E-Learning -
Download
Report
Transcript E-Learning -
Fundamentals of Information
Systems Security
Lesson 2
Changing How People and
Businesses Communicate
Fundamentals of Information Systems Security
2013Jones
Jonesand
andBartlett
BartlettLearning,
Learning,LLC,
LLC,an
anAscend
AscendLearning
LearningCompany
Company
©©2015
www.jblearning.com
www.jblearning.com
Allrights
rightsreserved.
reserved.
All
Page 1
Learning Objective
Assess the current methods of business
communications today and the associated
risks and threats.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 2
Key Concepts
The evolution of personal and business
communications from analog to digital to VoIP to
unified communications
Store-and-forward communications versus real-time
communications
The impact of the Internet on how people and
businesses communicate
Risk-mitigation strategies for VoIP and SIP
applications
Why businesses today need an Internet marketing
strategy
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 3
DISCOVER: CONCEPTS
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 4
Evolution of
Telecommunications
Wall cabling
by users
Among 7
RBOCs for
minuets
Fundamentals of Information Systems Security
For Central
switches>
Voice & Data
travel together
Diff data streams
transmitted
through same
Fiber Optic line
Dense
Wavelength
Division
Multiplexing
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 5
Evolution of Voice
Communications
Session
Initiation
Protocol
supports chat
& conferencing
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 6
Evolution of Internet Access
From dial-up to
broadband
Public Switched
Telephone Network
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 7
Data Signal 1 (T1) & Data Signal 3 (T3)
A DS1 circuit is made up of twenty-four 8-bit channels (also known as
timeslots or DS0s), each channel being a 64 kbit/s DS0 multiplexed carrier
circuit.
A DS1 is also a full-duplex circuit, which means the circuit transmits and
receives 1.544 Mbit/s concurrently.
A total of 1.536 Mbit/s of bandwidth is achieved by sampling each of the
twenty-four 8-bit DS0s 8000 times per second. This sampling is referred to
as 8-kHz sampling
A Digital Signal 3 (DS3) is a digital signal level 3 T-carrier.
The data rate for this type of signal is 44.736 Mbit/s (45 Mb).
This level of carrier can transport 28 DS1 level signals within its payload.
This level of carrier can transport 672 DS0 level channels within its
payload.
Such circuits are the usual kind between telephony carriers, both wired and
wireless, and typically by OC1optical connections.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 8
Essentials of VoIP, SIP, and UC
Voice over Internet Protocol (VoIP) and
unified communications (UC) require realtime support
VoIP supports voice communications
UC supports variety of communications
applications
Both use Session Initiation Protocol (SIP)
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 9
UC Applications
Presence/
Availability
IM Chat
Video
Fundamentals of Information Systems Security
Audio
Collaboration
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 10
UC Applications
Presence/availability—Within an IM chat box, you can
list business, personal, and family contacts, and obtain
the current availability status of your contacts.
Instant messaging (IM) chat—This form of real-time
communication is used for quick answers to quick
questions.
Audio conferencing—Audio conferencing is a softwarebased, real-time audio conference solution for VoIP
callers.
Videoconferencing—This is a software-based, real-time
video conferencing service.
Collaboration—Collaboration allows for software based,
real-time, multi-person document and application sharing,
with IM chat, audio, and video conferencing functionality.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 11
Store-and-Forward vs. Real-Time
Communications
Real-time
Store-andforward
Fundamentals of Information Systems Security
• Occurs instantaneously
• Acceptable delay in
transmitting communication
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 12
VoIP and SIP Packets
VoIP and SIP
packets
segmented from IP
data packets
Fundamentals of Information Systems Security
Gateway
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 13
DISCOVER: PROCESS
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 14
Risks, Threats, Vulnerabilities
Eavesdropping
Call control
Impersonation
Toll fraud
Brute-force password attacks
Denial of Service (DoS) attacks
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 15
Risk, Threat, or Vulnerability
Mitigation
Eavesdropping: Unauthorized
parties listening in to phone
conversations without permission
Lock wiring closets, lock down switch LAN attack ports, and house VoIP
servers in data center. Deploy separate voice VLANs to minimize access to
VoIP traffic. Encrypt VoIP packets where mandated by policy.
Attackers obtaining knowledge about
call control (VoIP server software),
call patterns, and call usage to help
them gain unauthorized access
Same as above, plus use strong access controls to the VoIP system. Enable
continuous auditing and logging for all system admin access to the VoIP
system. Put VoIP call servers on their own firewalled VLAN and encrypt call
control.
Attackers impersonating an un
authorized user to gain access to a
VoIP phone.
Use access controls on VoIP phones to prevent toll fraud and nonbusiness
use for long-distance and international dialing.
Enable second-level authentication on VoIP phones.
Toll fraud or unauthorized use of
VoIP phones.
Provide users with authorization codes for long-distance and international
dialing access.
Brute-force password attacks on
VoIP phone systems and phones
Require frequent password-change policies (30-60-90 days). Require long
passwords and use of alphanumeric characters.
Denial of service (DoS) and
distributed denial of service (DDoS)
attacks
Put VoIP call servers deep inside your IT infrastructure so that ping or ICMP
packets can’t move through your IP network. Stop ping or ICMP packets
from rogue IP source addresses. implement IDS/IPS at the Internet
Ingress/egress to block ping attacks
Poor network performance and
throughput resulting in dropped
VIOP calls
Use separate VLANs for voice and data. Segment voice traffic onto same
VLAN with VoIP servers. Use GigE or 10GigE switched LAN connectivity to
the desktop. Enable Qos on WAN routers if congestion occurs
Servers that could fail and disrupt
critical business functions
Use redundant VoIP call servers in two different physical locations, one
acting as backup to the other.
Disclosure of confidential data
because VoIP and data are shared
Isolate departmental VoIP and data VLANs. Enable VoIP and SIP firewalls to
secure ©VLANs
that carry confidential information. Remotely access VoIP
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
Page 16
systemswww.jblearning.com
via secure shell (SSH)
All rights reserved.
Fundamentals of Information Systems Security
Maintaining C-I-A
Public
Switched
Telephone
Network
IP
Telephony
Server
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 17
DISCOVER: ROLES
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 18
Multimodal Communications
Unified Communication can enhance customer-service delivery
VoIP and SIP
packets
segmented from
IP data packets
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 19
DISCOVER: CONTEXTS
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 20
Business Case Scenario
CorpA is a business services provider with
300 employees spread across 5 branches.
Some employees travel frequently between
branches for sales meetings.
CorpA employees use instant messaging
(IM) to communicate.
Security weaknesses with the current IM
application have resulted in several security
breaches over the last year.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 21
DISCOVER: RATIONALE
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 22
Why Businesses Need an
Internet Marketing Strategy
Must remain competitive
Brick-and-mortar business model out of
date in global market
Customers require continuous access to
information, products, and services
Internet presence exposes organizations to
online risks, threats, and vulnerabilities
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 23
IP Mobile Communications
Mobile Node (MN)
Home Agent (HA)
Foreign Agent (FA)
Care of Address (COA)
Correspondent Node (CN)
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 24
IP Mobile Communications
Today’s 4G networks provide true IP communications. Real
jump.
Each 4G device has a unique IP address like any other wired
device on network.
This made smart phones able to communicate with any fixed
device without translating addresses.
But, devices moving around all the time are difficult to secure.
Next screens show how mobile IP provides connection
transparency: Several entities work together to ensure that
mobile devices can move from one network to another without
dropping connections:
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 25
IP Mobile Communications
Mobile Node (MN)—The mobile device that moves from one network to
another. It has a fixed IP address regardless of the current network.
Home Agent (HA)—A router with additional capabilities over standard
routers. It keeps track of the MNs it manages. When an MN leaves the local
network, the HA forwards packets to the MN’s current network.
Foreign Agent (FA)—A router with additional capabilities connected to
another network (not the HA network). When the MN connects to another
network that supports mobile IP, it announces itself to the FA. The FA assigns
the MN a local address.
Care of Address (COA)—The local address for the MN when it connects to
another network. The FA assigns the COA to the MN and sends the COA to
the HA when the MN connects. In many cases, the COA is actually the FA
address. The HA forwards any packets for the MN to the COA. The FA
receives the packets and forwards them to the MN.
Correspondent Node (CN)—The node that wants to communicate with the
MN.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 26
IP Mobile Communications
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 27
Security of IP mobile devices
Risk, Threat, or
Vulnerability
Untrusted access points
Mitigation
VPN for all network access
Untrusted foreign networks VPN for all network access
Sensitive data on mobile
device
Mandatory encryption of sensitive data at rest.
Device loss or theft
Required software to support wipe device after
successive failed logon attempts or loss/theft.
Required software to locate lost or stolen device.
Weak security on personal
device
Policy requiring access passcode and device antimalware software. Policy and end user training on
the dangers and proper use of infrared or
Bluetooth to connect to peripherals.
Commingling of personal
and business data
Strong policy on appropriate use and separation of
business data.
Spoofing and session
hijacking
Policy and training on best practices when
connecting to untrusted networks. VPN for all
network access.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 28
Key Words
DWDM: Dense Wavelength Division Multiplexing
carrying multiple wavelength signals within the same fiber optics cable.
PBX: Private Branch Exchange.(users do wiring)
PSTN: Public Switched Telephone Network.
SIP: Session Initiation Protocol.(Multimedia communication protocol
to be used by UC to support IM, chat, collaboration, audio and video conferencing)
UC: Unified Communication.
RBOCs: Regional Bell Operating Companies.
TDM: Time Division Multiplexing (converge voice, video, and data
communication by splitting the WAN channel into slots, each of them can carry either
voice or video or data)
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 29
Summary
The evolution of personal and business
communications
Store-and-forward communications
from real-time communications
Risk-mitigation strategies for VoIP and
SIP applications
Why businesses today need an
Internet marketing strategy
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 30