protection through network security...careers in network security in the news… 1. the information...

PROTECTION THROUGH NETWORK

SECURITY

Justin David G. Pineda, C|EH

Pamanatasan ng Lungsod ng Pasig

February 26, 2015

TOPICS FOR TODAY:

The information security discipline

Network security components

Network security attacks

Careers in network security

IN THE NEWS…

1. THE INFORMATION SECURITY DISCIPLINE

WHAT IS THE DIFFERENCE BETWEEN IT

SECURITY AND INFOSEC?

IT SECURITY

Hardware

Firewalls

Software

Anti-virus

Encryption

INFOSEC

I.T. Security

Physical Security

Personnel Security

Risk Management

Business Continuity

Laws & Regulations

WHAT IS INFORMATION SECURITY?

WHAT IS INFORMATION SECURITY?

(ISAAC & ISAAC, 2003)

Confidentiality – Protection from unauthorized disclosure.

Integrity – Protection of resources from modification.

Availability – Protection from Denial of Service (DoS)

EXAMPLE SITUATIONS

• Use of dogs and gates

• DBA modifies DB contents

• Use of biometrics,

username & password

• Blackout

SECURITY SERVICE AND MECHANISMS

Security Service – how objectives are manifested.

Security Mechanisms – solutions we can implement in the enterprise. Inconvenient Truth:

1.You cannot protect everything from everyone.

2.There are not enough resources and money in the world to totally mitigate all risks.

3.Focus on protecting the most important information first, that which must be protected, and that with the highest risk.

SERVICE & MECHANISM EXAMPLE

Goal: I want to focus on physical security

Security Services: (1)Personnel security; (2)

Access control

Security Mechanisms: (1) Security clearance,

training, rules of behavior; (2) Biometrics,

proximity card, mantraps;

OPERATIONAL MODEL OF SECURITY

(CONKLIN ET AL, 2011)

For many years, the focus was on prevention.

Protection = Prevention

For example: Use of Firewall or Gates

OPERATIONAL MODEL (CONT’D)

But what are the realities of a network

environment?

How about Zero-day attacks?

How about DDoS on port 80?

DEFENSE-IN-DEPTH

2. NETWORK SECURITY COMPONENTS

NETWORK VS. HOST SECURITY

Host Security

Refers to a single device

Network Security

Refers to group of devices connected to a network

3-WAY HANDSHAKE

Photo Credit: http://en.wikipedia.org/wiki/SYN_flood

FIREWALL

Preventive tool

Enforces a security policy (What should be

allowed? What should not be allowed?)

Usually placed at the start of the local area

network (LAN).

Uses Access Control List (ACL) and enforces an

Implicit Deny rule.

Photo Credit: https://dessoiii.wordpress.com

FIREWALL TOPOLOGY

Photo Credit: https://technet.microsoft.com

TYPES OF FIREWALLS

Packet Filtering Firewall

Checks the following information: source and

destination IP address, source and destination port

address, protocols.

Example: If somebody will access the school’s web

server, what port should I allow in the firewall?

LIMITATION

SYN FLOOD

Photo Credit: http://en.wikipedia.org/wiki/SYN_flood

TYPES OF FIREWALLS

Packet Inspection Firewall

Also known as the Stateful firewall

Checks for the session state of the connection

Maintains a state table

HOW IT WORKS

Photo Credit: http://rumyittips.com/what-is-stateful-packet-inspection-firewall/

TYPES OF FIREWALLS

Application Firewall

Also known as the Proxy firewall.

Checks data up to the Application Level.

Photo Credit: http://cookbook.fortinet.com/web-rating-overrides/

WHICH FIREWALL SHOULD BE USED IN YOUR

NETWORK?

INTRUSION DETECTION SYSTEM (IDS)

Detective Control

Usually placed after the firewall

Checks traffic based on signatures

Checks for anomalous traffic

Open source type: Snort

IDS TOPOLOGY

Photo Credit: http://www.digitalundercurrents.com/

IDS ENGINES

Signature-based Engine

Checks for known malicious traffic that won’t be

checked by the firewall.

Photo Credit: http://hackertarget.com/xss-tutorial/

IDS ENGINES

Anomaly-based Engine

Checks for abnormal traffic and unusual behavior

and patterns.

Photo Credit: http://www.stationx.net/firewall-test-agent/

HONEYPOT

Intentionally vulnerable network for hackers to

mislead them into thinking they have gain

unauthorized access into the company network.

HONEYPOTS

Photo Credit: http://www.isaserver.org/articlestutorials/articles/2004multidmzp1.html

USUAL CORPORATE NETWORK TOPOLOGY

Photo Credit: http://imgarcade.com/1/dmz-network-topology/

3. COMMON NETWORK ATTACKS

IF NETWORK SECURITY SOLUTIONS ARE

IMPLEMENTED, ARE WE TOTALLY SECURED?

ZERO-DAY ATTACKS

Attacks that are not known.

HOW DOES A VULNERABILITY GET DISCOVERED

AND FIXED?

IN THE HEADLINES…

SOCIAL ENGINEERING

Humans are the weakest link in the security

chain.

90% success rate in achieving hacking goals.

Uses cognitive biases and psychological

triggers.

Photo credit: http://www.thewindowsclub.com/social-engineering-techniques

EAVESDROPPING

Being able to sniff packets that might contain

critical or sensitive information.

Best Solution: Encryption

DENIAL-OF-SERVICE ATTACKS

Distributed Denial of Service (DDoS) is more

dangerous.

Photo credit: http://ahmedccna.blogspot.com/2012/03/certified-ethical-hacking.html

4. CAREERS IN NETWORK SECURITY

SUGGESTED INITIATIVES FOR SCHOOLS

Include INFOSEC as a subject in CS/IT courses.

INFOSEC is a combination of critical thinking,

software development, server administration,

network engineering etc.

Partner with ISSA and create a student chapter

to be updated with current IT trends and

demands.

JISSA FEATURES

http://issaph.org/jissa/?view=featured

INFOSEC STATUS IN THE PH

Relatively young in the PH

High demand for security professionals

Supply is relatively low compared to other IT

roles.

Security Operations/Information Risk Manager

is starting to become an independent

department.

CS/IT FACTS

CS/IT doesn’t have a board exam.

You need certifications to prove your expertise.

(getting a driver’s license)

You need to practice what you learned.

Certifications are internationally recognized.

Certifications will help you professionally.

Goal: Specialist to Management

SECURITY OR FREEDOM?

PRIVACY ISSUES

Are we being watched?

LAST… MORE REGULATIONS

Explore the cybercrimes

Create meaningful laws that

would “really” benefit the public.

Public, specifically Filipinos,

must be protected when

transacting online.

Q&A