Chapter Six

1
Chapter Six

• IT Networks
• and
• Telecommunications Risks

2
Lecture Outline

• Network and Telecommunications Technology
• Risks to IT Network and Telecommunications
  Systems
• IT Network and Telecommunications Security
• Auditing Network Security

3
Network Telecommunications Technologies

• Network Components
• Computers and terminals
• Telecommunications channels physical and
  wireless
• Physical twisted-pair wire, coaxial cable,
  fiber optic
• Wireless use microwaves, infrared light, light
  pulses
• Vary in speed and capacity

4

• Network Types
• Distance - LAN vs WAN
• Ownership - Internet, intranet, extranet
• Client/server networks
• Network topology
• Star
• Bus
• Ring

5

• Network Protocols and Software
• Protocol standardized rule sets that control
  network communications among hardware and
  software from different vendors
• Open Systems Interconnect (OSI) model a
  standard architecture for networking that allows
  different computers to communicate across
  networks
• Network and telecommunications software network
  OS, networks management software, middleware, web
  browsers, e-mail software

6
IT Network and Telecommunications Risks

• Social Engineering
• Use of social skills to obtain confidential
  information or unauthorized access by persuading
  insiders to provide them with access
• A form of manipulation and trickery that relies
  on behaviors such as fear of getting into trouble
  or an inclination to help someone
• Vulnerability points security admin, technical
  support personnel, security guards,
  administrative assistants

7

• Physical Infrastructure Threats
• The elements
• Fire, air, and water
• Make sure computers arent located close to place
  with higher risk
• Natural disasters
• Floods, earthquakes, tornadoes, hurricanes, etc
• Avoid locating networks in high-risk areas
• Power supply
• Backup power supplier, uninterrupted power supply
  (UPS)
• Intentional human attacks
• terrorist attack
• company insiders attack must have well
  documented policies

8

• Programmed Threats
• Viruses, Worms, Trojan horses,
• Hoaxes email message that instructs a user to
  delete certain files as a security precaution
  against viruses or programmed threats
• blended threats combinations of multiple
  programmed threats.
• Help
• Antivirus software, update regularly
• Cautions in opening unknown email with
  attachments
• Warn about downloading freeware or shareware
• Incident Response Plan in case of programmed
  threat outbreak

9

• Denial of Service Attacks
• System is tied up in such a way that it is unable
  to perform its functions
• Caused embarrassment and financial loss for
  target
• DDOS from variety of sources
• DOS attack using maximum network connections so
  that new users cant obtain access, overloading
  primary memory and infecting file systems with
  unnecessary or incorrect data
• Use firewalls, intrusion detection systems,
  penetration testing, establish network connection
  time-outs

10

• Software Vulnerabilities
• Holes in application and operating system
• Programming errors
• Holes created to allows programmers quick access
  for debugging software
• Errors in configuring software
• IT auditors can check a network system for
  application holes as part of penetration testing

11
IT Network and Telecommunications Security

• Network security administration
• Network security admin is responsible for
• creating a network security plan,
• developing communicating a security policy for
  network resources
• Responsibilities of each party and their
  privileges
• password management
• Password are kept in encrypted files protected
• Removing user identifications and passwords for
  those no longer employed
• Default passwords are changed

12

• Authentication
• Process of ensuring that users are who they
  claimed to be
• Generally verified by
• What you have key or smart card for physical
  access
• What you know - password
• Who you are biometrics such as fingerprint,
  voice, retina
• Encryption
• Scrambling data so that anyone who views it wont
  be able to make sense of without decryption key
• Main encryption secret key and public key
  cryptography

13

• Secret key cryptography
• Sender and receiver use the same key to code and
  decode the message
• Problem both must agree on the key and both need
  to obtain it
• Public key cryptography
• Use a private/public key pair
• One key for encrypting message and another for
  decrypting
• Both keys issued at same time and encrypted by
  certified authority
• Public key is widely available and can be
  transmitted across public network
• Only intended receiver can decrypt it using
  private key

14

• Public key cryptography can also be used for
  authentication
• Sender signs the message with digital signature,
  which is encryption of the message with senders
  private key.
• Recipient verifies the signature through an
  algorithm that includes the message, the
  signature, and the senders public key
• Public and private keys and digital certificates
  are available from certificate authorities such
  as Verisign and Thawte.

15

• Firewalls
• Combine software and hardware to control outside
  access to an entitys telecommunications network
• Software specifies filters controlling entry to
  network
• Can be placed at various levels to block traffic
  to networks or applications
• Choose based on
• Architecture
• Single-layered
• uses only one network host for all firewall
  functions
• Firewall host placed between the internal network
  and Internet
• Multiple layers
• Two or more hosts providing the firewall
  functions
• Combination of inner and outer firewall hosts

16

• Functionality
• Packet filtering routers
• Examines incoming IP message packets according to
  set of filtering rules
• Then forward or rejects the packet
• Application-level firewalls/Proxy servers
• More security than packet filters
• There is never real connection between sender and
  receiver
• Firewall acts as a proxy or substitute to the
  receiver
• Secure but expensive

17

• Intrusion Detection Systems
• Log and monitor activity
• May be included in firewall package or stand
  alone
• Only report an attack but powerless to stop it
• Many types, varying with level of sophistication
• Penetration Testing
• To learn about the logical access vulnerabilities
  in an information system
• Four general penetration testing tools war
  dialing, port scanning, sniffing, password
  cracking

18

• War dialing
• Requires only a phone line, modem and war dialing
  software
• The software will randomly dial phone numbers
  until it locates an open modem connection
• Once connected, the penetration tester will
  attempt to access the network through password
  cracking
• Port scanning
• Hackers and penetration tester scan ports to find
  out which network services a particular system
  provides
• To scan ports, a hacker ping a system by sending
  separate messages to each port
• The message response will tell potential intruder
  which ports are used and which are open
• Disable unused ports that are open

19

• Sniffing
• A program used to capture data transmitted across
  network
• Most common use is for capturing user Ids and
  passwords
• Password crackers
• Guess passwords
• Approaches
• Dictionary -Match password against all terms in
  standard dictionary
• Hybrid
• Modifies dictionary words
• Brutal force - Complex sequences of letter and
  number combinations

20
Auditing Network Security

• Risk assessment and best practices
• Evaluate controls in place are sufficient
  protection
• Benchmark tools
• Windows 2000 Benchmark let users evaluate their
  security settings against the Center for Security
  (CIS) benchmark
• IT audit programs for network security