Ensuring Network Security Planning Physical Security Data Security –Passwords –Auditing –Encryption Sniffing Firewalls Viruses
Security Planning Unauthorized access Electronic Tampering Theft Intentional damage Unintentional damage
Physical Security Access to hardware –Locked Doors –Locked Cabinets Access to the system console –Screen Passwords –Locked keyboards (removing keyboard) Access to network wiring/switches/routers
Physical Environment Power source Noise sources Air conditioning (temperature control) Dust and smoke Water problems (flood possible?)
Data Security Share Level Security vs. User Level Security Proper passwords –Length –Uncommon names –Use of non alphanumeric characters –Controlled access (Screen/Keyboard Locks) Use of a Routed vs. Flat network architecture Audit use of the system
Windows Security Permissions Full (all of the below) Read Execute Write Delete None (no access)
Auditing Check for: –Logon attempts –Connection to resources –Connection termination –Directory creation, modification, or deletion –Server events and modifications –Password changes
Microsoft Gotchas Microsoft operating systems have a tendency to store passwords on the local hard disk in the Windows registry to save time when logging in to remote services. This can be quite dangerous!
Flat Network User 1: User 2: User 3: Hub Monitor sees some traffic from all 3 users Internet
Routed Network Router Monitor can’t see traffic other than it’s own subnet User 1:Subnet 7 User 2:Subnet 3 User 3:Subnet 6 Monitor on Subnet 1 Internet
Sniffers Sniffer, Snoop, Tcpdump Promiscuous mode Many protocols Interpretation
Login Security Usernames/Passwords may be in plain text over the network security –Netscape/Eudora leave configuration files on each PC. –Webmail is an IMAP interface to a mail server can use SSL for security
Encryption DES (Digital Encryption Standard) Secure Shells Secure Web Pages Pretty Good Privacy –Private Keys –Publics –Signatures
How safe is encryption? 4 character password (alphabetic characters only) cracking time (maybe a minute on a 450mhz computer) 40 bit key (can be cracked in 24hours on a parallel computing system) 128 bit key (probably not able to be cracked in a millennium)
Secure Shell (SSH) Use of encryption based on keys/certificates Block undesired hosts from accessing All data on the wire is encrypted Can be used for interactive communication and copying files
Secure Web Sites Keys/Cookies –New key/encryption code for each access Encryption of data over the wire Keep track of trusted hosts that access the site.
Pretty Good Privacy Encryption of keys –40 bit –128 bit Creating your authenticated signature Your key ring Submitting your public key to a database and PGP
PGP System PGP User 1 International Database PGP Private key Public keys Message can be entirely encrypted or just the signature can be encrypted. User 2 Key Ring Data
Firewalls Purpose Disadvantages –Slowdown of packets –Inconvenient for users Advantages –Slows down hacking attempts –Limits incoming traffic –Overcomes IP number limitations (NAT)
Firewalls (cont.) Setup –Addressing –Name Service –Reuse of IP numbers inside the firewall (NAT) Proxies – –Web –FTP
Viruses/Trojans/Macros Viruses spread by: –floppies –downloaded files – Viruses are removed by: –Deleting the affected file –Running a virus scanning/cleaning program
Companion Viruses Looks like a real program (WORD.EXE) Make replace a logon program and grab usernames/passwords Usually renames the actual executable and calls that executable from the bogus program.
Macro Viruses The virus infects the Macro definitions of a program (like Microsoft Word) and then infects every document created by the original program. These viruses are difficult to detect because they haven’t infected an executable program.
Polymorphic Viruses These change appearance every time they replicate. They may even change each time the computer is rebooted. Since they change frequently, virus checkers have a hard time determining a pattern or fingerprint of the virus.
Stealth Virus These hide from detection They may use hidden files or may modify the operating system so a standard directory scan doesn’t show the virus file. They also return false information to virus checkers.
Trojans Trojan Horses –Look like a benign game or program –After a period of time they execute the virus Some may be cleaned with virus protection software. Some masquerade as Windows programs and removal will crash the system
Back Doors Provide access to system through published, unused, or unpublished ports. Sometimes are put there by programmers, engineers, or hackers They are hard to protect against unless you can find their access port and firewall protect against it.
Virus Consequences Can’t boot Data is scrambled or unreadable Erratic or slow operation of the computer Excessive disk activity Disk drive is erased or data is lost. Disk is reformatted
Virus Protection Test each disk write for a particular pattern unique to the virus Test for writes to the disk boot block Test for code that might access PC hardware Scan files for virus patterns
D.O.S. Attacks Denial of Service Flood of useless packets/data Hard/Impossible? To track Good example of distributed computing Can a firewall protect the network?
Virus Use innocent messages as the transport. Grab address book entries to spread Infect critical windows programs The user doesn’t know he is infecting others Can be prevented by using front end scanners.
Backups What kind of backup system should we use? Even a fault tolerant disk system can fail! Always back up Rotate several copies of backups in case one tape is unreadable Check the backups to see if they are readable Store the tapes or removable media in a safe place
Backup Strategy Full Backup Incremental Backup Copy Daily Copy Logging –Date, tape-set number, type, which computer
UPS Handles short duration power failures Can alert the operator of power failure Decide how long the UPS needs to power the system Does the server display or printer need to be on? How much power does the server need (load)? Does the UPS have an RS232 control port? Life span of the UPS battery(ies)
RAID! Redundant Array of Independent Disks RAID 0 –Disk Striping –No fault tolerance RAID 1 –Disk Mirroring –High Disk Overhead (2-2GB disks=2GB) –High Write overhead (write to both disks)
MORE RAID! RAID 5 –disk striping –parity blocks –Requires at least 3 disk drives –Can improve disk performance –lose and replace 1 disk drive and no data is lost –overhead is 1/N n=number of disks, 5 10GB disks = 40 GB storage RAID 10 –Mirrored across 2 identical RAID 0 disk arrays
Hot Fixing Identify a bad sector Move the data to a free good sector Mark the bad sector Update the file allocation tables
Disaster Recovery Prevention –What can I control? –What is the best method? –Keep updating your prevention methods –Keep up on maintenance –Training!
Disaster Preparation Plan ahead Use fault tolerance equipment Maintain backups Test your preparation plan!