Business Data Communications and Networking
Download
Report
Transcript Business Data Communications and Networking
Business Data
Communications and
Networking, 6th ed.
FitzGerald and Dennis
12-1
Copyright © 1999 John Wiley & Sons, Inc.
All rights reserved. Reproduction or translation of this work
beyond that permitted in Section 117 of the 1976 United
States Copyright Act without the express written
permission of the copyright owner is unlawful.
Request for further information should be addressed to the
Permissions Department, John Wiley & Sons, Inc.
The purchaser may make back-up copies for his/her own use
only and not for redistribution or resale.
The Publisher assumes no responsibility for errors,
omissions, or damages, caused by the use of these
programs or from the use of the information contained
herein.
12-2
Chapter 12
Network Security
12-3
Objectives of Chapter 12
Become familiar with…
the major threats to network security,
how to conduct a risk assessment
Understand
how to prevent, detect, and correct
disruptions, destruction, and disaster
how to prevent, detect and correct
unauthorized access
12-4
INTRODUCTION
12-5
Introduction
For many people, security means preventing
unauthorized access, such as preventing a
hacker from breaking into your computer.
Security is more than that, it also includes
being able to recover from temporary
service problems, or from natural disasters.
12-6
Introduction
12-7
Why Networks Need Security
In recent years, organizations have become
increasingly dependent on the data
communication networks for their daily business
communications, database retrieval, distributed
data processing, and the internetworking of LANs.
The losses associated with security failures can be
huge.
More important than direct theft losses are the
potential losses from the disruption of applications
systems that run on computer networks.
12-8
Types of Security Threats
Disruptions are the loss or reduction in
network service.
Some disruptions may also be caused by or
result in the destruction of data.
Natural (or manmade) disasters may occur
that destroy host computers or large
sections of the network.
12-9
Types of Security Threats
Unauthorized access is often viewed as
hackers gaining access to organizational
data files and resources.
However, most unauthorized access incidents
involve employees.
12-10
Network Controls
Developing a secure network means
developing controls. Controls are
mechanisms that reduce or eliminate the
threats to network security.
There are three types of controls:
• Preventative controls - mitigate or stop a
person from acting or an event from occurring.
• Detective controls - reveal or discover
unwanted events.
• Corrective controls - rectify an unwanted event
12-11
or a trespass.
Network Controls
It is important to remember that it is not enough
to just establish a series of controls; someone
or some department must be accountable for
the control and security of the network.
Controls must be reviewed periodically to be
sure that they are still useful, and should be:
Verified - ensuring that the control is still present &
Tested - determining whether the control is working
as originally specified.
12-12
RISK ASSESSMENT
12-13
Risk Assessment
One key step in developing a secure network
is to conduct a risk assessment: This
assigns a level of risk to various threats to
the network security by comparing the
nature of the threats to the controls
designed to reduce them.
12-14
Developing a Control
Spreadsheet
To be sure that the data communications
network and microcomputer workstations
have the necessary controls and that these
controls offer adequate protection, it is best
to build a control spreadsheet.
12-15
Developing a Control
Spreadsheet
Threats
Components
Disruption, Destruction, Disaster
Power Circuit
Fire Flood Loss Failure Virus
Unauthorized Access
External Internal
Intruder Intruder Eavesdrop
Host Computers
Client Computers
Communication Circuits
Network Devices
Network Software
People
12-16
Threats
A threat to the data communications network
is any potential adverse occurrence that
can do harm, interrupt the systems using
the network, or cause a momentary loss to
the organizations.
Once the threats are identified they must be
ranked on their importance.
12-17
Threats
12-18
Network Components
The next step is to identify the network
components. A network component is one
of the individual pieces that compose the
data communications network. They include:
•
•
•
•
•
•
Servers
Client computers
Communications circuits
Network devices
Network software
Application software
12-19
Identify and Document the
Controls
Once the specific network threats and
controls have been identified, you can begin
working on the network controls.
Begin by considering the network component
and the specific threat, and then describe
each control that prevents, detects or
corrects that threat.
12-20
Identify and Document the
Controls
Threats
Components
Host Computers
Disruption, Destruction, Disaster
Power Circuit
Fire Flood Loss Failure Virus
1,2
1,3
4
1,5,6
7,8
Unauthorized Access
External Internal
Intruder Intruder Eavesdrop
9,10,11,12 9,10
Client Computers
Communication Circuits
Network Devices
Network Software
People
1.
2.
3.
4.
5.
6.
Disaster recovery plan
Halon fire system/sprinklers
Host computer room on 5th floor
UPS on servers
Contract guarantees from IXCs
Extra backbone fiber laid between servers
7. Virus checking software present
8. Extensive user training on viruses
9. Strong password software
10. Extensive user training on security
11. Call-back modem system
12. Application Layer firewall
12-21
Evaluate the Network’s
Security
The last step in designing a control
spreadsheet is to evaluate the adequacy of
the existing controls, and the resulting
degree of risk associated with each threat.
The assessment can be done by the network
manager, but it is better done by a team of
experts chosen for their in-depth knowledge
about the network and environment being
reviewed.
12-22
CONTROLLING
DISRUPTION,
DESTRUCTION, AND
DISASTER
12-23
Preventing Disruption,
Destruction and Disaster
The key principle in preventing disruption,
destruction and disaster - or at least
reducing their impact - is redundancy.
•
•
•
•
Uninterruptable power supplies (UPS)
Fault-tolerant servers
Disk mirroring
Disk duplexing
Redundancy can be built into other network
components as well.
12-24
Preventing Disruption,
Destruction and Disaster
Disasters are different, the best solution is to
have a complete redundant network that
duplicates every network component, but in
a different location.
Generally speaking, preventing disasters is
difficult. The most fundamental principle is
to decentralize the network resources.
Other steps depend on the type of disaster to
be prevented.
12-25
Preventing Disruption,
Destruction and Disaster
In come cases, the disruption is intentional
(i.e. theft).
Another special case is the denial-of-service
attack, in which the hacker attempts to
disrupt the network by sending messages to
the network that prevent other’s messages
from being processed.
12-26
Preventing Disruption,
Destruction and Disaster
Special attention also must be paid to
preventing computer viruses - software
designed to produce unwanted events.
Most viruses attach themselves to other
programs to to special parts on disks.
The best way to prevent the spread of viruses
is to not copy files or disks of unknown
origin. Many anti-virus software packages
are available to check disks and files to
ensure that they are virus-free.
12-27
Detecting Disruption,
Destruction, and Disaster
One function of network monitoring software
is to alert network managers to problems so
that these can be corrected.
Detecting minor disruptions can be more
difficult. The network should routinely log
fault information to enable network
managers to recognize minor service
problems. In addition, there should be a
clear procedure by which network users can
report problems.
12-28
Correcting Disruption,
Destruction and Disaster
A critical control is the disaster recovery plan, which
should address various levels of response to a
number of possible disasters and should provide
for partial or complete recovery of all data,
application software, network components, and
physical facilities.
The most important element of the disaster recovery
plan are backup and recovery controls that enable
the organization to recover its data and restart its
application software should some portion of the
12-29
network fail.
Elements of a Disaster
Recovery Plan
Names of responsible individuals
Staff assignments and responsibilities
List of priorities of “fix-firsts”
Location of alternative facilities.
Recovery procedures for data communications
facilities, servers and application systems.
Actions to be taken under various contingencies.
Manual processes
Updating and Testing procedures
Safe storage of data, software and the disaster
recovery plan itself.
12-30
Correcting Disruption,
Destruction and Disaster
Backups ensure that important data is safe.
However it does not guarantee the data can
be used.
Most large organizations have a two-level
disaster recovery plan.
LVL 1: When they build networks they build
enough capacity and have enough spare
equipment to recover from a minor disaster,
such as loss of a major server or portion of
the network.
12-31
Correcting Disruption,
Destruction and Disaster
LVL2: most large organizations rely on
professional disaster recovery firms to
provide second level support for major
disasters.
Disaster recovery firms provide a full range of
services from secure storage for backups,
to a complete networked data center that
clients can use when they experience a
disaster.
12-32
CONTROLLING
UNAUTHORIZED ACCESS
12-33
Controlling Unauthorized
Access
Four types of intruders attempt to gain
unauthorized access to computer networks.
1. Casual computer users who only have limited
knowledge of computer security.
2. Experts in security, but whose motivation is the
thrill of the hunt.
3. Professional hackers who break into corporate or
government computer for specific purposes.
4. Organization employees who have legitimate
access to the network but who gain access to
information they are not authorized to use.
12-34
Preventing Unauthorized
Access
The key principle in preventing unauthorized access
is to be proactive. This means routinely testing
your security systems before an intruder does.
Approaches to preventing unauthorized access:
•
•
•
•
•
•
Developing a security policy
Developing user profiles
Plugging known security holes
Securing network access points
Preventing eavesdropping
Using encryption
A combination of all techniques is best to ensure
strong security.
12-35
Developing a Security Policy
The security policy should clearly define the
important network components to be
safeguarded and the important controls
needed to do that.
The most common way for a hacker to break
into a system , is through social engineering
(breaking security simply by asking).
12-36
Elements of a Security Policy
Name of responsible individuals
Incident reporting system and response team
Risk assessment with priorities
Controls on access points to prevent or deter
unauthorized external access.
Controls within the network to ensure internal
users cannot exceed their authorized access.
An acceptable use policy
User training plan on security
Testing and updating plans.
12-37
Developing User Profiles
The basis of network access is the user profile for
each user’s account that is assigned by the
network manager.
More and more systems are requiring users to enter
a password in conjunction with something they
have, such as a smart card.
In high-security applications, a user may be required
to present something they are, such as a finger,
hand or the retina of their eye for scanning by the
system (biometric scanning).
12-38
Developing User Profiles
User profiles can limit the allowable log-in
days, time of day, physical locations, and
the allowable number of incorrect log-in
attempts.
Creating accounts and profiles is simple, as
they are created when new personnel
arrive. One security problem is the removal
of user accounts when someone leaves an
organization.
12-39
Developing User Profiles
It is important to screen and classify both
users and data (need to know).
The effect of any security software packages
that restrict or control access to files,
records, or data items should be reviewed.
Adequate user training on network security
should be provided through self-teaching
manuals, newsletters, policy statements,
and short courses.
12-40
Plugging Known Security
Holes
Many commonly used operating systems
have major security problems well known to
potential users (security holes), many of
which are highly technical.
Some security holes are not really holes, but
simply policies adopted by computer
vendors that open the door for security
problems, such as computer systems that
come with a variety of preinstalled user
accounts.
12-41
Plugging Known Security
Holes
The U.S. Government requires certain levels
of security in the operating systems and
network operating systems it uses for
certain applications (minimum C2
certification).
12-42
Securing Network Access
Points
There are three major ways of gaining access:
• Using a terminal or computer located in the
organization’s offices
• Dialing into the network via modem
• Accessing the network from another network to
which it is connected (e.g. Internet)
The physical security of the building or
buildings that house any of the hardware,
software or communications circuits must be
evaluated.
12-43
Securing Network Access
Points
The network components themselves also have a
level of physical security.
Any organization that permits staff members to
access its networks via dial-in modems opens
itself to a broader range of intruders.
One strategy is to routinely change modem
numbers, another is to use a call-back modem.
One-time passwords is another strategy for traveling
employees for who call-back modems and
automatic number identifications are
inappropriate.
12-44
Securing Network Access
Points
With the increasing use of the Internet, and
information superhighway, it becomes important
to prevent unauthorized access to your network
from intruders on other networks.
A firewall is a router, gateway, or special purpose
computer that examines packets flowing into and
out of a network and restricts access to the
organization’s network.
12-45
Securing Network Access
Points
A packet-level firewall examines the source and
destination address of every network packet that
passes through it and only allows packets that have
acceptable source and destination addresses to
pass.
Some packet-level firewalls are vulnerable to IP-level
spoofing, accomplished by changing the source
address on incoming packets from their real
address to an address inside the organization’s
network. Many firewalls have had their security
strengthened since the first documented case of IP
spoofing in December 1994.
12-46
Securing Network Access
Points
An application-level firewall acts as an intermediate
host computer or gateway between the Internet
and the rest of the organization’s network.
In many cases, special programming code must be
written to permit the use of application software
unique to the organization.
A proxy server is a new type of application-level
firewall that addresses some of the compatibility
problems with traditional application-level
firewalls.
12-47
Securing Network Access
Points
The proxy server uses an address table to translate
network addresses inside the organizations into
fake addresses for use on the Internet (network
address translation or address mapping).
This way systems outside the organization never
see the actual internal IP addresses.
Proxy servers work very well and are becoming the
application-level firewall of choice.
Many organizations use a combination of packetlevel and application-level firewalls.
12-48
12-49
Preventing Eavesdropping
Another way to gain unauthorized access is
to eavesdrop on network traffic, where the
intruder inserts a listening device or
compute into the organization’s network to
record messages.
Two areas vulnerable to this type of
unauthorized access:
• Network cabling
• Network devices
12-50
Preventing Eavesdropping
Network cables are the easiest target
because they often run long distances and
usually are not regularly checked for
tampering.
Certain types of cable can impair or increase
security by making eavesdropping easier (i.e.
wireless) or more difficult (i.e. fiber optic).
Physical security of the network’s local loop
and interexchange telephone circuits is the
responsibility of the common carrier.
12-51
Preventing Eavesdropping
Network devices such as controllers, hubs,
and bridges should be secured in a locked
wiring closets.
A secure hub for Ethernet networks makes sniffer
program eavesdropping more difficult, by
requiring a special authorization code before new
computers can be added to the hub.
A review of software controls than can be
programmed into remote network devices is
also needed.
12-52
Using Encryption
One of the best ways to prevent unauthorized
access is encryption, which is a means of
disguising information by the use of
mathematical rules known as algorithms.
An encryption system has two parts: the
algorithm itself and the key, which
personalizes the algorithm by making the
transformation of the data unique.
12-53
Using Encryption
Good encryption systems do not depend on
keeping the algorithm secret, only the keys.
Today, the U.S. government considers
encryption to be a weapon, and regulates
its export in the same way it regulates the
export of machine guns or bombs. The
government is also trying to develop a
policy called key escrow, requiring key
registration with the government.
12-54
Using Encryption
One commonly used encryption algorithm is
the data encryption standard (DES). DES
is a symmetric algorithm, which means the
key used to decrypt a particular bit stream
is the same one used to encrypt it.
Symmetric algorithms can cause problem
with key management; keys must be
dispersed and stored carefully.
A 56-bit version of DES is the most commonly
used encryption technique today.
12-55
Using Encryption
A second popular technique is public key
encryption, the most popular of which is
RSA.
Public key encryption is inherently different
from secret key systems like DES, because
it is an asymmetric algorithms; there are
two keys. The public key is used to encrypt
the message, and the private key is used to
decrypt it. Public key encryption greatly
reduces the key management problem.
12-56
Using
Encryption
12-57
Using Encryption
Public key encryption also permits authentications
(digital signatures), using a process of encrypting
with the private key, and decrypting with the public
key providing irrefutable proof of origin.
A certificate authority is a trusted organization that
can vouch for the authenticity of the person of
organization using authentication. For higher level
security certification, the CA requires that a
unique “fingerprint” (key) be issued by the CA for
each message sent by the user.
12-58
Using
Encryption
12-59
Detecting Unauthorized Access
Detecting unauthorized access means
looking for anything out of the ordinary. It
means logging all messages sent and
received by the network, all software used,
and all logins (or attempted logins) to the
network.
• Increases in the number of logins
• Unusual number of unsuccessful login attempts
to a user’s or several users’ accounts.
Regular monitoring should also be extended
to network hardware.
12-60
Correcting Unauthorized
Access
Once an unauthorized access is detected, the
next step is to identify how the security
breach occurred and fix it so that it will not
reoccur.
Many organizations have taken their own
steps to detect intruders by using
entrapment techniques.
In recent years, there has been a stiffening of
computer security laws and in the legal
interpretation of other laws that pertain to
12-61
End of Chapter 12
12-62