Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topic 5: Communication and the Internet

Similar presentations


Presentation on theme: "Topic 5: Communication and the Internet"— Presentation transcript:

1 Topic 5: Communication and the Internet
Protection Techniques

2 Protecting Against Vulnerabilities
We saw how we can use different tools and techniques to both find and exploit vulnerabilities Either in a network, or through a person If we are the systems administrator for a network, we would need to know how to protect against these ‘attacks’ We have to think about security from The software design/implementation stage All the way to connecting devices together on a network Communication and the Internet: Protection Techniques

3 Communication and the Internet: Protection Techniques
Software Design One of the most vulnerable aspects of a device is the software run on it Depending on what this software will do, we need to take considerations into possible vulnerabilities Will the software require Internet access at all? Will the software require any authentication? Will users have different levels of access? Will the software store any data (sensitive or otherwise)? Communication and the Internet: Protection Techniques

4 Communication and the Internet: Protection Techniques
Software Design Each of these considerations (and others) will require different approaches to make sure They don’t open the software/system up to any exploitation One of the most common ways of this happening is bad programming practices Communication and the Internet: Protection Techniques

5 Communication and the Internet: Protection Techniques
Software Design Most large programming projects will have multiple developers working on it at once While most of the developers may have good programming practices And keep any potential vulnerabilities in mind There may be the few developers that don’t do this They write bad quality code And they don’t bear in mind potential vulnerabilities Communication and the Internet: Protection Techniques

6 Communication and the Internet: Protection Techniques
Software Design The following can be considered bad quality in any code What Why Not including proper, descriptive comments With multiple developers working on a project, descriptive comments (saying why something is happening, not what) help other developers understand what one developer implemented (and what not to change about it) Not including any documentation If writing an API for another developer to use, proper documentation lets them know everything they can and cannot do with the API Not using accepted naming standards If other developers are looking at work someone had done, using naming standards can help them understand whether something is a class, function, or variable Lack of modularisation We use modules (functions and methods) to help keep logical segments of code in short, easy to read, easy to test chunks – this makes creating and testing programs easier, as we only need to understand individual modules (not trying to comprehend a whole program at once) No encryption for sensitive data (like passwords) Any program that stores sensitive data locally, and unencrypted, is a big security vulnerability. Keeping data encrypted means that, even if someone gets hold of that data, they won’t immediately be able to understand the data itself Communication and the Internet: Protection Techniques

7 Security Measures So how we can prevent bad coding practices (and general vulnerabilities) from creeping into programs? We have quite a few options available to us, including the following These also include general security measures for computer/network vulnerabilities as well Code reviews Modular testing Audit trails Using secure operating systems Communication and the Internet: Protection Techniques

8 Security Measures: Code Reviews
A code review is when one (or more) developers look through all the recent changes to a program Usually carried out by more senior developers than the ones who developed the changes They scour through all the changes, and look for any potential bad programming practices Can be a costly procedure (as it can take a lot of time to look through everything) Can be automated (called an automated review) by specialist programs Finds most common problems (and highlights them), but can’t find them all Also fairly expensive, but removes any time costs Communication and the Internet: Protection Techniques

9 Security Measures: Modular Testing
As well as reviewing code regularly, we can test code too Can be carried out after any module has been created Known as modular testing As modules (procedures/functions) are the ‘building blocks’ of a program A problem in a module can affect the whole program We can test any individual module after it has been created to look for potential vulnerabilities Such as leaving memory addresses open for being read Communication and the Internet: Protection Techniques

10 Security Measures: Audit Trails
We can also set up a program in such a way that it logs any processes that it carries out Such as what input was given to it at a certain point Can include timestamps and address information in this log as well Which will include specific IP addresses of devices making requests to the program Including the time those requests were made This is known as an audit trail Communication and the Internet: Protection Techniques

11 Security Measures: Audit Trails
Audit trails aren’t specific to individual programs We can implement them for entire devices as well In this case, the audit trail will contain information about Requests sent to the device (including their protocol and address information) Any changes made on the device (such as adding/removing users) If a cyberattack on a device is successful, audit trail help technicians work out What was attacked What data was retrieved Where the attack came from Communication and the Internet: Protection Techniques

12 Security Measures: Secure Operating Systems
The amount of security we can rely on (when making/using programs) can also depend on the operating system used Some operating systems are designed with different purposes in mind Some are made specifically for network/program security These will be made much harder to ‘attack’ due to the extra security features they may employ When implementing a device (with the intent of public network connectivity), choice of operating system is crucial Communication and the Internet: Protection Techniques

13 Effective Network Security
The final area of protection revolves around the network itself Including the usage of it Keeping a network secure relies on effective management Which includes training all users on the network/user policies Includes keeping software up-to-date (as vulnerabilities are often ‘patched out’ Managers can also setup monitoring software (on the computers and on the firewall) To keep an eye on any incoming/outgoing requests Also to alert managers when something shady happens Communication and the Internet: Protection Techniques

14


Download ppt "Topic 5: Communication and the Internet"

Similar presentations


Ads by Google