Presentation is loading. Please wait.

Presentation is loading. Please wait.

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Published byStephen Holmes Modified over 6 years ago

Similar presentations

Presentation on theme: "MANAGEMENT of INFORMATION SECURITY, Fifth Edition"— Presentation transcript:

1 MANAGEMENT of INFORMATION SECURITY, Fifth Edition

2 Intrusion Detection and Prevention Systems
Management of Information Security, 5th Edition, © Cengage Learning

3 Intrusion Detection and Prevention Systems
IDPSs combine tried-and-true detection methods from intrusion detection systems (IDSs) with the capability to react to changes in the environment, which is available in intrusion prevention technology As most modern technology in this category has the capability both to detect and prevent, the term IDPS is generally used to describe the devices or applications Management of Information Security, 5th Edition, © Cengage Learning

4 Intrusion Detection and Prevention Systems (IDPS)
When an IDPS detects a violation it activates the alarm, which can be audible and visible (noise and lights), or it can be a silent alarm that sends a message to a monitoring entity Systems that include intrusion prevention technology attempt to prevent the attack from succeeding by one of the following means: Stopping the attack by terminating the network connection or the attacker’s user session Changing the security environment by reconfiguring network devices (firewalls, routers, and switches) to block access to the targeted system Changing the attack’s content to make it benign—for example, by removing an infected file attachment from an before the reaches the recipient Management of Information Security, 5th Edition, © Cengage Learning

5 Management of Information Security, 5th Edition, © Cengage Learning
IDPSs All IDPSs require complex configurations to provide the appropriate level of detection and response These systems are either network based to protect network information assets, or they are host based to protect server or host information assets IDPSs use one of two detection methods: signature based or statistical anomaly based Management of Information Security, 5th Edition, © Cengage Learning

6 Management of Information Security, 5th Edition, © Cengage Learning
IDPS Management of Information Security, 5th Edition, © Cengage Learning

7 Management of Information Security, 5th Edition, © Cengage Learning
Host-Based IDPS A host-based IDPS works by configuring and classifying various categories of systems and data files Unless the IDPS is very precisely configured, benign actions can generate a large volume of false alarms During times of routine operation, the system will provide alerting for only a few urgent reasons and will provide recording only for exceptions. Host-based IDPSs can monitor multiple computers simultaneously Management of Information Security, 5th Edition, © Cengage Learning

8 Management of Information Security, 5th Edition, © Cengage Learning
Network-Based IDPS Network-based IDPSs monitor network traffic and, when a predefined condition occurs, notify the appropriate administrator The network-based IDPS looks for patterns of network traffic Network IDPSs must match known and unknown attack strategies against their knowledge base to determine whether an attack has occurred These systems yield many more false-positive readings than do host-based IDPSs, because they are attempting to read the network activity pattern to determine what is normal and what is not Management of Information Security, 5th Edition, © Cengage Learning

9 Management of Information Security, 5th Edition, © Cengage Learning
Signature-Based IDPS A signature-based IDPS or knowledge-based IDPS examines data traffic for something that matches the signatures, which comprise preconfigured, predetermined attack patterns The problem with this approach is that the signatures must be continually updated, as new attack strategies emerge Another weakness of this method is the time frame over which attacks occur If attackers are slow and methodical, they may slip undetected through the IDPS, as their actions may not match a signature that includes factors based on duration of the events Management of Information Security, 5th Edition, © Cengage Learning

10 Management of Information Security, 5th Edition, © Cengage Learning
Anomaly-Based IDPS The anomaly-based IDPS or behavior-based IDPS first collects data from normal traffic and establishes a baseline It then periodically samples network activity and compares the samples to the baseline When the activity falls outside the baseline parameters (or clipping level), the IDPS notifies the administrator The advantage of this approach is that the system is able to detect new types of attacks, as it looks for any type of abnormal activity Unfortunately, these IDPSs require significant processing capacity as they must constantly attempt to match activity to the baseline In addition, they may not detect minor changes to system variables and may generate many false-positive warnings Management of Information Security, 5th Edition, © Cengage Learning

11 Management of Information Security, 5th Edition, © Cengage Learning
Managing IDPSs Just as with any alarm system, if there is no response to an alert, then an alarm does no good IDPSs must be configured using technical knowledge and adequate business and security knowledge to differentiate between routine circumstances and low, moderate, or severe threats A properly configured IDPS can translate a security alert into different types of notification A poorly configured IDPS may yield only noise Management of Information Security, 5th Edition, © Cengage Learning

12 Management of Information Security, 5th Edition, © Cengage Learning
Managing IDPSs Most IDPSs monitor systems by means of agents, software that resides on a system and reports back to a management server A valuable tool in managing an IDPS is the consolidated enterprise manager, software that allows the security professional to collect data from multiple host- and network-based IDPSs and look for patterns across systems and sub-networks, collecting responses from all IDPSs used to identify cross-system probes and intrusions Management of Information Security, 5th Edition, © Cengage Learning

13 Remote Access Protection
An attacker who suspects that an organization has dial-up lines can use a device called a war-dialer to locate the connection points Dial-up connections are usually much simpler and less sophisticated than Internet connections For the most part, simple user name and password schemes are the only means of authentication Management of Information Security, 5th Edition, © Cengage Learning

14 Management of Information Security, 5th Edition, © Cengage Learning
RADIUS and TACACS RADIUS and TACACS are systems that authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection Typical dial-up systems place the authentication of users on the system connected to the modems A Remote Authentication Dial-In User Service (RADIUS) system centralizes the management of user authentication by placing the responsibility for authenticating each user in the central RADIUS server Management of Information Security, 5th Edition, © Cengage Learning

15 Management of Information Security, 5th Edition, © Cengage Learning
RADIUS and TACACS When a remote access server (RAS) receives a request for a network connection from a dial-up client, it passes the request along with the user’s credentials to the RADIUS server; RADIUS then validates the credentials The Terminal Access Controller Access Control System (TACACS) works similarly and is based on a client/server configuration Management of Information Security, 5th Edition, © Cengage Learning

16 Management of Information Security, 5th Edition, © Cengage Learning
RADIUS Configuration Management of Information Security, 5th Edition, © Cengage Learning

17 Managing Dial-Up Connections
Organizations that continue to offer dial-up remote access must deal with a number of thorny issues: Determine how many dial-up connections the organization has Control access to authorized modem numbers Use call-back whenever possible Use token-based authentication if at all possible Management of Information Security, 5th Edition, © Cengage Learning

18 Wireless Networking Protection
Most organizations that make use of wireless networks use an implementation based on the IEEE protocol The size of a wireless network’s footprint depends on the amount of power the transmitter/receiver wireless access points (WAPs) emit Sufficient power must exist to ensure quality connections within the intended area, but not so much as to allow those outside the footprint to receive them Management of Information Security, 5th Edition, © Cengage Learning

19 Wireless Networking Protection
War driving is moving through a geographic area or building, actively scanning for open or unsecured WAPs Two most common encryption protocols used to secure wireless networks are: Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) Management of Information Security, 5th Edition, © Cengage Learning

20 Wired Equivalent Privacy (WEP)
Provides a basic level of security to prevent unauthorized access or eavesdropping Like a traditional wired network, does not protect users from observing each others data Has several fundamental cryptological flaws, resulting in vulnerabilities that can be exploited, which led to replacement by WPA Management of Information Security, 5th Edition, © Cengage Learning

21 Wi-Fi Protected Access (WPA)
WPA is an industry standard, created by the Wi-Fi Alliance IEEE i has been implemented in products such as WPA2 which introduced newer, more robust security protocols based on the Advanced Encryption Standard WPA and WPA2 provide increased capabilities for authentication, encryption, and throughput WPA and WPA2 have some compatibility issues with older WAPs and network cards Both WPA and WPA2 can use an IEEE 802.1X authentication server, similar to RADIUS servers Management of Information Security, 5th Edition, © Cengage Learning

22 Management of Information Security, 5th Edition, © Cengage Learning
WiMAX The next generation of wireless networking is WiMAX, or Wireless-MAN, essentially an improvement on the technology developed for cellular telephones and modems WiMAX, developed as part of the IEEE standard, is a certification mark or stamp of approval that stands for “Worldwide Interoperability for Microwave Access” Management of Information Security, 5th Edition, © Cengage Learning

23 Management of Information Security, 5th Edition, © Cengage Learning
Bluetooth Bluetooth is a de facto industry standard for short range (approx 30 ft) wireless communications between devices The Bluetooth wireless communications link can be exploited by anyone within range, unless suitable security controls are implemented In discoverable mode devices can easily be accessed Even in nondiscoverable mode, the device is susceptible to access by other devices that have connected with it in the past Management of Information Security, 5th Edition, © Cengage Learning

24 Management of Information Security, 5th Edition, © Cengage Learning
Bluetooth By default Bluetooth does not authenticate connections, but it does implement some degree of security when devices access certain services like dial-up accounts and local area file transfers The only way to secure Bluetooth enabled devices is to: 1) turn off Bluetooth when you do not intend to use it and 2) do not accept an incoming communications pairing request unless you know who the requestor is Management of Information Security, 5th Edition, © Cengage Learning

25 Managing Wireless Connections
It is possible to restrict access to the network to a preapproved set of wireless network card MAC addresses One of the first management requirements is to regulate the size of the wireless network footprint by adjusting the placement and strength of the WAPs Select WPA or WPA2 over WEP Protect pre-shared keys Management of Information Security, 5th Edition, © Cengage Learning

Download ppt "MANAGEMENT of INFORMATION SECURITY, Fifth Edition"

Similar presentations

Network Security.

Network Security.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Department Of Computer Engineering

Department Of Computer Engineering
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Wireless Versus Wired Network Components By: Steven R. Yasoni & Dario Strazimiri.

Wireless Versus Wired Network Components By: Steven R. Yasoni & Dario Strazimiri.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
OV 12 - 1 Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV 12 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Protection Mechanisms

Protection Mechanisms
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Lecture 24 Wireless Network Security

Lecture 24 Wireless Network Security

Similar presentations

Ads by Google