Presentation is loading. Please wait.

Presentation is loading. Please wait.

Richard Henson University of Worcester October 2017

Published byNorman Beasley Modified over 6 years ago

Similar presentations

Presentation on theme: "Richard Henson University of Worcester October 2017"— Presentation transcript:

1 Richard Henson University of Worcester October 2017
COMP3371 Cyber Security Richard Henson University of Worcester October 2017

2 Week 3: Strategies for securing data held within digital systems
Objectives: Explain tensions in principles of maintaining data confidentiality, integrity, availability Devise a security strategy for users in terms of using technical controls to protect access to resources, services and information Explain that total security is a myth; people are people, and computer technology is constantly evolving…

3 CIA in practice C = confidentiality A = Availability
Secure it! Want it NOW! Tension between these two… network managers: responsibility to keep data secure Users: just want data… NOW!!! security controls just get in the way Data !

4 The “I” in the middle Maintaining Data Integrity
Personal or sensitive data MUST be protected by law against copying/modifying law getting tighter (GDPR) users need to be aware!

5 Choosing a Strategy for protecting data and keeping users happy
Up to the organisation to choose how to do this… logins necessary when logged in, users get appropriate access to do their job… who decides what is appropriate?

6 Implementing the Strategy
Not too many options… many opt for client-server model may be happy to just use the Microsoft domain model… but a weakness that “read only” files could be changed (!) essential to monitor for changes (event viewer) makes users accountable

7 Client-Server LANs Centralised server(s)
control user access to organisational resources control users via access allocations on logon Client end can still hold resources in memory and secondary storage a lot (workstation) not much (thin client)

8 Request and response All network users get access via clients
Client requests information… 2. Server processes the request, sends a response back to the client

9 Principle of security “controls”
Any method used to protect organisational data against being compromised… technical controls use hardware and software to protect data people controls provide procedures for people to follow to protect data management controls provide procedures for those managing data users

10 Technical Controls on Data
Technologies for safe transport… wired or wireless processing… secure CPU/memory storage… Purpose: protect network resources from attacks and accidental loss of data

11 Microsoft LANs: Domains
Better if resources and security on the server - accessible to all needs at least one back up Microsoft domains… server(s) set up first clients attached physically and logically to server Users controlled through policy files on server(s)

12 Useful Background Knowledge (from level 1 & 2 modules)
Client-server networking link Windows Security model link Standards & ISO/OSI link Packet switching & TCP/IP link Windows Web servers and browsers link Virtualisation link

13 Securing Data… Three vulnerable places for hackers to capture data:
physically stored e.g. hard disk, CD, USB system stored e.g. memory of computer, router, or other intermediate device on the move e.g. through cables or the air Hackers want information, not data without context! useless to them if coded (encrypted)

14 Encyption/Decryption
Technique of changing digital data in a mathematical reversible way Makes it impossible to get at the information… data representing it scrambled Coding data not new… been happening for millennia many clever techniques involved Encryption studies - cryptography

15 Security of Data on the move: inside the organisation
Most organisational computers regularly interchange data Data could in theory be copied (although not destroyed) by being intercepted: as it passes between computers/devices through use of e/m waves (easy) in copper cables (possible but difficult) In optical fibre cables (very difficult) The organisation therefore needs to vigilant…

16 Security and copper cables: UTP
UTP (Unshielded Twisted Pair) cable is cheap, but not totally secure: electricity passing through a cable creates a magnetic field… can then be intercepted and used to recreate the original signal… Stolen data

17 Security and copper cables: STP
UTP is also vulnerable to stray electro- magnetic waves (e.g. nearby electric motor) Shielding stops the magnetic field spreading out and stray fields getting in STP (Shielded Twisted Pair) cabling recommended or vulnerable environments but more expensive…

18 Security, cost and Fibre Optic Cables
Fibre more secure than even shielded copper digital data transmitted as a high intensity light beam no associated magnetic field; data can’t be “tapped” Can carry much more data than twisted pair but: cost… of cables… of installation…

19 Discussion small network e.g. home/microbusiness
Which to choose, UTP, STP, optical fibre? cost v risk balancing act small network e.g. home/microbusiness medium size network e.g. business 50 employees large network, with multisite operation

20 What about Radio Waves? Ideal?
no unsightly cables mobile availability cheap! Standard radio waves don’t carry much data (i.e. low bandwidth) need to be high frequency… close to microwave frequency

21 E/M Wave systems Easy to install
no cabling needed, just signal boosters BUT… must have encryption & authentication! can be received by anyone within range and with the right equipment especially easy to pick up if transmitted as “fixed spectrum” “spread spectrum” radio waves can only be picked up by equipment that can follow the changes in frequency such equipment MUCH more expensive…

22 Security and Network Hardware
Very small networks may use peer-peer networking and cabling/wireless same arguments, same dangers… Whatever the size, networks use hubs, switches, router(s), maybe a firewall to connect everything and link to Internet data will be stored on these devices before forwarding plenty of hacks started by compromising a router!

23 Standard Internet Protocols and Security
Early Internet (1970s): users: military personnel, research centre admin, etc. all security vetted protocols not designed with security in mind about getting data safely & reliably from one place to another OSI model (1978 on) ordered protocols into a 7- layer stack: based on TCP and IP protocols user system security already built in at the session layer no inherent security for data on the move each device must have an IP address

24 Network-Network Connectivity
Most networks now use TCP/IP for Internet connectivity based on digital data sent in 1000 byte chunks called “packets” Devices must have an IP address to participate in TCP/IP theoretically visible across the network/Internet otherwise, packets couldn’t be navigated to it!

25 Navigating Data within a TCP/IP network
Data on a network device could be: located using device IP address copied to another IP address on the network Just need: access via computer (logon? anonymous…) an appropriate level 7 protocol service (e.g. NFS – network file system, part of the TCP/IP suite) really is as simple as that!!!

26 Copying, Changing, or Deleting Data on a networked computer
Data could be tapped in exactly the same way on any device on the Internet! just needs an IP address to participate on the Internet packets going to that computer have a destination IP address in the header; headers can easily be read NFS protocol can be used to manage data remotely on that computer – could include copying or deleting data, or even BOTH!

27 Technologies for Implementing Security Controls
The rest of this session focuses on securing data on network devices, and associated storage routers and switches hard disks, flash memory & CDs digital backup tapes USB sticks…

28 Client-Server Network: do’s and don'ts for administrators
Only allow authorised (and TRUSTED) users to gain access to the network ensure users are always properly authenticated Only allow network administrators to have full access Monitor the network continually to provide alerts that unauthorised access is being sought Encrypt data that will be sent through UTP cables and/or held on computers that are connected to the Internet When using the www, use secure versions of network protocols and/or tunnelling protocols to encapsulate and hide data

29 The Virtual Private Network
Secure sending of data through the Internet Only use a restricted and very secure set of Internet routers No IP address broadcasting needed… all packets use the same route! IP tunnelling protocol encapsulates data normal Internet users will therefore not be able to see the sending, receiving, or intermediate IP addresses data sent is encrypted Potential hackers don’t get a look in!

30 Types of Network Hardware
Data can be captured between devices… could also be copied/compromised on any device with processing ability Devices categorised into two types: end devices (for input or output) connecting devices (passing data on…)

31 Addressing and Network Devices
Addressing possible at two of the OSI software levels/layers: Hardware-compatible layer uses MAC addresses Internet-compatible layer uses IP addresses ARP (Address Resolution Protocol) converts addresses from IP to MAC

32 End Devices Computers Dumb Terminals Printers VOIP phones Scanners
Anything that inputs or outputs…

33 Connecting Devices Routers or Firewalls Switches Hubs & Repeaters
computers with two network interfaces routers use IP addresses (OSI layer 3) firewalls also use TCP ports (level 4) Switches also two network cards work with MAC addresses (OSI layer 2) Hubs & Repeaters no processing but can boost signals

34 Connecting Devices & Configuration
One of the keys to security… Routers & Switches often configured via Windows interface fine for small, simple changes More complex changes need a command line interface (CLI)

35 Simulating a Network CISCO software: Packet Tracer
Drag and drop tool used for planning and implementing networks very useful also for finding out about network infrastructure and connectivity! practical after the break…

36 Also download CISCO Packet Tracer for your own use… http://getintopc

Download ppt "Richard Henson University of Worcester October 2017"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Connecting to a computer Network Network interface Card (NIC) Connecting Devices Network Cables Wireless Networks Network Topology Network Operating System.

Connecting to a computer Network Network interface Card (NIC) Connecting Devices Network Cables Wireless Networks Network Topology Network Operating System.
Shalini Bhavanam. Key words: Basic Definitions Classification of Networks Types of networks Network Topologies Network Models.

Shalini Bhavanam. Key words: Basic Definitions Classification of Networks Types of networks Network Topologies Network Models.
Lesson 3 – UNDERSTANDING NETWORKING. Network relationship types Network features OSI Networking model Network hardware components OVERVIEW.

Lesson 3 – UNDERSTANDING NETWORKING. Network relationship types Network features OSI Networking model Network hardware components OVERVIEW.
Computer Networks Eyad Husni Elshami. Computer Network A computer network is a group of interconnected computers to share data resources ( printer, data.

Computer Networks Eyad Husni Elshami. Computer Network A computer network is a group of interconnected computers to share data resources ( printer, data.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
4 Network Hardware & Software Network Operating systems: software controlling traffic on the network 2 types of s.ware: server software &client software.

4 Network Hardware & Software Network Operating systems: software controlling traffic on the network 2 types of s.ware: server software &client software.
1 Network Strategy By Mr J. Sloan. Ideas Protocol WAN LAN Node What is a… Workstation File Server Print Server.

1 Network Strategy By Mr J. Sloan. Ideas Protocol WAN LAN Node What is a… Workstation File Server Print Server.
This is the way an organisation distributes the data across its network. It uses different types of networks to communicate the information across it.

This is the way an organisation distributes the data across its network. It uses different types of networks to communicate the information across it.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.
1 3 Computing System Fundamentals 3.4 Networked Computer Systems.

1 3 Computing System Fundamentals 3.4 Networked Computer Systems.
Computer communication

Computer communication
Chapter 5 Networks Communicating and Sharing Resources

Chapter 5 Networks Communicating and Sharing Resources
Networks. What is a Network? Two or more computers linked together so they can send and receive data. We use them for sending e-mails, downloading files,

Networks. What is a Network? Two or more computers linked together so they can send and receive data. We use them for sending s, downloading files,
Networking and Operating Systems. Networking What is it? Things that are hooked together. Computer Network- Computers that are connected together.

Networking and Operating Systems. Networking What is it? Things that are hooked together. Computer Network- Computers that are connected together.
Slide 1 What is a Computer Network? A computer network is a linked set of computer systems capable of sharing computer power and resources such as printers,

Slide 1 What is a Computer Network? A computer network is a linked set of computer systems capable of sharing computer power and resources such as printers,
By Kyle Slinger.  A network is where you can send information to and from different PCs.

By Kyle Slinger.  A network is where you can send information to and from different PCs.
Chapter 13 – Network Security

Chapter 13 – Network Security

Similar presentations

Ads by Google