Overview Identifying threats to the network security. Planning a secure network.
Identifying Threats to the Network Security Internal threats. External threats. Viruses, worms, and other malicious code.
Internal Threats The primary components of any security strategy designed to combat internal threats are: Account security. File and directory permissions. Practices and user education.
Internal Threats Account security: Identification and authentication (I&A) is a security mechanism that allows a computer to uniquely identify the user attempting to log on or perform an action in the system. I&A is done by assigning user IDs and names to each user on the system. Each user is assigned a password or a personal identification number (PIN) to prove their identities.
Internal Threats Account security (continued): A credit card or a driver's license can be used to identify a user in the system. Smart cards are used as an identification medium for sensitive computer systems and networks. Biometrics uses unique human characteristics such as fingerprints, hand geometry, retina scans, facial geometry, and voiceprints for authentication.
Internal Threats Account security (continued): Passwords are the most common type of authentication mechanism used. Passwords should be at least eight characters in length and contain a mixture of uppercase and lowercase letters, numbers, and special characters.
Internal Threats Account security (continued): Passwords should not be written down or shared with coworkers. They should be hard to guess but easy to remember. Setting the password lockouts on Windows 2000 is a good practice to prevent password-guessing attacks.
Internal Threats Reset account lockout counter after settings
Internal Threats Account security (continued): Passwords are stored in an encrypted format on computer systems. Hackers can discover passwords through possible combinations of letters, numbers, and special characters, known as brute force attack.
Account security (continued): Hackers can also obtain the encrypted password from the network as they are communicated between systems. Obtaining encrypted passwords from a network is called sniffing the wire. Internal Threats
File and directory permissions: File and directory permissions allow the computer to identify users who have access to a particular file or directory in the system. Access control is a mechanism that is used to restrict what authorized users can do on a computer system.
File and directory permissions (continued): In a Windows system, an individual user or a group in a domain can be assigned multiple permissions on each directory or folder. On Linux systems, read, write, and execute permissions can be set for the owner, group, or other users of a file. Internal Threats
Practices and user education: Technical security controls help an organization manage the security of its networks. An organization’s security policies define the expected level of security that is to be configured.
Practices and user education (continued): It is a good practice to maintain an audit log that records certain security-related events for each server on a computer system. The audit log can be very useful in reconstructing events after a problem or concern has been identified. Internal Threats
External Threats A front door attack is the most common type of external attack. It allows a hacker to identify vulnerabilities on any of an organization’s systems that are on the Internet.
A port is a query used to identify systems that are running services vulnerable to attacks. A rootkit is a set of programs that helps a hacker in returning to the system and hide its presence. External Threats
Network protection: The router and firewall both help protect the Web server and the internal network. A router is a network device that blocks unwanted traffic by configuring access control lists.
Network protection (continued): A firewall drops all traffic by default and is configured to pass traffic that is necessary. Updating vulnerable software to eliminate programming errors helps restrict hackers. External Threats
Back door hacking involves physically breaking into a facility, using a remote access connection, using a wireless network access point, or tricking an employee into giving out information. Remote Access Security allows a remote employee to access internal resources.
External Threats Wireless technology allows a user to access an organization’s network from outside the building. Wireless networks should be segregated from the main internal network by a firewall and require a strong authentication. Social engineering can be used to gain unauthorized access to computer systems through non-technical means.
External Threats A denial of service attack (DOS attack) is a type of data flood that uses up all the available bandwidth on a network and prevents legitimate traffic from reaching the computers. A distributed DOS (DDOS) attack increases the amount of traffic in the network and crashes larger connections or multiple systems.
Viruses, Worms, and Other Malicious Code A virus is a program that attaches itself to another program and executes itself when the infected file is run. Worms are programs that execute their own code to propagate. A Trojan horse is a program, which is accompanied by some type of social engineering that attempts to make the recipient execute the program.
Viruses, Worms, and Other Malicious Code Preventing infections: Antivirus software should be configured to examine the entire file system for malicious code on a daily basis. Antivirus software should be installed on desktop computers, servers, and e-mail systems to identify malicious code.
Planning a Secure Network System requirements must be identified in the areas of confidentiality, integrity, availability, and accountability. Disasters are events that cause massive damage to an organization’s infrastructure. A complete disaster recovery plan (DRP) should take into account the computer equipment and communication needs of the organization.
Planning a Secure Network DRP helps identify and correct a problem before a real disaster occurs. File backups are an important part of managing the security of a network. Each server should be configured with backup drives in a redundant array of independent disks (RAID) configuration. Tapes and disks can also be used for creating backups.
Summary A combination of uppercase and lowercase characters, numbers, and special characters are used to create strong passwords. Access control mechanisms can be used to limit access to sensitive files. Patching vulnerabilities is an important part of overall security.
Summary Remote access via dial-up phone lines or VPN, and wireless networks can be used by hackers to attack a network. Disaster planning is important for the availability of the network and systems. Antivirus signatures must be updated on a regular basis to make the antivirus software effective.