UNIT 15 WEEK 4 CLASS 2LESSON OVERVIEWPete LawrenceBTEC National Diploma Organisational System Security

Overview

Recap Keeping systems and data secure

Physical Security Biometrics Software and network security

Focus on Call back, Handshaking, Diskless networks, Backups & Audit logs.

Focus on Firewall configuration and management, virus management and control, Virtual Private Networks (VPNs), intrusion detection systems and traffic control technology, passwords, Levels of access to data and software updating.

Software and network security

To combat intrusion and subversion of a

networked computer system and

commonplace accidental damage to data and

resources, all ICT systems need to employ an

extensive range of security and data

management techniques and technologies.

Examples of counter measures

Encryption techniques

Encryption is a method of converting

normal information such as text, images

and media into a format which is

unintelligible unless you are in

possession of the key that is the basis of

the conversion.

Examples include

Examples include

• WEP (Wireless equivalence protocol) used in wireless systems allow all members of a wireless system to share a common private key which is used to encrypt all data transmitted the WEP key needs to be typed into the wireless settings on the mobile device. • Two standards 64-bit and 128-bit keys.• WEP keys are binary but can be entered in hexadecimal, as this has a direct mathematical relationship and is more a understandable format

WEP

Encryption Home

Simple ciphers (Caesar cipher)

http://secretcodebreaker.com/ciphrdk.html

Ciphers that use a key DES (Data Encryption Standard)

http://en.wikipedia.org/wiki/Data_Encryption_Standard#History_of_DES

RSA encryption (public and private key using prime numbers)

http://video.google.co.uk/videoplay

MD5 Hash

http://video.google.co.uk/videosearch?q=md5+hash

WEP (Wireless equivalence protocol)

http://news.bbc.co.uk/2/low/technology/6595703.stm

Call back Home

Dial-up systems using modems are used to establish a call back connection. The network administrators can dial into a network device like a server and it will call them back, on a pre-configured number which must be a trusted, registered line.

Q. What are the main problem with using this technology.

A. Slow connection transfers and uses dated technology.

Q. So why use it

A. 1 While dial-up may seem out of date, many remote areas and developing regions still use this technology

2 Modems are reliable and are still used as a backup connection to gain direct access to a network router in case of a major failure to the main incoming line (which could be caused by a hacker).

Handshaking Home

Handshaking techniques like CHAPS (Challenge Handshake Authentication Protocol) are used to establish a trusted connection with between hosts on a public communication s line, such as a WAN (Wide Area Network) which is considered not to be a trusted media type.

Diskless Networks

One of the greatest risks of data being stolen is caused by the ability to easily transfer data from a computer to a mobile storage device.In diskless networks workstations tend not to have:

Optical drives (CD /DVD) USB Ports (Windows can be configured

to not recognised new USB devices) BIOS lockdown

Diskless Networks cont..Home Some systems also prevent local hard drive

access, either by applying local restrictions which prevent the user from viewing, adding and removing files or removing local hard drives completely using terminal services which boot the computer from a remote location, the operation system is loaded into memory. Examples include: remote desktop (XP and Vista); VNC (Virtual Network Computing); Linux X-Windows also offers similar facilities.

Backup, Restore and Redundancy The use of backups and restoration of data

are critical in ensuring that data is safe and secure. Having centrally managed backup system, where all the data is safely copied in case of system failure, with everyone following the same standards, is essential.

Backing up data is a critical role of a network administrator. The frequency of a backup will depend on the size, type and nature of an organisation. Daily backup and normal.

Backup, Restore and Redundancy cont… Home Different types of backup include

Incremental and differential Considerations include; the quantity of

data, the appropriate media, frequency including times and the storage locationRedundancy is managed by servers running RAID (Redundant array of independent disks) which is a live backup mechanism with multiple hard disks maintaining multiple images of the data

Audit Logs Home

Keep a record of network and database activity

They record who has done what, where and when

Reference to the service accessed and the identity of the user.Syslog is one of the most common systems in use to maintain simple, auditable records of system activity across a network. The syslog server stores all access records for the network administrator to review.

Firewalls

Simple home use firewall are automatic and seldom require user intervention. Commercial firewall configuration is essential to ensure efficient and effective movement of data.

Firewalls block unwanted traffic, configure with care. In systems where data has enter into the network (such as a Email or Web server), two or more firewalls maybe installed to offer zones of security, allowing different security levels depending on the direction of the traffic.

Firewalls cont… Home

Many firewall work in conjunction with NAT (Network Address Translation) Systems, with the internal devices all hidden behind one (or a small group of) external IP address /addresses

There are 65536 UDP ports and 65536 TCP ports, as well as ICMP, IP and other protocols

Virus Management

Virus checking software come in many shapes and sizes, from those which only cover viruses, trojans and worms to comprehensive integrated security suites that interact with a firewall and the operation system.

Anti-virus checking system are only as good as the databases (dictionaries/dat files) ensure these are kept up to data

AV software runs in the background check for the icon in the system tray

Virus Management cont…

scan each file as it is opened for any ‘fingerprints’ which match the virus definitions

Identifies any ‘suspicious’ activity from a running programCorporate anti-virus system must be deployed centrally as well as local computers. Many companies will:

have a sever which downloads the latest definitions and distribute them to workstation

Virus Management cont..Home Monitor all incoming and outgoing traffic

(including attachments) for potential threats, this may be via a router, proxy, server or firewall

Use anti-virus software in partnership with administration policies to prevent systems running unacceptable software (hacking programs and games) by finding the MD5 hash for each application.

AV is used in conjunction with anti-spyware tools like windows defender

VPN’s Home

The use of VPNs allows organisations to communicate from site to site across a public system (like the internet) via a tunnel which is a agreed route for all encrypted traffic.

Therefore VPNs create a trusted connection on a system which is not trusted.

There are many protocols and methods used in the management of VPNs; the primary purpose of these is to prevent snooping and fraudulent authentication.

Intrusion Detection Systems

These go beyond the role of a firewall and will monitor traffic for undesirable manipulations from hackers and the tools they may use.

Passive systems record hacking attempts for the networks administrator to action.

Reactive systems (intrusion prevention systems) reconfigure the firewall to block the intrusion

Intrusion Detection Systems cont…Home Traffic control is managed using a

access-control list (ACL) and routing protocols.Access

list 101

Permit

TCP 192.16.0.0

0.0.0.255

172.16.10.16

0.0.0.15

Eq 80

This is a rule that has a unique number

Can be permit or deny

This could be TCP, UDP or IP

Source network device or range of devices

This is the source wildcard mask *

Destination network device or range of devices

Destination wildcard mask *

Is equal to TCP port 80

Rules are in lists and executed in order when the conditions matchIf you have a ‘deny FTP’ before an ‘permit FTP, then traffic will never be allowed ACL have a default deny all at the end. If you only write permits all other traffic is denied

Passwords

Password management is essential. Tried and tested Most commonly used in all areas of

organisational system security. Organisational policies include;

Not writing down passwords Change passwords periodically (7-90 days) Use strong passwords with eight or more

characters Use a nonsense password to avoid social

engineering.

Passwords cont…Home

How to think of a nonsense password. Try mixing nouns (names) and adjectives (something that modifies a noun). For example

Many systems will log failed attempts when users forget their password, with their username being locked out after three failed attempts.

Adjective Noun

Red Chicken

Atomic Snail

Hyper Cucumber

Micro Titan