Download presentation
Presentation is loading. Please wait.
Published byAron O’Neal’ Modified over 8 years ago
1
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses
2
Introduction We’ve discussed the threats from hackers Since 9/11 there has been increasing concern of attacks from cyber terrorists Cyber terror attacks are not considered weapons of mass destruction but rather, weapons of mass disruption
3
Intro (2) Areas feeling most pressure are: telecommunications, transportation, financial services, and chemical, water, energy, and power grid industries These are critical infrastructures which our national economy depend upon Perfect security is impossible This chapter introduces defensive technologies and reconnaissance tools
4
Intro (3) This chapter presents material covering tier 4 of the DLM Multiple and diverse layers of security SW, HW, and auditing systems are necessary Used to validate and enforce AUPs, secure-use practices Serve as necessary countermeasures to stop spread of malware, monitor for illegal activity, and filtering inbound and outbound packets
5
Factors Driving the Need for Diverse Technology Layers Growth in Computer Crime 28% increase in Internet attacks and almost 200,000 of them were successful 50 or more new comp viruses created each wk FBI estimated that losses by US businesses exceeded $7 billion in 2001 This does not include costs of fraud or damages by disgruntled or corrupted employees Remember estimates are usually low -- why?
6
More Factors Driving the Need for Diverse Tech Layers Growth in SW Complexity and Flaws Complexity and design flaws have caused SW and OS’s to become more vulnerable to malware Many companies make obvious security mistakes - introducing wireless networks or IM w/o encryption and firewalls Intranets w/o adequate security checkpoints
7
More Factors Driving the Need for Diverse Tech Layers Growth in Release Rate of Security Patches and Service Packs Since new SW vulnerabilities is now around 50/wk and IT managers spend an avg of 2 hrs/server to test and deploy a patch Estimate is total cost to a company w/ 1,000 servers is roughly $300,000 per patch There are now tools to automate and manage server and desktop patches but it is a problem IT staff need to focus on keeping networks and systems working hard to have time to deal w/ complex security component
8
Security Technology No “Out of the box” Solutions No defense tools are usable out of the box - it is necessary to correctly install and monitor your security mechanisms The security tools that are available have varying deployment costs, installation or implementation complexity, operational and maintenance costs, and potential to be effective
9
Security Technology (2) Many believe that having a firewall installed will offer automatic protection They still need to be maintained What kind of maintenance? Tools and Targets technology tools for security can be expensive to purchase and maintain They are targets of hackers -- when broken they are hardened by defenders then hackers begin cycle again…. Look at @Lert on pg. 115
10
Multilayered, Diverse Technology Infrastructure Read Cyberbrief on pg. 116 Note that an organizations effectiveness in using technology to protect against hacker attacks and lawsuits improves w/ regular auditing of networks, applications, and employees for signs of vulnerability or unauthorized use
11
Characteristics of a Defensive Technology Infrastructure p 116 A defensive technology infrastructure depends on appropriate security technologies Properly installed and configured at correct checkpoints Placed on each device connected to the network Continuously maintained, patched, and audited With incident response and disaster recovery plans in place Routinely tested by people /w technology expertise Security company Foundstone predict that the success of security is directly related to the location of the security officer in the organizational chart. (Why? See pg. 117)
12
Underlying Technical Issues Functional (Critical) requirements of HW and SW Six of them are listed – important Confidentiality Integrity Authenticity Nonrepudiation Accountability Availability How to remember them? AAAINC?
13
Some pieces of the HW TCP/IP IP address Ports File Integrity Checker (checksum) Routers You read these short sections
14
Perimeter and File Protection Maintaining Confidentiality and Integrity What types of tools can assist us in confidentiality and integrity Several tools to protect against or to monitor intrusion Firewalls Intrusion Detection Systems Access control and virtual private networks (VPN) Biometrics and tokens Antivirus Software Cryptography/encryption Public key infrastructure (PKI) and certificates
15
Firewalls Protect one computer network from another and often protect one part of a company’s network from the rest of another Permits or denies certain types of traffice to pass through based on the source address in the IP packet Firewall looks at individual IP packets and decides what to allow or deny based on the rules of the configured firewall.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.