Transcript Chapter 3

Chapter 8
Technology and Auditing Systems:
Hardware and Software Defenses
Introduction
We’ve discussed the threats from hackers
Since 9/11 there has been increasing
concern of attacks from cyber terrorists
Cyber terror attacks are not considered
weapons of mass destruction but rather,
weapons of mass disruption
Intro (2)
Areas feeling most pressure are:
telecommunications, transportation, financial
services, and chemical, water, energy, and power
grid industries
These are critical infrastructures which our
national economy depend upon
Perfect security is impossible
This chapter introduces defensive technologies
and reconnaissance tools
Intro (3)
This chapter presents material covering tier 4 of
the DLM
Multiple and diverse layers of security SW, HW,
and auditing systems are necessary
Used to validate and enforce AUPs, secure-use
practices
Serve as necessary countermeasures to stop spread
of malware, monitor for illegal activity, and
filtering inbound and outbound packets
Factors Driving the Need for
Diverse Technology Layers
Growth in Computer Crime
28% increase in Internet attacks and almost
200,000 of them were successful
50 or more new comp viruses created each wk
FBI estimated that losses by US businesses
exceeded $7 billion in 2001
This does not include costs of fraud or damages
by disgruntled or corrupted employees
Remember estimates are usually low -- why?
More Factors Driving the Need
for Diverse Tech Layers
Growth in SW Complexity and Flaws
Complexity and design flaws have caused
SW and OS’s to become more vulnerable to
malware
Many companies make obvious security
mistakes - introducing wireless networks or
IM w/o encryption and firewalls
Intranets w/o adequate security checkpoints
More Factors Driving the Need
for Diverse Tech Layers
Growth in Release Rate of Security Patches
and Service Packs
Since new SW vulnerabilities is now around 50/wk and IT
managers spend an avg of 2 hrs/server to test and deploy a patch
Estimate is total cost to a company w/ 1,000 servers is roughly
$300,000 per patch
There are now tools to automate and manage server and desktop
patches but it is a problem
IT staff need to focus on keeping networks and systems working
hard to have time to deal w/ complex security component
Security Technology
No “Out of the box” Solutions
No defense tools are usable out of the box it is necessary to correctly install and
monitor your security mechanisms
The security tools that are available have
varying
deployment costs, installation or
implementation complexity,
operational and maintenance costs, and
Security Technology (2)
Many believe that having a firewall installed will offer
automatic protection
They still need to be maintained
What kind of maintenance?
Tools and Targets
technology tools for security can be expensive to
purchase and maintain
They are targets of hackers -- when broken they are
hardened by defenders then hackers begin cycle
again….
Look at @Lert on pg. 115
Multilayered, Diverse
Technology Infrastructure
Read Cyberbrief on pg. 116
Note that an organizations effectiveness in
using technology to protect against hacker
attacks and lawsuits improves w/ regular
auditing of networks, applications, and
employees for signs of vulnerability or
unauthorized use
Characteristics of a Defensive
Technology Infrastructure p 116
A defensive technology infrastructure depends on
appropriate security technologies
Properly installed and configured at correct checkpoints
Placed on each device connected to the network
Continuously maintained, patched, and audited
With incident response and disaster recovery plans in
place
Routinely tested by people /w technology expertise
Security company Foundstone predict that the
success of security is directly related to the
location of the security officer in the
organizational chart. (Why? See pg. 117)
Underlying Technical Issues
Functional (Critical) requirements of HW and SW
Six of them are listed – important
Confidentiality
Integrity
Authenticity
Nonrepudiation
Accountability
Availability
How to remember them? AAAINC?
Some pieces of the HW
TCP/IP
IP address
Ports
File Integrity Checker (checksum)
Routers
You read these short sections
Perimeter and File Protection
Maintaining Confidentiality and Integrity
What types of tools can assist us in confidentiality and
integrity
Several tools to protect against or to monitor intrusion
Firewalls
Intrusion Detection Systems
Access control and virtual private networks (VPN)
Biometrics and tokens
Antivirus Software
Cryptography/encryption
Public key infrastructure (PKI) and certificates
Firewalls
Protect one computer network from another and
often protect one part of a company’s network
from the rest of another
Permits or denies certain types of traffice to pass
through based on the source address in the IP
packet
Firewall looks at individual IP packets and decides
what to allow or deny based on the rules of the
configured firewall.