Security has always been a major business concern.
Need to protect physical assets and information assets.
Computer security is becoming increasingly important, there are now more
sophisticated tools for breaking in.
CERT – Computer Emergency Response Team
Responds and raises awareness of computer security issues.
The average business loss due to security breaches is $350,000.
Primary Goals in Providing Security
Confidentiality – Protection of data from unauthorized disclosure.
Integrity – Assurance that data have not been altered or destroyed.
Availability – Providing continuous operations of hardware and software, so
people can be assured of uninterrupted service.
Types of Security Threats
Disruptions – Loss or reduction in network service
Destruction of data – Viruses destroying file, crash of hard disk.
Disasters – May destroy host computers.
Intrusion – Hackers gaining access to data files. Unauthorized access
Mechanisms that reduce or eliminate the threats to network security.
Preventative controls – Stop an event, act as a deterrent
Detective controls – Reveal unwanted events through monitoring.
Corrective controls – Remedy an unwanted event Risk Assessment
Key step in developing a secure network.
Assigns a level of risk to various threats.
By comparing the nature of threats to the controls designed to reduce
Using a control spreadsheet.
Mission critical applications – very important, programs critical to survival
Value of an asset is a function of:
- its replacement cost
- personnel time to replace the asset
- lost revenue de to the absence of the asset. Ensuring Business Continuity
Make sure that organizations data and applications will continue to operate
even in the face of disruption, destruction or disaster.
Continuity Plan includes the need to:
- Develop controls
- Disaster recovery plan
Preventing Disruption, Destruction and Disaster
Viruses spread when infected files are accessed.
Worms – virus that spreads itself without human intervention.
Spyware – monitors what happens on the target computer
Adware – monitors users actions and displays advertisements
DDoS – turns the device into a “zombie” agent
Preventing Denial of Service Attacks
Network is disrupted by a flood of messages that prevents messages from
Distributed DoS (DDoS) come from many different computers.
To prevent DOS:
Traffic filtering – verify all incoming traffic source addresses for validity.
Traffic limiting – Flood of packets are entering the network, limit incoming
access regardless of the source.
Traffic anomaly detectors – Analysis of traffic to see what normal traffic
looks like, blocks abnormal patterns.
Security plan must include an evaluation of ways to prevent equipment
Physical security is a key component.
Preventing Device Failure
Redundancy is a key principal in preventing disruption, destruction and
Common redundancy example:
- Uninterruptible power supplies
- Disk mirroring – RAIDs – a redundant second disk for every disk Correcting Disruption, Destruction and Disaster
Disaster Recovery Plans
Identify clear responses to possible disasters
Provide for complete or partial recovery of data application software,
network components and physical facilities.
This should include a backup of controls which are encrypted and also use
Continuous Data Protection (CDP)
Types of Intruders:
Casual Intruders – with limited knowledge, script kiddies
Security Experts (Hackers) – Thrill of the hunt, show off
Professional Hackers – Breaking into computers for specific purposes
Organisation Employees – Legitimate access to the network, gain access to
information not authorized to use.
Requires a proactive approach that includes routinely testing the security
Best rule for high security:
Don’t keep extremely sensitive data online, store them in computers
isolated from the network.
Also need a Security Policy which is critical to controlling risk due to
access. Tells what assets to be safeguarded and controls needed.
Basic Access Points into a Network:
- Dial-up through modem
Basic Elements in Preventing Access
- Network Address Translation (NAT)
- Physical Security Firewalls
Prevent intruders by securing Internet connections.
Deny unauthorized access and denial of service attacks to your network.
- Examines packets flowing into and out of the organizations network
- Restricts access to that network
- Placed on every connection to the Internet
Types of Firewalls:
- Packet level firewalls
- Application level firewalls
Packet Level Firewalls
Examines the source and destination address of every packet passing
- Allows only packets that have acceptable addresses to pass
- Only examines IP Addresses and TCP/UDP port.
Uses Access Control Lists, a set of rules for a packet-level firewall. Used to
permit or deny packets entry.
However IP Spoofing remains a problem
Application Level Firewalls
It understands at least one application layer protocol. E.g. HTTP, FTP
Operates on the application layer
- Can detect whether an unwanted protocol is run through a non-
- Whether the protocol is being abused in a harmful way
Requires more processing power than packet filters which can impact
network performance. Network Address Translation (NAT)
Used by most firewalls to shield a private network from a public network.
Translates between private addresses inside a network and public
addresses outside the network.
NAT Proxy Server uses an address table to do translations, and slows down
message transfer. Requires at lease two separate Domain Name Servers.
Using private addresses with NAT provides additional security. Assigns
private IP addresses to devices inside the network.
Means of preventing outsiders from gaining access into offices, server
rooms, and equipment.
Implement proper access controls to areas were network equipment is
- So only authorized personnel to have access
- Each network compone