on access points to prevent or deter unauthorized external access. u Controls within the network to ensure internal users cannot exceed their authorized access. u An acceptable use policy u User training plan on security u Testing and updating plans. 45

Developing User Profiles The basis of network access is the user profile for each user’s account that is assigned by the network manager. More and more systems are requiring users to enter a password in conjunction with something they have, such as a smart card. In high-security applications, a user may be required to present something they are, such as a finger, hand or the retina of their eye for scanning by the system (biometric scanning). 46

Developing User Profiles User profiles can limit the allowable log-in days, time of day, physical locations, and the allowable number of incorrect log-in attempts. Creating accounts and profiles is simple, as they are created when new personnel arrive. One security problem is the removal of user accounts when someone leaves an organization. 47

Developing User Profiles It is important to screen and classify both users and data (need to know). The effect of any security software packages that restrict or control access to files, records, or data items should be reviewed. Adequate user training on network security should be provided through self-teaching manuals, newsletters, policy statements, and short courses. 48

Plugging Known Security Holes Many commonly used operating systems have major security problems well known to potential users (security holes), many of which are highly technical. Some security holes are not really holes, but simply policies adopted by computer vendors that open the door for security problems, such as computer systems that come with a variety of preinstalled user accounts. 49

Plugging Known Security Holes The U. S. Government requires certain levels of security in the operating systems and network operating systems it uses for certain applications. 50

Securing Network Access Points There are three major ways of gaining access: • Using a terminal or computer located in the organization’s offices • Dialing into the network via modem • Accessing the network from another network to which it is connected (e. g. Internet) The physical security of the building or buildings that house any of the hardware, software or communications circuits must be evaluated. 51

Securing Network Access Points The network components themselves also have a level of physical security. Any organization that permits staff members to access its networks via dial-in modems opens itself to a broader range of intruders. One strategy is to routinely change modem numbers, another is to use a call-back modem. One-time passwords is another strategy for traveling employees for who call-back modems and automatic number identifications are inappropriate. 52

Securing Network Access Points With the increasing use of the Internet, and information superhighway, it becomes important to prevent unauthorized access to your network from intruders on other networks. For this, we have to use a Firewall! What is a firewall? 53

What is a Firewall! u. A firewall is a router, gateway, or special purpose computer that examines packets flowing into and out of a network and restricts access to the organization’s network. u FW is designed so that it is placed on every NWconnection between the organization and the Internet and u No access is permitted except thru the firewall u 2 -Types of firewall: • PLF = packet level firewall • ALF = application level firewall 54

Securing Network Access Points A packet-level firewall examines the source and destination address of every network packet that passes through it and only allows packets that have acceptable source and destination addresses to pass. Some packet-level firewalls are vulnerable to IP-level spoofing, accomplished by changing the source address on incoming packets from their real address to an address inside the organization’s network. Many firewalls have had their security strengthened since the first documented case of IP spoofing in December 1994. 55

Securing Network Access Points An application-level firewall acts as an intermediate host computer or gateway between the Internet and the rest of the organization’s network. In many cases, special programming code must be written to permit the use of application software unique to the organization. A proxy server is a new type of application-level firewall that addresses some of the compatibility problems with traditional application-level firewalls. 56

Securing Network Access Points The proxy server uses an address table to translate network addresses inside the organizations into fake addresses for use on the Internet (network address translation or address mapping). This way systems outside the organization never see the actual internal IP addresses. Proxy servers work very well and are becoming the application-level firewall of choice. Many organizations use a combination of packetlevel and application-level firewalls. 57

58

What is a Smartcard! u It is a card about the size of a credit card that contains a small processing chip and also a memory chip that can be read by a smart-device To gain access to a NW: u The user must present both smart card and also password u The intruder must have access to both before they can breakin 59

Example of a Smartcard! u ATM-NW = automated teller machine NW is a best, practical, example of a smart card u Before you can gain access to your account you must have both: • ATM-card • Access number 60

Eavesdropping on Network! u It is way to gain unauthorized access on network traffic (where) u the intruder inserts a listening device or computer into the organization’s network to record messages. Two areas vulnerable to this type of unauthorized access: • Network cabling • Network devices 61

Preventing Eavesdropping Network cables are the easiest target because they often run long distances and usually are not regularly checked for tampering. Certain types of cable can impair or increase security by making eavesdropping easier (i. e. wireless) or more difficult (i. e. fiber optic). Physical security of the network’s local loop and interexchange telephone circuits is the responsibility of the common carrier. 62

Preventing Eavesdropping Network devices such as controllers, hubs, and bridges should be secured in a locked wiring closets. A secure hub for Ethernet networks makes sniffer program eavesdropping more difficult, by requiring a special authorization code before new computers can be added to the hub. A review of software controls that can be programmed into remote network devices is also needed. 63

What is IP-Spoofing! u IPS means sending packets to a target computer u IPS is done by changing the source address on the incoming packets from their real address inside the organization’s NW 64

Sniffer Program u Is a spy-software/program u (which is) installed in a computer u (which is subsequently) plugged into an unattended hub or bridge or router u (and as a result) it eavesdrop on all kinds of message traffic Sniff (means what!) u To smell (forcibly thru the nose) u To inhale (forcibly thru the nose) 65

Using Encryption One of the best ways to prevent unauthorized access is encryption, which is a means of disguising information by the use of mathematical rules known as algorithms. An encryption system has two parts: the algorithm itself and the key, which personalizes the algorithm by making the transformation of the data unique. 66

What is Encryption! u It’s the best way to prevent any attempt to gain unauthorized access u It means disguising info by the use of mathematical rules known as algorithms u Actually, it’s the CRYPTION! • Encryption • Decryption u Cryptic (means what!) u Secret and/or mystifying 67

Plaintext and Hypertext u. Plaintext: • It means the information is in a readable form or format! This means that the info is in a decrypted form. u. Ciphertext: • It means the information is in an encrypted (i. e, disguised) form or format! 68

Using Encryption Good encryption systems do not depend on keeping the algorithm secret, only the keys. Today, the U. S. government considers encryption to be a weapon, and regulates its export in the same way it regulates the export of machine guns or bombs. The government is also trying to develop a policy called key escrow, requiring key registration with the government. 69

Using Encryption One commonly used encryption algorithm is the data encryption standard (DES). DES is a symmetric algorithm, which means the key used to decrypt a particular bit stream is the same one used to encrypt it. Symmetric algorithms can cause problem with key management; keys must be dispersed and stored carefully. A 56 -bit version of DES is the most commonly used encryption technique today. 70

Using Encryption A second popular technique is public key encryption, the most popular of which is RSA. Public key encryption is inherently different from secret key systems like DES, because it is an asymmetric algorithms; there are two keys. The public key is used to encrypt the message, and the private key is used to decrypt it. Public key encryption greatly reduces the key management problem. 71

Using Encryption Private Key 72

Using Encryption Public key encryption also permits authentications (digital signatures), using a process of encrypting with the private key, and decrypting with the public key providing irrefutable proof of origin. A certificate authority is a trusted organization that can vouch for the authenticity of the person of organization using authentication. For higher level security certification, the CA requires that a unique “fingerprint” (key) be issued by the CA for each message sent by the user. 73

Using Encryption 74

Detecting Unauthorized Access Detecting unauthorized access means looking for anything out of the ordinary. It means logging all messages sent and received by the network, all software used, and all logins (or attempted logins) to the network. • Increases in the number of logins • Unusual number of unsuccessful login attempts to a user’s or several users’ accounts. Regular monitoring should also be extended to network hardware. 75

Correcting Unauthorized Access Once an unauthorized access is detected, the next step is to identify how the security breach occurred and fix it so that it will not reoccur. Many organizations have taken their own steps to detect intruders by using entrapment techniques. In recent years, there has been a stiffening of computer security laws and in the legal interpretation of other laws that pertain to 76