Network Professional Network Professional Course Course Information & Network Security Information & Network Security U Nyein Oo U Nyein Oo Director/COO Director/COO Myanma Computer Co., Ltd Myanma Computer Co., Ltd
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Network Professional CourseNetwork Professional CourseInformation & Network SecurityInformation & Network Security
U Nyein OoU Nyein OoDirector/COODirector/COO
Myanma Computer Co., LtdMyanma Computer Co., Ltd
Copyright : MCC 2
Information Security Basics
Define Information SecurityDefine Information SecurityDefined as: Measures adopted to prevent
the unauthorized use, misuse, modification, or denial of use of knowledge, facts, data, or capabilities.
Copyright : MCC 3
Information Security Basics
Different Type of Security Physical Security Communication Security Network Security
Copyright : MCC 4
Security is a Process
Obviously, you cannot rely on just one of the types of security to protect your organization.
Likewise, you cannot rely on a single security product “ie. Firewall” to provide protection to your computers and networks.
Copyright : MCC 5
Security is a Process
Kinds of Security Process Anti Virus Software Access Control Firewall Intrusion Detection Policy Management Vulnerability Scanning
Copyright : MCC 6
Security is a Process
Anti-Virus Software Anti-Virus software is necessary as part of a good
security program. If properly implemented and configured, it can greatly reduce the networks exposure to malicious programs
Anti-Virus will not however protect the network from being misused through exploiting a legitimate program or service.
Copyright : MCC 7
Security is a Process
Access Controls Nearly all devices on a network have the ability to
perform Access Control. If a system is properly implemented and configured, access to restricted or sensitive data becomes much more difficult.
Access Controls will not necessarily prevent someone from using a system vulnerability and restricted data.
Copyright : MCC 8
Security is a Process
Firewalls Firewalls are designed to protect an internal
network from external attacks. By their nature, they are border security devices, and protect the networks at the border only. Properly configured, firewalls have become a network security necessity.
However, a firewall cannot prevent a webserver with a vulnerability from being compromised if access to that web server is permitted. Firewalls will also not protect the internal network from internal attacks.
Copyright : MCC 9
Security is a Process
Intrusion Detection IDS has the ability to recognize attack signatures
and in some cases act what they identify. IDS is a system that generally only alerts someone of an attack attempt.
However, IDS in many cases never prevents the attack from being successful.
New technology in this arena is promising in being able to detect an attack and block it on the fly.
Copyright : MCC 10
Security is a Process
Policy Management Policies and procedures are and important part of a
good security program, and management of policies across computer systems is equally important. With policy management systems, an organization can be alerted when any system does not conform to a policy.
However, policy management systems do not take into account vulnerabilities in systems or mis-configuration of applications. It also doesn’t guarantee that users will not write down passwords, or other access sensitive data.
Copyright : MCC 11
Security is a Process
Vulnerability Scanning Scanning for vulnerabilities is another good part to
a security program. Such scanning will help identify potential entry points for intruders.
Vulnerability scanning does not protect computers. Security measures need to be implemented immediately after a vulnerability is identified. Vulnerability scanning will also not detect users who may already have illegitimate access to systems.
Copyright : MCC 12
Type of Attack
The Following are kinds of Attack Access Attack
Spoofing Eavesdropping Interception
Modification Attack Changes in Data Insertion of Data Deletion of Data
Denial of Service Attack Repudiation Attack
Copyright : MCC 13
Types of Attacks – Access Attacks
An access attack is an attempt to gain access to information that the attacker is not authorized to see.
This type of attack can occur wherever the information resides, or exists during transmission.
Copyright : MCC 14
Types of Attacks – Access Attacks
Snooping Snooping is looking through information files in the
hopes of finding something interesting. If the files are on a computer, the attacker will open file after file in an attempt to find valuable information.
Copyright : MCC 15
Types of Attacks – Access Attacks
Eavesdropping Eavesdropping is when an attacker listens in on a
conversation they are not part of. To gain access to unauthorized information via eavesdropping, an attacker must position himself in a location where the information of interest is likely to pass.
Introduction of wireless networks has made this process much easier for attackers and their ability to “listen in”.
Copyright : MCC 16
Types of Attacks – Access Attacks
Interception Eavesdropping is when an attacker listens in on a
conversation they are not part of. To gain access to unauthorized information via eavesdropping, an attacker must position himself in a location where the information of interest is likely to pass.
Introduction of wireless networks has made this process much easier for attackers and their ability to “listen in”.
This type of attack can be very complex, and work on nearly every type of network.
Copyright : MCC 17
Types of Attacks – Modification Attacks
A Modification attack is an attempt to modify information that an attacker is not authorized to modify.
This attack can occur wherever the information resides. It may also be attempted while information is in transit.
This type of attack is an attack against the integrity of the information.
Copyright : MCC 18
Types of Attacks – Modification Attacks
Changes in Data Insertion of Data Deletion of Data
Changes to databases, files and systems is hard to detect without proper countermeasures.
Copyright : MCC 19
Types of Attacks – Denial of Service
Denial-of-Service (DoS) attacks are attacks that deny the use of resources to legitimate users of the system.
DoS Attacks do not generally allow the attacker to change or access data, rather just prevents the use of the data.
DoS Attacks are little more than vandalism Denial of Access to Information Denial of Access to Applications Denial of Access to Systems/ Communications
Copyright : MCC 20
Types of Attacks – Repudiation Attacks
Repudiation is an attack against accountability of information. In other words, repudiation is an attempt to give false information or deny that the real event or transaction should have occurred.
Network Security
Copyright : MCC 22
Why Security?
Security needs to be implemented at many levels. Most important security measures is network security. There are many potential risks and preventive
measure to network.
Copyright : MCC 23
Networking Basics
Before securing networks , we must understand about the networks.
There are many different networking protocols. At the Internet Protocol
TCP/IP ( TCP and IP ) The Internet Protocol is based on the common
networking model called OSI.
Copyright : MCC 24
OSI and TCP/IP Stack
Copyright : MCC 25
Packet
Packets are comprised of smaller chunks of data that each layer apends onto the packet data it receives from the layer directly above it.
The smaller chunks of data are refered to as datagram.
The destination address is included in the packet by the network(IP) layer.
Copyright : MCC 26
Packet Sniffing
Packet sniffing is a technique of monitoring every packet that crosses the network.
A packet sniffer is a piece of software or hardware that monitors all network traffic.
The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear text passwords and usernames or other sensitive material.
Copyright : MCC 27
Use of Packet sniffer
Searching for clear-text usernames and passwords from the network.
Conversion of network traffic into human readable form.
Network analysis to find bottlenecks. Network intrusion detection to monitor for attackers.
Copyright : MCC 28
Use of Sniffer (cont)
Sniffers are very powerful tools for capturing data on the network such as passwords, and other system related data.
As network have become larger, switches have made it only slightly harder to sniff traffic.
Switches are not security devices, and can be abused so that sniffing is possible.
Copyright : MCC 29
Sniffing Methods
There are three types of sniffing methods. Some methods works in non-switched network while others work in switched networks.
The three main methods. IP based sniffing ( non switched network) MAC-based sniffing( hardware address match) ARP based sniffing ( man in the middle attack)
Copyright : MCC 30
Other network vulnerabilities
The packet sniffing is one of the top vulnerabilities at the internet.
The various protocol such as TCP, ICMP, and other well designed protocols has still some design problem which attackers take advantage.
IP Spoofing is one of others threat.
Copyright : MCC 31
IP Spoofing
A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host.
Newer routers and firewall arrangements can offer protection against IP spoofing.
Copyright : MCC 32
Firewall
A firewall is a hardware or software solution to enforce security policies. In the physical security analogy, a firewall is equivalent to a door lock on a perimeter door or on a door to a room inside of the building - it permits only authorized users such as those with a key or access card to enter.
A firewall has built-in filters that can disallow unauthorized or potentially dangerous material from entering the system. It also logs attempted intrusions.
Copyright : MCC 33
Firewalls
Types of Firewalls Application Layer Firewalls
Also called Proxy Firewalls, the rules of the firewall allow specific types of traffic to pass while others on the same service are denied
Packet Filtering Firewalls By far the most popular out there, these firewalls
allow for the blocking of packets based on state, port, protocol, size, etc, etc.
Proxy A firewall mechanism that replaces the IP address of a
host on the internal (protected) network with its own IP address for all traffic passing through it.
Copyright : MCC 34
Proxy (cont)
A software agent that acts on behalf of a user, typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination.
Security Policy
Copyright : MCC 36
Why policy is important
Policy provides the rules that govern how systems should be configured, how users interact with systems.
Also how to treat these systems in normal and unusual situations.
Policy defines what security there should be within an organization
Policy puts everyone on the same page so everyone understands that is expected of them.
Copyright : MCC 37
Policy defines what security should be
Policy defines how security should be implemented. This includes proper configurations on computers and netwrok devices.
Policy also defines how users should perform certain security-related duties, such as administration.
Policy also should define how an organization reacts when met with an unusual situation
Copyright : MCC 38
Putting everyone on the same page
Rules are an important part of running a good security program.
It is important to understand that the security of an organization requires an organization to work together.
Everyone needs to be subject to the same policies, and nobody should ever be above such policies.
Copyright : MCC 39
Types of Policies
Information Policy Defines what information is sensitive and how that
information is to be protected. Sensitive information should be identified and
protected accordingly. Security Policy
Defines the technical requirements for security on computer systems and network devices. Defines configuration of the network with regard to security.
Should define requirements to be implemented, but not specific configuration steps.
Copyright : MCC 40
Types of Policies
Computer Use Policy Defines the “Law” when it comes to who and how
the computer systems can be used. Defines Ownership of computers, Ownership of
information, Acceptable Use, and Privacy
Internet Use Policy Connectivity to the internet is for business purposes
and to perform their jobs, and should not be used for personal use.
Copyright : MCC 41
Types of Policies
Email Policy Defines the use of Email for personal and business
use, access to the system, and what information can be sent via email.
User Management Policy Defines the process and requirements when:
New employee Hire Transferred or Change in Responsibilities Employee Termination
Copyright : MCC 42
Types of Policies
System Administration Policy Defines how security and system administration will
work together to secure the organizations systems. Made up of parts including:
Software Upgrades, Patching Vulnerability Scans Auditing of Systems Policy reviews Backup Policy
Frequency Storage What is backed up
Copyright : MCC 43
Types of Policies
Incident Response Procedure Defines how the organization will react when a
computer security incident occurs. Most Security incidents are different, and thus the
policy needs to define who has authority, and what needs to be done, not necessarily HOW things should be done.
Parts of this policy include Objectives Event Identification Escalation Information Control Response
Copyright : MCC 44
Types of Policies
Configuration Management Procedures Defines the steps that will be taken to modify the
state of the organizations computer or network systems.
Purpose is to communicate changes, document changes, and update the state of the organization.
Change control procedures are also a very important part of this process.
Copyright : MCC 45
Types of Policies
Other Policies you should considerDesign Methodology
How things are designed with security in mindDisaster Recovery Plans
How to recover from a disaster
Copyright : MCC 46
Creating Appropriate Policy
What is Important Find which policies are right for you in your
organization Policy templates are useful
Defining Acceptable Behavior Regardless of organization type, there are certain
types of behavior that is unacceptable and needs to be defined.
Copyright : MCC 47
Creating Appropriate Policy
Identify Stakeholders Policy created in a vacuum rarely succeeds. It is up
to the Security professional to drive policy development with help from the stakeholders of the organization, and have the policy fit the way the organization runs.
Copyright : MCC 48
Creating Appropriate Policy
Policy Development Security should be the driving purpose for most
policies, and completely for Security Policies. This does not mean that Security should write the policies without stakeholder input, rather that Security should take ownership of the project, and see it gets done.
Begin the process with your outline, and then expand on it with stakeholder involvement
Copyright : MCC 49
Deploy Policy
Gaining Buy-in Every department of the organization that is
effected by the policy must buy into the concept behind it.
The policy process needs to be supported by upper management
Allow input to the policy from the stakeholders and users.
Copyright : MCC 50
Deploy Policy
Education This process cannot be understated. Education on
the policy, its objectives and user responsibilities is necessary for good policy deployment
Education should be given by the security departments.
Security Awareness training is a good time educate users.
Copyright : MCC 51
Deploy Policy
Implementation Radical changes in the environment can have
adverse effects on the organization. Gradual, and well planned transitions are much better.
Don’t completely sacrifice security for gradual transitions.
Copyright : MCC 52
Using the Policy
Policy can be used as a CLUB, but is much better if used as an education tool.
New Systems and Projects As new projects begin, the new policy and
procedures should be followed from the start. If a new project cannot meet the requirements, it
allows time for the organization to understand the added risk, and look into mechanisims to manage or mitigate it.
Copyright : MCC 53
Using the Policy
Existing Systems and Projects As new policies are approved, each existing project
and system in place should be examined to see if it is in compliance or not, and if it can be made to comply with the policy.
Security should work with the system administrators to develop fixes or changes to help the project comply with the policies.
Some delay in work can be expected as part of this process, and understand of this issue is necessary.
Copyright : MCC 54
Using the Policy
Audits Security should begin a process of audits to verify
compliance of devices and users with the policy. Auditors need to understand the policy and its objective before they are asked to audit against it.
Periodic auditing is a necessary part of enforcement
Copyright : MCC 55
Using the Policy
Policy Reviews Even good policy does not last forever.
Circumstances change, and changes to the policy will be necessary.
Review of the policies should be on a regular basis.
Security Best Practices
Copyright : MCC 57
Administrative Security
Resources Resources must be assigned to implement proper
security practices. There is no formula that can be used to define how
many resources should be put into security program based on size alone.
Copyright : MCC 58
Administrative Security
Staff No matter how large or small an organization is, someone
must be given the tasks associated with managing information security.
Security Staff should have the following skills Security Administration – Understanding the day-to-day
administration of security devices Policy Development – Experience in development and
maintenance of security policies, procedures and plans. Architecture – An understanding of network and system
architectures and the implementation of new systems Research – The examination of new security technologies to
see how they may effect the risk to the organization. Assessment – Experience conducting risk assessments Audit – Experience in conducting audits of systems or
procedures
Copyright : MCC 59
Administrative Security
Budget The size of a security budget of an organization is
dependent on the scope and timeframe of the security project rather than the size of the organization.
The expectation of many organizations is that more automation in security tools will allow the decrease in security staff and expenditures. Unfortunately this is rarely the case.
Very little about security can be automated because of the constantly changing issues of security, and threats
Copyright : MCC 60
Administrative Security
Responsibility Some person in the organization MUST have the
responsibility fro managing information security risk. Generally the larger the organization the higher the
need for a Chief Information Security Officer (CISO) Regardless of the title, this person needs to take
point on the issues and problems surrounding security in their organization.
Copyright : MCC 61
Administrative Security
EducationEducation of employees is one of the most
important parts of managing security risk.Preventative Measures
Employees should be told why it is important to protect the information resources
Provide details on how they can comply with policies Security Best Practices Education
Latest Threats and Techniques of Miscreants Current Vulnerabilities and Patches
Copyright : MCC 62
Administrative Security
Security Project Plans Improvement Plans – Projects that provide more in-
depth security to existing or new implementations Assessment Plans – Security needs to develop
plans for assessing risk to the organization. Vulnerability Assessment – Security departments
should perform vulnerability assessments and scan on a regular basis
Copyright : MCC 63
Technical Security
Network Connectivity Internet Connections
Network connections to outside entities or Internet should be protected with a Firewall.
Firewalls Separate the internet from the internal network. This prevents damage from an unsecured network interacting directly with an internal network.
Copyright : MCC 64
Technical Security
Education Network Are Unique Internal networks are hostile too. Labs,
students, and teacher machines can provide internal problems.
Segment information resources with firewalls from internal attacks as well.
Copyright : MCC 65
Technical Security
Malicious Code Protection Malicious code is one of the most prevalent threats
to an organizations information. Files shared between home and work computers Files downloaded from the internet Email attachments Inserted through vulnerabilities Instant messenger
Manage the threat Anti-virus software needs to be installed on all
computers Anti-virus on email systems is also a necessity
Copyright : MCC 66
Technical Security
Authentication The most popular form of authentication being passwords.
Prevents unauthorized access to information. Issues that should be considered as part of password policy
and procedure Password length – Should be a minimum of 8 Chars. Change frequency – Should not be older than 60 days Password History – Used passwords should not be re-used Password Content – Should be made up of complex
characters an content Other authentication methods are available but generally
have an added cost One time Passwords Tokens Biometrics
Copyright : MCC 67
Technical Security
Monitoring Monitoring systems for unexpected activity has
become a required activity. Generally we divide this activity into: Audit and Intrusion Detection
Audit Auditing is a mechanism that records activity. Logs
are the main source of this data. Log files contain information about:
Logins/Logoffs, Failed Logins, Connection Attempts, Privileged access and functions, Sensitive File Access
Copyright : MCC 68
Technical Security
Intrusion Detection IDS monitor the network for know types of
attacks and sends out an alarm when suspicious activity is noticed.
Copyright : MCC 69
Technical Security
Patching Systems Vendors release patches to correct bugs and
vulnerabilities on software. Patches that correct vulnerabilities are of high importance to security because without them, the systems become vulnerable to attack.
Testing patches is important Checking for patches on the various platforms is a
critical exercise needing to be performed by Security and System Administrators
Related Documents
