INTRODUCTION TO NETWORK SECURITYCHAPTER 1

WHAT IS NETWORK SECURITY• Protection of network & their services• Protects from: unauthorized modification,

destruction, disclosure• Ensures the network performs it functions

correctly & no harmful side effect

NETWORK SECURITY CONCEPTS• Network security starts from authenticating the user.• Firewall enforces access policies such as what services

are allowed to be accessed by the network users• Anti-virus software or an intrusion prevention system

(IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network and traffic for unexpected content or behavior and other anomalies to protect resources

• Individual events occurring on the network may be logged for audit purposes and for later high level analysis.

• Communication between two hosts using a network could be encrypted to maintain privacy.

WHY NETWORK SECURITY

SECURITY GOAL

CONFIDENTIALITY

INTERGRITY AVAILABILITY

POTENTIAL RISKS TO NETWORK SECURITY

• Email Attachments -- Workers opening an attachment could unleash a worm or virus onto the corporate network.

• Diversionary Tactics -- Hackers may strike a set of servers in a target company and then when security administrators are busy recovering the services, they slip in and attack another part of the network.

• Blended Attacks -- Worms and viruses are becoming more complicated, and now a single one may be able to execute itself or even attack more than one platform.

• Renaming Documents -- Monitoring software that checks emails leaving the company might fail to pick up on the outgoing message if the subject name has been changed.

DEFINITION - Asset Identification• involve tagging each physical (router, computers)

and intangible asset (database content).• With a physical label (frequently with a bar code)

or a tag with RFID (Radio Frequency Identification) we can tag physical assets.

• Assets loss can be compromised by the competitors to take advantage over a company.

DEFINITION - Vulnerability Assessment

• Search for weaknesses in order to apply a patch or fix to prevent a compromise.

• Ways to counteract those weaknesses include:• Installing vendor patches• Implementing IDS or virus scanning software

DEFINITION - Threat identification • Involve listing a possible threat that can occur in

an organization. Example list of sources of threats could include:• The ex-employee who desires revenge. • The deliberate cyber-spy looking to accumulate

competitive information on your company that he can use to improve his own company’s positioning.• The employee who doesn’t know that email attachments

ending in “.exe” should not be opened without the system administrator’s permission.

OPEN SECURITY MODEL• Is the easiest to implement• Few security measures are implemented.• Foundation: simple passwords and server security• This model assumes that users are trusted,

protected assets are minimal and threats are also minimal.

• Gives users free access to all areas and security breaches are not likely to result in great damage and loss.

• But this model also implement data backup system in most cases.

RESTRICTIVE SECURITY MODEL

• More difficult to implement• More security measures are implemented.• Foundation: firewalls and identity servers.• This model assumes that protected assets are

substantial, some users are not trustworthy and threats are likely to occur.

• LANs that are connected to the Internet or public WANs are more likely to implement this type of model.

CLOSED SECURITY MODEL• Most difficult to implement• All security measures are implemented• Assumes that the protected assets are premium,

all users are not trustworthy and threats are frequent.

• User access is difficult and cumbersome• Companies require high number and better

trained network administrator to maintain tight security.

• Network administrator also may require greater skills and more time to administer the network.

TRENDS DRIVING NETWORK SECURITY• Wireless access: encryption technology in

wireless environment• The need for speed: availability of services• IT staffing shortages: increase demand on

security staff• ISO/IEC 17799: code of practice for information

security management in an organization• Legal issues: information theft (trademark, trade

secret)• Privacy concerns: confidentiality of transmitted

data, spyware program.

ROLES OF INFORMATION SECURITY ORGANIZATION • CERT/CC• US-CERT• SANS Institute• ISC2

• FIPS• ICSA

SECURITY METHOD• Log on• File System• Data Communication• Administrative

Logon

• The most common form of security identification is logon-verification of who a user is and that the user is permitted to use the network.

• The current login method requires that the user's e-mail address and password be sent in the clear.

File System

• One user may have access to a certain folder on the network but does not have access to another folder.

• Encrypt files stored in the file system to protect data while it's transferred from one system to another. Normally uses symmetric and asymmetric cryptographic key.

Data Communications

• Having a secure data communication using encryption to transmit data between users especially confidential data.

• Conversion of data into code for confidentiality and security (with encryption algorithm).

Administrative

• Different level of users have different privilege access level. Access level controlled by network/system administrators.

• Administrator defines the rules, and which resources to be protected.

INTERNET SERVICES• Electronic mail and news

• Ways for people to exchange information with each other without requiring an immediate, interactive response.

• File transfer • Transmitting files over a computer network or the Internet

(the simplest way to exchange files).

• Remote Access to Host• The ability to log onto a network from a distant location (eg;

TELNET or SSH)

• Real time conferencing services• Designed for interactive use by on-line participants (video

conference).

ATTACK DEFINITION:

Information Theft: • Attacks that allow an attacker to get data without

ever having to directly use your computers.• How: • dumpster diving • steal your e-mail

• Used for: • to access bank account• to make loans (car, real estate)

Cont…

Unauthorised disclosure :• An organization suspects some of its employees

of leaking confidential information to its competitor.

• It is also usually believed that its competitor actually planted spies within the organization in order to target and steal new product plan.

• How: • planting virus, trojan horse• snooping software

Cont... Information warfare:• Is the use and management of information in

pursuit of a competitive advantage over an opponent.

• Remotely disabling target using software (e.g.; television and radio disinformation)

• Disinformation: false or inaccurate information that is spread deliberately.

Cont...

Accidental data loss:• Most common data loss cause, simply accidentally

deleting a file that wasn't supposed to be deleted.• Caused by a careless employee or an untrained

employee who did not know better

Security Threats

Categories::Data disclosure: • Exposure of data to third parties. Key point to consider

is whether the disclosure is relevant and necessary.Data modification: • A modification attack is an attempt to modify

information that an attacker is not authorized to modify.

Data availability: • Describe products and services that that continues to

be available at a required level of performance in situations ranging from normal through "disastrous."

Cont…

Activities::Hacking:• Computer hacking is the practice of modifying

computer hardware and software to accomplish the hacker’s goal.

Cracking:• Activities to breaks into someone else's computer

system or bypasses passwords or licenses in computer programs.

Cont….

Spoofing:• A method of attacking a computer program, in which

the program is modified so as to appear to be working normally when in reality it has been modified with the purpose to circumvent security mechanisms.

Sniffing:• A method that a network device, like the Nintendo

DS, uses to identify available wireless networks in the area.