Networks and Security - PowerPoint PPT Presentation

1 / 45
About This Presentation
Title:

Networks and Security

Description:

Networks and Security A Series of Lectures, Outlining: How Networks affect Security of a system Security of System Security of Network Security of Organisation – PowerPoint PPT presentation

Number of Views:151
Avg rating:3.0/5.0
Slides: 46
Provided by: Brian1004
Category:

less

Transcript and Presenter's Notes

Title: Networks and Security


1
Networks and Security
  • A Series of Lectures, Outlining
  • How Networks affect Security of a system
  • Security of System
  • Security of Network
  • Security of Organisation
  • Secure vs Trustworthy
  • Attack Vulnerabilities
  • Web references and Bibliography

Eur Ing Brian C Tompsett University of Hull
2
Networking PrinciplesRevision
  • ISO 7 Layer Model
  • Names and function of layers
  • Layer interconnect terminology

3
Internet Basics Revision
  • IP Addresses (and registrars)
  • 150.237.92.11
  • 192.168.0.1
  • Domain Names (and registrars)
  • www.dcs.hull.ac.uk
  • on.to / i.am / name.is
  • Services/Sockets
  • http port 80

4
ISO 7 Layer Model
HTTP/FTPSMTP


Network
Datalink
Physical
Application
Presentation


Network
Datalink
Physical
Message
Application
Presentation
Gateway Proxy/Relay
Session
Transport
Session
Transport
Segment
TCP/UDP
NAT/ICS/Proxy
Packet Datagram
IP
Router
PPP/SLIP Ethernet
Frame Datagram
Switch/Bridge
10BaseT ADSL
PTU
Hub/Repeater
5
Internet The Movie
  • Animation covering salient points
  • It has some factual error
  • Can you spot them?
  • First Mention of Firewalls
  • Covered later

6
(No Transcript)
7
Summary
  • Overall Networking Architecture
  • Role of Layers Layer Interface
  • Internet Protocols
  • Network Interconnections
  • Any further revision?

8
2
9
What is it for?
  • What is the purpose of
  • Trustworthy Computing?
  • Computer Security?
  • Information Security?

10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
Information Security Model
  • Entities Protection
  • Environment Protection
  • Organisation Protection
  • Infrastructure Protection
  • Activity Protection
  • Procedure level Protection
  • Data Protection

14
Security 7 Layer Model
Contact


Activity
Procedures
Data
Entities
Environment


Activity
Procedures
Data
Entities
Environment
Relationship
Business
Contract
Organisation
Infrastructure
Connection
Organisation
Infrastructure
Exchange
Exchange
Gateway
Document
Language
Packet
Protocol
Information
Translation
15
Entities
  • Objects being manipulated by the system
  • Entities can be active or passive
  • Data about entities is being protected
  • Entities can be People, Organisations or Objects
  • Entities themselves encompass other entities
    Collection or Containment
  • Security involves
  • Physical Changes Commissioning
  • Operational Procedure What they do
  • Structure Interrelations

16
Environment
  • The restrictions on entities
  • Can act to limit or constrain security or freedom
    of action
  • Legislation, Regulation, Ethics
  • Technical Capability, Resource Limitation
  • Compatibility, Standards, Procedures
  • Physical Limitation

17
Organisation
  • The Mechanism by which operations a performed
  • The Organisation within the environment

18
Infrastructure
  • That which enables activities
  • The physical components which may or may not be
    entities in their own right

19
Activity
  • The tasks which process the data
  • Usually a business activity
  • Could be a software Application

20
Procedure
  • The component steps that enable an activity
  • Can be software components or human procedures

21
Data
  • The actual data about entities
  • The goal of a security breach
  • Protected by
  • Cryptography
  • Integrity

22
Security Models
  • ISO 17799
  • ISO 27001 ISO 27000 series
  • SABSA
  • Sherwood Applied Business Security Architecture
  • Based on Zachman IS Framework
  • Financial Security Model

23
SABSA Model
24
Financial Security Model
  • Finance
  • Applications for financial users, issuers of
    digital value, trading and market operations
  • Value
  • Instruments that carry monetary value
  • Governance
  • Protection of the system from non-technical
    threats
  • Accounting
  • Value within defined places
  • Rights
  • An authentication concept moving value between
    identities
  • Software Engineering
  • Tools to move instructions over the net
  • Cryptography
  • Sharing truths between parties

25
ISO 17799
  • Security Policy
  • Organisation of Information Security
  • Asset Management
  • Human Resources Security
  • Physical and Environmental Security
  • Communications and Operational Management
  • Access Control
  • Systems Development, Acquisition, Maintenance
  • Security Incident Management
  • Business Continuity Management
  • Compliance

26
ISO 17799
27
Network Security Model
  • Personal Protection
  • Organisation Protection
  • Network Protection
  • System Protection
  • Application Protection
  • Code level Protection
  • Data Protection

28
(No Transcript)
29
(No Transcript)
30
(No Transcript)
31
Security 7 Layer Model
Contact


Application
Procedures
Data
Person
Organisation


Application
Procedures
Data
Person
Organisation
Relationship
Business
Contract
Infrastructure
Systems
Connection
Infrastructure
Systems
Exchange
Exchange
Gateway
Document
Language
Packet
Protocol
Information
Translation
32
Activity
Object
Static
Dynamic
33
Personal Protection
  • Personal Security
  • Locking Doors, Staying Safe
  • Personal Data Protection
  • Giving out DOB, Credit Card, Family info
  • Securing Access to your Computer
  • Personal Security Policy for all
  • Protect others personal security

34
Organisation Protection
  • Organisation / Institution / Company
  • A Holistic View
  • Corporate Image
  • Make public only what required
  • Hide internal structure information
  • Window Door into Organisation
  • Manages Input Output

35
Doors and Windows
  • Decide What Services are available
  • Web servers, ftp, email
  • Which hosts on which networks
  • Which domains used
  • On which IP nets
  • Hosted by whom
  • What registration information
  • Names, addresses phone numbers

36
SMTP
WWW
Internet
FTP
Gateway
Outside
Inside
37
Network Protection
  • Protect Network as entity/resource
  • Manage permitted traffic flow
  • Manage authorised use
  • Architect the Network - zoning
  • Firewalling

38
Network Architecture
  • Proper use of Subnets and domains
  • Limit traffic to local segments
  • Use Bridges/Switches/Routers/Proxies
  • Prevent data and authority leaks

39
What to Firewall?
  • Certain Protocols netBios
  • Certain Responses ping/traceroute
  • Certain Applications Real/IRC
  • Certain Systems/Networks
  • Control Port/Host combinations
  • Email Port/25, HTTP Port/80, FTP Port/21
  • Rate Limit
  • Denial of Service/Scanners

40
System Protection
  • Protect each system from misuse
  • Incoming Outgoing!
  • Control Which Services Run
  • http//support.microsoft.com/?kbid832017
  • Virus checkers

41
Application Protection
  • Specific Application Configuration
  • Parental Controls of Web Browsers
  • Domain/IP blockers
  • Spam filters
  • Control file/device exports

42
Code Level Protection
  • Writing Secure Code
  • Even on secured system
  • Bad Code compromises security
  • Hence software updates

43
Data Protection
  • Hiding the Data
  • Cryptography
  • Data Transience
  • Data Integrity

44
3
45
Forms of Attack
  • Denial of Service
  • Input Data Attack
  • Spoofing
  • Sniffing
  • Social Engineering
Write a Comment
User Comments (0)
About PowerShow.com