Transcript Chapter One - Tripod.com

Chapter Six
IT Networks
and
Telecommunications Risks
1
Lecture Outline
Network and Telecommunications
Technology
 Risks to IT Network and
Telecommunications Systems
 IT Network and Telecommunications
Security
 Auditing Network Security

2
Network & Telecommunications
Technologies
Network Components
 Computers and terminals
 Telecommunications channels – physical and
wireless
– Physical – twisted-pair wire, coaxial cable, fiber
optic
– Wireless – use microwaves, infrared light, light
pulses
– Vary in speed and capacity
3
Network Types
 Distance - LAN vs WAN
 Ownership - Internet, intranet, extranet
 Client/server networks
 Network topology
– Star
– Bus
– Ring
4
Network Protocols and Software
 Protocol – standardized rule sets that control
network communications among hardware and
software from different vendors
 Open Systems Interconnect (OSI) model – a
standard architecture for networking that allows
different computers to communicate across
networks
 Network and telecommunications software –
network OS, networks management software,
middleware, web browsers, e-mail software
5
IT Network and Telecommunications
Risks

Social Engineering
– Use of social skills to obtain confidential
information or unauthorized access by persuading
insiders to provide them with access
– A form of manipulation and trickery that relies on
behaviors such as fear of getting into trouble or an
inclination to help someone
– Vulnerability points: security admin, technical
support personnel, security guards, administrative
assistants
6

Physical Infrastructure Threats
– The elements
» Fire, air, and water
» Make sure computers aren’t located close to place with
higher risk
– Natural disasters
» Floods, earthquakes, tornadoes, hurricanes, etc…
» Avoid locating networks in high-risk areas
– Power supply
» Backup power supplier, uninterrupted power supply
(UPS)
– Intentional human attacks
» terrorist attack
» company insiders’ attack – must have well documented
policies
7

Programmed Threats
– Viruses, Worms, Trojan horses,
– Hoaxes – email message that instructs a user to delete
certain files as a security precaution against viruses or
programmed threats
– blended threats – combinations of multiple
programmed threats.
– Help
» Antivirus software, update regularly
» Cautions in opening unknown email with attachments
» Warn about downloading freeware or shareware
» Incident Response Plan – in case of programmed threat
outbreak
8

Denial of Service Attacks
– System is tied up in such a way that it is unable to
perform its functions
– Caused embarrassment and financial loss for target
– DDOS – from variety of sources
– DOS attack – using maximum network connections
so that new users can’t obtain access, overloading
primary memory and infecting file systems with
unnecessary or incorrect data
– Use firewalls, intrusion detection systems,
penetration testing, establish network connection
time-outs
9

Software Vulnerabilities
– Holes in application and operating system
– Programming errors
– Holes created to allows programmers quick access
for debugging software
– Errors in configuring software
– IT auditors can check a network system for
application holes as part of penetration testing
10
IT Network and Telecommunications
Security

Network security administration
– Network security admin is responsible for
» creating a network security plan,
» developing & communicating a security policy for
network resources
 Responsibilities
of each party and their privileges
» password management
 Password
are kept in encrypted files & protected
 Removing user identifications and passwords for those
no longer employed
 Default passwords are changed
11

Authentication
– Process of ensuring that users are who they claimed to
be
– Generally verified by
» What you have – key or smart card for physical access
» What you know - password
» Who you are – biometrics such as fingerprint, voice,
retina

Encryption
– Scrambling data so that anyone who views it won’t be
able to make sense of without decryption key
– Main encryption: secret key and public key
12
cryptography
– Secret key cryptography
» Sender and receiver use the same key to code and decode
the message
» Problem: both must agree on the key and both need to
obtain it
– Public key cryptography
» Use a private/public key pair
» One key for encrypting message and another for
decrypting
» Both keys issued at same time and encrypted by certified
authority
» Public key is widely available and can be transmitted
across public network
13
» Only intended receiver can decrypt it using private key
» Public key cryptography can also be used for
authentication
 Sender
signs the message with digital signature,
which is encryption of the message with sender’s
private key.
 Recipient verifies the signature through an algorithm
that includes the message, the signature, and the
sender’s public key
» Public and private keys and digital certificates are
available from certificate authorities such as Verisign
and Thawte.
14

Firewalls
– Combine software and hardware to control outside access
to an entity’s telecommunications network
– Software specifies filters controlling entry to network
– Can be placed at various levels to block traffic to
networks or applications
– Choose based on
» Architecture
 Single-layered
– uses only one network host for all firewall functions
– Firewall host placed between the internal network
and Internet
 Multiple layers
– Two or more hosts providing the firewall functions
– Combination of inner and outer firewall hosts15
» Functionality
 Packet filtering routers
– Examines incoming IP message packets according
to set of filtering rules
– Then forward or rejects the packet
 Application-level firewalls/Proxy servers
– More security than packet filters
– There is never real connection between sender and
receiver
– Firewall acts as a proxy or substitute to the receiver
– Secure but expensive
16

Intrusion Detection Systems
–
–
–
–

Log and monitor activity
May be included in firewall package or stand alone
Only report an attack but powerless to stop it
Many types, varying with level of sophistication
Penetration Testing
– To learn about the logical access vulnerabilities in an
information system
– Four general penetration testing tools: war dialing,
port scanning, sniffing, password cracking
17
– War dialing
» Requires only a phone line, modem and war dialing
software
» The software will randomly dial phone numbers until it
locates an open modem connection
» Once connected, the penetration tester will attempt to
access the network through password cracking
– Port scanning
» Hackers and penetration tester scan ports to find out
which network services a particular system provides
» To scan ports, a hacker ping a system by sending
separate messages to each port
» The message response will tell potential intruder which
ports are used and which are open
18
» Disable unused ports that are open
– Sniffing
» A program used to capture data transmitted across network
» Most common use is for capturing user Ids and passwords
– Password crackers
» Guess passwords
» Approaches
 Dictionary -Match password against all terms in
standard dictionary
 Hybrid
– Modifies dictionary words
 Brutal force - Complex sequences of letter and number
combinations
19
Auditing Network Security

Risk assessment and best practices
– Evaluate controls in place are sufficient protection

Benchmark tools
– Windows 2000 Benchmark – let users evaluate their
security settings against the Center for Security (CIS)
benchmark

IT audit programs for network security
20