Unit 17 – Local Area Network Security

Slides:



Advertisements
Similar presentations
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Advertisements

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Access Control Methodologies
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Chapter 11 Firewalls.
Security+ Guide to Network Security Fundamentals
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 10: Authentication Guide to Computer Network Security.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Chapter 13 – Network Security
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Today’s Lecture Covers < Chapter 6 - IS Security
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 11: Remote Access Fundamentals
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Types of Electronic Infection
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
CPT 123 Internet Skills Class Notes Internet Security Session B.
Role Of Network IDS in Network Perimeter Defense.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
IS3220 Information Technology Infrastructure Security
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
Information Systems Design and Development Security Precautions Computing Science.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Click to edit Master subtitle style
Introduction to Networking
Firewalls.
Security in Networking
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Unit 17 – Local Area Network Security BUSINESS IMPACT SECURITY POLICY DEVELOPMENT VIRUS PROTECTION FIREWALLS AUTHENTICATION AND ACCESS CONTROL ENCRYPTION APPLIED SECURITY SCENARIOS GOVERNMENT IMPACT

BUSINESS IMPACT Network security is a business problem. The development and implementation of a sound network security policy must start with strategic business assessment followed by strong management support throughout the policy development and implementation stages. Enterprise network security goals must be set by corporate presidents and/or board of directors.

SECURITY POLICY DEVELOPMENT Security policy development life cycle (SPDLC). Figure 16-1. A cycle because evaluation processes validate the effectiveness of original analysis stages. Security Requirements Assessment Require a structured approach to ensure that all potential user group/information resource combinations have been considered. A network analyst can create a matrix grid mapping all potential user groups against all potential corporate information resources. Refer Figure 16-3. These security processes: Restrictions to information access imposed upon each user group Definition the responsibilities of each user group for security policy implementation and enforcement. It should be reviewed on a periodic basis through ongoing auditing, monitoring, evaluation, and analysis.

Figure 16-1 The Security Policy Development Life Cycle

SECURITY POLICY DEVELOPMENT Scope Definition and Feasibility Studies Define the scope or limitations of the project Feasibility studies gain vital information on the difficulty of the security policy development process as well as the assets (human and financial) required to maintain such a process. Need to decide on the balance between security and productivity. See Figure 16-4. Need to identify those key values that a corporation should be maintained. Five most typical fundamental values of network security policy development: Identification/Authentication: the process of reliably determining the genuine identity of the communicating computer (host) or user. Access Control / Authorization: authenticated users are only allowed to those information and network resources they are supposed to access. Privacy/Confidentiality: ensure tat data is disclosed only to intended recipients. Data Integrity: assure that data are genuine and cannot be changed without proper controls. Non-Repudiation: users cannot deny the occurrence of given events or transactions.

Figure 16-4 Security vs. Productivity Balance

SECURITY POLICY DEVELOPMENT Assets, Threats, Vulnerabilities, and Risks Most security policy development methodologies boil down to the following six major steps: Identify assets Identify threats Identify vulnerabilities Consider the risks Identify risk domains Take protective measures Assets: corporate property of some value that requires varying degrees of protection. Data or Information can be classified: Unclassified or Public Sensitive Confidential Secret Top Secret

SECURITY POLICY DEVELOPMENT Assets, Threats, Vulnerabilities, and Risks Threats: processes or people that pose a potential danger to identified assets. Vulnerabilities: manner or path by which threats are able to attack assets. Risks: probability of a particular threat successfully attacking a particular asset in a given amount of time via a particular vulnerability. E.g. Intruders or attackers may use social engineering or snooping to obtain user passwords An administrator may incorrectly create or configure user ids, groups, and their associated rights on a file server, resulting in file and login access vulnerabilities Network administrators may overlook security flaws in topology or hardware configuration Network administrators may overlook security flaws in operating system or application configuration; Lack of proper documentation and communication of security policies may lead to deliberate or inadvertent misuse of files or network access; Dishonest or disgruntled employees may abuse the file and access rights they’ve been given; A computer or terminal left logged into the network while its operator goes away may provide an entry point for an intruder; Users or even administrators choose passwords that are easy to guess; Authorized staff may leave computer room doors propped open or unlocked, allowing unauthorized individuals to enter;

SECURITY POLICY DEVELOPMENT Assets, Threats, Vulnerabilities, and Risks Staff may discard disks or backup tapes in “public” waste containers Administrators may neglect to remove access and file rights for employees who have left the organisation. Figure 16-7 shows the relationship between assets, threats, vulnerabilities, risks, and protective measures.

Figure 16-7 Assets, Threats, Vulnerabilities, Risks, and Protective Measures

SECURITY POLICY DEVELOPMENT Attack Strategies Some of common attack strategies as well as potential protective measures: Masquerading : Authentication Eavesdropping: Encryption Man-in-the-Middle-Attack: Digital certificates, digital signatures Address Spoofing: Firewalls Data Diddling: Encrypted message digest Dictionary Attack: Strong passwords, intruder detection Replay Attack: Time stamping or sequence numbering Virus Attack: Virus management policy Trojan Horse Attack: Firewalls Denial of Service Attack: Authentication, service filtering

SECURITY POLICY DEVELOPMENT Management Role and Responsibilities Plan your action to develop and implement a solution. Not to underestimate the labor resources and time requirements necessary to scale up your security analysis to an enterprise-wide security policy development and implementation process. Be sure that all affected user groups are represented on the policy development task force. Potential areas for development of acceptable use policies: Password protection and management, software license, virus protection, internet access, remote access, e-mail, policies regarding penalties/warnings, physical access Policy Implementation Process The policies need the support of executives and managers. Users should also be expected to actively support the implemented acceptable user policies. Security architecture map clearly justified security functional requirements to currently available security technical solution. See Figure 16-13 for the information security architecture.

Figure 16-13 Representative Security Architecture

SECURITY POLICY DEVELOPMENT Auditing Audit and monitor a corporate security policy on a continual basis. Auditing can be automated or manual. Manual audits serve to verify the effectiveness of policy development and implementation Automated audits is able to assess the weaknesses of your network security and security standards, to analyze the network for potential vulnerabilities and make recommendations for corrective action.

VIRUS PROTECTION A comprehensive virus protection plan must combine policy, people, processes and technology in order to be effective. Virus Categories work by infecting other legitimate programs and causing them to become destructive or disrupt the system in some other manner. Use some type of replication method to get the virus to spread and infect other programs, systems, or networks Need some sort of trigger or activation mechanism to set them off. Viruses may remain dormant and undetected for long periods of time. Refer to Figure 16-16 for the major virus categories. Antivirus Strategies Effective antivirus policies and procedures must first focus on the use and checking of all diskettes before pursuing technology-based solutions. Use virus scanning software for detecting virus in collaborative applications to avoid infection/reinfection cycle. Figure 16-18 shows the collaboration software infection/reinfection cycle. Figure16-19 shows virus infection points of attack and protective measures

Figure 16-18 Collaborative Software Infection/Re-infection Cycle

Figure 16-19 Virus Infection Points of Attack and Protective Measures

FIREWALLS Firewall software usually runs on a dedicated server that is connected to, but outside of, the corporate network. Firewalls provide a layer of isolation between the inside network and the outside network. Firewall Architectures Packet Filtering: examines source and destination addresses and determines access based on the entries in a filter table. Packet filter can be breached by hackers known as IP spoofing. Hacker can make a packet appear to come from an authorized or trusted IP address, it can pass through the firewall. Application Gateway filters or Proxies It examine the entire request for data rather than just the source and destination addresses. Secure files can be marked as such and application-level filters will not show those files to be transferred, even to users authorized by port-level filters.

FIREWALLS Dual-homed gateway Trusted gateway See Figure 16-20. Application gateway is physically connected to the private secure network and the packet-filtering router is connected to the nonsecure network. All outside traffic still goes through the application gateway first and then to the information servers. Trusted gateway Certain applications are identified as trusted and are able to bypass the application gateway entirely and are able to establish connections directly rather than executed by proxy. See Figure 16-20.

Figure 16-20 Packet Filters, Application Gateways, Proxies, Trusted Gateways, and Dual- Homed Gateways

AUTHENTICATION AND ACCESS CONTROL Authentication is to ensure that users attempting to gain access to networks are really who they claim to be. Authentication products break down into three overall categories: What you know. Authentication technology that can deliver single sign-on (SSO) access to multiple network attached servers and resources via passwords. What you have. It uses one-time or session passwords or other techniques to authenticate users and validate the authenticity of messages or files. What you are. It validates user based on some physical characteristic. Token Authentication – Smart Cards Token Authentication technology may have multiple forms: Hardware-based Smart Cards In-line authentication device Software token on client PC There are two overall approaches to the token authentication process.

AUTHENTICATION AND ACCESS CONTROL Challenge-response token authentication The user enters an assigned user ID and password at the client workstation. The token authentication server software return a numeric string known as a challenge The challenge number and a personal ID number are entered on the hand-held Smart Card The Smart Card displays a response number on the LCD screen This response number is entered on the client workstation and transmitted back to the token authentication server The token authentication server validates the response against the expected response from this particular user and this particular Smart Card. If the two match, the user is deemed authentic and the login session is enabled. Time synchronous token authentication Every 60 seconds, the time-synchronous Smart Card and the server-based software generate a new access code. The user enters their user ID, a personal ID number, and the access code currently displayed on the Smart Card. The server receives the access code and authenticate the user by comparing the received access code with the expected access code unique to that SmarCard which was generated at the server in time synchronous fashion. See Figure 16-24.

Figure 16-24 Challenge Response vs. Time Synchronous Token Authentication

AUTHENTICATION AND ACCESS CONTROL If the security offered by token authentication is insufficient, biometric authentication can authenticate users based on fingerprints, palm prints, retinal patterns, voice recognition or other physical characteristics. Authorization a subset of authentication. While authentication ensures that only legitimate users can log into the network, authorization ensures that these properly authenticated users access only the network resources for which they are properly authorized. the authorization security software can be either server-based (brokered authorization) or workstation-based (trusted node).

ENCRYPTION A security process complimentary rather than mutually exclusive to authentication and authorization. encryption ensures that the contents of the transmission would be meaningless (called ciphertext) if they were intercepted. Encryption must accompanied by decryption, to change the unreadable text back into its original form. Data Encryption Standard (DES) is often used to allow encryption devices manufactured by different manufacturers to interoprate successfully. The DES encryption standard actually includes two parts for greater security method of encrypting data 64 bits at a time a variable 64-bit key (private key) Private key This private key must be known by both the sending and the receiving encryption devices and allows so many unique combination (2 to the 64th power), that unauthorized decryption is nearly impossible.

ENCRYPTION Public key or Public/private key encryption the process actually combines public and private keys. In public key encryption, the sending encryption device encrypts a document using the intended recipient’s public key and the originating party’s private key. This public key is readily available in a public directory. To decrypt the document, the receiving encryption device must be programmed with the recipient’s private key and the sending party’s public key. This method requires only the receiving party to possess their private key and eliminates the need for transmission of private keys. Digital signature encryption appends an encrypted digital signature to the encrypted document as an electronic means of guaranteeing the authenticity of the sending party and assurance that encrypted documents have not been tampered with during transmission. the digital signature is regenerated at the receiving encryption device from the transmitted document and compared to the transmitted digital signature. See Figure 16-26.

Figure 16-26 Private Key Encryption, Public Key Encryption, and Digital Signature Encryption

APPLIED SECURITY SCENARIOS Overall Design Strategies Some general guidelines the would apply to most situations: Install only software and hardware that you really need on your network. Allow only essential traffic into and out of the corporate network Investigate the business case for outsourcing web-hosting services Use routers to filter traffic by IP address Make sure that router operating system software has been patched Identify those information assets that are most critical to the corporation Implement physical security constraints to hinder physical access to critical resrouces such as servers Monitor system activity logs carefully Develop a simple, effective and enforceable security policy and monitor its implementation and effectiveness Consider installing a proxy server or application layer firewall Block incoming DNS queries and requests for zone transfers Don’t publish the corporation’s complete DNS map on DNS servers that are outside the corporate firewall. Disable all TCP ports and services that are not essential

APPLIED SECURITY SCENARIOS Remote Access Security How to manage the activity of all of the remote access users that have logged in via a variety of multi-vendor equipment and authentication technology. Remote authentication dial-in user service (RADIUS) offers the potential to enable centralized management of remote access users and technology. See Figure 16-28. It enables communication between the following three tiers of technology: Remote access devices such as remote access servers and token authentication technology from a variety of vendors, otherwise known as network access servers (NAS) Enterprise database that contains authentication and access control information RADIUS authentication server Users request connections and provide useRIDs and passwords to the network access servers which, in turn, pass the information along to the RADIUS authentication server for authentication approval or denial.

Figure 16-28 Remote Authentication Dial-In User Services (RADIUS) Architecture

APPLIED SECURITY SCENARIOS RADIUS: Allows network manager to centrally manage remote access users, access methods, and logon restriction. Centralized auditing, e.g. keep track of volume of traffic sent and amount of time on-line Enforces remote access limitations, e.g. server access restrictions or on-line time limitation Supports password authentication protocol (PAP), challenge handshake authentication protocol (CHAP) and Secure ID token authentication. Transmit passwords in encrypted format only Virtual Private Network Security To provide virtual private networking capabilities using the Internet as an enterprise network backbone, specialized tunneling protocols needed to be developed that could establish private, secure channels between connected systems. Two rival standards are examples of such tunneling protocols: Point-to-Point Tunneling Protocol (PPTP) and Layer Two Forwarding (L2F)

APPLIED SECURITY SCENARIOS See Figure 16-29. Two rival specifications currently exist for establishing security over VPN tunnels: IPsec and PPTP.

Figure 16-29 Tunneling Protocols Enable Virtual Private Networks

APPLIED SECURITY SCENARIOS Enterprise Network Security To maintain proper security over a widely distributed enterprise network, it is essential to be able to conduct certain security-related processes from a single, centralised, security management location. These processes are: Single point of registration (SPR) allows a network security manager to enter a new user form a single centralized location and assign all associated rights, privileges and access control to enterprise resources Single sign-on (SSO) allows the user to login to the enterprise network and to be authenticated from their client PC location. Single access control view allows the user’s access from their client workstation to only display those resources that the user actually has access to. Security auditing and intrusion detection is able to track and identify suspicious behaviors from both internal employees and potential intruders.

Government agencies play a major role in the area of network security. GOVERNMENT IMPACT Government agencies play a major role in the area of network security. The primary function of these various government agencies is : Standards-making organizations that set standards for the design, implementation, and certification of security technology and systems **** END ****