Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topic 5: Communication and the Internet

Published byAustin Berry Modified over 5 years ago

Similar presentations

Presentation on theme: "Topic 5: Communication and the Internet"— Presentation transcript:

1 Topic 5: Communication and the Internet
Protection Techniques

2 Protecting Against Vulnerabilities
We saw how we can use different tools and techniques to both find and exploit vulnerabilities Either in a network, or through a person If we are the systems administrator for a network, we would need to know how to protect against these ‘attacks’ We have to think about security from The software design/implementation stage All the way to connecting devices together on a network Communication and the Internet: Protection Techniques

3 Communication and the Internet: Protection Techniques
Software Design One of the most vulnerable aspects of a device is the software run on it Depending on what this software will do, we need to take considerations into possible vulnerabilities Will the software require Internet access at all? Will the software require any authentication? Will users have different levels of access? Will the software store any data (sensitive or otherwise)? Communication and the Internet: Protection Techniques

4 Communication and the Internet: Protection Techniques
Software Design Each of these considerations (and others) will require different approaches to make sure They don’t open the software/system up to any exploitation One of the most common ways of this happening is bad programming practices Communication and the Internet: Protection Techniques

5 Communication and the Internet: Protection Techniques
Software Design Most large programming projects will have multiple developers working on it at once While most of the developers may have good programming practices And keep any potential vulnerabilities in mind There may be the few developers that don’t do this They write bad quality code And they don’t bear in mind potential vulnerabilities Communication and the Internet: Protection Techniques

6 Communication and the Internet: Protection Techniques
Software Design The following can be considered bad quality in any code What Why Not including proper, descriptive comments With multiple developers working on a project, descriptive comments (saying why something is happening, not what) help other developers understand what one developer implemented (and what not to change about it) Not including any documentation If writing an API for another developer to use, proper documentation lets them know everything they can and cannot do with the API Not using accepted naming standards If other developers are looking at work someone had done, using naming standards can help them understand whether something is a class, function, or variable Lack of modularisation We use modules (functions and methods) to help keep logical segments of code in short, easy to read, easy to test chunks – this makes creating and testing programs easier, as we only need to understand individual modules (not trying to comprehend a whole program at once) No encryption for sensitive data (like passwords) Any program that stores sensitive data locally, and unencrypted, is a big security vulnerability. Keeping data encrypted means that, even if someone gets hold of that data, they won’t immediately be able to understand the data itself Communication and the Internet: Protection Techniques

7 Security Measures So how we can prevent bad coding practices (and general vulnerabilities) from creeping into programs? We have quite a few options available to us, including the following These also include general security measures for computer/network vulnerabilities as well Code reviews Modular testing Audit trails Using secure operating systems Communication and the Internet: Protection Techniques

8 Security Measures: Code Reviews
A code review is when one (or more) developers look through all the recent changes to a program Usually carried out by more senior developers than the ones who developed the changes They scour through all the changes, and look for any potential bad programming practices Can be a costly procedure (as it can take a lot of time to look through everything) Can be automated (called an automated review) by specialist programs Finds most common problems (and highlights them), but can’t find them all Also fairly expensive, but removes any time costs Communication and the Internet: Protection Techniques

9 Security Measures: Modular Testing
As well as reviewing code regularly, we can test code too Can be carried out after any module has been created Known as modular testing As modules (procedures/functions) are the ‘building blocks’ of a program A problem in a module can affect the whole program We can test any individual module after it has been created to look for potential vulnerabilities Such as leaving memory addresses open for being read Communication and the Internet: Protection Techniques

10 Security Measures: Audit Trails
We can also set up a program in such a way that it logs any processes that it carries out Such as what input was given to it at a certain point Can include timestamps and address information in this log as well Which will include specific IP addresses of devices making requests to the program Including the time those requests were made This is known as an audit trail Communication and the Internet: Protection Techniques

11 Security Measures: Audit Trails
Audit trails aren’t specific to individual programs We can implement them for entire devices as well In this case, the audit trail will contain information about Requests sent to the device (including their protocol and address information) Any changes made on the device (such as adding/removing users) If a cyberattack on a device is successful, audit trail help technicians work out What was attacked What data was retrieved Where the attack came from Communication and the Internet: Protection Techniques

12 Security Measures: Secure Operating Systems
The amount of security we can rely on (when making/using programs) can also depend on the operating system used Some operating systems are designed with different purposes in mind Some are made specifically for network/program security These will be made much harder to ‘attack’ due to the extra security features they may employ When implementing a device (with the intent of public network connectivity), choice of operating system is crucial Communication and the Internet: Protection Techniques

13 Effective Network Security
The final area of protection revolves around the network itself Including the usage of it Keeping a network secure relies on effective management Which includes training all users on the network/user policies Includes keeping software up-to-date (as vulnerabilities are often ‘patched out’ Managers can also setup monitoring software (on the computers and on the firewall) To keep an eye on any incoming/outgoing requests Also to alert managers when something shady happens Communication and the Internet: Protection Techniques

14

Download ppt "Topic 5: Communication and the Internet"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Implications and Security Issues of the Internet By Neelesh Patel.

Implications and Security Issues of the Internet By Neelesh Patel.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Department Of Computer Engineering

Department Of Computer Engineering
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
General Awareness Training

General Awareness Training
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Firewall Technologies Prepared by: Dalia Al Dabbagh - 120090285 Manar Abd Al- Rhman - 120080113 University of Palestine -2010.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
CHAPTER 7 Unexpected Input. INTRODUCTION What is Unexpected Input? Something (normally user-supplied data) that is unexpected happen to an application.

CHAPTER 7 Unexpected Input. INTRODUCTION What is Unexpected Input? Something (normally user-supplied data) that is unexpected happen to an application.
Unit 2 Personal Cyber Security and Social Engineering Part 2.

Unit 2 Personal Cyber Security and Social Engineering Part 2.
Information Systems Design and Development Security Precautions Computing Science.

Information Systems Design and Development Security Precautions Computing Science.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Similar presentations

Ads by Google