Computer Network Security 2009 Computer Network Security by Ms Josephine Ayebare [email protected] c.ug [email protected] c.ug [email protected].

Computer Network Security 2009

Computer Network Computer Network SecuritySecurity

bybyMs Josephine AyebareMs Josephine Ayebare

josephineayebare@[email protected]

Computer Network Computer Network SecuritySecurity

bybyMs Josephine AyebareMs Josephine Ayebare

josephineayebare@[email protected]


Syllabus and Policies• Syllabus• Lectures and lecture’s notes• Private reading• (An assignment+2 test/3)30%• Group projects• Test 1 and coursework (1st Oct 2009)• Test 2 (5th Nov 2009) & 26th Nov Presentation• Final Exam (70%)• Must hand in on time


Course Outline• Introduction to network security• Security threats and counter measures• Risk assessment• Risk mitigation• Security Policies• Network intrusion Detection• Forensic technologies• Network Security Audit• Networking Security Technologies


Introduction• Today we will examine;• History of information• Key terms and concepts of Network

security• The security systems development life

cycle• The role of Network security

professionals.


Objectives• Upon completion of this lesson students

should be able to;• Describe what information security is

and how it came to mean what it does today.

• Discuss the history of computer security and how it evolves into information security


Objectives• Identify and define key terms and

critical concepts of Network security

• Outline the phases of the security system development life cycle

• Describe issues involved in Network security


What is network security?

• The protection of network systems that are used and the data that they process against unauthorized access.


History of information Security

• Computer security began immediately after the first mainframes were developed

• Groups developing code-breaking computations during World war II created the first modern computers

• Physical controls were needed to limit access to authorized personnel to sensitive military location

• Only rudimentary controls were available to defend against physical theft, espionage,and sabotage


The 1960s• Department of Defense’s Advance

Research Project Agency (ARPA) began examining feasibility of redundant networked communications.

• Dr.Lawrence Roberts developed the project from its inception


The 1970s and 80s• ARPANET grow in popularity as did its

potential for misuse• Fundamental problems with ARPANET security

were identified• No safety procedures for dial-up connections

to the APANET• User identification and authorization to the

system were non-existent• In the late 1970s the microprocessor

expanded computing capabilities and security threats


R-609-Study of Computer Security Begins

• Information Security began with Rand Report R-609.

• The scope of computer security grew from physical security to include;

• Safety of the data• Limiting unauthorized access to that

data • Involvement of personnel from multiple

levels of the organization


The 1990s• As networks of computers become

more common so did the need to interconnect the networks.

• Result was the internet first manifestation of a global network of networks

• In the early internet deployments, security was a low priority


The Present• The internet has brought millions of

computer networks into communication with each other many of them unsecured

• Ability to secure each now influenced by the security on every computer to which it is connected


What is security• “The quality or state of being secure to be

free from danger”• To be protected from adversaries• A successful organization should have

multiple layers of security in place:• Physical security• Personal security• Operation security• Communication security• Network security


What is Information Security

• The protection of information and its critcal element including the systems and hardware that use, store, and transmit that information

• Tools, such as policy awareness, training, education, and technology are necessary

• The C.I.A. triangle was the standard based on confidentiality, integrity, and availability

• The C.I.A. triangle has expanded into a list of critical characteristics of information.


Critical Characteristics of Information

• The value of information comes from the characteristics it possesses.– Availability– Accuracy– Authentication– Confidentiality– Integrity– Utility– Possession


Components of a Network

• To fully understand the importance of network security, you need to know the elements of a network.– Networking devices– Host– Shared peripherals– Networking media

Security measures must be implemented in those areas above

Network security is not only limited to the above but also to people, data, software and procedures


Securing the components

• A network can be either or both the subject of an attack and or the object of an attack.

• When a network is– the subject of an attack, it is used as

an active tool to conduct the attack.– the object of an attack, it is the entity

being attacked.


Balancing Security and Access

• Impossible to obtain perfect Network security– Security is not an absolute; it is a process

• Security should be a balance between protection and availability

• To achieve balance, the level of security must allow reasonable access, yet protect against threats


Bottom Up Approach• Network security should be ensured

from the grass-root.– Network administrators attempt to improve

the security of their network

• It hardly works since it lacks critical features– Participant support– Organizational staying power


Top-down Approach• Initiated by upper management• Issue policy, procedures, and processes• Dictate the goals and expected outcomes of the

project.• Determine who is accountable for each required action• Pluses

– Clear planning – Dedicated funding– Chance to influence the Organization’s culture

• May involve a formal development strategy referred to as a systems development life cycle

• It’s the most successful


Network security development life Cycle

• Network security must be managed in a manner similar to any other major system implemented

• Using a methodology– Ensures a rigorous process– Avoids missing steps

• Goals is to create a comprehensive security posture/program


Network SecuritySDLC• It may be:

– Event driven – started in response to some occurrence

– Plan-driven – as a result of a carefully developed implementation strategy

• At the end of each phase comes a structured review


Investigation-Step 1• What is the problem the system is

developed to solve?• The objectives, constraints, and scope

of the project are specified• Cost• Feasibility analysis is performed to

assess the economic, technical feasibility of the process


Analysis- Step 2• Consists of primarily

– Assessments of the organisation– The status of current systems– Capability to support the proposed system

• Analysts begin to determine– What the new system is expected to do– How the new system will interact with existing

systems

• Ends with the documentation of the findings and a feasibility analysis update


Logical Design-step3• Based on security need, applications are

selected.• Data support and structures capable of

providing the needed inputs are identified.

• Device naming, protocols enabling done, restriction defined.

• An over view of the network operational functionality are portrayed.


Physical Design-step 4• Specific technologies are selected to

support the alternatives identified and evaluated in the logical design

• Selected components are evaluated• Entire solution is presented to the

end-user representatives for approval


Prototyping• Design a simple network but

representing the system suggested by use of interactive tools (packet tracer)

• It should be able to achieve all the objectives of the proposed Network as far security is concerned.

• If successful, then implementation can take place.


Implementation-step 5• Components are ordered,

received, assembled and tested.• Users are trained and

documentation created.


Maintenance and change-step 6

• Tasks necessary to support and modify the network for the remainder of its useful life

• The life cycle continues until the process begins again from the investigation phase

• When the current system can longer support the mission of the organization, a new project is implemented


Objectives of the Network Security SDLC• To identify threats and controls to

counter them• Identify the statement of program

security policy• To identify, assess and evaluate the

levels of risks• To create a detailed plan of the

Network


lecture2


Security Concepts• Challenge Handshake Authentication Protocol

(Chap)• Certificates• Security Tokens• Kerberos• Multi-factor• Smart Cards• Biometrics• Services and protocols• Security Topologies


Challenge Handshake Authentication Protocol• It’s a protocol that challenges a system to verify

identity.• It doesn’t use username and password mechanism

rather the initiator sends a logon request from the client to server.

• Server sends a challenge to the client• Challenge is encrypted and sent back to the server.• Server compares value and acts according.• It basically involves three steps

– Logon request & challenge– Response from client– Authorize or fail


certificates• They are a form of authentication.• Server or certificate authority can issue

a certificate that will be accepted by the challenging system.

• Certificates can either be physical access devices (smart cards) or electronic certificates that are used as logon process.


Security Tokens• Similar to certificates• Contain the rights and access privileges of the

token bearer as part of the token• If your token does not grant access to certain

information that information will either not be displayed or your access will be denied.

• The authentication system creates a token every time a user or a session begins.

• At the completion of a session, the token is destroyed.


Kerberos• Kerberos allows for a single sign-on to a distributed

network.• Kerberos authentication process uses a Key Distribution

Center (KDC) to coordinate the entire process.• The KDC provides the principle (users, programs or

systems).• KDC provides a ticket to the principle.• Ticket is used to authenticate against other principle.• This occurs automatically when a request or service is

performed by another principle.


Multi-Factor• It a method of authentication

where two or more of access methods are used.

• Two-factor is an authentication system that uses smart cards and passwords.


Smart Cards• It’s a type of card that can allow access to

multiple resources including buildings, parking lots and computers.

• Each area or computer will have a reader in which you can either insert your card or have it scanned.

• This card contains information about your identity and access privileges.

• The reader is connected to the workstation and validates against the security system.


Biometrics• Biometric devices use physical

characteristics to identify the users• They include • hand scanners (fingerprints, scars)• retinal scanner (eye retinal patterns)• DNA scanner (unique portion of DNA

structure)


Protocols and Services• They are a key part of security Some protocols send passwords

over the network unencrypted. They include:

TelnetFTPSNMP etc


Computer Network Security

• Design Goals• Security Zones• Technologies• Business Requirement


Design Goals• It deals with ensuring

confidentiality, Integrity, Availability, Accountability.

• Also different people must be identified


Design Goals• Confidentiality To prevent or minimize unauthorized access and

disclosure of data and information• Integrity To make sure that the data being worked on is the

correct• Availability To protect data and prevent its loss Accountability who is responsible??


Security Zones• This is a design method that isolates

systems from other systems or networks.

• Most common Security Zone– Internet– Intranet– Extranet– DMZ


Security Zones• It’s a global network that connects computer and networks

together.• Low-trust level• Intranet It’s a private network implemented and maintained by an

individual company or organization.

They can also be connected to the Internet but are not available for access to users that are not authorized to be part of the Intranet.

Access to the Intranet is granted to trusted users inside the corporate network or users in remote locations.


Security Zone• Extranet• It extends intranets to include outside

connection using a secure communications channel using the Internet.

• The connections are between trustworthy organizations which may be through Internet thus use of Tunneling protocol to accomplish a secure connection.


DMZ• Demilitarized Zone (DMZ)• It is an area where a public server is placed

for accessibility by people not trusted.• Isolating a server in a DMZ access to other

areas in the network is hidden.• Within the network the server can be

accessed but the outsiders can not have access to the internal network.

• This is accomplished by use of firewalls.


Network Security Technologies

• Virtual Local Area Networks (VLANs)• A VLAN enables the creation of groups of

users and systems and segments them according to functions or departments (grouped logically in stead of physically).

• Segments are hidden away from each other.• VLAN can also be set up to control the paths

that data takes to get from one point to another

• Network Address Translation (NAT)• Tunneling


Network Address Translation (NAT)

• NAT creates a unique opportunity to assist in the security of a network.

• NAT extends the number of usable internet addresses

• It allows the organization to a single address to the Internet for all computer connections.

• NAT effectively hides a network from the world.

• NAT server acts as a firewall on the network.• Also routers support NAT translation.


Tunneling• It refers to the ability to create a virtual

dedicated connection between two systems or networks.

• A tunnel is created between the two ends by encapsulating the data in a mutually agreed upon protocol for transmission.

• Data passed through tunnels appears the other side as part of the network.

• Tunneling protocols include data security as well as encryption.


Business Concerns• This is about making a conscious

examination of the current security situation.

• Asset identification• Risk assessment• Threats identification• Vulnerability evaluation


• Asset identification• It’s the process in which a

company attempts to place a value on the information and systems in place


Security Threat and Counter Measures

• Attacks• Malicious Software• Counter measures


Attacks• An attack is an act performed by an

individual or group of individuals in attempt to access, modify or damage a system.

• Attacks are classified into three:– Access Attacks– Modification and Repudiation Attacks– Denial of service Attacks


Access Attacks• An attempt to gain access to

information that the attacker is not authorized to have.

• They bleach confidentiality• Can be external or internal• Can be done through use of Physical

access or capturing information over the network.


Physical Access Method• Dumpster diving is a physical

access method.• Access to information (on paper)

that has been thrown away.• Papers that contain sensitive

information should be burnt done if no longer in use.


Capturing information over the network types• Eavesdropping It’s a process of listening in on network

traffic due to carelessness of the networks in communication. Is a passive attack

• Snooping It involves someone searching through

the electronic files trying to find something interesting.


Conti • Interception is act of routinely

monitoring of network traffic.• It includes putting a computer

system between the sender and the receiver to capture information as it is sent.


Modification and Repudiation Attacks

• Modification Attacks• Changing or modifying information in an

unauthorized manner.• Similar to access attacks because they require

access to the servers.• Involves deletion, insertion or alternation of

information that appears genuine to the user.• Repudiation Attacks• Changes information to invalid or misleading


Denial of Service Attacks (DoS)

• Denials users access to resources that they are authorized to use.

• For example, an attacker may attempt to bring down an e-commerce website to prevent or deny usage by legitimate customers.

• Common on the internet.• DoS can deny access to information,

applications, systems or communications.• Dos attack on an application brings down the

website but communication and systems continue to operate.


Conti DoS• DoS attack to a system the operating system is

crashed.• Common Dos attack involves opening as many TCP

sessions as possible. Its called TCP SYN flood Dos attack.

• Distributed Denial of Service Attacks (DDoS)• Use of multiple computers to attack a single

organization.• Attacker loads an attack program onto many computer

systems (zombies) that use DSL or cable modems.• The master computer sends a signal to the computers

instructing them to launch an attack at once on the target network or system.


Common Attacks• Back Door Attacks• Gains access to the system then loads

a Backdoor program.• Program allows other users access

without password and gives administrative privileges.

• Tools used to create backdoors; Back Orifice, Netbus.


Conti common Attacks• Spoofing Attacks• Its an attempt by someone or

something to masquerade as someone else.

• Uses Program that fakes a logon• The client enters username and

password which the attacker copies but still access to the user is denied


Conti Common Attacks• Man in the Middle• Software is place between the client (user)

and server• The user intercepts and then sends the

information to the server.• Server responds to the middle man knowing

it’s the legitimate user.• Middle man may alter, record or compromise

security standards of the user.• Middle man appears to be the server to the

user.


Conti Common Attacks• Replay Attack• Information is captured over the

network and stored for later use.• Eg security certificate from systems

like kerberos tapped and later used for the authentication process.

• Access is gained.


Conti common attacks• Password Guessing Attacks• Two types of password guessing

– Brute Force Attack Its an attempt to guess passwords until a

successful guess occurs. (passwords should be long)

– Dictionary Attack Attack that uses a dictionary of common

words to attempt to find the password of the user


Network Attacks in Regards to TCP/IP

• TCP/IP protocol suite is broken down into four protocol or architecture layers.

• Application Layer• Host-to Host or Transport layer• Internet layer• Network Interface layer


TCP/IP Architecture layer

Application

Transport

Internet

Network Access

HTTP SMTP

TCP UDP

IP

Network Topology


Application Layer• It’s the highest layer of the TCP/IP suite.• It allows applications to access services

or protocols to exchange information.• Application protocols include: HTTP,

FTP, SMTP, Telnet, DNS, RIP, SNMP & POP


Application protocols• Hypertext Transfer Protocol (HTTP) is the protocol used for

web pages and the World Wide Web.

• File Transfer Protocol (FTP) is an application that allows connections to the server for upload and download of files.

• Simple Mail Transfer Protocol (SMTP) is the protocol that controls electronic mail communications.

• Telnet is an interactive terminal emulation protocol. It allows a remote user to conduct an interactive session with a Telnet server.


Application Protocol• Domain Name System (DNS) allows hosts to

resolve host names to an Internet Protocol (IP) address.

• Routing Interior Protocol (RIP) allows routing information to be exchanged between routers on an IP Network.

• Simple Network Management Protocol (SNMP) it’s a management tool that allows communications between network devices .

• Post Office Protocol (POP)


Host-to Host/Transport• Provides the Application layer with

session and datagram communications services.

• Protocols in this layer are:• Transmission Control Protocol (TCP)• User Datagram Protocol (UDP)


Transport layer Protocols

• TCP provides a reliable one-to-one connection-oriented session. It ensures that all packets have been received at the destination. Packets are decoded and sequenced properly.

• UDP provides unreliable connections. It does no error checking


Transport Layer• TCP and UDP both use ports to define the

communication process by adding it on their header in the segment.

• Ports are special addresses that allow communication between hosts.

• A port is a number added from the originator indicating which port to communicate with on the server.

• Internet Assigned Numbers Authority (IANA) defined a list of well known port numbers


Transport layer• Well known TCP ports TCP Port No: Service 20 FTP (Data channel) 21 FTP (Control Channel) 23 Telnet 25 SMTP 80 HTTP 139 NetBIOS Session Service 443 HTTPS


Transport layer• TCP Three-Way Handshake. This a method the

TCP uses to establish sessions between hosts.• A host called a client initiates the connection.

It sends a TCP segment containing an initial Sequence Number( ISN) for connection and a window size to the server (SYN).

• The server sends back a segment containing an ISN and a window size. (SYN/ACK)

• The client sends an acknowledgement to the server agreeing to the terms. (ACK)


Internet Layer• This layer is responsible for routing, IP

addressing and packaging. It deals with 4 protocols

• Internet Protocol (IP)• Address Resolution Protocol (ARP)• Internet Control Management Protocol

(ICMP)• Internet Group Management Protocol

(IGMP)


Internet protocols• IP is responsible for ip addressing. It only

routes information but doesn’t clarify for accuracy. It is interested in the destination address. If not known it sends information to the router.

• ARP is responsible for resolving IP addresses to Network Interface layer including Hardware addresses (Media Access Control-MAC ) used to identify hardware network devices such as Network Interface Card (NIC)


Internet protocols• ICMP provides maintenance and reporting

functions. PING program uses it to test for connectivity. ICMP returns feedback. Either Reply from the pinged host or Host unreachable message. Routers and other Networking Devices report path information between hosts with ICMP.

• IGMP manages IP multicast groups. IP Multicast sends packets to a specified group of hosts.


Network Interface Layer

• Responsible for placing and removing packets on the physical network


TCP/IP Attacks• TCP/IP can be attacked by both the

outsiders and insiders. However the outsiders can be blocked by use of networking devices like routers. The insiders are more likely to carry out attacks because they have access to all protocols used in the network.


Network Sniffers• A network sniffer is a device that captures and

displays network traffic. Computers existing on the network have the ability to operate as sniffers. Network Cards only pass up information to the protocol stack if the information is intended for that computer.

• Most NICs can be placed in promiscuous mode.• Promiscuous mode allows NIC cards to capture

all information that it sees on the network.


Port Scans• Port scan is when an attacker queries your

network to determine which services and ports are open.

• Note that unless routers are configured appropriately, will let all of the protocols pass through them.

• Once the attacker knows the IP addresses of any system in the network, he/she can attempt to communicate with the ports open in the network.


TCP SYN or TCP ACK Flood Attack

• TCP begins as a normal TCP connection. However in this attack the client continually sends and receives the ACK packets but does not open the session. Thus the connection doesn’t take place. Routers can track and attempt to prevent this attack.


TCP Sequence Number Attack

• The attacker intercepts between the client and server and then responds with a sequence number similar to the one used in the original session or hijack a valid session. The victim then receives a message that there is a disconnection and so a new connection is established.


Malicious code

• Do research on malicious code and had in before 17th September 5:00pm


Risk Assessment• Is the process of determining the relative risk for each

vulnerability. Vulnerabilities and threats are identified.• Vulnerability is a specific avenue that threat agents can

exploit to attack an information asset.• A threat is an object, person, or other entity that

represents a constant danger to an asset. It therefore has potential to attack any of the assets protected.

• For each threat or vulnerability the severity of impact upon the system’s confidentiality, integrity and availability, the likelihood of the vulnerability exploit occurring given existing security controls are determined.


Risk Assessment• The product of the likelihood of occurrence

and the impact severity results in the risk level for the system based on the exposure to the threat/vulnerability pair.

• Risk level is determined for each vulnerability and threat then the safeguards are identified for pairs with moderate or high risk levels.

• The risk is re-evaluated to determine the remaining risk, or residual risk level, after the safeguard is implemented.


Risk Assessment• It has three main phases:• Network System Documentation • Risk Determination• Safeguard Determination


Network system Documentation Phase

• It provides the background information to describe the network and the data it handles, and the assets involved and their worth.

• It establishes a framework for subsequent RA phases.

• Network identification that includes– Network description– Functions and Assets– Network Security level determination


Document Network Identification

• It includes: • Documenting the Network name, the

particulars of the organization in which the network belongs, the type of network and other related information.

• Documenting the contacts of the network managers and other related information.

• Identify the individual (s) responsible for security and the component’s Information Network Security Officer.


Document Network Purpose and Description

(Asset Identification)• Document a brief description of the

function and purpose of the Network and the organizational Business processes supported including functions and transmission of data.

• Description of general technical description of the network including the physical and logical topologies. Also identify factors that raise special security concerns.


Document Network Identification

• This includes Documenting Network Security Level using the steps below.

• Describe and document the information handled by the network and identify the overall network system security level as Low, Moderate or High.

• Describe requirements for the Three pillars of information Confidentiality, Integrity and Availability.


Risk Determination Phase

• Its goal is to calculate the level of risk for each threat/vulnerability based on:

• The likelihood of a threat exploiting a vulnerability

• The severity of impact that the exploited vulnerability would have on the system, its data and its business function in terms of loss of confidentiality, loss of integrity and loss of availability.


Risk Determination Phase Steps

• This six-step process is conducted for each identified threat/vulnerability pair

• Identify potential dangers to information and the network (threats)

• Identify the Network weakness that could be exploited (vulnerabilities) associated to generate the threat/vulnerability pair.

• Identify existing controls to reduce the risk of the threat to exploit the vulnerability.


Risk Determination phase steps

• Determine the likelihood of occurrence for a threat exploiting a related vulnerability given the existing controls.

• Determine the severity of impact on the system by an exploited vulnerability.

• Determine the risk level for a threat/vulnerability pair given the existing controls.


Risk Determination Phase Table

Item No.

Threat Name

Vulnerability Name

Riskdescription

Exiting controls

Likelihood of occurrence

Impact severity

Risk level


Identification of Network Threats

• Identify threats that could have the ability to exploit Network vulnerability.

• Each threat identified has potential to attack any of the assets protected.

• To make this more manageable, each step in the threat identification and vulnerability identification process is managed separately and then coordinated at the end of the process.

• Each threat must be further examined to assess its potential to impact organization which is called threat assessment.


Network Vulnerability Identification

• Identify Vulnerability associated with each threat to produce a threat/vulnerability pair.

• Vulnerabilities may be associated with either a single or multiple threats.

• Previous documentations, reports and security bulletins may be used to identify vulnerabilities.


Describe Risk• Describe how the Vulnerability

creates a risk in the system in terms of confidentiality, integrity and availability elements that may result in a compromise of the Network and the data it handles.


Identification of Existing Controls

• Identify existing controls that reduce:– The likelihood or probability of a threat

exploiting an identified system vulnerability.– The magnitude of impact of the exploited

vulnerability on the system.• Existing controls may be management,

operational and technical controls depending on the identified threat/vulnerability pair and the risk to the Network.


Likelihood of Occurrence (LoC) Determination

• Determine the likelihood that a threat will exploit a vulnerability.

• Likelihood is an estimate of the frequency or the probability of such an event.

• Likelihood of occurrence is based on a number of factors that include Network architecture, information system access, existing controls, strength and nature of the threat and presence of vulnerabilities among others.


Likelihood of Occurrence

DeterminationLikelihood of Occurrence Levels

likelihood Description

Negligible Unlikely to occur

Very low Likely to occur two/three times every five years.

Low Likely to occur every year or less

Medium Likely to occur every six months or less

High Likely to occur once per month or less

Very high Likely to occur multiple times per month

Extreme Likely to occur multiple times per day


Severity of Impact (SoI) determination

• Determine the magnitude of severity of impact on the system’s operational capabilities and data if the threat is realized and exploits the associated vulnerability.

• Determine the severity of impact for each threat/vulnerability pair by evaluating the potential loss in each security category (C.I.A).

• The impact can be measured by loss of Network functionality, degradation of system response time, loss of public confidence or unauthorized disclosure of data.


Severity of Impact determination

• Impact severity levels are:– Insignificant-have no impact– Minor-minor effect cost of repair not much– Significant-Tangible harm – Damaging-damage reputation ie loss of confidence

and requires expenditure of significant resources to repair.

– Serious-loss of connected users,compromise of information or services

– Critical –cause Network to be closed permanently


Risk Level Determination

• Risk can be expressed in terms of the likelihood of the threat exploiting the vulnerability and the impact severity of that exploitation on the C.I.A of the Network.

• Mathematically Risk Level=LoC*SoI


Safeguard Determination Phase

• This involves identification of additional controls, safeguards or corrective actions to minimize the threat exposure and vulnerability exploitation for each threat/vulnerability pair identified in Risk determination phase and resulting in moderate or high risk levels.



steps• Identify the controls to reduce risk level of an

identified threat/vulnerability pair• Determine the residual LoC of the threat if the

recommended safeguard is implemented.• Determine the residual impact severity of the

exploited vulnerability once the recommended safeguard is implemented.

• Determine the residual risk level for the system.



tableItem No. Recommended

Safeguard Description

Residual LoC Residual Impact Severity

Residual Risk level


Identification of Safeguards

• Identify control safeguards for each threat/vulnerability pair with a moderate or high risk level.

• Its purpose of the recommended safeguard is to reduce or minimize the level of risk.


Identification of Safeguards

• Factors to consider when choosing a safeguard are:– Security area where the control/safeguard belongs, such

as management, operational, technical;– Method the control/safeguard employs to reduce the

opportunity the threat to exploit the vulnerability,– Effectiveness of the proposed control/safeguard to

mitigate the risk level.– Policy and architectural parameters required for

implementation. • Recommended safeguards will address the security

category (C.I.A) identified during the risk analysis process that may be compromised by the exploited vulnerability.


Residual LoC Determination

• Determine the likelihood or probability of an attack occurring

• If the attack is successful how much impact does it have on the Network?


Residual Risk level Determination

• Determine the residual risk level for the threat/vulnerability pair and its associated risk once the recommended safeguard is implemented.

• Residual Risk level is determined by examining the likelihood of occurrence of the attack exploiting the vulnerability and the impact severity factors in categories of C.I.A


RISK MITIGATION• This is the second phase of risk

management of course the first being risk Assessment.

• It is a systematic methodology used by senior management to reduce mission risk. It involves prioritizing, evaluating and implementing the appropriate risk-reducing controls recommended from the risk assessment process.


RISK MITIGATION• The risk mitigation options:• Risk Assumption-To accept the potential risk and

continue operating the IT system or to implement controls to lower the risk to an acceptable level.

• Risk Avoidance- To avoid the risk by eliminating the risk cause and/or consequence (eg.forgo certain functions of the system or shut down the system when risks are identified).

• Risk limitation-To limit the risk by implementing controls that minimize the adverse impact of a threat,s exercising a vulnerability (eg, use of supporting, preventive, detective controls)


Risk Mitigation options• Risk Planning- To manage risk by developing

a risk mitigation plan that prioritizes, implements, and maintains controls.

• Research and Acknowledgment- To lower the risk of loss acknowledging the vulnerability or flaw and researching controls to correct the vulnerability.

• Risk Transference- To transfer the risk by using other options to compensate for the loss, such as purchasing insurance.


Risk Mitigation note• It may not be practical to address

all identified risks, so priority should be given to threat and vulnerability pairs that have the potential to cause significant mission impact or harm.


Risk Mitigation Strategy

• When and under what circumstances should the controls be taken?

• When vulnerability exists-implement assurance techniques to reduce the likelihood of a vulnerability’s being exercised.

• When a vulnerability can be exercised- Apply layered protections, architectural designs and administrative controls to minimize the risk of or prevent this


Risk Mitigation Strategy

• When loss is too great-Apply design principles, architectural designs and technical and nontechnical protections to limit the extent of the attack, thereby reducing the potential for loss.

• When the attacker’s cost is less than the potential gain- Apply protections to decrease an attacker’s motivation by increasing the attacker’s cost (eg. Use of Network system controls such as limiting what a user can access and do can significantly reduce an attacker’s gain).


Approach for Control Implementation

• The following steps must be taken:– Prioritize Actions -step1– Actions ranking from High to Low -step2– List of feasible controls -step3– Cost-benefit analysis describing the cost and

benefits of implementing or not implementing the controls .-step4

– Select Control -step5– Assign Responsibility -step6– Develop a safeguard Implementation Plan -step7



• Prioritize Actions• Basing on the Risk levels presented in Risk

assessment implementation actions are prioritized.

• High takes the first priority, then meduim and lastly low

• Evaluate Recommended Control Options• During this step the feasibility and effectiveness

of the recommended control options are analyzed. The main objective is to select the most appropriate control option for minimizing risk.



• Conduct Cost-Benefit Analysis This is to aid management in decision

making and to identify cost-effective controls.

• Select Control The controls selected should combine

technical, operational and management control elements to ensure adequate security for the Network.



• Assign Responsibility Appropriate persons who have the

appropriate expertise and skill-sets to implement the selected control are identified, and responsibility is assigned.



• Develop a Safeguard Implementation Plan. The plan should at minimum contain the following:– Risks and associated risk levels– Recommended controls– Prioritize actions– Selected Planned controls (determined on the basis

of feasibility, effectiveness, benefits to the organization, and cost)

– Required resources for implementing the selected planned controls.



– Lists of responsible teams and staff– Start date for implementation– Target completion date for implementation– Maintenance requirements

• Implement selected controls The implemented controls may lower

the risk level but not eliminate the risk.


Control Categories• Controls are categorized into:• Technical Network security• Management Network Security

Controls• Operational Network Security

Control


Technical Network security

• This requires security configuration to set onto machines and software installed that guards against threats. The measures should work together to secure critical and sensitive data, information, and Network functions.

• Technical controls can be grouped into:– Supporting Technical controls– Preventive Technical controls– Detection and Recovery Technical controls


Supporting Technical Controls

• These are basic controls onto which other controls are implemented. They are interrelated with other controls. They are also categorized into:– Identification- provide ability to uniquely identify

users, processes and information process.– Cryptographic Key Management- Includes secure

key generation, distribution, storage and maintenance

– Network Security Administration- Security features must be configured ie enable/disable.

– Network Protection- Protection in terms of the various security functionality to be implemented.


Preventive technical Controls

• These basically prevent the violation of security policies. They include:– Authentication- proving that identity is what it claims to

be.– Authorization-permits/denys actions for a given network.– Nonrepudiation- deals with ensuring that sender don’t

deny sending information and the receivers not denying that they received the information.

– Protected Communication- ensures C.A.I while in transit. It uses data encryption methods to minimize interceptions, packet sniffing, replay etc.

– Transaction Privacy- protects against loss of privacy with respect to transactions performed by an individual. This achieved through use of Secure Sockets layer, secure shell.


Detection and Recovery Technical

Controls• Detection controls warn of violation or

attempted violations of security policy they include Intrusion Detection methods.

• Recovery controls are used to restore lost computing resources.

• Detection and Recovery controls include:– Audit- Monitoring and tracking the

abnormalities after-the-fact detection of and recovery from security breaches.


Detection and Recovery Technical

Controls– Intrusion Detection and Containment-Detects a

security breach.– Proof of Wholeness- analyses network integrity

and identifies exposures and potential threats. This control doesn’t prevent violations of security policy but detects violations and helps determine the type of corrective action needed.

– Restore Secure State- This service enables System to return to a state that is known to be secure, after a security breach occurs.

– Virus Detection and Eradication- Detects, identifies and eradicates viruses.


Management Security Controls

• Management controls focus on the stipulation of information protection policy, guidelines and standards, which are carried out through operational procedures to fulfill the organization's goals and missions.

• These controls are divided into:– Preventive Management Security Controls– Detection Management Security Controls– Recovery Management Security Controls


Preventive Management Security

Controls• These controls include:

– Assigning security responsibility to ensure that adequate security is provided for mission-critical.

– Develop and maintain Network security plans to document current controls and address planned controls for Networks in support of the organizations mission.

– Implement personnel security controls, including separation of duties.

– Conduct security awareness and technical training to ensure that end users and system users are aware of the rules of behavior and their responsibilities in protecting the organisation’s mission.


Detective Management Security Controls

• These controls include:– Implementing personnel security controls, including

personnel clearance, background investigations, rotation of duties.

– Conducting periodic review of security controls to ensure that the controls are effective.

– Performing periodic system audits.– Conducting ongoing risk management to assess and

mitigate risk.– Authorize Network system to address and accept

residual risk.


Recovery Management Security Controls

• These controls include:• Providing continuity of support and

develop, test, and maintain the continuity of operations plan.

• Establishing an incident response capability to prepare for, recognize, report, and respond to the incident and return the Network to operational status.


Operational Security controls

• Organisation has to establish a set of controls, policies and guidelines to ensure that security procedures are enforced and implemented. Management comes in handy to make sure that the policies are implemented.

Preventive Operational • Examples of operational security controls :

Provide backup Secure wiring closets that house hubs and cables Safeguard computing devices


Operational Security controls

• Detection Operational Controls include: Provide physical security (sensors

and alarms) Ensure environment security (use of

smoke and fire detectors, sensors and alarms).


Cost-Benefit Analysis• Allocate resources and implement cost-

effective controls.• Identify all possible controls and evaluate

their feasibility and their effectiveness.• Consideration:

– Determine the impact of not and implementing the new enhanced controls.

– Estimate the cost of implementation• Hardware and software costs• Additional policies• Training costs• Maintenance costs

Computer Network Security 2009 Computer Network Security by Ms Josephine Ayebare [email protected] c.ug [email protected] c.ug [email protected].

Documents

timecomputer network

physical security

arpanet security

history of computer

scope of computer security

protection of network

global network of networksin

millions of computer