Presentation is loading. Please wait.

Presentation is loading. Please wait.

Richard Henson University of Worcester October 2016

Published byWilla Chandler Modified over 6 years ago

Similar presentations

Presentation on theme: "Richard Henson University of Worcester October 2016"— Presentation transcript:

1 Richard Henson University of Worcester October 2016
COMP3371 Cyber Security Richard Henson University of Worcester October 2016

2 Week 3: Strategies for securing data held within digital systems
Objectives: Explain tensions in principles of maintaining data confidentiality, integrity, availability Devise a security strategy for users in terms of using technical controls to protect access to resources, services and information Explain that total security is a myth; people are people, and computer technology is constantly evolving…

3 CIA in practice C = confidentiality A = Availability
Tension between them… responsibility to keep data secure but people usually want data NOW!!! and security controls get in the way

4 Maintaining Data Integrity
Personal or sensitive data needs to be protected against copying/modifying Up to the organisation to choose an appropriate strategy may be happy to just use the Microsoft domain model… but “read only” files could be changed (!) should monitor for changes (event viewer)

5 The Client-Server LAN Model
Excellent way to centralise and control organisational resources client can still hold resources a lot (workstation) not much (thin client) better if on a server - accessible to all Microsoft LAN model: domain

6 Request and response All network users get access via clients
Client requests information… 2. Server processes the request, sends a response back to the client

7 Principle of security “controls”
Any method used to protect organisational data against being compromised… technical controls use hardware and software to protect data people controls provide procedures for people to follow to protect data management controls provide procedures for those managing data users

8 Technical Controls on Data
Technologies for safe transport… wired or wireless processing… secure CPU/memory storage… Purpose: protect network resources from attacks and accidental loss of data

9 Useful Background Knowledge (from level 1 & 2 modules)
Client-server networking link Windows Security model link Standards & ISO/OSI link Packet switching & TCP/IP link Windows Web servers and browsers link Virtualisation link

10 Security of Data on the move: Internal networks
Most organisational computers regularly interchange data Data could in theory be copied (although not destroyed) by being intercepted: as it passes between computers through use of e/m waves (easy) in copper cables (difficult) In optical fibre cables (very difficult) The organisation therefore needs to vigilant…

11 Security and copper cables
UTP (Unshielded Twisted Pair) cable is cheap, but not totally secure: electricity passing through a cable creates a magnetic field… can then be intercepted and used to recreate the original signal… Shielding stops the magnetic field spreading out STP (Shielded Twisted Pair) cabling available but more expensive… Stolen data

12 Security, cost and Fibre Optic Cables
Fibre more secure than even shielded copper digital data transmitted as a high intensity light beam no associated magnetic field; data can’t be “tapped” Can carry much more data than twisted pair but: cost… of cables… of installation…

13 Discussion small network e.g home/microbusiness
Which to choose, UTP, STP, optical fibre? cost v risk balancing act small network e.g home/microbusiness medium size network e.g business 50 employees large network, with multisite operation

14 What about Radio Waves? Ideal?
no unsightly cables mobile availability cheap! Standard radio waves don’t carry much data (i.e. low bandwidth) Need to be high frequency… close to microwave frequency

15 E/m Wave systems Easy to install
no cabling needed, just signal boosters BUT… without encryption & authentication, not secure at all! can be received by anyone within range and with the right equipment especially easy to pick up if transmitted as “fixed spectrum” “Spread spectrum” radio waves can only be picked up by equipment that can follow the changes in frequency such equipment MUCH more expensive…

16 Security and Network Hardware
Very small networks may use peer-peer networking and cabling/wireless same arguments, same dangers… Whatever the size, networks use hubs, switches, and router(s) to connect everything and link to Internet data will be stored on these devices before forwarding plenty of hacks started by compromising a router!

17 Standard Internet Protocols and Security
Early Internet: users military personnel, research centre admin, etc. all security vetted protocols not designed with security in mind about getting data safely & reliably from one place to another OSI model ordered protocols into a 7-layer stack: based on TCP and IP protocols user system security already built in at the session layer no inherent security for data on the move

18 Network-Network Connectivity
Most networks now use TCP/IP for Internet connectivity based on digital data sent in 1000 byte chunks called “packets” Any intelligent device with an IP address and connected to the Internet theoretically visible across the network/Internet otherwise, packets couldn’t be navigated to it!

19 Navigating Data within a TCP/IP network
Data on a network device could be: located using device IP address copied to another IP address on the network Just need: access via computer an appropriate network protocol (e.g. NFS – network file system, part of the TCP/IP suite)) It really is as simple as that!!!

20 Copying, Changing, or Deleting Data on a networked computer
Data could be tapped in exactly the same way on any computer on the Intrnet! must have an IP address to participate on the Internet packets going to that computer have a destination IP address in the header, and headers can easily be read NFS can be used to manage data remotely on that computer – which could include copying or (perhaps worse) deleting that data, or even BOTH

21 Technologies for Implementing Security Controls
Security means Protecting DATA!... The rest of this session focuses on ensuring the security of data on network devices, and associated storage hard disks, flash memory & CDs digital backup tapes USB sticks…

22 Client-Server Network: do’s and don'ts for administrators
Only allow authorised (and TRUSTED) users to gain access to the network ensure users are always properly authenticated Only allow network administrators to have full access Monitor the network continually to provide alerts that unauthorised access is being sought Encrypt data that will be sent through UTP cables and/or held on computers that are connected to the Internet When using the www, use secure versions of network protocols and/or tunnelling protocols to encapsulate and hide data

23 The Virtual Private Network
Secure sending of data through the Internet Only use a restricted and very secure set of Internet routers No IP address broadcasting, because all packets use the same route IP tunnelling protocol encapsulates data normal Internet users will therefore not be able to see the sending, receiving, or intermediate IP addresses Data sent is encrypted Potential hackers don’t get a look in!

24 Encyption/Decryption
Technique of changing digital data in a mathematical reversible way Makes it impossible to get at the information… data representing it scrambled Coding data not new… been happening for millennia many clever techniques involved Encryption studies - cryptography

25 Types of Network Hardware
Data can be captured between devices… could also be copied/compromised on any device with processing ability Devices categorised into two types: end devices (for input or output) connecting devices (passing data on…)

26 Addressing and Network Devices
Addressing possible at two of the OSI software levels/layers: Hardware-compatible layer uses MAC addresses Internet-compatible layer uses IP addresses ARP (Address Resolution Protocol) converts addresses from IP to MAC

27 End Devices Computers Dumb Terminals Printers VOIP phones Scanners
Anything that inputs or outputs…

28 Connecting Devices Routers Switches Hubs & Repeaters
computers with two network cards work with IP addresses (OSI layer 3) Switches also two network cards work with MAC addresses (OSI layer 2) Hubs & Repeaters no processing but can boost signals

29 Connecting Devices & Configuration
One of the keys to security… Routers & Switches often configured via Windows interface fine for small, simple changes More complex changes ned a command line interface (CLI)

30 Simulating a Network CISCO software: Packet Tracer
Drag and drop tool used for planning networks very useful also for finding out about networks! practical after the break…

31 A Simulated Domain in action… using packet tracer Also download CISCO Packet Tracer for your own use…

Download ppt "Richard Henson University of Worcester October 2016"

Similar presentations

Networking Some of the basics. What is a Network Simply put, its two or more computer connected together through a communication medium. A communication.

Networking Some of the basics. What is a Network Simply put, its two or more computer connected together through a communication medium. A communication.
Connecting to a computer Network Network interface Card (NIC) Connecting Devices Network Cables Wireless Networks Network Topology Network Operating System.

Connecting to a computer Network Network interface Card (NIC) Connecting Devices Network Cables Wireless Networks Network Topology Network Operating System.
© Vera Castleman Networks Grade 10. The Network System A network links components electronically. Each component is a NODE. A node could be: A PC A printer.

© Vera Castleman Networks Grade 10. The Network System A network links components electronically. Each component is a NODE. A node could be: A PC A printer.
Shalini Bhavanam. Key words: Basic Definitions Classification of Networks Types of networks Network Topologies Network Models.

Shalini Bhavanam. Key words: Basic Definitions Classification of Networks Types of networks Network Topologies Network Models.
Lesson 3 – UNDERSTANDING NETWORKING. Network relationship types Network features OSI Networking model Network hardware components OVERVIEW.

Lesson 3 – UNDERSTANDING NETWORKING. Network relationship types Network features OSI Networking model Network hardware components OVERVIEW.
Computer Networks Eyad Husni Elshami. Computer Network A computer network is a group of interconnected computers to share data resources ( printer, data.

Computer Networks Eyad Husni Elshami. Computer Network A computer network is a group of interconnected computers to share data resources ( printer, data.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
TYPES OF NETWORKS NETWORK CONFIGURATIONS /TOPOLOGIES TRANSMISSION MEDIA By B. Vialva.

TYPES OF NETWORKS NETWORK CONFIGURATIONS /TOPOLOGIES TRANSMISSION MEDIA By B. Vialva.
4 Network Hardware & Software Network Operating systems: software controlling traffic on the network 2 types of s.ware: server software &client software.

4 Network Hardware & Software Network Operating systems: software controlling traffic on the network 2 types of s.ware: server software &client software.
1 Network Strategy By Mr J. Sloan. Ideas Protocol WAN LAN Node What is a… Workstation File Server Print Server.

1 Network Strategy By Mr J. Sloan. Ideas Protocol WAN LAN Node What is a… Workstation File Server Print Server.
This is the way an organisation distributes the data across its network. It uses different types of networks to communicate the information across it.

This is the way an organisation distributes the data across its network. It uses different types of networks to communicate the information across it.
1 3 Computing System Fundamentals 3.4 Networked Computer Systems.

1 3 Computing System Fundamentals 3.4 Networked Computer Systems.
Computer communication

Computer communication
Chapter 5 Networks Communicating and Sharing Resources

Chapter 5 Networks Communicating and Sharing Resources
Networks. What is a Network? Two or more computers linked together so they can send and receive data. We use them for sending e-mails, downloading files,

Networks. What is a Network? Two or more computers linked together so they can send and receive data. We use them for sending s, downloading files,
Networking and Operating Systems. Networking What is it? Things that are hooked together. Computer Network- Computers that are connected together.

Networking and Operating Systems. Networking What is it? Things that are hooked together. Computer Network- Computers that are connected together.
Slide 1 What is a Computer Network? A computer network is a linked set of computer systems capable of sharing computer power and resources such as printers,

Slide 1 What is a Computer Network? A computer network is a linked set of computer systems capable of sharing computer power and resources such as printers,
By Kyle Slinger.  A network is where you can send information to and from different PCs.

By Kyle Slinger.  A network is where you can send information to and from different PCs.
Characteristics of Communication Systems

Characteristics of Communication Systems
Common Devices Used In Computer Networks

Common Devices Used In Computer Networks

Similar presentations

Ads by Google