1. Protection Mechanisms in Security Management
- Bryan M Keller
COSC 481

2. Introduction
Technical controls alone cannot ensure a secure IT environment
Technical security mechanisms:
Access controls
Firewalls
Dial-up protection
Intrusion detection systems
Scanning and analysis tools
Encryption systems

3. Sphere of Security

4. Access Control Devices
Confirming identity of entity accessing a logical or physical area (authentication)
Determining which actions that entity can perform in that physical or logical area (authorization)

5. Authentication
Definition: Proof that a user is indeed the person of entity requesting authorized access to a system or facility
Authentication Mechanisms:
Something you know
Password
Something you have
Card, Key, or Token
Something you are
Biometrics
Something you produce
Signature Recognition or Voice Recognition

6. Authorization
Definition: Permission by the proper authority to access, update, or delete the contents of an information asset.

7. Firewalls
Definition: Any device that prevents a specific type of information from moving between two networks
1st generation: Packet filtering.
Filter packets based on header information
2nd generation: Application-level
Secondary filtering system (proxy server)
3rd generation: Stateful inspection
Uses a state table to track every network connection
4th generation: Dynamic packet filtering firewall
Understands protocol functions. Allows packets based on specific information

8. Firewall Best Practices
Allow all internal traffic out.
Do not allow direct access to firewall from public network
Allow all SMTP data to pass through
Deny all ICMP data
Block telnet access to internal servers from public network

9. Dial-Up Protection
Dial-up connections are less sophisticated than other types of Internet connections
Username/Password only means of authentication

10. RADIUS and TACACS
Systems that authenticate credentials of users trying to access a network via a dial-up connection
Remote Authentication Dial-In User Service (RADIUS)
Terminal Access Controller Access Control System (TACACS)

11. Intrusion Detection Systems
Definition: Devices that inspect data communication flows to identify patterns that may indicate that hacking is underway
Configured to notify administrators
Require complex configurations
Network based or Host based
Signature based or Statistical anomaly based

12. Signature Based/Statistical Anomaly Based IDS
Examines data traffic for something that matches signatures which comprise preconfigured, predetermined attack patterns
Statistical Anomaly Based
Periodically samples network activity, based on statistical methods and compares these samples to a baseline

13. Scanning and Analysis Tools
Scanning and analysis tools can find vulnerabilities in systems, holes in security components, and other unsecured aspects of the network
Port Scanners
Identify active computers on a network and active ports and services on those computers
Vulnerability Scanners
Scan networks for detailed information such as usernames, open network shares, and other configuration problems
Packet Sniffers
Network tool that collects and analyzes packets on a network
Content Filters
Allow administrators to restrict content that comes into a network

14. Encryption Systems Encryption Types of Encryption:
Process of converting original message into a form that cannot be understood by unauthorized individuals
Types of Encryption:
Symmetric Encryption
Asymmetric Encryption

15. Symmetric Encryption
A single secret key is used to encrypt and decrypt the message

16. Asymmetric Encryption
Uses two different keys. Either key can be used to encrypt or decrypt message. If Key A is used to encrypt message, then only Key B can decrypt it

17. Summary Introduction Access controls Firewalls Dial-up protection
Intrusion detection systems
Scanning and analysis tools
Encryption systems

18. References
Whitman, M, & Mattord, H (2004). Management of Information Security. Canada: Thomson Learning, Inc.