Security Management

Security Management is the organizational processes and relationships for managing risk – Policies, Procedures, Standards, Guidelines, Baselines – Organizational Structures – Roles and Responsibilities Security Management practices involve balancing security processes and proper management and oversight Risk Management is a big part of managing holistic security of an organization

Goals of Security Confidentiality – Allowing only authorized subjects access to information Integrity – Allowing only authorized subjects to modify information Availability – Ensuring that information and resources are accessible when needed

Goals of Security Confidentiality – Preventing unauthorized subjects from accessing information Integrity – Preventing unauthorized subjects from modifying information Availability – Preventing information and resources from being inaccessible when needed

Computer Security Computer and Network security was not at all well known, even about 12 years ago Today, it is something everyone is aware of the need, but not sure what is really means Interesting topic of threats, countermeasures, risks, stories, events and paranoia – With some mathematics, algorithms, designs and software issues mixed in – Yet, not enough people, even security specialists understand the issues and implications

Malicious Software

SECURITY INNOVATION ©2003 A Subject Overview Viruses Worms Trojans

malicious programs “ Malicious Programs” may be installed by hand on a single machine. They may also be built into widely distributed commercial software packages. These are very hard to detect before the payload activates (Trojan Horses, Trap Doors, and Logic Bombs). Virus - code that copies itself into other programs. A “Bacteria” replicates until it fills all disk space, or CPU cycles. Payload - harmful things the malicious program does, after it has had time to spread. Worm - a program that replicates itself across the network (usually riding on messages or attached documents (e.g., macro viruses). Trojan Horse - instructions in an otherwise good program that cause bad things to happen (sending your data or password to an attacker over the net). Logic Bomb - malicious code that activates on an event (e.g., date). Trap Door (or Back Door) - undocumented entry point written into code for debugging that can allow unwanted users. Easter Egg - extraneous code that does something “cool.” A way for programmers to show that they control the product.

Telnet Telnet is a remote host connection You log on to a server and access information as if you were sitting in front of the server Telnet provides a login shell (an environment that allows you to issue commands) Requires an account and password on the host computer A generic user name and password allow access to public servers SSH (Secure Shell) is a secure form of Telnet

File Transfer Protocol (FTP) Used to transfer files between two computers Public FTP servers generally allow anonymous logon and allow downloading of files only Files are downloaded via the FTP “get” command Corporate FTP servers usually require a user name and password (you may upload files if you have permission) Files are uploaded via the FTP “put” command You can use command-line FTP, a browser’s built-in FTP client, or a specialized FTP client Secure versions of FTP include: – Secure Copy (SCP) – SSH File Transfer Protocol (S/FTP) – SSL/TLS-enabled FTP (FTPS)

Managing Download Files You may need to define MIME types for files that you download Many files downloaded from FTP servers are compressed (using a compression utility) and must be decompressed before you can use them Common compression utilities include: – Zip/unzip – Bzip2/bunzip2 – Bzip/bunzip – Gzip/gunzip – Compress/uncompress – RAR/WinRAR

Virtual Network Computing (VNC) VNC allows you to control a computer at a remote location as if you were sitting in front of it VNC consists of two components: the server and the viewer VNC provides a fill GUI display and allows authenticated users to log on and see the same display they would see if they were sitting in front of the (server) computer The viewer and server do not need to be running the same operating system

Instant Messaging (IM) Computer-based method of communication in which users can type and view messages sent to one or more recipients and view the responses immediately Contacts must be online to receive messages Can also be used to send files, view photos, send Web links and talk to contacts Becoming very popular in the workplace Requires an instant messaging client and an account for instant messaging service There are several IM services, clients and servers in widespread use

Peer-to-Peer Networks In a peer-to-per network, each computer has both client and server capabilities On the Internet, a P2P network allows a group of users to connect with each other and directly share files among their hard drives P2P networks are inexpensive and allow users to share bandwidth

Lightweight Directory Access Protocol (LDAP) LDAP directories contain contact information (name, address, address, public keys, etc.) Simplified version of X.500 Supports TCP/IP Makes global directory service available to everyone Modern clients are capable of searching an LDAP directory

Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 7: Internet Security

Objectives Identify the three types of encryption Identify ways that authentication provides Web security Identify ways that firewalls provide Web security Identify malware (malicious software) Identify ways to detect and prevent virus attacks Define spyware Define patches and updates Identify ways that screen savers provide workstation security Define list servers and listserve groups Identify security-related ethical and legal issues faced by IT professionals

Encryption Encryption – encoding or scrambling information using specific algorithms Three types of encryption: – Symmetric-key (secret-key) encryption – the same key is used to encrypt and decrypt messages – Asymmetric-key (public-key) encryption – two keys are used to encrypt and decrypt messages: a public key and a private key – Hash (one-way) encryption – uses hashes to verify the integrity of transmitted messages

Authentication User names and passwords – use to log on to private and public networks, including the Internet Digital certificates – attachments to electronic transmissions that supply a verifiable signature – Digital signatures – electronic signatures that verify the identity of the message sender Non-repudiation – digital signatures prove that a transaction or transmission took place; neither the sender nor the receiver can later deny the action

Firewalls Firewall – a collection of hardware, software and corporate policies that prevents unauthorized access to or from private networks Use firewalls to: – Prevent unauthorized Internet users from accessing private networks – Retain control of proprietary information – Prevent unauthorized export of proprietary information Firewalls may prevent access to external providers or external servers

Malware (Malicious Software) Virus – damages computers and networks, often alters files to damage or destroy data Worm – resides in active memory and replicates itself until an entire disk is full Trojan horse – appears to be harmless (such as a computer game) but produces harmful results Illicit server – installs hidden services on systems – Client code – allows remote access to a computer by an attacker – Server code – infects destination computer and enables the attacker to control it

Virus Detection and Prevention Corporate IT departments are often the first line of defense against viruses Common ways to contract viruses: – Receive infected disk from colleague or friend – Download infected file – Download illicit server attachment – Copy to your hard disk a document infected with a macro virus

Virus Detection and Prevention (cont’d) Common ways to protect against viruses: – Do not open or attachments from unknown senders – Configure browser and security to highest levels – Use antivirus software – Keep antivirus software current – Stay informed about the latest virus threats – Make backup copies of important files

Virus Detection and Prevention (cont’d) If you receive an attachment you do not recognize: – Do not open the attachment – Contact the sender to determine whether the attachment is legitimate – If you cannot contact the sender, delete the attachment from the message – Delete the attachment from the Deleted Items folder

Virus Detection and Prevention (cont’d) If you suspect a virus attack: – Use antivirus software to remove the virus – If you cannot launch antivirus software, reboot from a known clean system disk, then launch the antivirus software – Remove virus from all disks, files and programs – If damage is too extensive, reformat hard disk, restore data and reinstall programs (last resort only)

Spyware Spyware – an application secretly placed on a user’s system to covertly gather information and relay it to outside parties, usually for advertising purposes Also known as adware Cookies are not spyware because: – The user is aware of their presence – The user has the option to disable outside access to cookie information Use spyware detection applications to detect and eliminate spyware

Updates and Patches Update – a software upgrade that permanently fixes known bugs and improves software performance Patch – a temporary bug fix Virus update – files of virus signature profiles you use to keep your antivirus software current

Screen Savers Screen saver – a utility program that displays images or animation on your monitor when your computer is idle Use to hide your work while you are away from your desk Specify screen saver and amount of time computer is idle before screen saver displays

List Servers and Listserve Groups List server – collects and distributes information to and from listserve groups List servers: – LISTSERV ( – Majordomo ( – Lyris ( Listserve group – Participants who subscribe to a mailing list through a list server Mailing list Web sites (not list servers): – Topica (lists.topica.com) – Yahoo! Groups (groups.yahoo.com)

Security-Related Ethical and Legal Issues Privacy concerns: – Your computer activities are no longer private – You may receive malware and spam – Organizations may monitor employee and restrict access to Internet sites – Network administrators may audit the contents of employee hard drives Use home computer for personal communications and Internet searches

Security-Related Ethical and Legal Issues (cont’d) Copyright issues: – Copyright laws extend to works of authorship on the Internet – There is no international copyright – You must obtain copyrights from the appropriate agency in your home country – Court cases have set precedents that copyright-protected material cannot be used or distributed on the Internet without permission

Security-Related Ethical and Legal Issues (cont’d) Licensing: – To license copyright-protected material, you must obtain permission from the author Trademarks: – To register a trademark, you must contact the appropriate agency in your home country Encryption policies: – Determine the risk of transmitting or ing unencrypted proprietary or sensitive data