Presentation is loading. Please wait.

Presentation is loading. Please wait.

ATS 7 - 1 The Art of Tech Support John Abbott College InfoSec for Tech Support -- Part 2 M. E. Kabay, PhD, CISSP Director of Education, NCSA President,

Similar presentations


Presentation on theme: "ATS 7 - 1 The Art of Tech Support John Abbott College InfoSec for Tech Support -- Part 2 M. E. Kabay, PhD, CISSP Director of Education, NCSA President,"— Presentation transcript:

1 ATS 7 - 1 The Art of Tech Support John Abbott College InfoSec for Tech Support -- Part 2 M. E. Kabay, PhD, CISSP Director of Education, NCSA President, JINBU Corp Copyright © 1997 JINBU Corp. All rights reserved

2 ATS 7 - 2 More about InfoSec... l DPMRP l Levels of InfoWar l Defences

3 ATS 7 - 3 DPMRP l Disaster Prevention, Mitigation and Recovery Planning – prevent: good security, planning reduces likelihood of incident – mitigation: minimize consequences of incident – recovery: get back in business as fast as possible given resources available – planning: think, discuss, argue and test before the incident, not during the incident l AKA Business Resumption Planning or BRP; also Disaster Recovery Planning = DRP

4 ATS 7 - 4 VIDEO: When Disaster Strikes Commonwealth Films Boston, MA Take detailed notes on the following video and submit a one-page or longer summary of the key points you learned. Submit your report as part of your homework. 4

5 ATS 7 - 5 Schwartaus Levels of Infowar Schwartau, W. (1994). Information Warfare: Chaos on the Electronic Superhighway. Thunder's Mouth Press (New York). ISBN 1- 56025-080-1. 432 pp. Index. Second edition (1996) has +400 pp extra stuff l Level I: Interpersonal l Level II: Intercorporate l Level III: International 5

6 ATS 7 - 6 Level I Infowar: Interpersonal Cyberspace shadow vulnerable l Invasion of privacy l Impersonation l Interference 6

7 ATS 7 - 7 Level I: Privacy l Snooping through files & e-mail l Shopping data for market research – Supermarket – Video store l Medical information l SIN / SSN allow correlation of databases – link many sources of info – credit ratings, DMV – violation to request SIN / SSN unless bank / govt 7

8 ATS 7 - 8 Level I: Impersonation l In cyberspace – Fraudulent e-mail; e.g., Texas A&M prof – Pseudonymous on-line chat; e.g., paedophiles l In realspace – Stealing dial tone using wireless phone – Stealing identity; e.g., movie The Net 8

9 ATS 7 - 9 Level I: Interference l Phones – Billing hospital phones to victims home # – Forwarding church calls to brothel – Disconnections – Turning home phone into pay phone l Credit profiles – Fraudulent entries – Deleting files l Credit card numbers – Neighbourwood Watch with a difference – Toronto CN Tower merchants + accountant – Organized crime – BBS 9

10 ATS 7 - 10 Level II Infowar: Intercorporate l Industrial espionage l Theft l Sabotage 10

11 ATS 7 - 11 Level II: Espionage l American Airlines spill tables to Northwest Airlines l GM Opel plans to Volkswagen l IBM plans to Hitachi l Britannica subscription lists 11

12 ATS 7 - 12 Level II: Theft l ATM Fraud – Hartford, CT l Phone fraud – U$2-8 billion / year 12

13 ATS 7 - 13 Level II: Sabotage l Virgin Airways sues British Airways l Consultants leave logic bombs in client code l Moles – hired by MCI in Carey, NC – installed a hardware network analyzer – captured 50,000 calling card IDs from MCI, Sprint, AT&T l 21 criminals in Europe – sold calls cheap – U$140M of calls 13

14 ATS 7 - 14 Level III: International Governments accused by US analysts of engaging in infowar: l France l Japan l Russia l China l South Korea l Israel l Sweden l Switzerland l Canada (!) l New Zealand 14

15 ATS 7 - 15 Level III: Terrorists l Immediate damage potential – World Trade Center: most damage to business not building – Phone grid – Air traffic control – Stock exchange l Long-term damage potential – random errors in software and data – fraudulent e-mail causing stock market disruption – spamming the Internet to saturate bandwidth 15

16 ATS 7 - 16 Civil Defence in Cyberspace l Learn about technology and issues l Set corporate policies to support internal security l Set national security priorities to include security in cyberspace l Joint civilian/military/police cooperation l Mandatory reporting of security breaches l Otherwise..... 16

17

18 ATS 7 - 18 Defences l Hardware inventories, locks and network management l Network anti-virus software l Software license and version management l Secure data channels l Workstation audit trails l Centralized backup tools l Password tokens l Single logon l Encryption

19 ATS 7 - 19 Hardware Management l Manual inventories l Locks l Network management software; e.g., – Lan Support Group Bindview – Frye Computer Systems LAN Directory – Symantec Corp Norton Administrator for Networks – Microcom Inc LANlord – Blue Lance LT Auditor NLM

20 ATS 7 - 20 Workstations and Network Anti-Virus Tools l Signature-based – files of characteristic assembly code or ASCII strings – must be updated constantly l Generic or heuristic – look for types of code or behaviour pathognomic for viruses l Heterogeneous – scan for PC or MAC viruses on UNIX or Netware servers l See NCSA Web pages for hot links to many AV vendors (http://www.ncsa.com)

21 ATS 7 - 21 Software License Improvements l Tier-pricing l Software Metering – GradientNetwork Licensing System (NLS) w/ HP – OSF (Open Software Foundation) Novell Many UNIX – Microsoft: License Service Application Programming Interface

22 ATS 7 - 22 Secure Data Channels l New secure versions of LAN OS; e.g., – Novell Netware 4.0 l Add-on components; e.g., – Fibermux Corp FX709 bridge for Ethernet – Security Dynamics ACE/Server l Encrypting modems; e.g., – Centel Federal Systems Tel/Assure – Millidyne Inc Auditor l Secure transactions over Web; e.g., – Secure Sockets Layer (SSL)

23 ATS 7 - 23 Workstation Audit Trails Who did what when to which files and records? l TSRs l Configurability l Reporting capabilities l Encrypted audit trails

24 ATS 7 - 24 Workstation Audit Trails (contd) l Netware-specific tools include – Network Management Inc LANtrail – Blue Lance Inc LT Auditor l More generic: – Connect Computer Co Lanscope – Saber Software Corp Saber Meter

25 ATS 7 - 25 Centralized Backup l Automatic control of backup l Portable units a problem l Tools available; – e.g., for Netware: Connor HSM (Hierarchical Storage Management) Systems Enhancement Total Network Recall – for UNIX: SyntaxTotalBackup

26 ATS 7 - 26 Password Tokens 14:27 Enter ID: A32H7296Q*3

27 ATS 7 - 27 Password Tokens 14:27 Enter ID: G674$2 A32H7296Q*3

28 ATS 7 - 28 Password Tokens 14:27 Enter ID: G674$2 Enter PW: A32H7296Q*3

29 ATS 7 - 29 Password Tokens 14:27 Enter ID: G674$2 Enter PW: A32H7296Q*3 A32H7296Q*3

30 ATS 7 - 30 Password Tokens 14:27 Enter ID: G674$2 Enter PW: A32H7296Q*3 * Valid * A32H7296Q*3

31 ATS 7 - 31 Password Tokens 14:27 Enter ID: G674$2 Enter PW: A32H7296Q*3 * Valid * 14:28 A32H7296Q*3 8N27^#11929

32 ATS 7 - 32 Password Tokens 14:27 Enter ID: G674$2 Enter PW: A32H7296Q*3 * Valid * 14:28 Enter ID: 8N27^#11929

33 ATS 7 - 33 Password Tokens 14:27 Enter ID: G674$2 Enter PW: A32H7296Q*3 * Valid * 14:28 Enter ID: G674$2 Enter PW: 8N27^#11929

34 ATS 7 - 34 Password Tokens 14:27 Enter ID: G674$2 Enter PW: A32H7296Q*3 * Valid * 14:28 Enter ID: G674$2 Enter PW: A32H7296Q*3 8N27^#11929

35 ATS 7 - 35 Password Tokens 14:27 Enter ID: G674$2 Enter PW: A32H7296Q*3 * Valid * 14:28 Enter ID: G674$2 Enter PW: A32H7296Q*3 * Invalid * 8N27^#11929

36 ATS 7 - 36 Password Tokens (contd) l Passive l Challenge/response l Cryptographically sound l Universally-portable algorithms l Physically secure l E.g., Security Dynamics SecurID Card

37 ATS 7 - 37 Single Logon Problem: authentication on multiple systems across network Give me your password!

38 ATS 7 - 38 Single Logon Problem: authentication on multiple systems across network Give me your password! Now give me a completely different password! *$%?(@#)!

39 ATS 7 - 39 Single Logon (contd) l People have trouble with multiple passwords l Password policies vary (length, composition, aging) l Having to enter many passwords slows down work l Passwords transmitted across network are subject to sniffing l Solution is complex but possible (e.g., Kerberos)

40 ATS 7 - 40 Encryption l Symmetric – e.g., DES l Asymmetric – e.g., PKC

41 ATS 7 - 41 Encryption: DES l Data Encryption Standard – example of symmetric encryption algorithm Cleartext Key: 7dhHG0(Jd*/89f-0ejf-pt2@... ENCRYPT Ciphertext Key: 7dhHG0(Jd*/89f-0ejf-pt2@... DECRYPT Cleartext

42 ATS 7 - 42 Encryption: PKC l Public Key Cryptosystem – example of asymmetric encryption Cleartext Key: 7dhHG0(Jd*/89f-0ejf-pt2@... ENCRYPT Ciphertext Key: fu3f93jgf912=kjh#1sdfjdh1&... DECRYPT Cleartext

43 ATS 7 - 43 Encryption: PKC (contd) PGP is an example of the PKC l Key generation produces 2 keys l Each can decrypt the ciphertext produced by the other l One is defined as public l Other is kept as private l Can easily send a message so only the desired recipient can read it: – encrypt using the _______________s _______________ key – decrypt using the _______________s _______________ key

44 ATS 7 - 44 Encryption: PKC (contd) l Signing a document using PKC This is the original text. Create message hash and encrypt only hash with private key. 83502758 Unencrypted hash of msg This is the original text. 8u3ofdjgh djc9d_j3$ Encrypted hash of msg

45 ATS 7 - 45 This is the original text. 8u3ofdjgh djc9d_j3$ Encrypted hash of msg Encryption: PKC (contd) l Verifying the signature using PKC Create message hash and decrypt only hash with public key… 83502758 Unencrypted hash of msg 83502758 Newly computed hash of msg... and now compare the two hashes

46 ATS 7 - 46 Encryption: PGP Demo Watch as your instructor demonstrates the actions of PGP (ViaCrypt commercial version 4.0) and take notes on what you see and learn. l Signing a document with a private key l Validating a signature with a public key l Effect of a single-byte change on validity of a digital signature l Encrypting a document using a public key l Decrypting a document using a private key l Effect of a single-byte change on decryption

47 ATS 7 - 47 People Are Fundamental l Most expensive security equipment worthless without cooperation of users l Need Information Security Officer(s) l Proper technical training for InfoSec staff & Information Technology group l Well-reasoned security policies a must l Security awareness training for all employees l Security awarness reminders all the time l Security monitoring, reward, punishment l Support for refusing to break policies or commit illegal acts

48 ATS 7 - 48 National Computer Security Association l Membership organization l Monthly NCSA News l Conferences (12/yr) l CompuServe NCSA FORUMS (3) l Anti-virus phone support

49 ATS 7 - 49 National Computer Security Association l Security audits l InfoSec awareness and training programs l Computer Ethics and Responsibility Campaign l Carlisle, PA: 717-258-1816 l Infobot: any e-mail to info@ncsa.com l Web site: http://www.ncsa.com

50 ATS 7 - 50 Homework: Readings l Read and make notes on the extract from The NCSA Guide to Information Security on Information Warfare l Answer all the review questions from the instructor l Submit your chapter summary, video summary, notes on demonstration and review questions after the quiz at the start of lecture 8


Download ppt "ATS 7 - 1 The Art of Tech Support John Abbott College InfoSec for Tech Support -- Part 2 M. E. Kabay, PhD, CISSP Director of Education, NCSA President,"

Similar presentations


Ads by Google