Download presentation
Presentation is loading. Please wait.
Published byJemima Pitts Modified over 9 years ago
1
COMP1321 Networks in Organisations Richard Henson March 2014
2
Protecting Organisational Data n By the end of this session you should be able to: –explain why the internal network user is potentially a threat –explain the importance of protecting entry to the network by outsiders –suggest ways to identify vulnerabilities of the network, so action can be taken to reduce the risk
3
Network Management n A network manager has two (conflicting?) responsibilities –provide facilities and services that users need to do their jobs –protect the network against abuse by naïve or malign users n General perception (by users!)… –network managers are more concerned with “protecting the network” than servicing the needs of its users
4
The “good insider”.. Threat (?) n Users: employees, who (generally) want to do their job, and do it well… n Possible conflict with the “security-orientated” or “nanny-state” approach to network management n Personal opinion: needs balance –the network IS there for the benefit of the users… »fulfill business objectives –the network MUST be as secure as reasonably possible »protect valuable company data
5
“unthinking” insiders n Employees who do stupid things on the network –bring in viruses –spread passwords around –forward email inappropriately –engage with phishing emails… –etc…
6
Bad Insiders n Could be disillusioned –just plain corrupt –maybe a temp? n Could cause real damage –bring network down –put company out of business…
7
What to do about the Insider Threat? n A matter for organisational management –Establish policy »negotiated with users… –Educate/train users –Enable breaches of policy to be detected… –Enforce policy!
8
What about Outsiders? n Two types: –employees working “in the field” –the rest of the world… n Organisational management can’t enforce policy on the latter… –network only protected through good, well- resourced network management
9
... Firewall INTERNET Internal Network Firewalls: checking/blocking data coming in and out…
10
Do we have a problem? n Perceptions “from the inside” quite different from “outside looking in”
11
Should we find out…? n Almost impossible to tell if the network is secure from within… –could just hope so (!) –could go outside, and try to penetrate defences –better still, the organisation could get a benign expert to do it for them…
12
Assuming no security… n Data cannot be made completely secure if it uses a public network –naïve to think so n Also (especially…) true on a wireless public network –necessary to have a system that ensures data that is hacked en route is unintelligible
13
Authentication had better be good… n Generally means control via the desktop or application layer –Browser/Windows desktop n If Internet-based, should use PKI »public-key encrypted email n user digital certificate tied to computer & email address »public-key encrypted web pages n use https protocol n server has an SSL certificate
14
End-device controlled security n Two types of identification (as in previous e.g.): –via computer (device) ID –via user ID n Either/both can (should?) have a password to control access
15
Security & Privacy n Closely related technologies –important differences n Privacy –about informational self-determination »ability to decide what information about you goes where n Security –offers the ability to be confident that privacy decisions are respected
16
Privacy, Security, and Websites n Many potential vulnerabilities…. –openly displayed “sensitive” text n “Hidden” web pages not really hidden n Access to web server, or ftp server, by finding website administrators details… n Hacking web databases via SQL Injection…
17
Privacy, Security and Mobile Networks n Mobile voice privacy –can someone listen in on my call? »privacy goal: allow user to say no »security technology, e.g. encryption: allows user to enforce it n Sometimes goals of security and privacy are the same –other times orthogonal, or even in conflict
18
Security/Privacy v Availability n “I want it all, and I want it now…” –http://www.youtube.com/watch?v=1pm4fQ Rl72k http://www.youtube.com/watch?v=1pm4fQ Rl72khttp://www.youtube.com/watch?v=1pm4fQ Rl72k n “Only if your request conforms with the rules…” –society: bad for other people –organisational: confidentiality –personal: human rights
19
Balancing Rules on Privacy/Security n Ideal: –keeps the data secure… –allows the user freedom to do their job, participate in legitimate leisure activity, etc. n Unnecessarily restrictive or unexplained rules… –users get frustrated…
20
NOT Getting the balance right… n Worrying survey & report (BBC, 19/11/10): http://www.bbc.co.uk/news/business- 11793436 http://www.bbc.co.uk/news/business- 11793436 http://www.bbc.co.uk/news/business- 11793436 n BBC’s own network users so frustrated about IT restrictions stopping them doing their jobs that many (typically 41% according to a CISCO survey) ignored the rules! n Is it the same everywhere? n Is it any better today?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.