CPT 499 Internet Skills for Educators. Internet Security Why security Server software security problems Server software security solutions Security Policies.
Post on 11-Jan-2016
214 Views
Preview:
Transcript
CPT 499 Internet Skills for Educators
Internet Security
Why securityServer software security problemsServer software security solutionsSecurity Policies
Internet Security
Anyone connected to the Net should be concerned about data security and the safety of their system
Internet has surpassed two million reachable hosts
Number of users unknown
Internet Security
Most Internauts are well-behavedYet there does exist ill-behaved and
malicious users within the large Internaut population
Individual user that runs Internet clients seldom has anything to be concerned about
Internet Security
The office network; business networks; and government networks, on the other hand, have much to be concerned about when it comes to legacy data on their systems
Their systems could come under an INTERNAUT ATTACK
There is hope
Internet Security
In the nut shell, security is the process of keeping anyone from doing things you don’t want them to do to with, on, or from computers or peripheral devices
Determine what resources need to be protected
Internet Security
Now computers running software with sensitive legacy data is a resource to protect
Software with configuration files may contain sensitive information must be protected
Internet Security
A hacker, cracker, or attacker who compromises or impersonates a host will have access to all of its resources: files, hard drives, etc..
Internaut attackers may be more interested in the laundry further ongoing connections to other more targets.
Internet Security
Defining what needs protecting in general dictates the host-specific measures needed
Machines running sensitive files may need extra levels of passwords, file encryption, a password policy, etc..
Internet Security
If the target is network connection, the network administrator may ask for certain privileges to access the network
When these privileges are activated, extra logging activities may take place on the system
Sometimes if you want to protect all resources Internaut attackers must be stopped at the front door
Internet Security
Not all attacks come from the outsideMust define who the system must be
protected fromDifferent levels of attacks require
different levels of security
Internet Security
Security against a teenager with a modem may not be good enough for an intelligent, malicious, dedicated group of individuals
For the teenager an enhanced password system may do the job
For the others wiretapping, cryptanalysis, or monitoring the electronic emissions of computers and wires may be needed
Internet Security
The security defenses are proportional to the value of the resources and assets to be protected
Yet the cost of security on the system is also a factor
Some systems may require extra routers or computers to build a firewall gateway
Internet Security
There is also the cost of training or hiring individuals to administer the security, develop security software, or to buy security software
Too much or too little can hurt a systemKeeping hackers, crackers, or attackers
off your system depends on how assets are valued
Internet Security
An Internaut attacker that enters the system will be able to send nasty notes or data from the system, using a legal user ID or may use the system to enter other systems pretending to be one of the systems users
Internet Security
Due to the dynamic nature of the environment server software is often developed rapidly and has not passed rigorous security testing and may have serious vulnerabilities
Yet, there are tools and protocols to protect the system from being compromised
Internet Security
Yes, the largest threat exists when you decide to serve information on the Internet
When an information server is placed on the Internet, it should reside in a system designed and dedicated solely for such a purpose
Only information to be distributed should reside on that system
Internet Security
Make the assumption that information on the system will be available to the Internet public
Therefore, the server system should be disconnected from the rest of a systems network to provide minimum security exposure
Internet Security
Not always practical therefore a firewall or a firewall gateway may be necessary
A firewall gateway is to serve the line of trust at certain key points
It trust only a few other machines and only for certain functions
Internet Security
A firewall is a perimeter defenseFirewalls do not provide any protection
once an Internaut attacker has passed them
A firewall is one or more components of a network that permits only authorized inbound and outbound traffic
Internet Security
Firewalls have a higher security profile than any other component on the network
A firewall usually sits between the Internet and the local network
It provides extensive tools to enforce a security policy and is meant to screen client and server request
Internet Security Policy
A security policy is a set of enforced rules and behaviors that applies to people and systems
Policies should be considered by all Internet users
Single-user computersLarge Organizational LANs
Internet Security Policy
Security policies vary according to type of user organizations
Some organizations have unrestricted access policies
Other organizations have very restrictive policies
Internet Security Policy
Single user should be aware that the system is secure if no Internet server applications are loaded
Most Internet Service provider’s have extensive security policies and are capable of serving data without exposure
Internet Security Policy
If service provider provides server applications, single user preserves the security level of client computer
Thus security for single user not necessary
For organization password policies and security standards are necessary
Internet Security Policy
Commonly used security policiesLeast restrictive policy - permit all
users to access all resources - used for years on the Internet - can be disastrous - mainly academic or scientific communities
Internet Security Policy
Trusted access requires password access and authentication for every resource - requires careful design and time to implement - requires encrypted verification and passwords for all inbound and outbound traffic - purpose to ensure information not transmitted to or from an unsecured location
Internet Security Policy
No access - defeats the purpose of Internet attachment - organizations not attached to the Internet by default implement this policy - several commercial organizations are not connected to the Internet
Internet Security Policy
Commercial organizations, government agencies, and military establishments need a highly structured security policy
Academic and scientific communities need cautious policies
Single users need to think about the policy they want to follow
Internet Security Policy
Every organization has more than one exposure point concerning security if the are connected to the Internet
Organizations need to determine exposure points and establish these areas as the focus of security policy
Internet Security Policy
Typical areas of focusNetwork security - the goal is to prevent
any unauthorized entry into the systemPhysical protection of hardware - the goal
is to physically secure computers and develop a tracking system for equipment assigned to individuals within the organization
Internet Security Policy
Access rules and regulations - establish who may and may not enter specified areas of the computer network
Virus protection - includes methods for keeping the protection against the latest viruses up-to-date
Internet Security Policy
Disaster recovery - requires planning for major shutdowns or loss of computer capability or file storage due to extended power outages, severe weather such as floods, tornadoes, and earthquakes
Backup plans - the goal is to preserve critical information
Internet Security Policy
Steps in developing a security policydetermine what needs protectiondetermine who should and should not have
access to protected areas and at what level
determine how protection will occurdraft and approve a policyimplement a policymaintain and update the policy
Internet Security Policy
Security is the act of protecting computer resources and data from unwanted access and use
Security risks come mainly from inside organizations but can also come from Internaut hackers, crackers, and attackers
Internet Security Policy
In addition to system Internaut attackers, computer systems need protection from viruses
Viruses rob computer resources and destroy valuable data
Internet Security Policy
Methods of protecting involve the use of firewalls, user identification and authentication, and encryption
Firewalls establish barriers to system entry from inside as well as outside
Firewalls can be broken down into three generations of firewalls
Internet Security Policy
Packet-filtering systemsBastion hostsProxy gateways and stateful inspection
Identification and authenticationidentification is the process of obtaining
information from the user to determine authorization
Internet Security Policy
Authentication is the process of the system establishing the identity of users asking for entry into the system
Passwords, user Ids are identification techniques
Smart cards and biometrics are authentication techniques
Digital Ids or certificates us both techniques
Internet Security Policy
Encryption uses a mathematical formula to code or scramble data for transmission over the Internet
Receiving end decodes using a “key” that solves the mathematical problem and reassembles the message
Internet Security Policy
Virus protection uses special software designed to detect and protect a computer system from viruses
New viruses develop daily so organizations must continually monitor new viruses and adapt the virus protection software to keep pace
top related