Protection Mechanisms in Security Management - Bryan M Keller COSC 481

Introduction Technical controls alone cannot ensure a secure IT environment Technical security mechanisms: Access controls Firewalls Dial-up protection Intrusion detection systems Scanning and analysis tools Encryption systems

Sphere of Security

Access Control Devices Confirming identity of entity accessing a logical or physical area (authentication) Determining which actions that entity can perform in that physical or logical area (authorization)

Authentication Definition: Proof that a user is indeed the person of entity requesting authorized access to a system or facility Authentication Mechanisms: Something you know Password Something you have Card, Key, or Token Something you are Biometrics Something you produce Signature Recognition or Voice Recognition

Authorization Definition: Permission by the proper authority to access, update, or delete the contents of an information asset.

Firewalls Definition: Any device that prevents a specific type of information from moving between two networks 1st generation: Packet filtering. Filter packets based on header information 2nd generation: Application-level Secondary filtering system (proxy server) 3rd generation: Stateful inspection Uses a state table to track every network connection 4th generation: Dynamic packet filtering firewall Understands protocol functions. Allows packets based on specific information

Firewall Best Practices Allow all internal traffic out. Do not allow direct access to firewall from public network Allow all SMTP data to pass through Deny all ICMP data Block telnet access to internal servers from public network

Dial-Up Protection Dial-up connections are less sophisticated than other types of Internet connections Username/Password only means of authentication

RADIUS and TACACS Systems that authenticate credentials of users trying to access a network via a dial-up connection Remote Authentication Dial-In User Service (RADIUS) Terminal Access Controller Access Control System (TACACS)

Intrusion Detection Systems Definition: Devices that inspect data communication flows to identify patterns that may indicate that hacking is underway Configured to notify administrators Require complex configurations Network based or Host based Signature based or Statistical anomaly based

Signature Based/Statistical Anomaly Based IDS Examines data traffic for something that matches signatures which comprise preconfigured, predetermined attack patterns Statistical Anomaly Based Periodically samples network activity, based on statistical methods and compares these samples to a baseline

Scanning and Analysis Tools Scanning and analysis tools can find vulnerabilities in systems, holes in security components, and other unsecured aspects of the network Port Scanners Identify active computers on a network and active ports and services on those computers Vulnerability Scanners Scan networks for detailed information such as usernames, open network shares, and other configuration problems Packet Sniffers Network tool that collects and analyzes packets on a network Content Filters Allow administrators to restrict content that comes into a network

Encryption Systems Encryption Types of Encryption: Process of converting original message into a form that cannot be understood by unauthorized individuals Types of Encryption: Symmetric Encryption Asymmetric Encryption

Symmetric Encryption A single secret key is used to encrypt and decrypt the message

Asymmetric Encryption Uses two different keys. Either key can be used to encrypt or decrypt message. If Key A is used to encrypt message, then only Key B can decrypt it

Summary Introduction Access controls Firewalls Dial-up protection Intrusion detection systems Scanning and analysis tools Encryption systems

References Whitman, M, & Mattord, H (2004). Management of Information Security. Canada: Thomson Learning, Inc.