NETWORK sECURITY - PowerPoint PPT Presentation

About This Presentation
Title:

NETWORK sECURITY

Description:

The Impact of Computer and Network Security in Corporations Today: ... Steve Mallard. In today's world of the internet and ecommerce, many companies lack the ... – PowerPoint PPT presentation

Number of Views:95
Avg rating:3.0/5.0
Slides: 32
Provided by: SMal8
Category:

less

Transcript and Presenter's Notes

Title: NETWORK sECURITY


1
NETWORK sECURITY
  • The Impact of Computer and Network Security in
    Corporations Today
  • Understanding the Impact and Solutions of
    Computer and Network Security in Todays Worldby
  • Steve Mallard

2
  • In todays world of the internet and ecommerce,
    many companies lack the expertise and training to
    secure their critical network infrastructure and
    data. Because of this fallacy, many companies
    infrastructures are subject to being compromised.

3
  • With extortion, cyber theft, malicious attacks
    and internal theft occurring at an unprecedented
    pace, many companies are just becoming aware of
    the aforesaid problems. While a few companies
    and corporations awaken to a new world of
    problems, many continue to sleep, totally
    oblivious to what is happening as they go about
    their daily work. This research gives
    terminology and briefs from the Information
    Technology industry.

4
  • Until now, computer security and locking down the
    network infrastructure has been on the back
    burner with most companies and corporations
    because of cost. According to a corporate poll
    in A nationally recognized information technology
    magazine, 99 of U.S. companies now use some type
    of preventive antivirus technology with 98 of
    these companies now using firewalls. This
    electronic security poll was based on compiled
    information from larger corporations and their
    practices and does not include small to midsize
    companies found throughout the United States.

5
  • Cost of an electronic exploit can be greater than
    a million dollars per incident as reported by the
    FBI. This information is found in the FBIs
    (Federal Bureau of Investigation) report of cyber
    threats in the United States. In order to help
    counterbalance this, smaller to midsized
    companies could spend less than 5,000 to harden
    their systems and operating systems to put a
    statefull firewall in place. As stated in this
    paper, these companies often lack the resources,
    materials and funds to do so

6
  • . A look at the example companies and how they
    used modern methods for locking down their
    networks and clientele data will be discussed.
    The following steps have been used to gather the
    analysis for this paper
  • Collected data to support the weakness and
    underlying causes of security collapse.
  • Used professional experience from the
    researchers company to look at analyzing and
    confirming research materials.
  • Consulted with Allen Corporation, Neill
    Corporation and Taylor Corporation to gather
    information relevant to the discussion on
    security in modern infrastructures.
  • Analyzed and collected data based on the scope
    outlined in these sections.
  • Made the final analysis.

7
  • 1960 Students become the first hackers
  • 1970 Phone Phreaking and Captain Crunch
  • 1980 Hacker Boards on BBS (early ways to chat)
  • 1983 Kids Begin Hacking
  • Note Los Alamos National Laboratory, which helps
    develop nuclear weapons was hacked this year.
  • 1984 Hacker Magazines
  • 1986 Computer Fraud and Abuse Act
  • 1986 Boot sector viruses
  • 1987 File infecting viruses
  • 1988 Fist Antivirus solution Encrypted viruses
  • 1988 Unix Worm
  • 1989 Cyber Espionage with Germans and KGB

8
  • 1989 Credit Card Theft Goes Mainstream
  • 1989 Date oriented viruses
  • 1990 Stealth, Polymorphic, Multipartite and
    armored viruses
  • 1991 Stealth, Polymorphic and Multipartite
  • 1992 Code change viruses
  • 1993 Viruses that attacked viruses
  • 1993 Hacking used to cheat phone system to win
    contest
  • 1994 Hacking Tools Become Available
  • 1994 Encoded Viruses
  • 1995 Kevin Mitnick Hacks the Government
  • 1995 First Macro Viruses
  • 1996 Macro viruses affecting Microsoft Excel
  • 1997 AOL (largest) ISP Hacked
  • 1998 The Cult of Hacking Takes Off
  • 1998 Spyware/malware begins to download to
    machines globally
  • 1999 Macro viruses affecting Microsoft Word
  • 1999 Software Security (Windows begins providing
    updates
  • 2000 Service Denied
  • 2000 Worm viruses

9
  • General Internal Company Security and Auditing
    Controls are being applied today so that
    companies can have a standard approach to bring
    together different opinions and ideas. These
    Internal Controls are generally brought together
    by a consortium of management and other personnel
    to achieve objectives by the company. Internal
    Controls allows companies to maintain several of
    the following areas

10
  • Efficiency of operations.
  • Compliance with laws and regulations.
  • Several documents have also been released to
    suggest ideas about Internal Company Security and
    Auditing Controls
  • Company controls should be built into operations
    currently in place.
  • All departments and personnel within a company
    have input to Company Controls.
  • Company and Internal Controls help to govern
    companies currently operating.

11
  • Risk Assessment
  • The identification of key weaknesses in computer
    systems, nodes on a network, clients,
    connectivity and training.
  • Security Control Activities
  • Policies and Procedures that ensure all levels of
    the company are within compliance with standards
    set by the company.
  • Activities include hierarchal structure,
    authorization, implementation, disaster recovery
    and planning.
  • Information and Communication
  • Information from vendors is archived.
  • Information from customers (clients) is logged.
  • Communication along internal paths of the company
    to insure all areas of protection are available.
  • Monitoring/Auditing
  • Assessment of hardware firewall.
  • Assessment of Software Patches and Service Packs.
  • Management of all personnel.
  • Auditing of logs and change orders.
  • Monitoring of performance of all nodes on the
    network.
  • Monitoring of security alert sites of government
    and for profit sites.

12
  • The research paper at this point has focused on
    the importance and makeup of generalized Internal
    Company Security and Auditing Controls.
    Weaknesses in this structure follow
  • Communication
  • Poor or lack of judgment
  • Lack of training
  • Lack of concern
  • Disgruntled employees
  • Lack of review
  • Lack of training
  •  
  • It is up to management at all levels to monitor
    company security and auditing controls.

13
  • Larger companies have a distinct advantage over
    smaller companies because of the minimal work
    required to keep their network infrastructure
    secure. A small list of duties below is required
    to keep data protected
  • Periodic changes of passwords
  • Updating of policy and procedures
  • Auditing server logs
  • Auditing firewall logs
  • Researching new malicious threats at third party
    information sites
  • Physical security
  • Applying patches
  • Applying service packs
  • User management
  • Monitoring spyware/malware
  • Monitoring new installs
  • Monitoring performance
  • Monitoring IDS systems
  • Monitoring anti-virus protection

14
  • Password policies are often overlooked after the
    inception of the computer network. Network
    administrators can use the group policy editor in
    workstations or rules in active directory to set
    password rules. Minimal, complex and history
    settings can greatly increase Computer and
    Network Security.

15
  • Companies should look at the update of policy
    and procedures in order to keep up with changes
    across its infrastructure. These regulations
    help to guide all levels of information
    technology professionals. The consistent and
    concise update is critical to security in a
    network infrastructure.
  • The auditing of logs at all levels is critical
    and cannot be stressed enough. These logs
    provide accurate details on the access and
    changes requested and made during a session. All
    of the companies mentioned in this study review
    logs on a frequent basis. This becomes one of
    the single most important processes in looking
    for patterns and breeches of security.

16
  • The outline below is provided to illustrate and
    show how Computer and Network Security has been
    implemented as a plan to a higher education
    facility. This basic outline targets the
    infrastructure of companies through which the
    bases of protecting internal assets are most
    critical. It shows the effectiveness of the
    schools control, auditing and implementation.

17
  • Periodic control of Operating System Patches
  • Virtual Private networking to Domain Servers with
    Student Information Systems Software from staff
    workstations
  • Periodic control of Operating System Service
    Packs
  • Anti-virus software installed on each workstation
    to include student work stations
  • Spyware/malware / Malware control measures
  • Pop up control measures
  • Application updates (i.e., Microsoft Office and
    related)
  • Software Update Services Server installed to push
    updates approved by administration
  • Documented Policy and Procedures school level
  • Documented Policy and Procedures board level
  • Active Directory Server login for staff to
    establish IT Policies
  • Applications with logging of activities
    (customized)
  • Application and Security Logs running on Servers
  • Network Address Translation used at firewall
    level
  • DMZ (demilitarized zones) used on web server
  • Hardware firewall (three honed) used with logs
    and specific port number restrictions.
  • IDS (Instruction Detection Server) in place and
    monitored
  • Traffic monitor in place to monitor inbound,
    outbound and intranetworking packets
  • Disaster recover plan in place

18
  • Control of patches and updates becomes one of the
    most important aspects of Computer and Network
    Security. With operating systems flaws being one
    of the most critical needs to identify when
    operating a network, control of pushing service
    packs or updates to computers becomes extremely
    important. Companies should have this in their
    plans and someone in the information technology
    department should be assigned to check SUS
    (System Update Services) servers daily. This IT
    person should also check security and operating
    system websites for alerts. Often these sites
    have email alerts to alert end-users of a
    security problem.

19
  • Virtual Private Networks or VPNs should be
    created between workstations and servers that
    contain critical data. By using PPTP (Point to
    Point Tunneling Protocol), this ensures the data
    is encapsulated as it travels across the internal
    network. While packet capturing software can be
    installed on a network, this will help to encrypt
    the data and prevent loss due to network
    sniffing.

20
  • Antivirus software must be installed on every
    workstation and the software should be updated
    daily. This control of updating can come through
    push services through a server to insure the
    virus pattern or signature is up to date.
  • Spyware/malware control is becoming an issue at
    all companies. Spyware/malware is software
    download automatically be some websites to track
    a users internet surfing habits or to track
    software use on the end users computer. Often
    computers become burden by spyware/malware loaded
    in the operating system and become nonfunctional
    or extremely slow.

21
  • Policy and Procedures
  • Committees and Subcommittees used to monitor
    changes, constant updates and reviews by all
    members of the information technology team.
  • Risk Assessment
  • Value of product and client data, cost of breach.
    This assessment can give the company an idea of
    the risk of a breach.
  • Inventory
  • Inventory of software and hardware. Inventory
    allows for control of products and control of
    sensitive information.
  • Needs Assessment
  • Users and applications Need to Know Basis Only.
    This form of assessment allows for securing data
    at different levels based on rank or a hierarchal
    structure in the company.
  • Structure
  • Physical security and ideal topologies to meet
    performance needs and environmental controls.

22
  • Levels of Protection
  • Workstation
  • Antivirus software, operating systems updates and
    patches, application updates, VPN to servers,
    strong password protection
  • Private Servers
  • Antivirus software, operating systems updates and
    patches, application updates, VPN from
    workstations, Kerberos security, tokens and
    certificates, strong password protection
  • SNMP nodes
  • Password Protected SNMP manageable devices
  • Wireless Access Points
  • Wireless Encryption Protocols (128 bit minimum)
    (WPA Preferred with a RADIUS Server
  • MAC filtering

23
  • Firewalls
  • Acceptable ports and sites
  • IDS Systems
  • Backend for internal and external NIC cards used
    to monitor all traffic within the organization
  • Network Address Translation Needs
  • Public to Private ips for internal networks with
    few public ip addresses
  •  
  • Public Servers
  • Located in DMZ areas all patches updates and only
    necessary ports open
  • Training programs
  • New software
  • New hardware

24
  • The overall strategy for the initial phase of
    protection involves the publishing of Policy and
    Procedures. The publication of Policy and
    Procedures includes the hierarchal structure of
    the information technology department and all
    tasks associated with it. The following approach
    is used to monitor the updating of the Policy and
    procedures
  • Document changes to existing Policy and
    Procedures.
  • Identify weaknesses
  • Test disaster recover portion of Policy and
    Procedures
  • Test auditing procedures
  • Rewrite when significant amount of changes takes
    place
  • On going training

25
  • Training is in place from the lowest level of
    help desk to the Information Technology manager
    and CIO. Training updates are given to all
    employees outside of the IT department so that
    security can be maintained throughout the
    company. These companies use the following
    training methods
  • Memos to all staff on new viruses
  • Memos to IT Personnel on new viruses
  • Memos to IT Personnel on opportunities to train
    at seminars
  • Seminars (Mandatory)
  • Seminars (Voluntary)
  • Webcasts/Podcasts
  • In house training by security personnel
  • In house training by outside resources
  • College reimbursement
  • New product training
  • Policy and procedure review
  • Proper use of the internet
  • Proper use of email and best practices

26
  • Employ certified and experienced personnel
  • All are focused on standards set by CERT.ORG and
    other security industry leaders
  • Strong Policy and Procedures in place
  • Communications among internal company and
    internal information systems.
  • Committees and Sub-committees in place for
    compliance issues

27
  • The problem statement components of when
    security is needed, and how to implement it are
    answered as follows
  • Industry wide compliance of recommendations by
    industry leading experts.
  • Restating the key elements from previous chapters
    include
  • Employ trustworthy Information Technology
    workforce to protect assets from within the
    companies as though assets were their own.
  • Focus on industry statistics and separate fact
    from fiction for the best protection of the
    security infrastructure.
  • Utilize all means of security including beta
    based security tools, physical tools and update
    policys and procedures as necessary. Document all
    deficiencies and follow thorough with any and all
    short comings to insure the best and most
    adequate protection from thieves, whether
    internal or external

28
  • Ongoing communications between all levels of
    employees from help desk to the CIO (Chief
    Information Officer).
  • CIOs cannot lose touch with reality of the real
    world of security.
  • A quality control program should be put into
    place to maintain site wide integrity.
  • Policy and procedures must be reviewed.
  • Internet usage policies should exist and all
    employees should review and sign acceptance
    letters.
  • Email usage policies should exist and all
    employees should review and sign acceptance
    letters.
  • Systems must be tested in order to ensure
    quality.
  • Ongoing training must be put into place for IT
    professionals and accurate records must be
    maintained in order to verify training and
    training needs.

29
  • The recommendations from this study are as
    follows
  • Companies should do extensive background checks
    on their Information Technology employees.
    Checks should include financial, criminal and
    past employment checks.
  • Companies should put Policy and Procedures into
    place to make sure that all aspects of disaster
    recovery and planning are covered including
    hardware failure, software failure, network
    setup, personnel hierarchy, team
    responsibilities, deployment of all software and
    appropriate licensing and other mission critical
    objectives.
  • Companies should have a consistent audit practice
    in place for server logs, firewall logs, patches,
    service packs and updates.
  • The network infrastructure for companies needs a
    consistent quarterly overview committee to look
    at security needs and challenges. This would
    provide quarterly updates of mission statements
    and policies as needed.

30
  • Companies need training programs in place for
    Junior as well as Senior level analysts to
    understand the challenging environment of
    security. These training programs need to
    include industry leaders and seminars from
    software vendors.
  • Companies need consistent and open forums within
    their infrastructure for communication of daily
    changes affecting the security environment.
  • The hierarchal level of the internal department
    of Information Systems/Technology needs to be
    dynamically flexible to meet the needs and
    challenges facing the ever changing world of
    information technology security in the workplace.
  • Small Ecommerce servers should dump data to a
    printer and be reentered as a precautionary
    measure in case of a breach on an internal file
    server.

31
  • Companies must provide high level training to
    meet the needs of industry growth while
    maintaining a balanced budget and customer
    security.
Write a Comment
User Comments (0)
About PowerShow.com