Presentation is loading. Please wait.

Presentation is loading. Please wait.

McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. Information Assurance for the Enterprise: A Roadmap to Information.

Published byJuliet West Modified over 8 years ago

Similar presentations

Presentation on theme: "McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. Information Assurance for the Enterprise: A Roadmap to Information."— Presentation transcript:

1 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. Information Assurance for the Enterprise: A Roadmap to Information Security, by Schou and Shoemaker Chapter 12 Network Security Basics: Malware and Attacks

2 12-2 Objectives Work with connection control and transmission control concepts Develop the planning and control techniques associated with network security Work with various types of threats to networks

3 12-3 Network Security Guards against threats to electronic communication Network security has a dual mission It must ensure the accuracy of the data transmitted It must also protect confidential information processed, stored on and accessible from networks, while ensuring network availability to authorized users Role is to ensure that the network components Operate correctly Satisfy design requirements Transmit information while retaining fundamental integrity

4 12-4 Engineering the Network: Ensuring a Proper Design Physical infrastructure – designed to ensure all required security functions are present Firewalls, intrusion detection systems (IDSs), and strong authentication Unique physical components of networks are switches, hubs, routers, and cables

5 12-5 Engineering the Network: Ensuring a Proper Design Relation of physical and software components

6 12-6 Connection Control Establishes and regulates the relationship between a computer and a network Ensures reliable transfer of messages and performs some transmission error correction Configuration process – responsibility of the network administrator Establishes the authentication rules Rules consider whom the network will trust Specifications of rules for the authentication of a trusted source balance the need for confidentiality and integrity with availability

7 12-7 Enforcing Connection Control: The Firewall Firewalls enforce access rights and protect the network from external systems Regulate access between trusted networks and untrusted ones Organizations may array multiple firewalls in a defense-in-depth configuration Firewalls are high-level software utilities that sit on the router end of the physical network Network security policies embedded in the firewall software dictate access

8 12-8 Enforcing Connection Control: The Firewall Types of firewalls Personal firewall – regulates connections between a single computer and external sources Stateless firewalls – accept or discard incoming packets Based on whether the IP address seems to correspond with services known to the network Stateful firewall – tracks of the status of network traffic traveling across it in a “state table”

9 12-9 Transmission Control Regulates the actual transmission process Ensures that the communication between two devices is flowing properly Supports the integrity and availability of network data Facilitated through firmware drivers in communications devices and software in the operating system Transmission rules have to be agreeable and include: Mode in which the data will be transmitted Format of the data Rate of transmission Type of error checking Data compression method Sending device confirmation of process completion Mode of indicating receipt by the receiving device

10 12-10 Transmission Control Transmission protocols are built into the communications devices Common modern transmission control is based on the OSI reference model It defines seven layers for communication among computer systems It was defined by the International Organization for Standardization as ISO standard 7498-1 TCP/IP protocol used by the Internet is frequently shown with five layers Application layer, transport layer, network layer, datalink layer, and physical layer

11 12-11 Defending Networks from Attacks Unique security problem with networks is their level of interconnectedness Networks have to be secured by specialized and very robust technologies and practices Two broad categories of networks threats: Malicious code Direct attacks

12 12-12 Threats to Information Malicious code - three categories transmitted through networks: Viruses Logic bombs Trojan horses

13 12-13 Threats to Information Common types of malicious code

14 12-14 Viruses Appropriate countermeasure to a common virus: Virus checker that detects and removes viruses Most virus checkers follow the below process: Examines files in memory or storage for recognizable code fragments or key words Compares scan results patterns with signatures of known viruses Takes action when an identifiable pattern is detected Sometimes performs an automatic repair

15 12-15 Viruses Impact of viruses Virus is destructive if it damages a system function It can affect the operating system in undesirable ways such as: Corrupting or deleting files Reformatting the hard drive Executing denial-of-service attacks Often, the system becomes unusable, files are lost, and cannot be repaired automatically

16 12-16 Viruses Categories of viruses File-infecting viruses – affect executable programs, replicate and spread by infecting other host programs Boot-sector viruses – infect the boot sector or partition table of a system Multipartite viruses – infect both the boot sector and the executable programs and files simultaneously Macro viruses – infect systems through an application Polymorphic and stealth viruses – defeat most signature- based counter-measures Worm – self-contained program capable of spreading copies of itself or its segments to other computer systems via network connections or e-mail attachments

17 12-17 Logic Bombs Dormant blocks of undocumented code activated when some prescribed set of criteria is met such as time, date, or status of the system It can be set prior to the termination and activated afterward for revenge High destructive potential Should be aggressively hunted down and eliminated Requires extensive, expensive, code reviews by high-level professionals Resurfacing as an important part of cyber- terrorism

18 12-18 Trojan Horses Not viruses because they do not replicate; they may transmit viruses or spyware May assist in propagating denial-of-service (DoS) attacks Can deliver unwelcome payloads – common payloads include: Spyware – propagates from websites Spamware, password capture, keyloggers, and cookie trackers Adware – not directly malicious Does use up valuable time and system resources

19 12-19 Malicious Attacks Best way to counteract a network attack is to anticipate it and have measures in place to either stop it or mitigate the harm Network attacks fall into seven general categories: Password attacks Insider attacks Sniffing IP spoofing Denial of service Man-in-the-middle attacks Application layer attacks

20 12-20 Malicious Attacks Password attacks Password guessing Dictionary attack – tries common words from the dictionary with common password names Other, more resource-intensive approaches include: Key search Exhaustive search Brute force attack Social engineering – based on persuasion, disclosed by the user Password sniffing – software based network management tools Countermeasure for sniffers: encryption

21 12-21 Malicious Attacks Insider attacks Misuse incidents originating from intentional or inadvertent actions of employees First line of defense is good management supported by monitoring Supervisors are key security control points for employee monitoring Automated software agents called policy managers or policy enforcement systems also help

22 12-22 Role and Use of Policy Managers Automated policy managers are effective tools Defend against unauthorized access to confidential data and proprietary information Provide the ability to filter network transactions through custom policies Control the distribution of unsuitable or offensive content and inappropriate activities Regulate the enterprise’s e-mail traffic by defining and enforcing rules governing: Spam Filter content Implementation of encryption and digital signature policies

23 12-23 Use of Sniffers Sniffers are common utilities, employed to read any information in packets transmitted over a network Can be used to map the entire network topology Captures information necessary to determine: Number of computers on the network What they access Which clients run what services Defense against sniffing is: Encryption Strong physical security Internet-facing sniffers are a good countermeasure for network intrusion

24 12-24 IP Spoofing IP spoofing is an address attack in which the malicious agent electronically impersonates another network party through its IP address Prevention of IP spoofing can be done using Programmed routers and firewall mechanisms Encrypted systems such as SSH (secure shell) for authentication services

25 12-25 Denial of Service (DoS) DoS attacks affect the availability transmission media Degrades the availability of information Designed to cost the target time and money Can be launched in numerous ways – most common form: DoS flood – overload the system’s servers, routers, or DNS to the extent that service to authorized users is delayed or prevented Disables a particular network service

26 12-26 Man-in-the-Middle Attacks Ability to read and modify all messages passed between two parties without their knowledge Possible outcomes of such attacks include: Theft of information and hijacking of an ongoing session Traffic analysis to derive information about a network and its users Denial of service and corruption of transmitted data Introduction of new information into network sessions

27 12-27 Application Layer Attacks They take advantage of weaknesses in popular applications and application services Common attacks include: Buffer overflows – which exploit poorly written code that improperly validates input to an application Cross-site scripting flaw – which allows web applications to drop attack scripts on a user’s browser Invalidated parameters – web requests that are not validated before being used by the application Command injection attacks – web applications are allowed to pass parameters containing malicious commands to be executed on an external system Favored approach against Internet-based attacks: Defense-in-depth strategy

28 12-28 Cyber-Terrorism Goal: to harm or control key computer systems or computer controls to achieve some indirect aim, such as to destroy a power grid or to take over a critical process The FISMA security requirements are built around three major national objectives: Prepare and prevent Detect and respond Build strong foundations

29 12-29 Managing and Defending a Network Network security management involves all actions to ensure authorization and use Development and documentation of the method to authorize access to network files and network directories Specification of approach used to ensure reliability of data resources accessed or used over the network Implementation of safeguards for protecting users from network-based security threats

30 12-30 Network Security Management and Planning Based on a plan defining the approach to assuring the physical components of the network Must detail steps taken to ensure that information stored, processed, and transmitted is secure Must specify all technology and practices to be implemented and maintained for security High-level steps required to implement an effective network management process are: Create usage policy statements Conduct risk analysis Formulate a security team

31 12-31 Network Security Management and Planning Create usage policy statements Statement of a general policy about system use Outline the thinking that defines the organization’s network management philosophy Documentation of usage statements to avoid the risks of misunderstandings and conflicting approaches Tailor the rules for each component by indicating security violations and actions to be taken if detected Define the acceptable use policies (AUP) including rules for account administration, policy enforcement, and privilege review Aggressive training and awareness program to ensure that the members understand and will follow each rule

32 12-32 Network Security Management and Planning Conduct risk analysis Risk assessment factors: Low Risk Medium Risk High Risk Potential types of users are: Administrators responsible for managing network resources Privileged internal users needing an elevated level of access Internal users with general access Trusted external users needing access some resources Other untrusted external users or customers

33 12-33 Network Security Management and Planning A network security or NETSEC management team: Implements and maintains the network configuration Responsible for evolving the network as conditions change Establishes and maintains the network security configuration from these requirements

34 12-34 Network Defense in Depth: Maintaining a Capable Architecture Defense in depth Protection is established by controlling access through a number of boundaries

35 12-35 Network Defense in Depth: Maintaining a Capable Architecture Defining trust Trusted networks – within the defined security perimeter Untrusted networks – outside the security perimeter and not controlled Unknown networks - neither trusted nor untrusted Establishing boundaries Defines the area to be protected Dictates the level of organizational resources required to perform the security function

36 12-36 Network Defense in Depth: Maintaining a Capable Architecture Formulating assumption – security system designs are Based on assumptions Anticipate who might want to breach the current security measures and why Deploy an effective response Design and deployment of a network security scheme has to be done while justifying the likely costs and benefits

Download ppt "McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved. Information Assurance for the Enterprise: A Roadmap to Information."

Similar presentations

Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Similar presentations

Ads by Google