Transcript Preventative controls

Introduction
• Security is a major networking concern. 90% of
the respondents to the 2004 Computer Security
Institute/FBI Computer Crime and Security
Survey reported security breaches in the last 12
months.
• Information Week estimates the annual cost of
security losses worldwide at $1.6 trillion.
• It means more than preventing a hacker from
breaking into your computer, it also includes being
able to recover from temporary service problems,
or from natural disasters (Figure 1).
1
Figure 1 Threats to Network Security
2
Types of Security Threats
• Disruptions are the loss or reduction in network
service.
• Some disruptions may also be caused by or result
in the destruction of data.
• Natural (or manmade) disasters may occur that
destroy host computers or large sections of the
network.
• Unauthorized access is often viewed as hackers
gaining access to organizational data files and
resources. However, most unauthorized access
incidents involve employees.
3
Security Problems Are Growing
• The Computer Emergency Response Team
(CERT) at Carnegie Mellon University was
established with USDoD support in 1988 after a
computer virus shut down 10% of the computers
on the Internet (Figure 2).
• In 1989, CERT responded to 137 incidents.
• In 2000, CERT responded to 21,756 incidents.
• By this count, security incidents are growing at a
rate of 100% per year.
• Breaking into a computer in the U.S. is now a
federal crime.
4
Figure 2 Number of Incidents Reported to CERT
Source: CERT Statistics, www.cert.org/stats/cert_stats.html
5
Network Controls
• Developing a secure network means developing
mechanisms that reduce or eliminate the threats to
network security, called controls.
• There are three types of controls:
– Preventative controls - mitigate or stop a person from
acting or an event from occurring (e.g. passwords).
– Detective controls - reveal or discover unwanted events
(e.g., auditing software).
– Corrective controls - rectify an unwanted event or a
trespass (e.g., reinitiating a network circuit).
6
Network Controls
• It is not enough to just establish a series of
controls; personnel need to be designated as
responsible for network control and security.
• This includes developing controls, ensuring that
they are operating effectively, and updating or
replacing controls.
• Controls must also be periodically reviewed to:
– ensure that the control is still present
(verification)
– determine if the control is working as specified
(testing)
7
Risk Assessment
• Risk assessment is the process of making a
network more secure, by comparing each security
threat with the control designed to reduce it.
• One way to do this is by developing a control
spreadsheet (Figure 3).
• Network assets are listed down the side.
• Threats are listed across the top of the spreadsheet.
• The cells of the spreadsheet list the controls that
are currently in use to address each threat.
8
Threats
Assets (with Priority)
Disruption, Destruction, Disaster
Fire Flood Power Circuit Virus
Loss Failure
Unauthorized Access
External Internal Eavesdrop
Intruder Intruder
(92) Mail Server
(90) Web Server
(90) DNS Server
(50) Computers on 6th floor
(50) 6th floor LAN circuits
(80) Building A Backbone
(70) Router in Building A
(30) Network Software
(100) Client Database
(100) Financial Database
(70) Network Technical staff
Figure 3 Sample control spreadsheet with some assets and threats
9
Network Assets (Figure 4)
• Network assets are the network components
including hardware, software and data files.
• The value of an asset is not simply its replacement
cost, it also includes personnel time to replace the
asset along with lost revenue due to the absence of
the asset.
• For example, lost sales because a web server is
down.
• Mission critical applications are also important
assets. These are programs on an information
system critical to business operations.
10
Hardware
 Servers, such as mail servers, web servers, DNS servers, DHCP servers, and LAN file
servers
 Client computers
 Devices such as hubs, switches, and routers
Circuits
 Locally operated circuits such as LANs and backbones
 Contracted circuits such as MAN and WAN circuits
 Internet access circuits
Network Software


Server operating systems and system settings
Applications software such as mail server and web server software
Client Software


Operating systems and system settings
Application software such as word processors
Organizational
Data

Databases with organizational records
Mission critical
applications
 For example, for an Internet bank, the Web site is mission critical
Figure 4 Types of Assets
11
Security Threats
• A network security threat is any potentially
adverse occurrence that can harm or interrupt the
systems using the network, or cause a monetary
loss to an organization.
• Once the threats are identified they are then
ranked according to their occurrence.
• Figure 5 summarizes the most common threats to
security.
• For example, the average cost to clean up a virus
that slips through a security system and infects an
average number of computers is £70,000/virus.
12
Figure 5 Common Security Threats
13
Identifying and Documenting Controls
• Once the specific network threats and controls
have been identified, you can begin working
on the network controls.
• Each network component should be
considered along with the specific threats to it.
• Controls to address those threats are then
listed in terms of how each control will
prevent, detect and/or correct that threat.
14
Threats
(92) Mail Server
Disruption, Destruction, Disaster
Fire Flood Power Circuit Virus
Loss Failure
1,2 1,3
4
5, 6
7, 8
Unauthorized Access
External Internal Eavesdrop
Intruder Intruder
9, 10, 11 9, 10
(90) Web Server
1,2 1,3
4
5, 6
7, 8
9, 10, 11
9, 10
(90) DNS Server
1,2 1,3
4
5, 6
7, 8
9, 10, 11
9, 10
(50) Computers on 6th floor
1,2 1,3
7, 8
10, 11
10
(50) 6th floor LAN circuits
1,2 1,3
(80) Building A Backbone
1,2 1,3
(70) Router in Building A
1,2 1,3
9
9
Assets (w/ priority)
6
(30) Network Software
7, 8
9, 10, 11
9, 10
(100) Client Database
7, 8
9, 10, 11
9, 10
(100) Financial Database
7, 8
9, 10, 11
9, 10
(70) Network Technical staff
1
1
Figure 6 Sample control spreadsheet
listing assets, threats, and controls
15
Figure 6 (cont.) Sample control
spreadsheet list of controls
Controls
1. Disaster Recovery Plan
2. Halon fire system in server room. Sprinklers in rest of building
3. Not on or below ground level
4. Uninterruptible Power Supply (UPS) on all major network servers
5. Contract guarantees from inter-exchange carriers
6. Extra backbone fiber cable laid in different conduits
7. Virus checking software present on the network
8. Extensive user training on viruses and reminders in monthly newsletter
9. Strong password software
10. Extensive user training on password security and reminders in
monthly newsletter
11. Application Layer firewall
16
Evaluate the Network’s Security
• The last step in designing a control spreadsheet is
evaluating the adequacy of the controls and the
degree of risk associated with each threat.
• Based on this, priorities can be decided on for
dealing with threats to network security.
• The assessment can be done by the network
manager, but it is better done by a team of experts
chosen for their in-depth knowledge about the
network and environment being reviewed.
17
Controlling Disruption,
Destruction and Disaster
18
Preventing Disruption, Destruction
and Disaster
• Preventing disruptions, destructions and
disasters mean addressing a variety of
threats including:
–
–
–
–
–
Creating network redundancy
“Preventing” natural disasters
Preventing theft
Preventing computer virus attacks
Preventing denial-of-service attacks
19
Network Redundancy
• The key to in preventing or reducing disruption,
destruction and disaster - is redundancy.
• Examples of components that provide redundancy
include:
–
–
–
–
Uninterruptible power supplies (UPS)
Fault-tolerant servers
Disk mirroring
Disk duplexing
• Redundancy can be built into other network
components as well.
20
Preventing Natural Disasters
• Disasters are different from disruptions since the
entire site can be destroyed.
• The best solution is to have a completely
redundant network that duplicates every network
component, but in a different location.
• Generally speaking, preventing disasters is
difficult. The most fundamental principle is to
decentralize the network resources.
• Other steps depend on the type of disaster to be
prevented.
21
Preventing Theft
• Equipment theft can also be a problem if
precautions against it are not taken.
• Industry sources indicate that about $1
billion is lost each year to theft of
computers and related equipment.
• For this reason, security plans should
include an evaluation of ways to prevent
equipment theft.
22