1 chapter six it networks and telecommunications risks
TRANSCRIPT
1
Chapter Six
IT Networks IT Networks
and and
Telecommunications RisksTelecommunications Risks
2
Lecture OutlineLecture Outline
Network and Telecommunications Network and Telecommunications TechnologyTechnology
Risks to IT Network and Risks to IT Network and Telecommunications SystemsTelecommunications Systems
IT Network and Telecommunications IT Network and Telecommunications SecuritySecurity
Auditing Network SecurityAuditing Network Security
3
Network & Telecommunications Technologies
Network Components Computers and terminals Telecommunications channels – physical and
wireless– Physical – twisted-pair wire, coaxial cable, fiber
optic– Wireless – use microwaves, infrared light, light
pulses– Vary in speed and capacity
4
Network Types Distance - LAN vs WAN Ownership - Internet, intranet, extranet Client/server networks Network topology
– Star– Bus– Ring
5
Network Protocols and Software Protocol – standardized rule sets that control
network communications among hardware and software from different vendors
Open Systems Interconnect (OSI) model – a standard architecture for networking that allows different computers to communicate across networks
Network and telecommunications software – network OS, networks management software, middleware, web browsers, e-mail software
6
IT Network and Telecommunications Risks
Social Engineering– Use of social skills to obtain confidential
information or unauthorized access by persuading insiders to provide them with access
– A form of manipulation and trickery that relies on behaviors such as fear of getting into trouble or an inclination to help someone
– Vulnerability points: security admin, technical support personnel, security guards, administrative assistants
7
Physical Infrastructure Threats– The elements
» Fire, air, and water» Make sure computers aren’t located close to place with
higher risk– Natural disasters
» Floods, earthquakes, tornadoes, hurricanes, etc…» Avoid locating networks in high-risk areas
– Power supply» Backup power supplier, uninterrupted power supply
(UPS)– Intentional human attacks
» terrorist attack» company insiders’ attack – must have well documented
policies
8
Programmed Threats – Viruses, Worms, Trojan horses, – Hoaxes – email message that instructs a user to delete
certain files as a security precaution against viruses or programmed threats
– blended threats – combinations of multiple programmed threats.
– Help» Antivirus software, update regularly
» Cautions in opening unknown email with attachments
» Warn about downloading freeware or shareware
» Incident Response Plan – in case of programmed threat outbreak
9
Denial of Service Attacks– System is tied up in such a way that it is unable to
perform its functions– Caused embarrassment and financial loss for target – DDOS – from variety of sources– DOS attack – using maximum network connections
so that new users can’t obtain access, overloading primary memory and infecting file systems with unnecessary or incorrect data
– Use firewalls, intrusion detection systems, penetration testing, establish network connection time-outs
10
Software Vulnerabilities– Holes in application and operating system– Programming errors– Holes created to allows programmers quick access
for debugging software– Errors in configuring software– IT auditors can check a network system for
application holes as part of penetration testing
11
IT Network and Telecommunications Security
Network security administration– Network security admin is responsible for
» creating a network security plan, » developing & communicating a security policy for
network resources Responsibilities of each party and their privileges
» password management Password are kept in encrypted files & protected Removing user identifications and passwords for those
no longer employed Default passwords are changed
12
Authentication– Process of ensuring that users are who they claimed to
be– Generally verified by
» What you have – key or smart card for physical access
» What you know - password
» Who you are – biometrics such as fingerprint, voice, retina
Encryption – Scrambling data so that anyone who views it won’t be
able to make sense of without decryption key– Main encryption: secret key and public key
cryptography
13
– Secret key cryptography» Sender and receiver use the same key to code and decode
the message
» Problem: both must agree on the key and both need to obtain it
– Public key cryptography» Use a private/public key pair
» One key for encrypting message and another for decrypting
» Both keys issued at same time and encrypted by certified authority
» Public key is widely available and can be transmitted across public network
» Only intended receiver can decrypt it using private key
14
» Public key cryptography can also be used for authentication
Sender signs the message with digital signature, which is encryption of the message with sender’s private key.
Recipient verifies the signature through an algorithm that includes the message, the signature, and the sender’s public key
» Public and private keys and digital certificates are available from certificate authorities such as Verisign and Thawte.
15
Firewalls – Combine software and hardware to control outside access
to an entity’s telecommunications network– Software specifies filters controlling entry to network– Can be placed at various levels to block traffic to
networks or applications– Choose based on
» ArchitectureSingle-layered
– uses only one network host for all firewall functions– Firewall host placed between the internal network
and InternetMultiple layers
– Two or more hosts providing the firewall functions– Combination of inner and outer firewall hosts
16
» FunctionalityPacket filtering routers
– Examines incoming IP message packets according to set of filtering rules
– Then forward or rejects the packetApplication-level firewalls/Proxy servers
– More security than packet filters
– There is never real connection between sender and receiver
– Firewall acts as a proxy or substitute to the receiver
– Secure but expensive
17
Intrusion Detection Systems– Log and monitor activity– May be included in firewall package or stand alone– Only report an attack but powerless to stop it– Many types, varying with level of sophistication
Penetration Testing– To learn about the logical access vulnerabilities in an
information system– Four general penetration testing tools: war dialing,
port scanning, sniffing, password cracking
18
– War dialing» Requires only a phone line, modem and war dialing
software
» The software will randomly dial phone numbers until it locates an open modem connection
» Once connected, the penetration tester will attempt to access the network through password cracking
– Port scanning» Hackers and penetration tester scan ports to find out
which network services a particular system provides
» To scan ports, a hacker ping a system by sending separate messages to each port
» The message response will tell potential intruder which ports are used and which are open
» Disable unused ports that are openDisable unused ports that are open
19
– Sniffing» A program used to capture data transmitted across network
» Most common use is for capturing user Ids and passwords
– Password crackers» Guess passwords
» ApproachesDictionary -Match password against all terms in
standard dictionaryHybrid
– Modifies dictionary wordsBrutal force - Complex sequences of letter and number
combinations
20
Auditing Network Security Risk assessment and best practices
– Evaluate controls in place are sufficient protection
Benchmark tools– Windows 2000 Benchmark – let users evaluate their
security settings against the Center for Security (CIS) benchmark
IT audit programs for network security