Chapter 11 - Indiana State University

Download Report

Transcript Chapter 11 - Indiana State University

MIS 430 Chapter 11
Network Security
Chapter 11 Data Security
1
Mgt Focus 11-1: Western
Union




9/2000: hacker broke into Western
Union and stole 15,700 credit card
numbers
Caused by human error: left file
unprotected after web site revision
Routine security audit discovered break
in and site was shut down (5 days lost)
Cost over $1M !
Chapter 11 Data Security
2
I. Introduction

Some Threats .. See fig 11-2 p. 358

Data Center … Hardware


Software



Unauthorized access, copying, modification, destroy, theft
Errors and Omissions
Files


Protection failure, destruction
Unauthorized access, copy, modify, destroy, theft
Offline input/output

Disaster, vandalism, fraud/theft/extortion, errors and
omissions
Chapter 11 Data Security
3
Intro, contd.

More Threats …

Organization


Personnel


Unauthorized access, inadequate safety, transportation
exposure
External people


Dishonesty, gross error, incompetence
Physical Security


Inadequate functional separation, lack of security
responsibility
Disaster, vandalism, fraud/theft/extortion
Data communications circuit

Network unavailable, illegal access, lost messages
Chapter 11 Data Security
4
Intro, contd.

More threats..

Client Users




Masquerading, authorization bypass, unauthorized
input/output, manipulation
Avg loss: $1 M but is tip of the iceberg
Loss of consumer confidence costs much
more than lost business!
But business disruption due to lost
applications is even more costly!!

Bank of America says $50M loss if down 24 hours
Chapter 11 Data Security
5
Types of Threats

Disruptions: loss or reduction of network
services




Loss of circuits
Loss of data
Disasters that affect equipment
Unauthorized Access



Mostly employees, not hackers!
CERT: Computer Emergency Response Team from
Carnegie Mellon University http://www.cert.org/
ISU loss of 10,000 social security numbers
Chapter 11 Data Security
6
Network Controls


Control: mechanism to reduce or eliminate
threats to network security
Types of Controls




Prevention: stop act from occurring
Detection: reveal unwanted events
Correction: remedy unwanted event
Important: someone must be responsible for
controls and security, including updates and
making sure they are implemented ok.
Chapter 11 Data Security
7
Tech Focus 11-1 (p. 361)






Less complex is better
Control’s cost is
equivalent to risk
Preventing is better
than detecting and
correcting!
Adequate: just enough
to protect the network
Automated controls
better than manual!
Controls apply to all!





Document overrides;
overrides need controls
Control documents are
confidential
Names, uses, &
locations of network
HW are private
information
Controls ensure network
can be audited
Assume a hostile
environment
Chapter 11 Data Security
8
Tech Focus, contd




Convey an image of
high security by
education & training
Controls provide
separation of duties
Implement entrapment
to ID bad guys
When control fails,
network defaults to
tight security: deny
access




Controls still work when
only one part of
network fails
Don’t forget the LAN!
Central mgrs often just
worry about the WAN
Always assume your
opponent is smarter
than you are
Always have insurance
in case a control fails
Chapter 11 Data Security
9
II. Risk Assessment

Assign levels of risk to various threats



Compare nature of threats to controls
OCTAVE method http://www.cert.org/octave/
Control spreadsheet (fig 11-3, p. 362)



Assets (something of value) with priority in
parentheses
Threats in categories
Center includes controls now in use
Chapter 11 Data Security
10
Types of Assets (fig 11.4)






Hardware: servers, client computers, network
devices (hubs, routers, switches)
Circuits: LANs, BNs, contracted MAN and
WAN circuits, Internet access circuits
Network SW: server NOS, applications such
as mail server, web server
Client SW: OS, applications like Word, etc
Organizational data: DBs
Mission-Critical Apps: depends on organ.
Chapter 11 Data Security
11
Threat Likelihoods (fig 11.5)









Virus: 85%
Internet Hacker: 70%
Device Failure: 68%
Denial of Service (DoS): 60%
Theft of Equipment: 44%
Natural Disaster: 28%
Theft of Information: 9%
Fraud: 3%
From Insiders: 70% From Outsiders: 25%
Chapter 11 Data Security
12
Identify the Controls

After spreadsheet (assets,
threats) is done, work on the
controls(see fig. 11-6 p. 366)




Disaster recovery plan:
business continuity plan


Halon fire system in
machine room; sprinklers
Not below ground level
(beware of floods:
Chicago)
UPS on major servers



Contract guarantees from
interexchange carriers
Extra backbone fiber cable
laid in different conduits
Virus checking software
present on network
Extensive user training about
viruses
Strong password software


Extensive user training
about PW security
Application layer firewall
Chapter 11 Data Security
13
Evaluate Network’s Security

Evaluate adequacy of existing controls
as it relates to each threat



Do by an independent Delphi team who
makes the final decision
3-9 members
Therefore implement quickly
Chapter 11 Data Security
14
Mgt Focus 11-2: Microsoft I


Microsoft’s web sites 3rd most visited
All down for 22 hours in Jan 2001 due to a
technician’s error:





MS placed all 4 of its DNS servers on same network segment
Tech loaded incorrect routing table information into routers,
and nobody could reach any DNS servers
Had any one been on a different segment, no trouble!
MS lost $4M in ad revenue during 22 hours
More lost on sites like Expedia that sell services
Chapter 11 Data Security
15
Mgt Focus 11-3: World Trade
Center Disaster Recovery

TradeWeb HQ on 51st floor: destroyed!



Changed DNS entry to refer to London office to
get back on the web
Rebuilding database took longer
Allstate: lost NYC data center (but had a
plan)



No network: onslaught of claims!
Had 25 LAN in-a-box dial-up network kits from
office LAN to headquarters; needed 24 more
Remaining offices back up in 4 days
Chapter 11 Data Security
16
III. Controlling DDD:
Prevention

Use redundant hardware




UPS American Power Conversion www.apc.com
Fault tolerant server
Disk mirroring and RAID 1, 5 (not RAID 0)
Prevent natural disaster




Avoid basement rooms near rivers and oceans
State Farm data center: 6 foot thick SW walls: tornado
Install Halon fire prevention system (but phase out)
http://www.epa.gov/ozone/snap/fire/qa.html
Decentralize network resources: multiple servers, data
centers, even different parts of the country
Chapter 11 Data Security
17
Prevention Controls

Preventing Theft ($1B stolen annually)





Physical security methods for data center
Use security cables to attach HW to desks
Private security guards
Keep certain key network locations secret
Preventing viruses



Protect both servers and clients!
Macro viruses account for 75% of viruses
Use anti-virus software; keep it current weekly
Chapter 11 Data Security
18
Mgt Focus 11-4: NIMDA!

9-18-2001: NIMDA virus swept through
Windows servers around the world





Attached to email message; emailed to others in
Outlook address book
Also spread by servers, shared drives
Could get it through a browser click (Javascript)
Patches developed but it came back as
variants. Ask me about my !@@!# servers
5 months later, still the most common attack
– it was an attack suite: well written, tested

Chapter 11 Data Security
19
Prevention Controls

Preventing Denial of Service Attacks




Hacker floods network with messages so that
server cannot handle normal workload
Hackers use false IP addresses (IP spoofing)
Distributed DoS attack is more disruptive – hacker
controls many machines that all attack
simultaneously
Can set up several servers around the world (like
Microsoft has done)
Chapter 11 Data Security
20
Tech Focus 11-2: DoS Attack






Smurf attacks: flood with Ping ICMP requests
Fraggle attacks: similar to smurf but uses UDP
echo requests
TCP SYN floods: request to establish TCP
connection
UNIX process table attacks: like TCP SYN
Finger of death attacks: flood with finger
requests
DNS Recursion Attacks: spoof the from address
to be within the organization
Chapter 11 Data Security
21
Mgt Focus 11-5: Microsoft Part 2

DDoS attack 1/2001 caused MS to redesign networks
 Hacker gained control of a large number of
computers, implanting DDoS software




SW targeted MS DNS servers, not web or mail
By focusing on routers on the segment containing the
DNS servers, brought net to a crawl
Put 4 DNS servers on separate network segments
MS Contracted with Akamai.com to hold most
popular web pages around the world

Pages served from Akamai server closest to customer,
reducing response time and providing redundancy
Chapter 11 Data Security
22
Controlling DDD: Detecting

Network management software should notify
management of problems




Can send alerts via email or even to pagers
Major problems easier to detect than minor
Network should log performance data which can
be compared to current performance
Caterpillar bulldozer agent: avoid any
unplanned downtime


Software agents and sniffers look for out of bound
measurements
Contact the command center to report possible
trouble
Chapter 11 Data Security
23
Controlling DDD: Correcting

Disaster Recovery Plan



Remember United DC-10 that lost
hydraulics and crash-landed in Iowa city?
Iowa City’s DRP helped save lives!
Provides various levels of response to a
number of possible disasters
See fig 11-7 p. 373 for elements of DRP

Managers (2), staff duties, priorities for what
done first, locations of spares, data comm
recovery, manual procedures, testing methods,
backups, actions for certain scenarios
Chapter 11 Data Security
24
Controlling DDD: Correcting

Disaster Recovery Plans



Good backups don’t mean data can be used!
Disaster Recovery Drills important
Two levels: internal redundancy, out sourced DR
service




Cold site: storage of data and applications
Hot site: dedicated equipment that is ready to run your
applications seamlessly
http://www.disasterrecoveryworld.com/ for
checklists, etc.
Disaster Recovery Journal http://www.drj.com/
Chapter 11 Data Security
25
IV. Controlling Access

Unauthorized access is 2nd main problem

Types of intruders




Casual hackers w/ limited knowledge of computers they
encounter (script kiddies)
Experts in security but enjoy the challenge (crackers)
Professional hackers who break in for specific purpose (most
dangerous kind)
Organization employees with legitimate access who gain
access to information they are not authorized to use (most
common kind of security breach)
Chapter 11 Data Security
26
Preventing Unauthorized Access


Be proactive! Routinely test security before the
intruder does
Don’t keep extremely sensitive data online


Store in networks that are isolated from other networks
Security Policy: define important assets and the
policies to access them; see fig 11-8 p. 376

Manager, incident reporting system, risk assessment with
priorities, effective controls at major access points, use min
# of controls to reduce inconvenience, acceptable use policy,
procedure to monitor changes to network devices, routine
training plan for users, routine test plan, annual security
audit
Chapter 11 Data Security
27
Security Policy


Security policy should define what employees
should and should not do
Password policies: don’t post, don’t tell,
change frequently, minimum length, cannot
reuse previous password
Use combinations of letters and numbers
 Use upper and lower case: go4iT
 See next slide for more hints
Apply different controls to different data items


Chapter 11 Data Security
28
Mgt Focus 11-10: Passwords



A good password is easy to remember, hard to guess
Don’t use birthdays, anniversaries, pet names, family names:
can guess easily
At least 7 characters; change at least every 90 days; include
numbers and some capital letters

Hot apple pie with ice cream and cheese: haPwicAc

ISU policy:
www.indstate.edu/adminaff/handbook/SectionV.pdf
p. 14

Change system PW every 90 days, user PW every 180 days

Don’t use same password for non-ISU accounts!




Don’t put PW in (plain text) email
Use strong passwords: >=8 char, not in dictionary, use upper and
lower case characters, have a punctuation symbol, not based on
personal or family information
Don’t write it down anywhere or share it
Use pass phrase for public key encryption
Chapter 11 Data Security
29
User Profiles

Specifies for user what data and
network





What resources can they access
How they can access it (R, W, C, D)
When can they access the resources (days,
times, locations)
How many incorrect log-ins are permitted?
Group profiles: shared permissions
Chapter 11 Data Security
30
Physical Security




Biometrics: finger prints, hand geometry, face
geometry, iris prints, retina scans
Smart cards: embedded microprocessor with
a clock that constantly changes PWs
Computer locks: hardware, software PWs
Hide cables behind walls and ceilings



Alarm systems
USAF uses pressurized cables that show a break-in
and sounds alarm
Locked wiring closets for routers, hubs, etc.
Chapter 11 Data Security
31
Dial-In Security



This is a major security risk!
Change phone numbers periodically
Change dial-up PW periodically





One-time PWs
Use smart card PW
Require call backs to designated place
Use embedded ID chip in computer that dials
Use VPNs – encrypted sessions
Chapter 11 Data Security
32
Firewalls

Sits between network and the outside world


Examines packets as they enter/leave the
network



HW (router) or SW varieties of firewalls
Packet-level firewall (examines source and
destination IP addresses of each packet)
Application-level firewall (intermediate host that
authenticates: more complex)
IP Spoofing: hacker changes actual source IP
address to a “good” one that is not stopped
Chapter 11 Data Security
33
Tech Focus 11-4: Packet Level
Firewalls




Could delete any packets coming from a
different subnet or different network
Could delete packets from certain IPs
Could keep certain types of packets
from reaching the network (FTP, Telnet,
etc)
Software is constantly updated
Chapter 11 Data Security
34
NAT: Network Address Translation
(previously covered)

This is cool: you can share 1 IP address
across several computers on network


Translates between set of private IP addresses
inside network and outside proxy IP addresses
Ex: outside IP is 139.102.180.36.



Inside IP addresses are 192.168.1.1 through
192.168.1.5 (local, private IP addresses)
Could also use 10.X.X.X IP range
NAT device (proxy server) has two NICs – one
inside and the other outside the firewall
Chapter 11 Data Security
35
More NAT




When inside client makes a request, its IP
address and a unique port number are placed
in the packet, then packet is sent to server
Server remembers that port number, replaces
the internal IP address with the outside IP
address, then sends it along to Internet
When return packet appears, it contains
unique port number; server substitutes inside
IP address for the computer with that port,
passes it to inside network
Slower, but very nice to share one IP
address!!
Chapter 11 Data Security
36
DMZ (Demilitarized) Zone

DMZ is the network behind the firewall




Open a hole in the firewall to some of the
computers
Contains some but not complete security
Can have better protected internal
networks inside the DMZ that are fully
protected
Use DMZ for servers that need partial
access to/from the outside world
Chapter 11 Data Security
37
Security Holes

This is a bug that permits unauthorized
access: quickly circulates on Internet




Ex: I left anonymous FTP turned on and left FTP
write access on
This allowed hackers to store huge amounts of
MP3 and illegal files in FTP area of server
Solution: turn off anonymous FTP access, but still
allow Write for authenticated FTP sessions
Real Solution: do MS Critical Updates and
keep servers and clients current!!!
Chapter 11 Data Security
38
Encryption History

Germans used Enigma Machine during WW II
– we broke the code





Looked like a typewriter with 3 or 4 code wheels
We also broke the Japanese code in WW II
US used the Navajo Code Talkers who spoke
in their native language – never broken!
Plain text vs. cipher text
Key needed to “unlock” the cipher text into
plain text
Chapter 11 Data Security
39
Symmetric Encryption

Use mathematical algorithm to disguise




Good encryption does not require that the algorithm
be kept secret, only the keys
DES: Data Encryption Standard



Symmetric: uses same key to encrypt and decrypt
Assymetric: Encrypt and decrypt keys are not same
56-bit key, but was broken in 22 hours using 10,000 PCs
distributed over the Internet
3DES – uses DES 3 times, much harder to break
RC4: up to 256 bit key; still can be broken


A version of RC4 is available in MS Excel for a file
Tools | Options | Security

Can set password, assign digital signature
Chapter 11 Data Security
40
Public Key Encryption


PKI–set of HW, SW, organizations, and
policies to make public key encryption work
Two keys, 512 or 1024 bits long!

Public key is used to encrypt the message



Will have a different public key for each destination
organization
Private key is used to decrypt the message and is
only known to the destination
Could encrypt with private key and decrypt
with public key to trace the original sender
Chapter 11 Data Security
41
Other Encryption

PGP – Pretty Good Privacy



Freeware public key software where users post their public
key on a web page
Someone sends that user a secret message encrypted by
that public key
SSL – Secure Sockets Layer




Used to encrypt web pages for credit card data
Creates a public/private key on the fly for the session
Much slower than regular web page, though!
Done by the web server hosting the page
Chapter 11 Data Security
42
More Encryption

IPSec-IP Security Protocol




Like SSL but focused on more than just Web
activities.
IPSec sits between IP at network layer and and
TCP/UDP at the transport layer
Two parties use Internet Key Exchange to decide
on encryption technique and public/private keys
Tunnel mode: IPSec encrypts entire IP packet and
encapsulates it in another packet; this cloaks the
actual sender and destination. Used with VPN
sessions
Chapter 11 Data Security
43
Detecting Unauthorized Access

IDS: Intrusion Detection System




Network-based IDS
Host-based IDS
Application-based IDS
Techniques


Misuse detection: compares monitored activities
with signatures of known attacks
Anomaly detection: compares monitored activities
with normal set of activities (e.g., flood of Pings,
etc)
Chapter 11 Data Security
44
Correcting Unauthorized
Access




Have a “SWAT” team to call into action
Computer forensics uses computer analysis
techniques to gather evidence for criminal
prosecution
Criminal law has been slow to keep up with
computers and the Internet
Companies use entrapment techniques to bait
hackers to a false network (like the fake deer near
the highway)


This special server has sophisticated SW to monitor access
and gather evidence for prosecution!
Called a “honey pot”
Chapter 11 Data Security
45
For More Information …


Enroll in Dr. Moates’ Computer Security
class (MIS 475)
NIST CSRC web page


CERT Coordination Center


http://csrc.nist.gov/
http://www.cert.org/
Microsoft Security & Privacy site

http://www.microsoft.com/security/
Chapter 11 Data Security
46