Transcript Security Related Hardware and Software

Networked Systems
Security
Security Systems
Solutions & Features
Learning Outcomes
1. Identify different security related
hardware and software
2. Generalise different operations in
security their solutions and features
3. Evaluate different based IDS &
devices
Recap- Physical security measures
Locks.
Passes.
Sign in/out systems.
Guards.
Biometrics.
Security Systems
IDS – Intrusion Detection System
Email Systems
Wireless Systems
Networked Devices
How do they relate to
Network Security?
IDS - Intrusion Detection Systems
An intrusion detection system (IDS) is an active process or
device that analyses system and network activity for
unauthorised entry and/or malicious activity.
The ultimate aim of any IDS is to catch perpetrators in the act
before they do real damage to resources.
Email Systems Security
As email becomes more prolific in an organisation, the
importance of email security becomes more significant. In
particular, the security implications associated with the
management of email storage, policy enforcement, auditing,
archiving and data recovery.
Another key aspect of the management of mail flow security is
the protection of the business from malicious or unlawful
attacks
Wireless Systems
Wireless security is the prevention of
unauthorised access or damage to
computers using wireless networks.
Networked Devices
Network security consists of the provisions and
policies adopted by a network administrator to
prevent and monitor unauthorised access,
misuse, modification, or denial of a computer
network and network-accessible resources.
Security Features
Email Systems - Security Features
Secure MIME
DHCP Relay agents
Wireless Systems - Security Features
Site Surveys
WEP/WPA
TKIP
Networked Devices - Security Features
Router
Switch
Wireless Access Points
Email Security
From the time an email composed to the time it is
read, an email travels through an unprotected
Internet, exposed to various electronic dangers.
The protection of email from unauthorised access
and inspection is known as electronic privacy.
S/MIME
S/MIME - Secure/Multipurpose Internet Mail Extensions
It is a security enhancement to the MIME Internet e-mail format standard, based
on technology from RSA Data Security (RSA Security is a United States-based organization
that creates encryption, network and computer security products.)
Functionality
Enveloped Data: This consist of encrypted content of any type and encrypted
content encryption keys for one or more recipients
Signed Data: A digital signature is formed by taking the message digest of the
content to be signed and then encrypting that with the private key of the signer.
DHCP Relay Agents
DHCP (Dynamic Host Configuration Protocol) is a communications protocol that
network administrators use to centrally manage and automate the network
configuration of devices attaching to an Internet Protocol (IP) network.
Relay
Agent Software :
- Routers block broadcasts to outer network which means responses from the DHCP servers must come from
same network
- DHCP relay agents intercepts IP address requests
- repackages the requests
- rebroadcasts them as unicast messages to DHCP servers with known addresses of other network
- DHCP servers sends its reply to relay agent which in turn forwards them to client requesting the IP address
Wireless Systems
Wireless networks can be
applied in transportation
systems, process industry,
smart grids, smart
buildings, personal
communication and health
systems.
Site Surveys
Is the first step in the deployment of a Wireless network and the most important
step to ensure desired operation. A task-by-task process by which the surveyor
studies the facility to understand the RF behavior, discovers RF coverage areas,
checks for RF interference and determines the appropriate placement of Wireless
devices.
WEP/WPA
WEP stands for Wired Equivalent Privacy, and WPA stands for Wireless
Protected Access. WPA2 is the second version of the WPA standard.
Encryption Tools used to secure wireless connection.
WEP provides security by encrypting data over radio waves so that it is
protected as it is transmitted from one end point to another.
WPA an improved data encryption method through the temporal key integrity
protocol (TKIP). TKIP scrambles the keys using a hashing algorithm and, by adding an integritychecking feature, ensures that the keys haven't been tampered with.
http://www.dummies.com/how-to/content/wireless-network-administration-wepand-wpa.html
TKIP - Temporal Key Integrity Protocol
Used in the encryption method WPA
To increase key strength, TKIP includes four additional algorithms:
A cryptographic message integrity check to protect packets
A sequencing mechanism that includes hashing, as opposed to WEP's plain text
transmission
A per-packet key-mixing function to increase cryptographic strength
A re-keying mechanism to provide key generation every 10,000 packets.
Networked Device Security Features - Router
Router - the first line of defense against hackers trying to access all the internetconnected devices on the network
Change the default administrator password—and username, if possible
Change the SSID (or name of the wireless network) so devices don't always
accept connections to similarly named networks (e.g. "linksys") and also so it
doesn’t give hackers more of a clue to the router model
Set the wireless security mode to WPA2 and a good, long password is needed
Networked Device Security Features - Switch
Switches are the foundation of a network, connecting computers, servers, printers,
and other peripheral devices.
There are three types of switches—unmanaged, smart, and managed.
Smart and managed switches both include security features, but managed
switches give you the most control over network traffic with more advanced
security and features.
Managed Switch
A secure managed switch should include these security features:
Embedded security for encrypting network communications and protecting
management data that travel to and from the switch
Access control lists (ACLs) for restricting areas of the network from
unauthorized users as well as guarding against network attacks
Virtual LANS (vLANs) for segmenting the network into separate work groups or
creating a guest work group for giving visitors limited access to your network
and to the Internet
Wireless Access Points
The wireless access point connects to a wired router and then relays the data
between the wireless and wired devices through the network. Access points are
particularly useful to large businesses and organisations that need to connect
additional desktop PCs or laptops to a network without the need for additional
cabling. http://www.practicallynetworked.com/support/wireless_secure.htm
Rogue Access Points http://www.computerweekly.com/feature/Securing-yournetworks-against-the-risk-of-rogue-wireless-access-is-no-longer-optional
Task
In groups of 3 choose each choose one of the following:
Email Systems
Wireless Systems
Networked Devices
You need to explain how each one can protect a networked
system.
IDS - Intrusion Detection System
Definition
An intrusion can be defined as a subversion of security to
gain access to a system. This intrusion can use multiple
attack methods and can span long periods of time.
These unauthorized accesses to computer or network
systems are often designed to study the system’s
weaknesses for future attacks.
Other forms of intrusions are aimed at limiting access or
even preventing access to computer systems or networks.
What is an IDS?
Basically, intrusion detection systems do exactly as the name implies: they detect
possible intrusions.
More specifically, IDS tools aim to detect computer attacks and/or computer
misuse and alert the proper individuals upon detection.
An IDS provides much of the same functionality as a burglar alarm installed in a
house.
That is, both the IDS and the burglar alarm use various methods to detect when
an intruder/burglar is present, and both subsequently issue some type of warning
or alert
An effective IDS should be able to:
run continually with minimal human supervision
withstand an attack and continue functioning
monitor itself and resist local intrusion
use minimal resources
adapt?and recognize "normal" behaviour
IDS
To protect your network, your IDS must generate alarms when it detects intrusive activity on your network.
Different IDSs trigger alarms based on different types of network activity. The two most common
triggering mechanisms are the following:
Anomaly detection
Misuse detection
Besides implementing a triggering mechanism, your IDS must somehow watch for intrusive activity at
specific points within your network. Monitoring intrusive activity normally occurs at the following two
locations:
Host-based
Network-based
http://www.ciscopress.com/articles/article.asp?p=25334
IDS - Similar Devices
Firewalls
Virus Protection
Spyware protection
File monitoring
Folder monitoring
Use of honeypots
Alarms
Task - How does IDS and its different devices protect a networked system?
Explain IDS and the different/similar devices, how do they
secure a network? Evaluate each one and summarise the
differences.
Firewalls
Virus Protection
Spyware protection
File monitoring
Folder monitoring
●
●
●
●
Anomaly-Based
Misuse-Based
Host-Based
Network-Based