Module 1: Assessing Security Risks

Download Report

Transcript Module 1: Assessing Security Risks

Module 1: Assessing
Security Risks
Overview

Identifying Risks to Data

Identifying Risks to Services

Identifying Potential Threats

Introducing Common Security Standards

Planning Network Security

Computer networks and the data stored on such networks are
vulnerable to two basic types of risks: loss or compromise of data;
and loss of access, commonly known as a denial of service (DoS)
attack. These risks can arise from a variety of threats. For example,
individuals might obtain and use improper permissions to access
restricted data, or multiple users might deny access to an
organization's Web site to disrupt service.
Like any other asset of an organization, the data stored on a
network and the services provided by the network must be
protected. When designing a security strategy for a Microsoft®
Windows® 2000 network, you must assess the risks associated
with the data stored on the network and potential threats to the
data. After clearly defining risks and threats, you can use the
security features of Windows 2000 to protect data.

At the end of this module, you will be able to:

Describe the potential risks to different types of stored
data.

Describe the potential risks from denial of services.

Describe potential threats against network security.


Describe common industry standards for measuring
network security.
Discuss methodologies for securing a Windows 2000
network.
Identifying Risks to Data
Public
Internal
Payroll
Data
Trade
Secrets
Type of Data
What is at Risk
Public
Prestige, Trust,
Revenue
Operations
Internal
Confidential
Secret
Operations, Internal
Trust
Intellectual Property
Confidential
Secret
Web Site
Data
Marketing
Data

Different types of data on a network are vulnerable to a
variety of risks. Examining the data on your network will
help you identify risks associated with the data and the
measures you can use to protect the data. Types of data
include:

Public Data

Internal Data

Confidential Data

Secret Data
Public Data

Public data is information freely available, such as
company information on an organization's Web site. The
integrity of public data is very important. Many
companies rely on the integrity of the information on
their Web sites as a basis for doing business.
Organizations whose public information is defaced or
compromised can suffer loss of prestige, trust, and
revenue.
Internal Data

Internal data, such as marketing research or internal
procedures, is data used in the normal operation of an
organization. Internal data needs protection from
accidental modification by internal users, and from
exposure to external users. Damage to or loss of
internal data could result in loss or disruption of
operations.
Confidential Data

Confidential data, such as payroll information, is
internal information kept private from most internal
users. This type of data might have little value outside
the organization, but compromise could seriously
disrupt operations and internal trust within the
organization. Access to confidential data is usually
limited to select users, and the ability to change
confidential information limited to even fewer users.
Secret Data

Secret data refers to trade secrets and other types of
intellectual property belonging to an organization. Any
loss or compromise of secret internal data may be
viewed as unacceptable, or may result in critical
damage to the organization. Secret data must be
protected against change and against any kind of
unauthorized access.
Identifying Risks to Services
Denial of Service Attacks:



Block Access to Resources
Can Flood Network, Degrade Performance, Cause
Server to Fail
Can Result in Loss of Service, Prestige, Revenue

Networks are vulnerable to attacks that block regular access to data
or access to specific services and applications on the network, such
as e-commerce services. These types of attacks are collectively
known as DoS attacks.

DoS attacks can flood a computer network with more information
than the network can process, thereby preventing other essential
services from functioning properly. Some types of DoS attacks are
targeted against known weaknesses in servers, causing them to fail.
Other types of attacks cause the server to perform unnecessary
tasks that reduce server performance or make it unresponsive.

A DoS attack can result in an embarrassing loss of services for an
organization and may also result in lost revenue. A DoS attack aimed
at an e-commerce Web site can effectively shut down the site,
resulting in a loss of revenue. Other types of DoS attacks may slow
or stop internal intranets from functioning properly and prevent an
organization from accessing internal services such as servers or
distributed applications.
 Identifying Potential Threats

Internal Attack

Social Engineering

Organizational Attack

Accidental Security Breach

Automated Computer Attack

Threats to a network are initiated by gaining access to
the network and to the resources on the network. After
an attacker has gained access to the network, they can
place data and services at risk by reading, copying,
blocking access to, or destroying data.
Threats can originate internally from network users, or
externally from other sources. Often, access to the
network occurs through the use of deception,
commonly known as social engineering. Some threats
may originate merely from curiosity or by accident.
Other threats may be automatically targeted at any
vulnerable computer on a network.

In this lesson you will learn about the following topics:

Internal attack

Social engineering

Organizational attack

Accidental security breach

Automated computer attack
Internal Attack
Restricted Area
of Network
Internal
User
Internal Attack

An internal attack is an attack performed by an
individual or group within an organization. Internal
attacks result when a legitimate user attempts to
illegitimately access network resources. Internal attacks
are one of the most serious and most common threats
to a network.
Internal attacks can range from the reading of restricted
data to the theft or destruction of data. Internal attacks
are made a more probable risk due to the fact that the
attackers already possess some degree of network
access within an organization and may be familiar with
existing network security implementations.
Social Engineering
1
Attacker
Deceives User
User
Imposter
Password
2
User Reveals
Information
Social Engineering

Social engineering describes actions taken by an individual who
uses impersonation or deception to obtain information that is
necessary to gain access to a network. Social engineering
bypasses technology entirely and instead relies on the
communication skills of the attacker to deceive network users.
Attackers using social engineering techniques often use the
telephone to convince network users that they are trusted partners,
such as co-workers, Information Technology (IT) staff, or
supervisors. After the network user believes that the attacker's
false identity is legitimate, the network user may reveal confidential
data or information, such as passwords, that the attacker can use
to gain access to the network.
Organizational Attack
Network
Competitor
Point of Access
to Network
Trade
Secrets
Organizational Attack

Organizational attacks are operations that one
organization initiates against another. Attacks can
attempt to acquire confidential information that may
give the attacker a business or competitive advantage.
Some attacks attempt to sabotage the organization's
network, either through destruction of data or from a
DoS attack.
Organizational attacks generally depend on the attacker
finding and exploiting access to the organization's
network, such as an unsecured connection between an
organization's intranet and a public network such as the
Internet. After establishing access to the network, the
attacker can potentially gain access to corporate or
organizational trade secrets or other intellectual
property stored on the organization's network.
Accidental Security Breach
Restricted
Data
User Placed in
Wrong Group
Security Group
Individual User
Given Wrong
Permissions
Individual Permission
Accidental Security Breach

Accidental breaches in security occur when authorized users are
unintentionally granted permissions to access restricted resources.
Improper or unintended permissions are often acquired because a
user account is placed in a security group that grants the user
excess permissions. Improper permissions may allow users to
unintentionally read or modify restricted files, modify other user
accounts, or potentially destroy or damage data and system files.
Administrative policies that grant permissions to individual users,
rather than only to groups, can also lead to oversights in
permission delegation. Individual user accounts are more difficult
to administer than are groups. Permissions must be carefully
managed and maintained to avoid granting users improper access
to resources.
Automated Computer Attack
Automated
Program
Modem
Network
Internet
Automated Computer Attack

Automated computer attacks use software designed to break
passwords or bypass other security defenses to gain access to a
network. Automated attacks generally occur over dial-up
connections to a network that the automated software discovers.
Automated attacks can also occur over public networks such as the
Internet. The attacks can be targeted at a specific company or
organization, or configured to probe the Internet, seeking
unsecured computers.
Computer attacks are frequently disruptive in nature. Attackers can
perform a distributed denial of service (DDoS) attack on an
organization by using many computers at once, either with the
computer owner's cooperation or by taking control of unsecured
computers. By using many computers at once, a DDoS attack can
strain an organization's computer resources in an attempt to
temporarily disrupt or disable the network.
 Introducing Common Security Standards

Evaluation and Certification

ICSA Evaluation

International Standards

Security ratings established by both public and private
organizations are used to describe the effectiveness of
security-related computer products, such as operating
systems, software, and hardware. Common industry
ratings assist administrators and architects in designing
comprehensive security systems by setting a standard,
against which products can be measured.
Ratings can be used to certify entire network
configurations that meet certain standards, or to
evaluate specific products. Common standards used to
rate software include ICSA evaluation and several other
international standards.

In this lesson you will learn about the following topics:

Evaluation and certification

ICSA evaluation

International standards
Evaluation and Certification

Evaluation
Applies to Software Products

Certification
Applies to Implementation and Configuration of a Computer
System

There are two distinct methods to assess the security of
a network and its components: evaluation and
certification. Both provide a means of assurance to
measure the relative security of a network and its
components.
Evaluation

Evaluation refers to a rating of a specific software
program. A security evaluation of a software product
means that the product has been validated to provide
good security if properly configured and used. An
evaluation applies only to a software product and
indicates the software's potential to provide good
security. However, an evaluated operating system could
be deployed in such a way that the network cannot be
certified.
Certification

Certification is a rating of a specific implementation of a
computer system, including the specific hardware and
software configurations used on that system. If the
hardware or software is changed or reconfigured, the
certification may no longer be valid. A good certification
plan covers all aspects of security, from backup and
recovery mechanisms to the physical security of an
organization's premises.
ICSA Evaluation
ICSA Provides Private Evaluation Of:

Firewall Software

IPSec Software

Anti-virus Software

Cryptography Software


ICSA (not an acronym) is a private company that evaluates
commercial security products through its ICSA Labs division. ICSA
was formerly known as the National Computer Security Association
(NCSA). The ICSA evaluation process applies to four types of
Internet security products:

Firewall software

Internet Protocol Security (IPSec) software

Anti-virus software

Cryptography software
ICSA evaluation is a process in which products must be reevaluated annually to meet current test criteria. Test criteria are
changed annually to reflect newly discovered threats. For more
information about ICSA, refer to www.icsa.net.
International Standards
International Standards Committees Include:

ITSEC

CSE

Common Criteria

Many governments have developed standards for the evaluation of
operating systems and the certification of network installations.
Security standards vary from country to country. When designing
secure networks in other countries, or when designing a wide area
network (WAN) that is global in nature, you must fully research the
standards and requirements in those countries and plan your
security measures accordingly.
Information Technology Security Evaluation Criteria (ITSEC) is the
European equivalent of the National Computer Security Center
(NCSC), and incorporates standards of the United Kingdom,
Germany, France, and the Netherlands. ITSEC has established
ratings that are the functional equivalent to the C2 certification
rating system that the NCSC and the National Security Agency have
established for use in the United States.

In Canada, the Communications Security Establishment
(CSE) is a federal agency that has established the
Canadian Common Criteria Scheme. You can get more
information at www.cse-cst.gc.ca.
In January 1996, the United States, United Kingdom,
Germany, France, Canada, and the Netherlands released
a jointly developed evaluation standard known as the
Common Criteria for Information Technology Security
Evaluation (CCITSE), usually referred to as Common
Criteria. For more information about Common Criteria
and C2 certification, see the NCSC Web site at
www.radium.ncsc.mil/tpep.
 Planning Network Security
Partner
Access
Local
Network
Remote
Network

Local Network

Remote Network

Public Network

Partner Access
Public
Network


When planning network security, you must consider how users will
access your network and from what locations they will access your
network. There are four general levels of access to a network, each
with different security requirements. These levels of access reflect
the locations of users and the level of network access that these
users require. The levels of network access include:

Local network

Remote network

Public network

Partner access
This course covers the four levels of access in four units. Each unit
consists of multiple modules that address security issues related to
each level of access.
Local Network
Areas to Secure:

Administrative Access

User Accounts

Windows 2000–based
Computers

File, Folder, Print Resources

Communication Channels

Non-Microsoft Clients
Network

Unit 1, which includes Planning Administrative Access
through Providing Secure Access to Non-Microsoft
Clients, covers securing local access. Local network
users access the network directly from the physical
premises of the organization. Securing the local network
provides the foundation for all other security measures,
and the security issues involved are common to all
aspects of network security.
The local network must be secured so that users logged
on to the physical network cannot improperly access
data. To secure permissions, you must carefully plan
administrative accounts and configurations. The
planning and placement of user accounts within the
Windows 2000 Active Directory™ directory service will
also determine how users are able to access resources.

You must also properly configure and administer
Windows 2000-based computers used on the network,
in addition to the file and print resources located on
these computers. Securing the lines of communication
between computers will help ensure that network traffic
cannot be intercepted and used. A Windows 2000
network incorporating earlier Microsoft operating
systems and non-Microsoft clients can create additional
security considerations that must be addressed to
ensure a secure local network.
Remote Network
Network
Remote
User
Internet
Remote
Office
Areas to Secure:

Remote User Access to Network

Remote Office Access to Network

Unit 2 includes Providing Secure Access to Remote Users and
Providing Secure Access to Remote Offices, and covers remote
user access. Mobile users and branch offices of your organization
may require remote access to your network. Remote access is
commonly provided by using dial-up services, dedicated lines
between offices, and public networks, such as the Internet.
Enabling remote access to your network introduces security issues
related to unauthorized access and the use of intercepted data.
Remote users must be authenticated, and the connections that they
use must be secured so that other parties cannot intercept data.
Windows 2000 allows administrators to centrally manage all remote
connections to a network. Windows 2000 also includes support
protocols and policies, such as tunneling protocols, remote
authentication, and remote access security policies that allow
secure connections to be made to remote users and offices.
Public Network
Web
Server
Internet
Areas to Secure:

Internet User Access to Network

Network User Access to Internet
Network

Unit 3 of this course includes Providing Secure Network Access to
Internet Users and Providing Secure Internet Access to Network
Users, and covers secure access to and from the Internet. Many
organizations require access to public networks, such as the
Internet, so that public users and customers can access select
information on the organization's network. Network users may also
require access to the Internet to access the public resources of
other organizations.
Exposing your network to public networks creates the risk of a
public user gaining access to your entire network. Public users may
attack the public network connection to find a weakness that
permits access to restricted areas of an organization's network.
Likewise, a network user who accesses the Internet may introduce
a virus to the network by downloading infected software from the
Internet.

To protect your internal network from the threats
present on a public network, you need to properly
configure a buffer zone called a screened subnet, also
known as a DMZ. A screened subnet will allow you to
secure public data on your network, and at the same
time, separate the public data from the rest of your
network.
Partner Access
Network
Partner
Network
Internet
Areas to Secure:

Partner Access to Network

Authenticity of Data

Unit 4 of this course includes Extending the Network to
Partner Organizations and Designing a Public Key
Infrastructure, and covers providing access to trusted
partners. Partners are trusted organizations, such as
business partners, that require specialized access to
your network. Depending on the nature of the
partnership, your network may need to share
confidential and secret information with the partner
without enabling others on the network to access the
information. Integrating partner organizations into your
network involves creating and managing the extended
network, or extranet, created by the partnership.

Partner organizations must be properly authenticated
and authorized to ensure secure access to your
network. You must secure the connections and
applications that the partner organization uses, and plan
for the administration of partner organization accounts
in your own network. You can use certificates to
guarantee the authority of partner organization access.
Certificates provide authentication from a mutually
trusted third party to verify the authenticity of partner
organization transactions on a network.
Review

Identifying Risks to Data

Identifying Risks to Services

Identifying Potential Threats

Introducing Common Security Standards

Planning Network Security