The Art of Tech Support John Abbott College Info. Sec for Tech Support -- Part 2 M. E. Kabay, Ph. D, CISSP Director of Education, NCSA President, JINBU Corp Copyright © 1997 JINBU Corp. All rights reserved ATS 7 - 1
More about Info. Sec. . . l l l ATS 7 - 2 DPMRP Levels of Info. War Defences
DPMRP l l ATS 7 - 3 Disaster Prevention, Mitigation and Recovery Planning – prevent: good security, planning reduces likelihood of incident – mitigation: minimize consequences of incident – recovery: get back in business as fast as possible given resources available – planning: think, discuss, argue and test before the incident, not during the incident AKA “Business Resumption Planning” or BRP; also “Disaster Recovery Planning” = DRP
Take detailed notes on the following video and submit a one-page or longer summary of the key points you learned. Submit your report as part of your homework. VIDEO: When Disaster Strikes Commonwealth Films Boston, MA ATS 7 - 4 4
Schwartau’s Levels of Infowar Schwartau, W. (1994). Information Warfare: Chaos on the Electronic Superhighway. Thunder's Mouth Press (New York). ISBN 156025 -080 -1. 432 pp. Index. Second edition (1996) has +400 pp extra stuff l Level I: Interpersonal l Level II: Intercorporate l Level III: International ATS 7 - 5 5
Level I Infowar: Interpersonal Cyberspace shadow vulnerable l Invasion of privacy l Impersonation l Interference ATS 7 - 6 6
Level I: Privacy l l ATS 7 - 7 Snooping through files & e-mail Shopping data for market research – Supermarket – Video store Medical information SIN / SSN allow correlation of databases – link many sources of info – credit ratings, DMV – violation to request SIN / SSN unless bank / govt 7
Level I: Impersonation l l ATS 7 - 8 In cyberspace – Fraudulent e-mail; e. g. , Texas A&M prof – Pseudonymous on-line chat; e. g. , paedophiles In realspace – Stealing dial tone using wireless phone – Stealing identity; e. g. , movie The Net 8
Level I: Interference l l l Phones – Billing hospital phones to victim’s home # – Forwarding church calls to brothel – Disconnections – Turning home phone into pay phone Credit profiles – Fraudulent entries – Deleting files Credit card numbers – Neighbourwood Watch with a difference – Toronto CN Tower merchants + accountant – Organized crime – BBS ATS 7 - 9 9
Level II Infowar: Intercorporate l l l ATS 7 - 10 Industrial espionage Theft Sabotage 10
Level II: Espionage l l ATS 7 - 11 American Airlines spill tables to Northwest Airlines GM Opel plans to Volkswagen IBM plans to Hitachi Britannica subscription lists 11
Level II: Theft l l ATS 7 - 12 ATM Fraud – Hartford, CT Phone fraud – U$2 -8 billion / year 12
Level II: Sabotage l l ATS 7 - 13 Virgin Airways sues British Airways Consultants leave logic bombs in client code Moles – hired by MCI in Carey, NC – installed a hardware network analyzer – captured 50, 000 calling card IDs from MCI, Sprint, AT&T 21 criminals in Europe – sold calls cheap – U$140 M of calls 13
Level III: International Governments accused by US analysts of engaging in infowar: l France l Japan l Russia l China l South Korea l Israel l Sweden l Switzerland l Canada (!) l New Zealand ATS 7 - 14 14
Level III: Terrorists l l ATS 7 - 15 Immediate damage potential – World Trade Center: most damage to business not building – Phone grid – Air traffic control – Stock exchange Long-term damage potential – random errors in software and data – fraudulent e-mail causing stock market disruption – spamming the Internet to saturate bandwidth 15
Civil Defence in Cyberspace l l l ATS 7 - 16 Learn about technology and issues Set corporate policies to support internal security Set national security priorities to include security in cyberspace Joint civilian/military/police cooperation Mandatory reporting of security breaches Otherwise. . . 16
Defences l l l l l ATS 7 - 18 Hardware inventories, locks and network management Network anti-virus software Software license and version management Secure data channels Workstation audit trails Centralized backup tools Password tokens Single logon Encryption
Hardware Management l l l ATS 7 - 19 Manual inventories Locks Network management software; e. g. , – Lan Support Group Bindview – Frye Computer Systems LAN Directory – Symantec Corp Norton Administrator for Networks – Microcom Inc LANlord – Blue Lance LT Auditor NLM
Workstations and Network Anti-Virus Tools l Signature-based – files of characteristic assembly code or ASCII strings – must be updated constantly l Generic or heuristic – look for types of code or behaviour pathognomic for viruses l Heterogeneous – scan for PC or MAC viruses on UNIX or Netware servers See NCSA Web pages for hot links to many AV vendors (http: //www. ncsa. com) l ATS 7 - 20
Software License Improvements l l ATS 7 - 21 Tier-pricing Software Metering – Gradient. Network Licensing System (NLS) w/ HP – OSF (Open Software Foundation) • Novell • Many UNIX – Microsoft: License Service Application Programming Interface
Secure Data Channels l l ATS 7 - 22 New secure versions of LAN OS; e. g. , – Novell Netware 4. 0 Add-on components; e. g. , – Fibermux Corp FX 709 bridge for Ethernet – Security Dynamics ACE/Server Encrypting modems; e. g. , – Centel Federal Systems Tel/Assure – Millidyne Inc Auditor Secure transactions over Web; e. g. , – Secure Sockets Layer (SSL)
Workstation Audit Trails Who did what when to which files and records? l TSRs l Configurability l Reporting capabilities l Encrypted audit trails ATS 7 - 23
Workstation Audit Trails (cont’d) l Netware-specific tools include – Network Management Inc LANtrail – Blue Lance Inc LT Auditor l More generic: – Connect Computer Co Lanscope – Saber Software Corp Saber Meter ATS 7 - 24
Centralized Backup l Automatic control of backup l Portable units a problem l Tools available; – e. g. , for Netware: • Connor HSM (Hierarchical Storage Management) • Systems Enhancement Total Network Recall – for UNIX: Syntax. Total. Backup ATS 7 - 25
Password Tokens A 32 H 7296 Q*3 14: 27 Enter ID: G 674$2 Enter PW: A 32 H 7296 Q*3 * Valid * 14: 28 8 N 27^#11929 ATS 7 - 31
Password Tokens (cont’d) l l l ATS 7 - 36 Passive Challenge/response Cryptographically sound Universally-portable algorithms Physically secure E. g. , Security Dynamics Secur. ID Card
Single Logon Problem: authentication on multiple systems across network Give me your password! ATS 7 - 38 *$%”? (@#)! Now give me a completely different password!
Single Logon (cont’d) l l l ATS 7 - 39 People have trouble with multiple passwords Password policies vary (length, composition, aging) Having to enter many passwords slows down work Passwords transmitted across network are subject to sniffing Solution is complex but possible (e. g. , Kerberos)
Encryption l l ATS 7 - 40 Symmetric – e. g. , DES Asymmetric – e. g. , PKC
Encryption: DES l Data Encryption Standard – example of symmetric encryption algorithm Key: 7 dh. HG 0(Jd*/89 f-0 ejf-pt 2@. . . Cleartext ENCRYPT DECRYPT Ciphertext Key: 7 dh. HG 0(Jd*/89 f-0 ejf-pt 2@. . . ATS 7 - 41
Encryption: PKC l Public Key Cryptosystem – example of asymmetric encryption Key: 7 dh. HG 0(Jd*/89 f-0 ejf-pt 2@. . . Cleartext ENCRYPT DECRYPT Ciphertext Key: fu 3 f 93 jgf 912=kjh#1 sdfjdh 1&. . . ATS 7 - 42
Encryption: PKC (cont’d) PGP is an example of the PKC l Key generation produces 2 keys l Each can decrypt the ciphertext produced by the other l One is defined as public l Other is kept as private l Can easily send a message so only the desired recipient can read it: – encrypt using the ________’s ________ key – decrypt using the ________’s ________ key ATS 7 - 43
Encryption: PKC (cont’d) l Signing a document using PKC This is the original text. 83502758 Unencrypted hash of msg ATS 7 - 44 Create message hash and encrypt only hash with private key. This is the original text. 8 u 3 ofdjgh djc 9 d_j 3$ Encrypted hash of msg
Encryption: PKC (cont’d) l Verifying the signature using PKC Unencrypted hash of msg 83502758 Newly computed hash of msg. . . and now compare the two hashes ATS 7 - 45 Create message hash and decrypt only hash with public key… This is the original text. 8 u 3 ofdjgh djc 9 d_j 3$ Encrypted hash of msg
Encryption: PGP Demo l l l ATS 7 - 46 Watch as your instructor demonstrates the actions of PGP (Via. Crypt commercial version 4. 0) and take notes on what you see and learn. Signing a document with a private key Validating a signature with a public key Effect of a single-byte change on validity of a digital signature Encrypting a document using a public key Decrypting a document using a private key Effect of a single-byte change on decryption
People Are Fundamental l l l l ATS 7 - 47 Most expensive security equipment worthless without cooperation of users Need Information Security Officer(s) Proper technical training for Info. Sec staff & Information Technology group Well-reasoned security policies a must Security awareness training for all employees Security awarness reminders all the time Security monitoring, reward, punishment Support for refusing to break policies or commit illegal acts
National Computer Security Association l l l ATS 7 - 48 Membership organization Monthly NCSA News Conferences (12/yr) Compu. Serve NCSA FORUMS (3) Anti-virus phone support
National Computer Security Association l l l ATS 7 - 49 Security audits Info. Sec awareness and training programs Computer Ethics and Responsibility Campaign Carlisle, PA: 717 -258 -1816 Infobot: any e-mail to info@ncsa. com Web site: http: //www. ncsa. com
Homework: Readings l l l ATS 7 - 50 Read and make notes on the extract from The NCSA Guide to Information Security on Information Warfare Answer all the review questions from the instructor Submit your chapter summary, video summary, notes on demonstration and review questions after the quiz at the start of lecture 8
Скачать презентацию The Art of Tech Support John Abbott College
dbfaee13599863c4c71289fbac19d552.ppt