Network Security PowerPoint PPT Presentation

presentation player overlay
1 / 50
About This Presentation
Transcript and Presenter's Notes

Title: Network Security


1
Chapter 13
  • Network Security

2
Objectives
  • Understand the many processes involved with the
    development of a comprehensive security policy
    and security architecture
  • Understand the importance of a well-developed and
    implemented security policy and associated people
    processes to effective security technology
    implementation

3
Business Impact
  • Impact on business when network security is
    violated by on-line thieves ?
  • According to federal law enforcement estimates in
    USA, more than 10 billion worth of data is
    stolen annually in the US only
  • In a single incident, 60,000 credit and calling
    card numbers were stolen
  • 50 of computer crimes are committed by a
    companys current or ex-employee

4
Security Policy DevelopmentLife Cycle
5
Identification of Business-related security issues
  • Security requirement assessment
  • What do we have to lose?
  • What do we have worth stealing?
  • Where are the security holes in our business
    processes?
  • How much can we afford to lose?
  • How much can we afford to spend on network
    security?

6
Analysis of Risks, Threats, Vulnerabilities
  • Information asset evaluation what do you have
    thats worth protecting ?
  • Network architecture documentation What is the
    current state of your network?
  • How many unauthorized modems are dialing in ?
  • Identify all assets, threats and vulnerabilities
  • Determine risks and create protective measures

7
Architecture and Process Design
  • Logical design of security architecture and
    associated processes
  • What must be the required functionality of the
    implemented technology ?
  • What business processes implemented and monitored
    by people must complement this security
    architecture ?

8
Security Technology and Process Implementation
  • Choose security technology based on logical
    design requirements
  • Implement all security technology with
    complementary people process
  • Increase overall awareness of network security
    and implement training
  • Design ongoing education process for all
    employees including senior management

9
Audit Impact of Security Technology and Processes
  • Ensure that implemented policy and technology are
    meeting initial goals
  • Institute a method to identify exceptions to
    security policy standards and deal with these
    exceptions swiftly

10
Evaluate effectiveness of Current Architecture
and Processes
  • Based on results of ongoing audits, evaluate
    effectiveness of current policy and architecture
    of meeting high-level goals
  • Adjust policy and architecture as required and
    renew the cycle

11
Security Requirements Assessment (SRA)
  • Proper SRA implies that appropriate security
    processes and technology have been applied for
    any given user groups access to/from any
    potential corporate information resource

12
Scope Definition and Feasibility Studies
  • Before proceeding blindly with a security policy
    development project, it is important to properly
    define the scope or limitations of the project.
  • The feasibility study provides and opportunity to
    gain vital information on the difficulty of the
    security policy development process as well as
    the assets (human and financial) required to
    maintain such a process.
  • One of the key issues is deciding on the balance
    between security and productivity

13
Security vs. Productivity Balance
14
Data/Information Classification
  • Unclassified/Public
  • Info. having no restrictions as to storage,
    transmission, or distribution
  • Sensitive
  • Info. whose release could not cause damage to
    corporation but could cause potential
    embarrassment or measurable harm to individuals,
    e.g. salaries benefits of employees
  • Confidential
  • Info. whose release could cause measurable damage
    to the corporation, e.g. corporate strategic
    plans, contracts

15
Data/Information Classification
  • Secret
  • Info. whose release could cause serious damage to
    a corporation. Trade secrets or engineering
    diagrams are two examples
  • Top secret
  • Info. whose release could cause grave or
    permanent damage. Release of such information
    could literally put a company out of business.
    Secret formulas for key products would be
    considered top secret.

16
Assets, Threats, Vulnerabilities, and Risks
  • How to define the balance between security and
    productivity?
  • Identify assets
  • Identify threats
  • Identify vulnerabilities
  • Consider the risks
  • Identify risk domains
  • Take protective measures

17
Assets
  • Corporate property of some value that require
    varying degrees of protection
  • Network security
  • Corporate data
  • Network hardware
  • Software
  • Media to transport data

18
Threats
  • Processes or people that pose a potential danger
    to identified assets.
  • Intentional or unintentional, natural, or
    man-made.
  • Network related threats include
  • Hackers
  • Fires
  • Floods
  • Power failures
  • Equipment failures
  • Dishonest employees
  • Incompetent employees

19
Vulnerabilities
  • Manner or path by which threats are able to
    attack assets.
  • Can be thought of as weak links in overall
    security architecture and should be identified
    for every potential threat/asset combination
  • Vulnerabilities that have been identified can be
    blocked

20
Risks
  • Probability of a particular threat successfully
    attacking a particular asset in a given amount of
    time via particular vulnerability
  • After identifying vulnerabilities, the questions
    are
  • How should a network analyst proceed in
    developing defenses to these vulnerabilities?
  • Which vulnerabilities should be dealt with first?
  • How can a network analyst determine an objective
    means to prioritize vulnerabilities?
  • By considering the risk, network analysts are
    able to quantify the relative importance of
    threats and vulnerabilities.

21
(No Transcript)
22
Protective measures
  • There might exist multiple vulnerabilities
    (paths) between a given asset and a given threat
  • ? multiple protective measures need to be
    established between given threat/asset
    combinations
  • Major categories of protective measures
  • Virus protection
  • Firewalls
  • Authentication
  • Encryption
  • Intrusion Detection

23
Virus Protection
  • A comprehensive virus protection plan must
    combine policy, people, processes, and technology
    to be effective.
  • Most common microcomputer security breach
  • 90 of the organizations surveyed with 500 or
    more PCs experience at least one virus incident
    per month
  • Complete recovery from a virus infections costs
    and average of 8300 and 44 hours over a period
    of 22 working days.
  • In Jan 1998, there were over 16,000 known
    viruses, with as many as 200 new viruses
    appearing per month

24
Virus Categories
  • Virus symptoms, methods of infection, and
    outbreak mechanisms can vary widely, but all
    viruses share a few common behaviors.
  • Most viruses work by infecting other legitimate
    programs and causing them to become destructive
    or disrupt the system in some other manner.
  • Most viruses use some type of replication method
    to get the virus to spread and infect other
    programs, systems, or networks
  • Most viruses need some sort of trigger or
    activation mechanism to set them off. Viruses may
    remain dormant and undetected for long periods

25
Virus Categories
  • Two main types
  • Time bombs
  • Logic bombs
  • File infectors
  • System/boot infectors
  • Multipartite viruses
  • Hostile applets
  • E-mail viruses
  • Cluster/File system viruses

26
Antivirus Strategies (AS)
  • Effective AS must include
  • Policy
  • Procedures
  • Technology

27
Antivirus Strategies (AS) Policies and
procedures
  • Identify virus infection vulnerabilities and
    design protective measures
  • Install virus scanning software at all points of
    attacks
  • All diskettes must be scanned at a stand-alone
    scanning PC before being loaded onto network
    attached clients or servers
  • All consultants and third party contractors be
    prohibited from attaching notebook computer to
    the corporate network without scanning

28
Antivirus Strategies (AS) Policies and
procedures
  • All vendors must run demos on their own equipment
  • Shareware/downloaded software should be
    prohibited or controlled and scanned
  • All diagnostic and reference diskettes must be
    scanned before use
  • Write protect all diskettes with .exe, .com files
  • Create a master boot record that disables write
    to hard drive when booting from a diskettes etc.

29
Antivirus Technology
  • Viruses can attack
  • Locally or remotely attached client platforms
  • Server platforms
  • Entrance to the corporate network via the
    Internet
  • At each entrance point, viruses must be detected
    and removed

30
Antivirus Technology
  • Virus Scanning is the primary method for
    successful detection and removal
  • Software most often work works off a library of
    known viruses
  • New viruses are appearing at approx 200/month
  • Purchase antivirus software which updates virus
    signatures at least once per month
  • Typically, vendors update virus signatures files
    every 4 hours, with hourly updates expected in
    near future.

31
Antivirus Technology
  • Emulation technology attempts to detect as yet
    unknown viruses by running programs with a
    software emulation program known as a virtual PC.
  • Proactive rather than reactive
  • Execution program can be examined in a safe
    environment for any unusual behavior of other
    tell-tale symptoms of resident viruses.
  • Advantage identification of potentially unknown
    viruses based on their behavior rather than by
    relying on identifiable signatures of known
    viruses.

32
Antivirus Technology
  • Such programs are also capable of trapping
    encrypted or polymorphic viruses that are capable
    of constantly changing their identities or
    signatures.
  • Some of these programs are also self-learning
  • Knowledge of virus-like activity increases with
    experience.

33
Antivirus Technology
  • CRC checkers or Hashing checkers create and save
    unique cyclical redundancy check character or
    hashing number for each file to be monitored
  • Each time the file is saved, the new CRC is
    checked against the reference CRC
  • If CRC are different ? file has changed
  • A program evaluates changes to determine a
    likelihood that changes were caused by a viral
    infection.
  • Disadvantage able to detect virus after
    infection
  • Decoys files that are allowed to be infected to
    detect and report on virus activity.

34
Antivirus Technology
  • Active content monitor
  • to identify viruses and malicious content such as
    Java applets or Active X controls that may be
    introduced via Internet connectivity
  • Able to examine transmission from the Internet in
    real time and identify known malicious content
    based on
  • contents of reference
  • definition libraries

35
(No Transcript)
36
Firewalls
  • When a company links to the Internet, a two-way
    access point out of as well as into that
    companys confidential information is created
  • To prevent unauthorized access from the Internet
    to companys confidential data, firewall is
    deployed.
  • Firewall runs on dedicated server that is
    connected to, but outside of, the corporate
    network
  • All network packets are filtered/examined for
    authorized access.
  • Firewall provides a layer of isolation between
    inside network and the outside network.

37
Firewalls
  • Does it provide full protection? No !!, if
  • Dial-up modems access remains uncontrolled or
    unmonitored
  • Incorrectly implemented firewalls my introduce
    new loopholes

38
Firewall Architectures
  • No standards for firewall functionality,
    architectures, or interoperability.
  • As a result, user must be especially aware of how
    firewalls work to evaluate potential firewall
    technology purchase.
  • Three architectures
  • Packet filtering
  • Application Gateways
  • Internet Firewalls

39
Packet filtering
  • Every packet of data on the Internet is uniquely
    identified by the addresses of source and
    destination addresses.
  • Addresses in the header
  • Filter is a program that examines the source and
    destination address of all incoming packets to
    the firewall server.
  • Router are also capable of filtering packets
  • Filter tables are list of addresses whose data
    packets and embedded messages are either allowed
    or prohibited from proceeding through the
    firewall server and into the corporate network

40
Packet filtering
  • Packet filter gateways on routers
  • Maintaining filter tables and access rules on
    multiple routers is not a simple task.
  • Packet filtering has limitations in terms of
    level of security it provides.
  • Dedicated packet-filtering firewalls are usually
    easier to configure
  • IP spoofing is used by hackers to breach packet
    filters
  • Hacker can make a packet appear to come from an
    authorized/trusted IP address.

41
Application Level Filters (ALFs)
  • Also known as
  • Application gateways
  • Assured pipelines
  • Proxies
  • Go beyond port level filters in their attempts to
    prevent unauthorized access.
  • Port level filters determine the legitimacy of
    the party asking for information
  • ALFs ensure the validity of what they are asking
    for.

42
Application Level Filters (ALFs)
  • Circuit-level proxies provide proxy services for
    transport layer protocols such as TCP.
  • Socks creates a proxy data channel to the
    application server on behalf of the application
    client
  • Socks can control traffic by disabling or
    enabling communication according to TCP port
    numbers
  • Sock4 allows outgoing firewall applications
  • Sock5 supports both incoming and outgoing
    firewall applications as well as authentication

43
Application Level Filters (ALFs)
  • Internal firewalls the need
  • 60 of the network attacks are made by internal
    users
  • Disgruntled employees, former employees etc. are
    responsible for 568 of 600 incidents of network
    hacking
  • 30 of Internet sites that reported breaches had
    firewalls in place.
  • Internal firewalls are a new category of software
    to handle internal attacks.
  • Filters that work on the datalink, network, and
    application layers to examine communications on
    coroprate internal network.

44
Authentication and Access Control
  • The overall purpose of Authentication is toe
    ensure that users attempting to gain access to
    networks are really who they claim to be.
  • Password protection no longer sufficient. More
    is needed
  • Variety of Authentication Technology (AT)
    developed to ensure authentication. Products fall
    into three main categories.

45
Authentication and Access Control
  • The categories are
  • What you know AT that delivers single sign-on
    (SSO) access to multiple network-attached servers
    and resources via passwords.
  • TrustBroker from CyberSafe
  • PassGo SSO from Axent Technologies
  • Global Sign On from IBM
  • What you have AT that uses one-time or session
    passwords to authenticate user. This AT requires
    the user to possess some type of smart card or
    other token authentication device to generate
    these single use passwords

46
Authentication and Access Control
  • What you are AT that validates users based on
    some physical characteristic such as finger
    prints, hand geometry, retinal scans etc.

47
Token Authentication (TAu) Smart Cards
  • This technology provides one-time-use session
    passwords that are authenticated by associated
    server software. TAu may take multiple forms
  • HW based smart cards that are about the size of a
    credit card with a numeric keypad.
  • In-line TAu devices that connect to the serial
    port of a computer for dial-in authentication
    thru a modem
  • SW tokens that are installed on client PC and
    authenticate with the server portion of the token
    authentication product transparently to the end
    user. PIN is required to activate authentication
    process

48
Biometric Authentication (BA)
  • BA can authenticate users based on
  • finger prints
  • palm prints
  • retinal patterns
  • hand geometry
  • facial geometry
  • voice recognition
  • Other physical characteristics
  • Not yet perfect or fool proof.
  • False rejects BA device comparison algorithm
    configured very sensitive
  • False Accepts - BA device comparison algorithm
    not detailed enough

49
Authorization
  • Can be seen as subset of authentication
  • Authorization ensures that only properly
    authorized users are able to access particular
    network resources or corporate information
    resources
  • The authorization security software can be either
  • Server based also known as brokered
    authorization
  • Work-station based also known as trusted node.

50
Kerberos
  • Probably the most well-known combination of
    authentication/ authorization software
  • Architecture consists of three key components
  • Kerberos client software
  • Kerberos authentication server software
  • Kerberos application server software
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "Network Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!