Transcript cisco.camre.ac.uk

UNIT 15 WEEK 4 CLASS 2
LESSON OVERVIEW
Pete Lawrence
BTEC National Diploma Organisational System Security
Overview


Recap
Keeping systems and data secure
 Physical Security
 Biometrics
 Software and network security
 Focus on Call back, Handshaking, Diskless networks, Backups & Audit
logs.
 Focus on Firewall configuration and management, virus management
and control, Virtual Private Networks (VPNs), intrusion detection
systems and traffic control technology, passwords, Levels of access to
data and software updating.
Software and network security
To combat intrusion and subversion of a networked
computer system and commonplace accidental
damage to data and resources, all ICT systems
need to employ an extensive range of security and
data management techniques and technologies.
Examples of counter measures
Encryption techniques
Encryption is a method of converting normal
information such as text, images and media into a
format which is unintelligible unless you are in
possession of the key that is the basis of the
conversion.
Examples include
Ciphers
RSA
Encryption
• Simple cipher like the Caesar cipher.
• DES (Data Encryption Standard) use a 56 bit key
which means there are 2⁵⁶
(72,057,594,037,927,936) combinations.
• Rivest, Shamir & Adleman devised the principle
for public/private key encryption using prime
numbers.
• The two keys are mathematically related and
the private key which is a 1024 bit key is a
prime number which means you can not work it
out from the public key and is the only way to
decrypt the data.
• The security certificate issued by a website is a
common example
Examples include
WEP
• WEP (Wireless equivalence protocol) used in wireless
systems allow all members of a wireless system to
share a common private key which is used to encrypt
all data transmitted the WEP key needs to be typed
into the wireless settings on the mobile device.
• Two standards 64-bit and 128-bit keys.
• WEP keys are binary but can be entered in
hexadecimal, as this has a direct mathematical
relationship and is more a understandable format
Encryption
Home
Simple ciphers (Caesar cipher)
http://secretcodebreaker.com/ciphrdk.html
Ciphers that use a key DES (Data Encryption Standard)
http://en.wikipedia.org/wiki/Data_Encryption_Standard#History_of_DES
RSA encryption (public and private key using prime numbers)
http://video.google.co.uk/videoplay
MD5 Hash
http://video.google.co.uk/videosearch?q=md5+hash
WEP (Wireless equivalence protocol)
http://news.bbc.co.uk/2/low/technology/6595703.stm
Call back

Home
Dial-up systems using modems are used to establish a call back connection.
The network administrators can dial into a network device like a server and
it will call them back, on a pre-configured number which must be a trusted,
registered line.
Q.
What are the main problem with using this technology.
A.
Slow connection transfers and uses dated technology.
Q.
So why use it
A.
1
While dial-up may seem out of date, many remote areas and
developing regions still use this technology
2
Modems are reliable and are still used as a backup connection to
gain direct access to a network router in case of a major failure to
the main incoming line (which could be caused by a hacker).
Handshaking

Home
Handshaking techniques like CHAPS (Challenge
Handshake Authentication Protocol) are used to
establish a trusted connection with between hosts on
a public communication s line, such as a WAN
(Wide Area Network) which is considered not to be
a trusted media type.
Diskless Networks



One of the greatest risks of data being stolen is
caused by the ability to easily transfer data from a
computer to a mobile storage device.
In diskless networks workstations tend not to have:
Optical drives (CD /DVD)
USB Ports (Windows can be configured to not
recognised new USB devices)
BIOS lockdown
Diskless Networks cont.. Home

Some systems also prevent local hard drive access,
either by applying local restrictions which prevent
the user from viewing, adding and removing files or
removing local hard drives completely using
terminal services which boot the computer from a
remote location, the operation system is loaded into
memory. Examples include: remote desktop (XP
and Vista); VNC (Virtual Network Computing); Linux
X-Windows also offers similar facilities.
Backup, Restore and Redundancy


The use of backups and restoration of data are
critical in ensuring that data is safe and secure.
Having centrally managed backup system, where
all the data is safely copied in case of system
failure, with everyone following the same standards,
is essential.
Backing up data is a critical role of a network
administrator. The frequency of a backup will
depend on the size, type and nature of an
organisation. Daily backup and normal.
Backup, Restore and Redundancy
cont… Home


Different types of backup include Incremental and
differential
Considerations include; the quantity of data, the
appropriate media, frequency including times and
the storage location
Redundancy is managed by servers running RAID
(Redundant array of independent disks) which is a
live backup mechanism with multiple hard disks
maintaining multiple images of the data
Audit Logs Home



Keep a record of network and database activity
They record who has done what, where and when
Reference to the service accessed and the identity
of the user.
Syslog is one of the most common systems in use to
maintain simple, auditable records of system
activity across a network. The syslog server stores
all access records for the network administrator to
review.
Firewalls


Simple home use firewall are automatic and
seldom require user intervention. Commercial
firewall configuration is essential to ensure efficient
and effective movement of data.
Firewalls block unwanted traffic, configure with
care. In systems where data has enter into the
network (such as a Email or Web server), two or
more firewalls maybe installed to offer zones of
security, allowing different security levels
depending on the direction of the traffic.
Firewalls cont…


Home
Many firewall work in conjunction with NAT
(Network Address Translation) Systems, with the
internal devices all hidden behind one (or a small
group of) external IP address /addresses
There are 65536 UDP ports and 65536 TCP ports,
as well as ICMP, IP and other protocols
Virus Management



Virus checking software come in many shapes and
sizes, from those which only cover viruses, trojans
and worms to comprehensive integrated security
suites that interact with a firewall and the operation
system.
Anti-virus checking system are only as good as the
databases (dictionaries/dat files) ensure these are
kept up to data
AV software runs in the background check for the
icon in the system tray
Virus Management cont…



scan each file as it is opened for any ‘fingerprints’
which match the virus definitions
Identifies any ‘suspicious’ activity from a running
program
Corporate anti-virus system must be deployed
centrally as well as local computers. Many
companies will:
have a sever which downloads the latest definitions
and distribute them to workstation
Virus Management cont..Home



Monitor all incoming and outgoing traffic (including
attachments) for potential threats, this may be via a
router, proxy, server or firewall
Use anti-virus software in partnership with
administration policies to prevent systems running
unacceptable software (hacking programs and
games) by finding the MD5 hash for each
application.
AV is used in conjunction with anti-spyware tools like
windows defender
VPN’s Home



The use of VPNs allows organisations to
communicate from site to site across a public system
(like the internet) via a tunnel which is a agreed
route for all encrypted traffic.
Therefore VPNs create a trusted connection on a
system which is not trusted.
There are many protocols and methods used in the
management of VPNs; the primary purpose of these
is to prevent snooping and fraudulent
authentication.
Intrusion Detection Systems



These go beyond the role of a firewall and will
monitor traffic for undesirable manipulations from
hackers and the tools they may use.
Passive systems record hacking attempts for the
networks administrator to action.
Reactive systems (intrusion prevention systems)
reconfigure the firewall to block the intrusion
Intrusion Detection Systems
cont…Home

Traffic control is managed using a access-control list
(ACL) and routing protocols.
Access
list 101
Permit
TCP
192.16.0.0 0.0.0.255 172.16.10.16
0.0.0.15
This is a
rule that
has a
unique
number
Can be
permit
or deny
This
could
be
TCP,
UDP
or IP
Source
network
device or
range of
devices
Destination Is
wildcard
equal
mask *
to TCP
port
80
This is the
source
wildcard
mask *
Destination
network
device or
range of
devices
Eq 80
Rules are in lists and executed in order when the conditions match
If you have a ‘deny FTP’ before an ‘permit FTP, then traffic will never be allowed
ACL have a default deny all at the end. If you only write permits all other traffic is denied
Passwords




Password management is essential.
Tried and tested
Most commonly used in all areas of organisational
system security.
Organisational policies include;
 Not
writing down passwords
 Change passwords periodically (7-90 days)
 Use strong passwords with eight or more characters
 Use a nonsense password to avoid social engineering.
Passwords cont…Home


How to think of a nonsense password. Try mixing
nouns (names) and adjectives (something that
modifies a noun). For example
Adjective
Noun
Red
Chicken
Atomic
Snail
Hyper
Cucumber
Micro
Titan
Many systems will log failed attempts when users forget their password,
with their username being locked out after three failed attempts.