cist 1601 information security fundamentals chapter 1 general security concepts collected and...
Post on 20-Dec-2015
230 views
TRANSCRIPT
CIST 1601 Information Security Fundamentals
Chapter 1 General Security Concepts
Collected and CompiledBy JD WillardMCSE, MCSA, Network+, Microsoft IT Academy AdministratorComputer Information Systems TechnologyAlbany Technical College
Understanding Information Security
The term information security covers a wide array of activities in an organization, including:ProductsProcesses used to prevent unauthorized access to, modification of, and deletion of information. Protect resources by preventing them from being disrupted by situations or attacks.
InternallyExternally
A security administrator must deal with system vulnerabilities and human vulnerabilities.You must assume that you’re under attack
Network Access Control (1:58)
General Security Concepts
Understanding Information Security
The security triad or three primary areas of security focus include:Management Security
Provide the guidance, rules, and procedures for implementing a security environment.
Operational SecurityIncludes access control, authentication, and security topologiesafter network installation is complete.
Physical SecurityInvolves the protection of your assets and information from physical access by unauthorized personnel.
Security policies fall under the Management category
Security
Physical
Operational Management
Securing the Physical EnvironmentThe goal of a physical security policy is to allow only trusted use of resources via positive identification that the entity accessing the systems is someone or something that has permission to do so based on the security model the organization has chosen. Physical security addresses the following major categories of risks:
Physical theftLoss of an asset Unauthorized disclosure of information
Interruption of critical servicesPower failure
Physical damage to hardware assetsThreats affecting confidentialityIntegrity and availability of critical resources
Securing the Physical EnvironmentIt is much easier for an attacker to walk into a reception area, masquerade as a vendor agent, and get access to the server than to get into a physically secured area that utilizes a guest sign-in and sign-out sheet. Unsecured equipment is vulnerable to social engineering attacks. Lock the door(s) to the server room. Mandatory physical access controls are common in government facilities and military installations where users are closely monitored and very restricted.
Examining Operational SecurityOperational security encompasses everything not related to design or physical security. Instead of focusing on the physical components where the data is stored, such as the server, the focus is now on the topology and connections. Issues include:
Daily operations of the networkConnections to other networksBackup and recovery plans
Operational security includes:
ComputersNetworks and communications systemsManagement of information
Operational security issues include:
Network access control (NAC)Authentication Security topologies
Survey Your Physical Environment The job of the security administrator is to prevent and to seek out rats (hackers). To catch a rat you need to think like a rat.
How would a rat gain access to the building? Is a key or code required? Security guard?Receptionist?Cameras?
How would a rat gain access to the floor of the server room? Is the elevator keyed, or can anyone use it? Do the doorways to the stairs only open outward, or can anyone walk up and enter?
How would a rat find the server? In the middle of the office?In a separate room?
Door secured? Key, badge or punchpad required?
If the rat finds the server, would anyone see what he’s doing? Does the server room have glass windows? Are cameras overlooking the server? Can you physically see the server?Would anyone question why a rat was there?
If you do use cameras where are the tape machines?Near the server so the rat can steal the evidence?
If you can easily spot flaws in the security then a rat can spot them too.
Network Access Control (NAC) Network Access Control (NAC) is an effective way to protect the network from malicious hosts. NAC secures the environment by examining the user’s machine and, based on the results, grant access accordingly. NAC provides:
Enforcement of security policyContainment of noncompliant usersMitigation of threats
The basic components of NAC products:Access requestor (AR); device that requests accessPolicy decision point (PDP); system that assigns a policy based on the assessmentPolicy enforcement point (PEP); device that enforces the policy.
SwitchFirewallRouter
Four ways NAC systems can be integrated into the network:Inline
out-of-bandswitch basedand host based
An out-of-band intervenes and performs an assessment as hosts come online, and then grants appropriate access. NAC business benefits include:
ComplianceBetter security postureOperational cost management
Working with Management and PoliciesManagement and policies provide the guidance, rules, and procedures for implementing a security environment. IT professionals can recommend policies, but they need the support of management to implement them. As a security administrator, you’ll need to look for openings that intruders can use to enter your network. Don’t think of the safeguards that may currently exist, but rather focus on ways someone not on your network might join it. How do users on your network access the Internet?
Dial-up connections ? Dial-up access on laptops at home?
Are proxy servers in use? Private or public IP addresses? Network Address Translation?
Wireless access points on the network? Unsecured SSID? WAP range? Can you access the network in the parking lot?
Remote Access allowed? From home? From hotel rooms? Callback option enabled or only user credentials?
Do you use Terminal Services? Are thin clients employed/allowed? Are entire sessions on the server run remotely? Is remote administration enabled?
Do users have shares on their laptops that could compromise the laptop’s data security?What ports are open on your routers and firewalls?
Reducing Risk with Security Policies (12:24)
Working with Management and PoliciesA number of key policies are needed to secure a network.Administrative policies lay out guidelines and expectations for upgrades, monitoring, backups, and audits. System administrators and maintenance staff use these policies to conduct business. Administrative policies should clearly outline:
When and How often to upgrade.When and how monitoring occurs.How logs are reviewed.Job responsible for these decisions. How often decisions should be reviewed. Who wrote the policy?Who signed off on the policy?What date were they mandated?
Administrative policies must be specific yet flexible enough to allow for emergencies and unforeseen circumstances but not too flexible as to be virtually ineffective or unenforceable.
Working with Management and PoliciesDisaster recovery plans (DRPs) are one of the biggest headaches that IT professionals face. Disaster recovery plans are expensive to develop and to test, and it must be kept current.A good Disaster recovery plan takes into consideration tornadoes, floods, fires, and every conceivable disaster. Information policies refer to the various aspects of information security, including access, classifications, marking and storage, and the transmission and destruction of sensitive information. Information policies may include a data classification similar to the following:
Public - For all advertisements and information posted on the WebInternal - For all intranet-type informationPrivate - Personnel records, client data, and so on Confidential - Public Key Infrastructure (PKI) information and other items restricted to all but those who must know them
Information policies must be as comprehensive as possible.
Working with Management and PoliciesSecurity policies define the configuration of systems and networks, including:
Installation of software and hardwareNetwork connections and network connectivityComputer room and data center security How identification and authentication occurs. Access controlAudits and reportsEncryption Antivirus software
Security policies also establish procedures and methods used for:
Password policyAccount expirationFailed logon attempts
Working with Management and PoliciesSoftware design requirements outline system capabilities.
Use the requirements to have vendors explain proposed solutions. Should be specific about security requirements. Design requirements should be viewed as a moving target.
Usage policies cover how information and resources are used.
How users can use organizational resources and for what purposes Rules of computer usage Statements about privacy, ownership, and the consequences of improper acts Internet, remote access, and e mail usage expectations ‑How users should handle incidents and who to contact if they suspect something Spell out the fact that monitoring can take place and that users agree to it Consequences for account misuse should also be stated.
Working with Management and Policies
User management policies identify how new employees are added to the system as well as:
Training and orientationEquipment installation and configuration Employee transfers
This can result in privilege creep where a user acquires administrative privileges to the system by accident.
User management policies should outline: Notification of IT department about employee terminations How notifications should occur
Terminated employees accounts should be either disabled or deleted.
Understanding the Goals of Information Security
Goals of Information Security include:
Prevention – Preventing computer or information violations.
Detection - Identifying events when they occur, identifying the assets under attack, how the attack is occurring, and who is responsible. Detection may involve complicated monitoring tools or checking the system logs. System logs will frequently tell you what was accessed and in what manner. These logs are usually explicit in describing the events that occurred during a security violation. Detection should be ongoing and part of security policies and procedures.
Response – Strategies and techniques to deal with an attack or loss.Have a well thought out and tested plan for response, restoring operations, and neutralizing the threat.
Comprehending the Security Process
Appreciating Antivirus SoftwareThe most common method used in an antivirus program is scanning. Scanning identifies virus code based on a unique string of characters known as a signature.Scanning searches files in memory, the boot sector, and on the hard disk for identifiable virus code. Your first step, should a system become infected with a new virus, would be to verify antivirus software is up to date including the virus definition files.
Access Control defines how users and systems communicate and in what manner.Three basic models are used to explain access control: Mandatory Access Control (MAC) MAC provides the strictest security mechanism. It assigns security labels to both subjects and objects.Labels are comprised of a classification and different categories.
Classification indicates the sensitivity level of the subject or object, such as secret or top-secret. Categories enforce need to know rules. Categories should be determined by the organization based on access control needs, such as human resources or accounting.
Under MAC, a file, printer, or computer would exist as an object. Objects are resources accessed by groups, users, or processes.A user or group would exist as a subject. Subjects access objects.
Access privileges to resources are assigned by administrators, are predefined based on the security policy, and can’t be changed by users. A privilege that is not expressly permitted is forbidden. Users cannot share resources dynamically.
This model is usually implemented in highly secure networks, such as military facilities.
Comprehending the Security Process Implementing Access Control
Authorization and Access Control (3:59)
The Discretionary Access Control model (DAC)
The Discretionary Access Control model (DAC) is used in small Microsoft workgroup networks where users commonly share folders with each other.
In the DAC model, the data owner\creator is responsible for granting other users access to resources, and determines the level of access that will be granted to those users, as well as limiting object access to certain days and certain times in the day.
The DAC model uses Access Control Lists (ACLs) to map a user's access permissions to a resource.An ACL is a security mechanism used to designate those users who can gain various types of access, such as read, write, and execute access, to resources on a network. An ACL provides security as granular as the file level.
In DAC, a subject’s rights should be suspended when he is on leave or vacation and should be terminated when he leaves the company.
Comprehending the Security Process Implementing Access Control
Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC) allows specific people to be assigned to specific roles with specific privileges.
RBAC uses the role to identify the users who have permissions to a resource, and may be implemented system wide. Users may be able to access information from any station in the network, based strictly on their role.
Privileges would be limited to the role and wouldn’t be present during the employee’s normal job functions.
For example, a backup operator role would give anyone who occupied that role the ability to perform backups, including the security privileges that went along with it.
These privileges should reflect the organization's structure and responsibilities users have in the organization.
The RBAC mode is common in network administrative roles.
Comprehending the Security Process Implementing Access Control
Understanding AuthenticationAuthentication is the mechanism by which the unique identity is associated with a security principal (a specific user or service). Before authorization can occur, the identity of the account attempting to access a resource must first be determined. This process is known as authentication.
Authentication can be generally broken into three basic forms, depending on what is required to authorize access:
Something you knowSomething you haveSomething you are
The most well-known form of authentication is the use of a username and password combination to access controlled resources. Access is not possible without both parts required for account authentication, so a level of protection is provided. The shortcoming of any authentication system is that the keys used may be easily falsified and access rights may be granted to an unauthorized access attempt. Null or easily guessed passwords are one of the most widespread examples of the potential for this weakness.
Identification and Authentication (6:32)
Single-Factor Authentication (4:38)
BiometricsBiometrics is the authentication process that uses physical characteristic to establish identification. A user places their hand on a finger print scanner or they put their eyes against a retinal scanner. Since a person’s fingerprint, blood vessel print, or retinal image is unique the only way the system can authenticate is if the proper user is there. Biometric devices typically use either a hand pattern or a retinal scan to accomplish this.
Iris profile biometric devices identify an individual b y using the colored part of the eye that surrounds the pupil. Facial geometry identifies a user based on the profile and characteristics of the face. A retina scan identifies an individual by using the blood vessel pattern at the back of the eyeball. A retinal scan is a very secure form of evidence used in high-security companies and government agencies.
When using biometrics, remember that each method has its own degree of error ratios, and some methods may seem invasive to the users and may not be accepted gracefully.
The false acceptance rate (FAR) is a measure if the likelihood that the access system will wrongly accept an access attempt. In other words, it will allow access to an unauthorized user. The false rejection rate (FRR) is the percentage of identification instances in which false rejection occurs. In false rejection, the system fails to recognize an authorized person and rejects that person as unauthorized.
The only way for an unauthorized user to get access is to physically kidnap the authorized user and force them through the system. For this reason, biometrics are the strongest (and the costliest) form of authentication.
CertificatesCertificates are another form of authentication. A server or certificate authority (CA) can issue a certificate that will be accepted by the challenging system. Certificates can be either physical access devices, such as smart cards, or electronic certificates that are used as part of the logon process.A Certificate Practice Statement (CPS) outlines the rules used for issuing and managing certificates.A Certification Revocation List (CRL) lists the revocation that must be addressed (often due to expiration) in order to stay current.
Certificates
A certificate being issued after identification has been verified.
Challenge Handshake Authentication Protocol (CHAP)
Challenge Handshake Authentication Protocol (CHAP) uses a challenge/response mechanism.
Using CHAP, the initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then sent back to the server. The server compares the value from the client and, if the information matches, grants authorization and the client logs on. If the response fails, the session fails and the request phase starts over.
A challenge/response mechanism, sometimes referred to as a three-way handshake, uses a secret password that verifies the identity of a user or node without revealing the password. CHAP is typically used for authentication on dial-up connections. CHAP uses only encrypted passwords during the authentication process. CHAP uses two compared values created using the MD5 hashing algorithm.
CHAP Authentication
Challenge Handshake Authentication Protocol (CHAP)
KerberosKerberos uses a Key Distribution Center (KDC) to authenticate a principle.
Principals are the entities to which the KDC provides services. They may be users, applications, systems, or services.Session keys are symmetric keys used to encrypt and decrypt information that passed between the principals and KDC.
The Key Distribution Center (KDC) is the most important component in a Kerberos environment. It is responsible for managing all the secret keys, authenticating all users, and issuing tickets to valid users. The KDC provides a ticket to the network.
A ticket granting ticket (TGT) is the entity issued by the authentication service (AS) on the KDC to a principal. The TGT proves principal identity throughout the communication process.
Once this ticket is issued, it can be used to authenticate against other principles. This occurs automatically when a request or service is performed by another principal.
Kerberos v5 includes support for a process known as mutual authentication, where both the identity of the client that is requesting authentication and the server that is providing authentication are verified. Kerberos and Active Directory are two technologies that provide single sign-on authentication. Single sign-on addresses the problem of users having to remember multiple usernames and passwords to access different systems.
Kerberos (9:57)
Single Sign-on (3:25)
Kerberos Authentication ProcessKerberos
Multifactor AuthenticationMultifactor authentication involves the use of two or more different forms of authentication. Any combination of authentication methods may be used in a multifactor solution. Different forms include:
What you know (logon, password, PIN)What you have (smartcard, keycard, SecureID number generator)What you are (biometrics)
A two-factor method can potentially increase the strength of authentication by combining authentication protocols such as the use of a smart card in conjunction with a password or smart card and biometrics for logon.
Multi-Factor Authentication (3:15)
Two-factor Authentication
Multifactor Authentication
Mutual AuthenticationWhenever two or more parties authenticate each other, this is known as mutual authentication.Mutual authentication checks the identity of both ends of the connection. It is often referred to as two-way authentication. A client may authenticate to a server, and a server authenticate to a client when there is a need to establish a secure session between the two and employ encryption. Mutual authentication ensures that the client is not unwittingly connecting and giving its credentials to a rogue server; which can then turn around and steal the data from the real server. Commonly, mutual authentication will be implemented when the data to be sent during the session is of a critical nature—such as financial or medical records.
Password Authentication Protocol (PAP)
Password Authentication Protocol (PAP) offers no true security, but it’s one of the simplest forms of authentication. The username and password values are both sent to the server as clear text and checked for a match. If they match, the user is granted access; if they don’t match, the user is denied access. In most modern implementations, PAP is shunned in favor of other, more secure authentication methods.
Security TokensSecurity tokens are similar to certificates. They contain the rights and access privileges of the token bearer as part of the token.
Many operating systems generate a token that is applied to every action taken on the computer system. If your token doesn’t grant you access to certain information, then either that information won’t be displayed or your access will be denied.
The authentication system creates a token every time a user connects or a session begins.
Authentication is established on each session and is valid only for that session.
At the completion of a session, the token is destroyed.
Security Token Authentication
Security Tokens
Smart CardsA smart card is a type of badge or card that can allow access to multiple resources including buildings, parking lots, and computers.
It contains information about your identity and access privileges.
The reader is connected to the workstation and validates against the security system.
Smart Cards often also require the use of a small password called a PIN; which further secures the smart card if lost by the true card holder.
Smart Cards increase the security of the authentication process because it must be in your physical possession.
A whole system can become useless if the smart card is lost or stolen.
The Smart Card Authentication Process
Smart Cards
Username/PasswordUsing a login and password is single-factor authentication because it consists of only what you know. A username and password are unique identifiers for a logon process.Most operating systems use a user ID and password to accomplish identity during the logon process.These values can be sent across the connection as plain text or can be encrypted.The logon process identifies to the operating system, and possibly the network, that you are who you say you are.The operating system might establish privileges or permissions based on stored data about that particular ID.Usernames and passwords can be intercepted and are the least secure.
Authentication Issues to ConsiderSetting authentication security, especially in supporting users, can become a high-maintenance activity for network administrators.
On one hand, you want people to be able to authenticate themselves easilyOn the other hand, you want to establish security that protects your company’s resources.
Be wary of popular names or current trends that make certain passwords predictable. Identity proofing is an organizational process that binds users to authentication methods. Identification proofing is invoked when a person claims they are the user, but cannot be authenticated—such as when they lose their password. They are typically asked to provide another value—such as mother’s maiden name— to prove their identity. Identity proofing gives the organization assurance that the user performing an authentication is the legitimate user.
Under no circumstance should the person proofing be allowed access immediately— instead their access information should be sent to their email account of record.
Identity proofing is the main component of authentication lifecycle management. Authenticators for identity proofing include smart cards, biometrics, and one-time password (OTP) devices.
Distinguishing between Security Topologies Setting Design Goals
Sending data across an insecure network, such as the Internet, affects confidentiality and integrity. It is the responsibility of the sender to ensure that proper security controls are in place. Confidentiality and integrity should be implemented to ensure the accuracy of the data and its accessibility to authorized personnel. The three core security objectives for the protection of the information assets of an organization are:
ConfidentialityIntegrityAvailability
These three objectives are also referred to as the CIA triad. Most computer attacks result in the violation of the CIA triad.
Confidentiality
Meeting the goal of confidentiality is to prevent or minimize unauthorized access to and disclosure of data and information. Confidentiality is the minimum level of secrecy that is maintained to protect sensitive information from unauthorized disclosure. In many instances, laws and regulations require specific information confidentiality. Confidentiality can be implemented through encryption, access control data classification, and security awareness. Maintaining the confidentiality of information prevents an organization from attacks, such as shoulder surfing and social engineering, which can lead to disclosure of confidential information and disrupt business operations. Lack of sufficient security controls to maintain confidentiality leads to the disclosure of information.
Confidentiality, Integrity, and Availability (5:10)
IntegrityEnsuring the integrity of information implies that the information is protected from unauthorized modification and that the contents have not been altered. To meet the goal of integrity, you must verify that information being used is accurate and hasn’t been tampered with. Integrity ensures the following conditions:The data is accurate and reliable.The data and the system are protected from unauthorized alteration.Attacks and user mistakes do not affect the integrity of the data and the system.
Integrity is coupled with accountability to ensure that data is accurate and that a final authority exists to verify this, if needed.
AvailabilityTo meet the goal of availability, you must protect data and prevent its loss. Data that can’t be accessed is of little value. If a mishap or attack brings down a key server or database, that information won’t be available to the people who need it. This can cause havoc in an organization. Your job is to provide maximum availability to your users while ensuring integrity and confidentiality. The hardest part of this process is determining the balance you must maintain between these three aspects to provide acceptable security for the organization’s information and resources.
AccountabilityThe final and often overlooked goal of design concerns accountability. Accountability involves identifying who owns or is responsible for the accuracy of certain information in an organization.
Many of the resources used by an organization are shared between departments and individuals.
The department or individual that is accountable for certain information would also be responsible for verifying accuracy in the event of a data-tampering incident. You should also be able to track and monitor data changes to detect and repair the data in the event of loss or damage. Most systems will track and store logs on system activities and data manipulation, and they will also provide reports on problems.
Creating Security ZonesIt’s common for a network to have connections among departments, companies, countries, and public access using private communication paths and through the Internet. Not everyone in a network needs access to all the assets in the network. The term security zone describes design methods that isolate systems from other systems or networks. You can isolate networks from each other using hardware and software. The Internet creates a challenge for security. Security zones allow you to isolate systems from unauthorized users. Here are the four most common security zones you’ll encounter:
Internet Intranet ExtranetDemilitarized zone (DMZ)
By implementing intranets, extranets, and DMZs, you can create a reasonably secure environment for your organization.
InternetThe Internet is a global network connecting computers and individual networks together. In this environment, you should have a low level of trust in the people who use the Internet. You must always assume that the people visiting your website may have bad intentions; they may want:
To buy your productTo hire your firmTo bring your servers to a screaming halt
Because the Internet involves such a high level of anonymity, you must always safeguard your data with the utmost precautions
IntranetsIntranets are private networks implemented and maintained by an individual company or organization.
An intranet is the private network of the company that contains most of the private resources and network infrastructure equipment of the company. An intranet belongs to and is controlled by the company.
Intranets use the same technologies used by the Internet. You can think of an intranet as an Internet that doesn’t leave your company:
It’s internal to the company.Access is limited to systems within the intranet.
Access to the intranet is granted to trusted users inside the corporate network or to users in remote locations.
ExtranetsExtranets extend intranets to include outside connections to partners. An extranet is the public area of the company network infrastructure that enables resources to be accessed by external users. An extranet is a semi-secure zone that allows partners of the organization to access specific resources.The partners can be vendors, suppliers, or similar parties who need access to your data for legitimate reasons. Extranet connections involve connections between trustworthy organizations.Security for the extranet security zone can include a number of strategies:
Using VPN connectionsRegularly auditing all servicesRemoving all unnecessary servicesLimiting the number of services provided
Demilitarized Zone (DMZ)A demilitarized zone (DMZ), or perimeter network, provides a layer of security and privacy between the company infrastructure and the Internet.
A DMZ might contain Internet accessible servers such as access web servers, FTP servers, and mail-relay servers for restrictive access by people you might not trust otherwise.
By isolating a server in a DMZ, you can hide or remove access to other areas of your network.The internal network isn’t visible to external users lowering the threat of intrusion in the internal network. A DMZ is a separate subnet coming off a separate router interface. Most organizations deploy, at a minimum, two firewalls.
The first firewall is placed in front of the DMZ to allow requests from the external public interface destined for servers in the DMZ or to route requests to an authentication proxy. The second firewall is placed to allow outbound requests and denies public traffic to pass through the interface that connects to the internal private network.
From there, you can decide what traffic goes where; for example, HTTP traffic would be sent to the DMZ, and e mail would go to the internal network.‑ All initial necessary connections are located on the DMZ machines. For example, a RADIUS server may be running in the DMZ for improved performance and enhanced security, even though its database resides inside the company intranet.
A typical DMZ
Demilitarized Zone (DMZ)
Working with Newer Technologies Virtualization Technology
Virtual environments are available to run on just about everything from servers and routers to USB thumb drives. Hardware vendors are rapidly embracing virtualization and developing new features to simplify virtualization techniques. Virtual environments can be used to improve security by:
Allowing unstable applications to be used in an isolated environment.Providing better disaster recovery solutions.
Virtual environments are also used for cost-cutting measures.
One well-equipped server can host several virtual servers, reducing the need for power and equipment. Forensic analysts often use virtual environments as a method of viewing the environment the same way the criminal did.
A hypervisor or virtual machine monitor (VMM) is a virtualization platform that provides multiple operating systems running on a host computer at the same time.
A Type 1 native or bare-metal hypervisor is software that runs directly on a hardware platform. The guest operating systems runs at the second level above the hardware. This technique allows full guest systems to be run in a relatively efficient manner. The guest OS is not aware it is being virtualized and requires no modification.A Type 2 or hosted hypervisor is software that runs within an operating system environment, and the guest operating system runs at the third level above the hardware. The hypervisor runs as an application or shell on another already running operating system.
Virtualization (2:20)
Working with Newer Technologies Virtualization Technology
Security policy should address virtual environment vulnerabilities. Software without a defined business need should not be allowed on systems, including virtual environments. If a virtual machine is compromised, an intruder can gain control of all the guest operating systems. In addition, because hardware is shared, most virtual machines run with very high privileges, allowing an intruder who compromises a virtual machine to compromise the host machine, too. Segmenting virtual machines by the information they handle.
The organization should have a policy in place that states that high-security virtual machines never share the same hardware as virtual machines for testing or lower security applications.
Also:
Be cognizant of share files among guest and host operating systems. Use standard locked-down virtual images.
Other areas that present issues for a virtualized environment and need special consideration are:
Deploying financial applications on virtualized shared hostingSecure storage on storage-area network (SAN) technologies
Virtual machine environments need to be patched just like host environments and are susceptible to the same issues as a host operating system.
Virtualization (9:22)
Virtual Local Area NetworksA virtual local area network (VLAN) allows you to create groups of users and systems and segment them on the network. This segmentation lets you hide segments of the network from other segments and thereby control access. VLANs enable you to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Networks can coexist on the same wiring and be unaware of each other. VLANs enable administrators to segment one broadcast domain into two or multiple domains, segmenting groups of users that have similar data sensitivity levels together and thereby increasing security. VLAN advantages include:
Reducing the scope of broadcastsImproving performance and manageabilityDecreased dependence on the physical topology
Switches are used to create VLANs.A router or other routing-type device would be needed to connect these VLANs. When a switch is compromised, the attacker could next compromise the VLANs created by the switch.
VLANs (1:55)
A typical segmented VLAN
Virtual Local Area Networks
Network Address TranslationNetwork Address Translation (NAT) acts as a liaison between an internal network and the Internet. NAT effectively hides your network from the world, making it much harder to determine what systems exist on the other side of the router. Most new routers and current Microsoft Server operating systems support NAT The NAT server effectively operates as a firewall for the network. Typically, the router or NAT server acts as the interface between a local area network and the Internet using one IP address. The router or NAT server maps all inbound and outbound requests and maintains a table for returned messages. NAT allows the organization to use publicly assigned IP addresses over the Internet that is different from its private IP addresses. In this way, NAT hides the private network from the public. There are specific reserved, non-Internet-routable, private IP addresses for use on an internal network.
In Class C the range is 192.168.0.1 to 192.168.255.254. In Class B the range is 172.16.0.1 to 172.31.255.254In Class A the range is 10.0.0.1 to 10.255.255.254.
Port Address Translation
In addition to NAT, Port Address Translation (PAT) is possible.
Network Address Translation (3:48)
TunnelingTunneling refers to creating a virtual dedicated secure connection between two systems or networks. Tunneling sends private data across a public network (the Internet) by placing (encapsulating) that data into other packets (to prevent sniffing over the public network). Tunnels are usually secure and present themselves as extensions of both networks.You create the tunnel between the two ends by encapsulating the data in a mutually agreed upon protocol for transmission. Tunneling protocols usually include data security as well as encryption. Most tunnels are virtual private networks (VPNs). Several popular standards have emerged for tunneling, with the most popular being the Layer 2 Tunneling Protocol (L2TP).
A connection being made between two networks across the Internet. To each end of the network, this appears to be a single connection.
Addressing Business ConcernsIdentifying Assets
Asset identification is the process of identifying the types and values of assets in an organization.In some cases, the process may be as simple as counting systems and software licenses. The more difficult part of an asset-identification process is attempting to assign values to information. In some cases, you may only be able to determine what would happen if the information were to become unavailable or lost. If absence of this information would effectively shut down the business, the information is priceless.
Addressing Business ConcernsAssessing Risk
There are several ways to perform a risk assessment or risk analysis.
They range from highly scientific formula-based methods to a conversation with the owner.
The cost of an event and the probability that an event will occur are two of the most important factors to consider when you’re formulating a risk assessment.
In general, you should attempt to identify the costs of replacing stolen data or systems, the costs of downtime, and virtually any risk factor you can imagine.
You can move to risk assessment only after completing the asset identification.
After you’ve determined the costs, you can then evaluate the likelihood that certain types of events will occur and the most likely outcome if they do occur.
Addressing Business ConcernsIdentifying Threats
A threat assessment examines the potential for internal and external threats to your systems and information.
Implementing a security policy requires that you evaluate the risks of both internal and external threats to the data and network. It does little good to implement a high-security environment to protect your company from the outside if the threat is mostly internal.
A disk brought from outside containing a virus and loaded on a computer would be immune to your external security measures.This is a common problem in schools, libraries, and environments where people regularly use shared resources.
Internal threats also include employee fraud, abuse or alteration of data and theft of property.
Both policies and systems must be put in place to detect and mitigate these possibilities.Investigation and making recommendations to management is key
Internal and External Threats to an Organization
Addressing Business ConcernsInternal Threats
Most well-publicized internal threats involve financial abuses, some outright fraud or theft.
These types of threats, especially in a computer-intensive environment, can be difficult to detect and investigate. They are typically ongoing and involve small transactions over long periods.
Internal policies and systems should be in place to detect, investigate, and correct these types of problems.
Statistically, most security breaches are internal.
System failure could be considered an internal threat because the cause of the threat comes from within the organization.
Addressing Business ConcernsExternal Threats
External threats are increasing at an alarming rate.
Early methods of cracking systems were primitive and labor intensive.
Today, software packages exist that find targets automatically and then systematically attack the targets to find their vulnerabilities.
Many of these tools use GUIs that require little technical expertise on the part of the would be attacker.
A Security Administrator’s job is to detect the attack, find ways to counter it, and assist law enforcement personnel in investigating the activity. Telephony (2:43)
The End