Transcript Chapter 12
Chapter 12
Communication Controls
IS Auditor Role
• Collect evidence to ascertain an entities
ability to:
–
–
–
–
Safeguard assets
Provide data integrity
Efficiency of systems
Effectiveness of systems
Communication Subsystem Exposures
1) Transmission Impairments
a) Attenuation--weakening of a signal
b) Delay Distortion--signal transmitted through
bounded media
c) Noise--random electric signals
2) Component Failure
– hardware, software, transmission media
3) Subversive Threats
Subversive Threats
Active Attack Types
Intruders can:
•
•
•
•
•
•
•
Insert a message
Delete a message
Modify the contents of a message
Alter the order of messages
Duplicate messages
Deny message services
Establish spurious associations
Types of Transmission Media
Physical Component Controls
• Transmission Media
– bounded (or guided), unbounded
• Communication Lines (public lines vs private lines)
• Modems (modulator/demodualtor) Next
slide
• Port-Protection Devices (mitigate exposures to
dial up access)
Three Functions of Modem
• Increase speed by multiplexing
• Perform equalization for line errors and
adjust for better line characteristics
• Variable speed modem will compensate for
various levels of noise
•
Port-Protection Devices
•
•
•
•
Force call to only authorized number
Voice/ data switching
Request password
Audit trail of successful/unsuccessful
attempts
Multiplexors and Concentrators
• Both allow the bandwidth or capacity of a
communication line to be used more effectively
• Multiplexors
– frequency-division multiplexing
– time-division multiplexing
• Concentrators
– message switching (entire message waits for clear
comm. Path)
– packet switching (a message is broken into several
small packets)
– line switching (circuit switching to find available
line)
Multiplexing Techniques
Line Error Controls (to avoid distortion,
noise, and attenuation)
• Error Detection
– loop checking involves the receiver sending the
message back to the sender
– parity checking involves adding an extra bit to
a string of bits
– cyclic redundancy checking involves the block
of data to be transmitted is treated as a binary
number
Line Error Controls
• Error Correction
– Forward error correcting codes enables line
errors to be corrected at the receiving station
– Retransmissions of data in error (backward
error correction), the sender sends the data
again if the receiver indicates the data has been
received in error
Flow Controls
• Stop-and-wait flow control--the sender will
not transmit another frame until it receives
an acknowledgment from the receiver.
• Sliding-window flow control--both sender
& receiver hold multiple frames of data to
overlap transmission and processing of data.
Topological Controls
• Local Area Network Topologies
– privately owned
– provide high-speed communication
– confined to limited geographic areas
• Types of Topologies
–
–
–
–
bus topology
tree topology
ring topology
star topology
Bus Topology
• Nodes in the network are connected in
parallel to a single communication line
• Types of bus
– broadband bus (uses analog signaling)
– baseband bus (uses digital signaling)
Bus Network Topology
Tree Topology
• Nodes in the network are connected to a
branching communication line that has no
closed loops
• Use analog signaling to broadcast messages
in the direction of the root of the tree.
Tree Topology
Ring Topology
• Nodes in the network are connected via
repeaters to a communication line that is
configured as a closed loop
• Often data is transmitted only in one
direction on the ring
• Point-to-point topology--each node is
connected directly to another node
Ring Network Topology
Star Topology
• Nodes in the network are connected in a
point-to-point configuration to a central hub
• Hub can route messages from one node to
another or a subset of nodes
Star Network Topology
Wide Area Network Topologies
• Characteristics:
– Often encompass components that are owned
by other parties
– Provide relatively low-speed communication
among nodes
– Span large geographic area
• Conceptually every node in the network can
have a point-to-point connection with every
other node
Mesh Network Topology
Channel Access Controls
• Polling Methods
– Centralized polling (one node keep polling)
– Distributed polling (token passing)
• Contention Methods
– Carrier sense multiple access with collision
detection (CSMA/CD) – each node compete
with other nodes but differences will be
resolved
Centralized Polling Models
Distributed Polling Model
Link Encryption
• Protects data traversing a communication
channel connecting two nodes in a network
• Cryptographic key might be common to all
nodes in the network
• Reduces expected losses from traffic
analysis
Link Encryption
End-to-End Encryption
• Protects the integrity of data passing
between a send and a receiver,
independently of the nodes of the data
traverses
• The sender encrypts data before it is given
to the network for transmission to the
receiver
Other Subversive Threat Controls
See Table 12-2
• Stream Ciphers
• Error Propagation Codes
• Message Authentication Codes
• Message Sequence Numbers
• Request-Response Mechanisms
Controls over Subversive Threats
Internetworking Controls
• Internetworking is the process of
connecting two or more communication
networks together to allow the users of one
network to communicate with the users of
other networks.
• Three types of devices are used
– Bridge (e.g. Bus), Router (e.g., Bus and Ring),
Gateway (e.g., Bus, Ring, MS NT, Novel)
Communication Architectures &
Controls
• Open-systems interconnection (OSI)
• IBM’s system network architecture (SNA)
• Transmission control protocol/internet
protocol (TCP/IP)
Transmission of Data with OSI
Accounting Audit Trail
• Must allow a message to be traced through
each node in a network
• Examples
– unique identifier of the source node
– unique identifier of the person authorizing
dispatch of the message
– time and date of dispatch
Operations Audit Trail
• The performance and the integrity of the
network depend on the availability of
comprehensive operations audit trail data.
• Examples:
– number of messages that have traversed each link
– number of messages that have traversed each
node
– Queue lengths at each node