CHAPTER 1

Protection of network & their services Protects from: unauthorized modification, destruction, disclosure Ensures the network performs it functions correctly & no harmful side effect

 Network security starts from authenticating the user. Firewall enforces access policies such as what services are allowed to be accessed by the network users Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network and traffic for unexpected content or behavior and other anomalies to protect resources Individual events occurring on the network may be logged for audit purposes and for later high level analysis. Communication between two hosts using a network could be encrypted to maintain privacy.

SECURITY GOAL

CONFIDENTIALI TY

INTERGRITY

AVAILABILITY

 Email Attachments -- Workers opening an attachment could unleash a worm or virus onto the corporate network. Diversionary Tactics -- Hackers may strike a set of servers in a target company and then when security administrators are busy recovering the services, they slip in and attack another part of the network. Blended Attacks -- Worms and viruses are becoming more complicated, and now a single one may be able to execute itself or even attack more than one platform. Renaming Documents -- Monitoring software that checks emails leaving the company might fail to pick up on the outgoing message if the subject name has been changed.

 involve tagging each physical (router, computers) and intangible asset (database content). With a physical label (frequently with a bar code) or a tag with RFID (Radio Frequency Identification) we can tag physical assets. Assets loss can be compromised by the competitors to take advantage over a company.

 Search for weaknesses in order to apply a patch or fix to prevent a compromise. Ways to counteract those weaknesses include:
Installing vendor patches Implementing IDS or virus scanning software

 Involve listing a possible threat that can occur in an organization. Example list of sources of threats could include:
The ex-employee who desires revenge. The deliberate cyber-spy looking to accumulate competitive information on your company that he can use to improve his own companys positioning. The employee who doesnt know that email attachments ending in .exe should not be opened without the system administrators permission.

Is the easiest to implement Few security measures are implemented. Foundation: simple passwords and server security This model assumes that users are trusted, protected assets are minimal and threats are also minimal. Gives users free access to all areas and security breaches are not likely to result in great damage and loss. But this model also implement data backup system in most cases.

More difficult to implement More security measures are implemented. Foundation: firewalls and identity servers. This model assumes that protected assets are substantial, some users are not trustworthy and threats are likely to occur. LANs that are connected to the Internet or public WANs are more likely to implement this type of model.

 Most difficult to implement All security measures are implemented Assumes that the protected assets are premium, all users are not trustworthy and threats are frequent. User access is difficult and cumbersome Companies require high number and better trained network administrator to maintain tight security. Network administrator also may require greater skills and more time to administer the network.

Wireless access: encryption technology in wireless environment The need for speed: availability of services IT staffing shortages: increase demand on security staff ISO/IEC 17799: code of practice for information security management in an organization Legal issues: information theft (trademark, trade secret) Privacy concerns: confidentiality of transmitted data, spyware program.

CERT/CC US-CERT SANS Institute ISC2 FIPS ICSA

Log on File System Data Communication Administrative

 The most common form of security identification is logonverification of who a user is and that the user is permitted to use the network. The current login method requires that the user's e-mail address and password be sent in the clear.

 One user may have access to a certain folder on the network but does not have access to another folder. Encrypt files stored in the file system to protect data while it's transferred from one system to another. Normally uses symmetric and asymmetric cryptographic key.

Having a secure data communication using encryption to transmit data between users especially confidential data. Conversion of data into code for confidentiality and security (with encryption algorithm).

Different level of users have different privilege access level. Access level controlled by network/system administrators. Administrator defines the rules, and which resources to be protected.

 Electronic mail and news

Ways for people to exchange information with each other without requiring an immediate, interactive response.

File transfer
Transmitting files over a computer network or the Internet (the simplest way to exchange files).

Remote Access to Host

The ability to log onto a network from a distant location (eg; TELNET or SSH)

Real time conferencing services

Designed for interactive use by on-line participants (video conference).

Information Theft: Attacks that allow an attacker to get data without ever having to directly use your computers. How:
dumpster diving steal your e-mail

Used for:
to access bank account to make loans (car, real estate)

Unauthorised disclosure : An organization suspects some of its employees of leaking confidential information to its competitor. It is also usually believed that its competitor actually planted spies within the organization in order to target and steal new product plan. How:
planting virus, trojan horse snooping software

Information warfare: Is the use and management of information in pursuit of a competitive advantage over an opponent. Remotely disabling target using software (e.g.; television and radio disinformation) Disinformation: false or inaccurate information that is spread deliberately.

Accidental data loss: Most common data loss cause, simply accidentally deleting a file that wasn't supposed to be deleted. Caused by a careless employee or an untrained employee who did not know better

Categories:: Data disclosure: Exposure of data to third parties. Key point to consider is whether the disclosure is relevant and necessary. Data modification: A modification attack is an attempt to modify information that an attacker is not authorized to modify. Data availability: Describe products and services that that continues to be available at a required level of performance in situations ranging from normal through "disastrous."

Activities:: Hacking: Computer hacking is the practice of modifying computer hardware and software to accomplish the hackers goal. Cracking: Activities to breaks into someone else's computer system or bypasses passwords or licenses in computer programs.

Spoofing: A method of attacking a computer program, in which the program is modified so as to appear to be working normally when in reality it has been modified with the purpose to circumvent security mechanisms. Sniffing: A method that a network device, like the Nintendo DS, uses to identify available wireless networks in the area.