ch06 student f13
TRANSCRIPT
-
7/27/2019 Ch06 Student F13
1/34
Chapter Six
IS Network
and
Telecommunications Risks
-
7/27/2019 Ch06 Student F13
2/34
2
Topics Addressed in Chapter 6
Network and Telecommunications Technologies
IT Network and Telecommunications Risks
IT Network and Telecommunications Security
Auditing Network Security
Auditing Switches, Routers and Firewalls
Auditing WLAN and Mobile Devices
-
7/27/2019 Ch06 Student F13
3/34
Network & Telecommunications
Technologies
A stand-alone computer has a limited amount
of risk associated with it.
As computers are connected to form networks,
risk can increase exponentially.
IT auditors need to know different kinds of
networks, specific risks within anorganizations network and tools to protect the
systems from these risks.
3
-
7/27/2019 Ch06 Student F13
4/34
Network Components
Components in a computer network:
Computers and terminals (dumb or smart)
Telecommunications channels (physicalor wireless)
Telecommunications processors
Routers and switching devices
-
7/27/2019 Ch06 Student F13
5/34
2-5
General Message Organization
General Message Syntax (Organization)Header and trailer are further divided into fields
Trailer Data Field Header
Other
HeaderFieldDestinationAddress
Field is
Used by Switches and
Routers
Like the Address on an
Envelope
Message withall three parts
-
7/27/2019 Ch06 Student F13
6/34
Primary Network Topologies6
-
7/27/2019 Ch06 Student F13
7/34
CSI/FBI Survey
Companies Face Many AttackViruses (and other malware)
Insider abuse of net access
Laptop theft
Unauthorized access by insiders
Denial-of-service attacks
System penetration
SabotageTheft of proprietary information
Fraud
Telecoms eavesdropping and active wiretaps
In Order of
Decreasing Frequency
-
7/27/2019 Ch06 Student F13
8/34
CSI/FBI Survey
Very Common Successful Incidents
Viruses and other malware
Insider abuse of net access
Laptop theft
Low-Frequency / High-Damage Attacks
Theft of proprietary information ($2.7 M / incident)Denial of service attacks ($1.4 M / incident)
-
7/27/2019 Ch06 Student F13
9/34
Network Types
Various ways to categorize
telecommunications network:
In terms of distance: local area networks and widearea networks
In terms of ownership: internet, intranet, extranet
Virtual private networks (VPN)Client/server networks
-
7/27/2019 Ch06 Student F13
10/34
Virtual Private Networks (VPNs)
CorporateSite A
VPN
Gateway
VPN
Gateway
RemoteAccess
VPN
Tunnel
Internet
Remote
Corporate
PC
Site-to-Site
VPN
CorporateSite B
Protected
Client
Protected
Server
A VPN is communication ov er theInternet with added security
Host-to-Host
VPN
Site-to-site VPNsprotect traffic between sites
Will dominate VPN traffic
-
7/27/2019 Ch06 Student F13
11/34
Network Protocols and Software
Open Systems Interconnect (OSI) model
a standard architecture for networking that
allows different computers to communicate
across networks
Network and telecommunications software
network OS, networks management software,
middleware, web browsers, e-mail software
-
7/27/2019 Ch06 Student F13
12/34
-
7/27/2019 Ch06 Student F13
13/34
-
7/27/2019 Ch06 Student F13
14/34
-
7/27/2019 Ch06 Student F13
15/34
IT Network and
Telecommunications Risks
Social Engineering
Physical Infrastructure Threats
the elements, natural disasters, power supply, intentionalhuman attacks
Programmed Threats
viruses, worms, Trojan horses, hoaxes, blended threats
Denial of Service Attacks
Software Vulnerabilities
-
7/27/2019 Ch06 Student F13
16/34
Malware
Malware
A general name for evil software
Viruses
Pieces of code that attach to other programs
When infected programs execute, the virus executes
Infects other programs on the computer
Spreads to other computers by e-mail attachments,IM, peer-to-peer file transfers, etc.
Antivirus programs are needed to scan arriving files
Also scans for other malware
-
7/27/2019 Ch06 Student F13
17/34
Malware Worms
Stand-alone programs that do not need to attach toother programs
Can propagate like viruses through e-mail, etc.
But this require human gullibility, which is slow
Vulnerability-enabled worms jump to victim hostsdirectly
Can do this because hosts have vulnerabilities
Vulnerability-enabled worms can spread withamazing speed
Vendors develop patches for vulnerabilities but
companies often fail or are slow to apply them
-
7/27/2019 Ch06 Student F13
18/34
Malware
Payloads
After propagation, viruses and worms execute their
payloads (damage code)
Payloads erase hard disks, send users to pornography
sites if they mistype URLs
Trojan horses: exploitation programs disguise
themselves as system files
-
7/27/2019 Ch06 Student F13
19/34
Malware
Attacks on Individuals
Social engineeringtricking the victim into doing
something against his or her interests
Spamunsolicited commercial e-mail
Credit card number theft is performed by carders
Identity theft: collect enough data to impersonate the
victim in large financial transactions
Fraud: get-rich-quick schemes, medical scams
-
7/27/2019 Ch06 Student F13
20/34
Malware
Attacks on Individuals
Adware pops up advertisements
Spyware collects sensitive data and sends it to an
attacker
Phishing: sophisticated social engineering attack in
which an authentic-looking e-mail or website enticesthe user to enter his or her username, password, or
other sensitive information
-
7/27/2019 Ch06 Student F13
21/34
Human Break-Ins (Hacking)
Human Break-Ins
Viruses and worms rely on one main attack method
Humans can keep trying different approaches untilthey succeed
Hacking
Breaking into a computer
Hacking is intentionally using a computer resource
without authorization or in excess of authorization
-
7/27/2019 Ch06 Student F13
22/34
Human Break-Ins (Hacking)
Scanning Phase
Send attack probes to map the network
and identify possible victim hosts
Nmap programming is popular
-
7/27/2019 Ch06 Student F13
23/34
Figure 9-4: Nmap
IPRange to
Scan
Type of
Scan
Identifie
d Hostand
Open
Ports
-
7/27/2019 Ch06 Student F13
24/34
Social Engineering
Social engineers use their personalities and
social skills to obtain confidential
information or unauthorized access.
Learn about the target organization
Pretend to be an IT employee or upper level
manager
Cajole or threaten the staff to get theinformation
24
-
7/27/2019 Ch06 Student F13
25/34
Social Engineering Controls
Create and monitor a strict authentication policy for use by technical support personnel
Control public availability of information about employee and their contact information
Strictly monitor remote access
Create strict firewall rules regarding outbound traffic
Train employees in social engineering tactics
Limit the amount of private/confidential information available to any one employee
Remind employees to be skeptical in opening unexpected email attachments
Use penetration to evaluate the effectiveness of other social engineering controls
25
-
7/27/2019 Ch06 Student F13
26/34
Denial of Service Attacks
A denial of service (DOS) attack occurs when a system is
tied up and unable to perform its functions.
Three-way handshake:
A sends an SYN packet to B
B accepts and acknowledges it with SYN/ACK
A returns an acknowledgment of the SYN/ACK and establishes a
connection
When multiple messages are sent from A to B with the
connections left open, B is tied up trying to makecontinuous ACK connections.
26
TCP S i O i d Cl i
-
7/27/2019 Ch06 Student F13
27/34
TCP Session Openings and Closings
SYN
SYN/ACK
ACK
Normal Three-Way Opening
A SYN segment is a segment in which the SYN bit is set.One side sends a SYN segment requesting an opening.
The other side sends a SYN/acknowledgment segment.
Originating side acknowledges the SYN/ACK.
-
7/27/2019 Ch06 Student F13
28/34
Distributed Denial-of-Service Flooding Attack
Victim
60.168.47.47
Attacker
1.34.150.37
Handler
Handler
Zombie
Zombie
Zombie
Attack
Command Attack Packet
Attack Packet
Attack Packet
Attack
Command
Attack
Command Attack
Command
Attack
Command
The attacker installs handler and zombie programs on victims
The attacker sends an attack command to handlers.
Handlers send attack commands to zombies.
The zombies overwhelm the victim with attack packets.
-
7/27/2019 Ch06 Student F13
29/34
IT Network and
Telecommunications Security
A network security defense system:
Network security administration: create a network
security plan, develop and communicate a securitypolicy for network resources, and managepasswords.
Authentication: ensuring that users are who they
say they are.Encryption: scramble or code data so that no one
will understand without a decoder decryption key.
-
7/27/2019 Ch06 Student F13
30/34
IT Network and
Telecommunications Security
A network security defense system:Firewalls: combine software and hardware to allow
only desirable traffic.Intrusion Detection Systems: record unsuccessfulaccess attempt and other anomalies, and detectunauthorized activities.
Penetration Testing: penetrate an information systemto learn about the logical access vulnerabilities.General testing tools include war dialing, portscanning, sniffers, and password crackers.
-
7/27/2019 Ch06 Student F13
31/34
31
-
7/27/2019 Ch06 Student F13
32/34
32
-
7/27/2019 Ch06 Student F13
33/34
33
-
7/27/2019 Ch06 Student F13
34/34