1 / 33

Ensuring Network Security

Ensuring Network Security. Planning for Security. 4 major threats Unauthorized access Electronic tampering Theft –data and hardware Intentional/unintentional damage. 10. Managing Security. Threat identification What am I trying to protect? What do I need to protect data from?

hamlet
Download Presentation

Ensuring Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ensuring Network Security

  2. Planning for Security • 4 major threats • Unauthorized access • Electronic tampering • Theft –data and hardware • Intentional/unintentional damage

  3. 10 Managing Security Threat identification What am I trying to protect? What do I need to protect data from? How likely is the threat? What is the cost of breached security? How can I protect data cost effectively?

  4. Helpful sites • CERT (Computer Emergency Response Team) • http://www.cert.org • BugTraq • Subscription service • Rootshell ( all systems large numbers of reports) • http://slashdot.org/articles/98/10/28/228210.shtml • Security focus ( all systems) • http://www.securityfocus.com) • http://cve.mitre.org/

  5. 3 security traps • Security through obscurity works in the reverse • Social engineering, fishing for information does work, educate the users • Physical security, stops accidents and theft of data and parts

  6. Level of Security • Setting Policies • Establish rules,regulations and policies • Set the tone and guide the users • Train the users on the policies • Prevention • Take a proactive approach • Authentication • Keep the data safe from unauthorized access • Network authentication is the first line of defense

  7. Secure the Equipment • Isolate and lockup servers • Protect from accidental and deliberate tampering • Secure the cables • Keep intruders away from cable • Limit physical access to network • Benefit of isolated cable is a reduction in RFI

  8. Security Models • Password Protected Shares • Share level security • Security information attached to resource • Applies to every user of resource • Windows 95 model • Access Permissions • User level security • Access to the resource is checked against a user-access database on the server • Users have passwords but resources have permissions • Assigning permissions is done through groups

  9. Security Enhancements • Firewalls • Combination of hardware and software • Protection from external threat • Prevent direct communication with systems outside the network • Communication is routed through a proxy server • Proxy filters and discards requests or data not considered appropriate • Network activity is audited • Tracks • Logon attempts- failed and successful • Connection and disconnection from resources and systems • Disables accounts • Creation,deletion,opening and closing files • Events and modifications, including password changes

  10. Enhancements…. • Diskless computers • Boot ROM on NIC • No disk to store data or copy to and from • Data Encryption • Best encryption is hardware based • Translation standard is Data Encryption Standard (DES) • Specifies key to decryption • Have to transfer key • Commercial COMSEC Endorsement Program (CCEP) • Newer standard may replace DES • Approved vendors can incorporate classified algorithms in communication systems

  11. Computer Viruses • Boot sector virus • First sector of floppy or disk • Executes on boot • Copies to other media • File infector • Activates when a file is used • Companion virus– uses name of real program with different extension • Macro virus- written as a macro for application • Attaches to files accessed by the application • Polymorphic Virus- changes appearance on replication • Stealth virus- hides from detection • Intercepts the probe and returns false information

  12. Virus Propagation • Internet has opened new pathways for spread of viruses • E-mail is major source • Sends itself to addresses in address books • Trojan horse temps victims • Any means of information exchange provides potential path

  13. Consequences of Viruses • System won’t boot • Data is corrupted • Erratic operation • Lost partitions on disk • Reformatted drive • More than one misbehaving workstations • Denial of service attacks

  14. Virus prevention • Good antivirus software • Warn • Stop activation • Remove • Repair • Check spread • Prevention • No unauthorized access • Well planned access and privilege assignments • User profiles • Software load policy • Virus protection rules and training

  15. 10 Implementing Security Setup the security system Make it as fool proof as possible Train network users about: Why security exists How to use security Consequences of noncompliance

  16. 10 Maintaining Security Monitor security to assure that: It is accomplishing its goals It is working as intended Modify as needed The best laid plans……

  17. Healthy Environment • Recognize the effect of the environment • Climatic- cold, humidity, office • Degradation is usually over time not sudden

  18. Create the Right Environment • Temperature • Avoid cycles of hot and cold • Humidity • High -Promotes corrosion and thus friction temperature • Low– promotes static discharge • 50-70 percent is good • Dust and smoke • Acts as insulator and conductor • Human factors • Industrial Factors • Noise, EMI, vibration

  19. Site Disaster • Anything that causes you to lose data • Recovery is hardware and DATA replacement

  20. 10 Avoiding Data Loss Tape backup Uninterruptible power supply (UPS) Fault-tolerant systems Disk mirroring Disk striping with parity

  21. 10 Tape Backup First line of defense against data loss Regular scheduled backups Schedule, assign personnel, signoff log Verify success of backup Use a safe tape storage location Test the restore ability of the tapes

  22. Implementing Backup System • If you can’t get along without it … back it up • Tape drive should have capacity to backup the largest server • Backup methods • Full-marks as backed up • Copy- does not mark • Incremental- backs up and marks files changed since last backup • Daily copy – modified that day, no mark • Differential- changed since last backup no mark • Maintain a backup log

  23. 10 UPS Uninterruptible power supply Battery to keep server running when power fails Built in conditioning & surge protection Not for laser printers-high current draw

  24. UPS as Backup Power Source 19

  25. 10 Fault Tolerant Systems Raid technology Levels Level 0 Striping 64k blocks divided equally across disk– no redundancy 2-32 drives Large logical disk Level 1 Disk mirroring Two drives, single controller Disk duplexing Two drives, two controllers Disadvantage is disk space required Level 2 Striping with ECC Block is distributed across stripes

  26. Disk Striping Combines Areas on Multiple Drives 20

  27. Disk Mirroring Duplicates a Partition on Another Physical Disk 21

  28. Raid continued • Level 3 ECC as Parity • Requires parity disk • Level 4 Disk striping with large blocks • Full block to each disk and parity disk • Level 5 striping with parity • 3-32 drives • Parity written across all disks for each stripe • Level 10 Mirrored drive arrays • Mirrored stripe set • Sector sparing • Hot fix of bad sectors • Utility to notify administrator

  29. Sector Sparing or Hot-Fixing Steps 22

  30. 10 Fault Tolerant Systems

  31. Clustering • Group of systems work as one using shared devices. Control can be passed to another system if one system fails. • Clustering is an enhancement to fault tolerant systems not a replacement.

  32. Optical Drives and Disks • Permanent backups • CD-Rom • Most common form of optical • ISO 9660 specification defines format standard • 650 MB • DVD • 5 formats • DVD-R- 3.95 GB single sided and 7.9 double • WORM • MO- magneto-optical • PCR- phase change rewritable

  33. Disaster Recovery • Focus on factors you can control • Determine best prevention • Enforce preventative measures • Revise prevention measures • Perform PM on hardware and software • Train • Preparation • Inventory- insurance and replacement • Backup • Store offsite • To recover from disaster: • Make a disaster-recovery plan • Implement the plan • TEST the plan!

More Related