Protection Mechanisms

Protection Mechanisms
CC3020N Fundamentals of Security Management Lecture 6 Protection Mechanisms

Learning Objectives Understand access control approaches, including authentication, authorization, and biometric access controls. Define and identify the various types of firewalls and the common approaches to firewall implementation. Identify and describe the types of intrusion detection systems and the two strategies on which they are based. Discuss the current issues in dial-up access and protection. Learning Objectives Upon completion of this material you should be able to: Define information security policy and understand its central role in a successful information security program Know the three major types of information security policy often used and what goes into each type. Develop, implement, and maintain various types various types of information security policies Slide 2 2

Introduction Focus: Protection Mechanisms
Technical controls can be an important part of an information security program. However, they must also be combined with sound policy and education, training, and awareness efforts. Some of the most powerful and widely used technical security mechanisms include: Access controls Firewalls Intrusion detection systems Dial-up protection Scanning and analysis tools* Encryption systems* Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 3 3

Sphere of Security Slide 4 Introduction
This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 4 4

Access Control Devices
Access control encompasses two processes: Authentication: Confirming the identity of the entity accessing a logical or physical area Authorization: Determining which actions that entity can perform in that physical or logical area A successful access control approach, whether intended to control physical access or logical access, always consists of both authentication and authorization. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 5 5

Authentication Mechanisms
Types of authentication mechanism Something you know Something you have Something you are Something you produce A strong authentication uses at least two different authentication mechanism types. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 6 6

Something You Know This type verifies the user’s identity by means of a password, passphrase, or other unique code A password is a private word or combination of characters that only the user should know. A passphrase is a plain-language phrase, typically longer than a password, from which a virtual password is derived. A good rule of thumb is to require that passwords be at least eight characters long and contain at least one number and one special character. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 7 7

Something You Have This type makes use of something (a card, key, or token) that the user or the system possesses One example is a dumb card (such as an ATM card) with magnetic stripes. Another example is the smart card containing a processor. Another device often used is the cryptographic token, a processor in a card that has a display. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 8 8

Something You Are This type takes advantage of something inherent in the user that is evaluated using biometrics. Most of the technologies that scan human characteristics convert these images to obtain some form of minutiae—unique points of reference that are digitized and stored in an encrypted format. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 9 9

Something You Produce This type of authentication makes use of something the user performs or produces. It includes technology related to signature recognition and voice recognition. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 10 10

Recognition Characteristics
Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 11 11

Evaluating Biometrics
Biometric technologies are generally evaluated according to three basic criteria: The false reject rate (FRR): the percentage of authorized users who are denied access (Type I Error) – not a threat to security The false accept rate (FAR): the percentage of unauthorized users who are allowed access (Type II Error) – serious breach of security The crossover error rate (CER): the point at which the number of false rejections equals the false acceptances – optimal outcome Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 12 12

Orders of Effectiveness and Acceptance

Managing Access Controls
To properly manage access controls, an organization must have in place a formal access control policy, which determines how access rights are granted to entities and groups. This policy must include provisions for periodically reviewing all access rights, granting access rights to new employees, changing access rights when job roles change, and revoking access rights as appropriate. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 14 14

Authorization In general, authorization can be handled by:
Authorization for each authenticated user Authorization for members of a group Authorization across multiple systems (‘single sign-on’) Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 15 15

Firewalls In information security, a firewall is any device that prevents a specific type of information from moving between two networks, often the outside, known as the untrusted network (e.g., the Internet), and the inside, known as the trusted network. The firewall may be a separate computer system, a service running on an existing router or server, or a separate network containing a number of supporting devices. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 16 16

Firewall Architectures
Four architectural implementations of firewalls are especially common: Packet filtering routers Screened-host firewalls Dual-homed host firewalls Screened-subnet firewalls Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 17 17

Packet Filtering Firewall

Packet Filtering Routers
Most organizations with an Internet connection use some form of router between their internal networks and the external service provider. Many of these routers can be configured to block packets that the organization does not allow into the network. Such an architecture lacks auditing and strong authentication, and the complexity of the access control lists used to filter the packets can grow to a point that degrades network performance . Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 19 19

Screened-Host Firewall

Screened-Host Firewall Systems
Screened-host firewall systems combine the packet filtering router with a separate, dedicated firewall such as an application proxy server. The router is used to screen packets to minimize the network traffic and load on the internal proxy. The application proxy examines an application layer protocol, such as HTTP, and performs the proxy services. This separate and single host, which is often referred to as a bastion host, represents a rich target for external attacks, and should be very thoroughly secured. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 21 21

Dual-Homed Host Firewall

Dual-Homed Host Firewalls
In this configuration, the bastion host contains two network interfaces: one that is connected to the external network, and one that is connected to the internal network, requiring all traffic to travel through the firewall to move between the internal and external networks Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 23 23

Screened Subnet (DMZ) Slide 24 Introduction

Screened-Subnet Firewalls
The screened-subnet firewall consists of one or more internal bastion hosts located behind a packet filtering router, with each host protecting the trusted network. This raises the level of difficulty to penetrate defense. One of the general models (in Figure 9-8) shows connections are routed as follows: Connections from the outside or untrusted network are routed through an external filtering router Connections from the outside or untrusted network are routed into—and then out of—a routing firewall to the separate network segment known as the DMZ Connections into the trusted internal network are allowed only from the DMZ bastion host servers Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 25 25

Firewall Best Practices
Some of the Best Practices for Firewall Use: All traffic from the trusted network is allowed out. The firewall device is never accessible directly from the public network. Simple Mail Transport Protocol (SMTP) data is allowed to pass through the firewall, but should be routed to a SMTP gateway. All Internet Control Message Protocol (ICMP) data should be denied. Telnet (terminal emulation) access to all internal servers from the public networks should be blocked. When Web services are offered outside the firewall, HTTP traffic should be handled by some form of proxy access or DMZ architecture. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 26 26

Intrusion Detection Systems (IDSs)
Information security intrusion detection systems (IDSs) work like burglar alarms. With almost all IDSs, administrators can choose the alarm level. Many IDSs can be configured to notify administrators via and numerical or text paging. Like firewall systems, IDSs require complex configurations to provide the level of detection and response desired. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 27 27

Intrusion Detection Systems (Cont.)
Two system types: network based to protect network information assets host based to protect server or host information assets Two detection methods used: signature based statistical anomaly based Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 28 28

Intrusion Detection Systems (Cont.)

Host-Based IDS A host-based IDS works by configuring and classifying various categories of systems and data files. Such systems: monitor the access or altering of files on multiple systems often provide only a few general levels of alert notification unless the IDS is very precisely configured, mild actions can generate a large volume of false alarms easier to set up and administer than the network-based IDS due to the more specific rules and restrictions that can be set. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 30 30

Network-Based IDS Network-based IDSs monitor network traffic and, when a predefined condition occurs, notify the appropriate administrator. Such systems: look for patterns of network traffic must match known and unknown attack strategies against their knowledge base to determine whether an attack has occurred yield many more false-positive readings than host-based IDSs do, because they are attempting to read the network activity pattern to determine what is normal and what is not Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 31 31

Signature-Based IDS A signature-based IDS or knowledge-based IDS examines data traffic for something that matches the signatures, which comprise preconfigured, predetermined attack patterns The problem with this approach is that the signatures must be continually updated, as new attack strategies emerge A weakness of this method is the time frame over which attacks occur If attackers are slow and methodical, they may slip undetected through the IDS, as their actions may not match a signature that includes factors based on duration of the events Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 32 32

Statistical Anomaly-Based IDS
The statistical anomaly-based IDS (stat IDS) or behavior-based IDS first collects data from normal traffic and establishes a baseline. It then periodically samples network activity, based on statistical methods, and compares the samples to the baseline. When the activity falls outside the baseline parameters (known as the clipping level), the IDS notifies the administrator. The advantage of this approach is that the system is able to detect new types of attacks, because it looks for abnormal activity of any type. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 33 33

Managing Intrusion Detection Systems
IDSs must be configured using technical knowledge and adequate business and security knowledge to differentiate between routine circumstances and low, moderate, or severe threats. There must be response to an alert. A properly configured IDS can translate a security alert into different types of notification. A poorly configured IDS may yield only noise. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 34 34

Dial-Up Protection An attacker on an organization’s dial-up lines can use a device called a war-dialer to locate the connection points. Network connectivity using dial-up connections is usually much simpler and less sophisticated than Internet connections. For the most part, simple user name and password schemes are the only means of authentication. Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 35 35

RADIUS and TACACS RADIUS and TACACS are systems that authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection. Typical dial-up systems place the authentication of users on the system connected to the modems. A Remote Authentication Dial-In User Service (RADIUS) system centralizes the management of user authentication by placing the responsibility for authenticating each user in the central RADIUS server Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 36 36

RADIUS and TACACS When a Remote Access Server (RAS) receives a request for a network connection from a dial-up client, it passes the request along with the user’s credentials to the RADIUS server; RADIUS then validates the credentials The Terminal Access Controller Access Control System (TACACS) works similarly and is based on a client/server configuration Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 37 37

RADIUS Configuration Slide 38 Introduction

Managing Dial-Up Connections
Organizations that continue to offer dial-up remote access must deal with a number of thorny issues: Determine how many dial-up connections the organization has Control access to authorized modem numbers Use call-back whenever possible Use token-based authentication if at all possible Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 39 39

Summary Introduction Access Controls Firewalls
Intrusion Detection Systems Dial-Up Protection Introduction This chapter focuses on information security policy: what it is, how to write it, how to implement it, and how to maintain it. Policy is the essential foundation of an effective information security program. “The success of an information resources protection program depends on the policy generated, and on the attitude of management toward securing information on automated systems. You, the policy maker, set the tone and the emphasis on how important a role information security will have within your agency. Your primary responsibility is to set the information resource security policy for the organization with the objectives of reduced risk, compliance with laws and regulations and assurance of operational continuity, information integrity, and confidentiality.” Slide 40 40

Protection Mechanisms

Similar presentations

Presentation on theme: "Protection Mechanisms"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Protection Mechanisms

Similar presentations

Presentation on theme: "Protection Mechanisms"— Presentation transcript:

Similar presentations

About project

Feedback