Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMP1321 Networks in Organisations Richard Henson March 2014.

Published byJemima Pitts Modified over 9 years ago

Similar presentations

Presentation on theme: "COMP1321 Networks in Organisations Richard Henson March 2014."— Presentation transcript:

1 COMP1321 Networks in Organisations Richard Henson March 2014

2 Protecting Organisational Data n By the end of this session you should be able to: –explain why the internal network user is potentially a threat –explain the importance of protecting entry to the network by outsiders –suggest ways to identify vulnerabilities of the network, so action can be taken to reduce the risk

3 Network Management n A network manager has two (conflicting?) responsibilities –provide facilities and services that users need to do their jobs –protect the network against abuse by naïve or malign users n General perception (by users!)… –network managers are more concerned with “protecting the network” than servicing the needs of its users

4 The “good insider”.. Threat (?) n Users: employees, who (generally) want to do their job, and do it well… n Possible conflict with the “security-orientated” or “nanny-state” approach to network management n Personal opinion: needs balance –the network IS there for the benefit of the users… »fulfill business objectives –the network MUST be as secure as reasonably possible »protect valuable company data

5 “unthinking” insiders n Employees who do stupid things on the network –bring in viruses –spread passwords around –forward email inappropriately –engage with phishing emails… –etc…

6 Bad Insiders n Could be disillusioned –just plain corrupt –maybe a temp? n Could cause real damage –bring network down –put company out of business…

7 What to do about the Insider Threat? n A matter for organisational management –Establish policy »negotiated with users… –Educate/train users –Enable breaches of policy to be detected… –Enforce policy!

8 What about Outsiders? n Two types: –employees working “in the field” –the rest of the world… n Organisational management can’t enforce policy on the latter… –network only protected through good, well- resourced network management

9 ... Firewall INTERNET Internal Network Firewalls: checking/blocking data coming in and out…

10 Do we have a problem? n Perceptions “from the inside” quite different from “outside looking in”

11 Should we find out…? n Almost impossible to tell if the network is secure from within… –could just hope so (!) –could go outside, and try to penetrate defences –better still, the organisation could get a benign expert to do it for them…

12 Assuming no security… n Data cannot be made completely secure if it uses a public network –naïve to think so n Also (especially…) true on a wireless public network –necessary to have a system that ensures data that is hacked en route is unintelligible

13 Authentication had better be good… n Generally means control via the desktop or application layer –Browser/Windows desktop n If Internet-based, should use PKI »public-key encrypted email n user digital certificate tied to computer & email address »public-key encrypted web pages n use https protocol n server has an SSL certificate

14 End-device controlled security n Two types of identification (as in previous e.g.): –via computer (device) ID –via user ID n Either/both can (should?) have a password to control access

15 Security & Privacy n Closely related technologies –important differences n Privacy –about informational self-determination »ability to decide what information about you goes where n Security –offers the ability to be confident that privacy decisions are respected

16 Privacy, Security, and Websites n Many potential vulnerabilities…. –openly displayed “sensitive” text n “Hidden” web pages not really hidden n Access to web server, or ftp server, by finding website administrators details… n Hacking web databases via SQL Injection…

17 Privacy, Security and Mobile Networks n Mobile voice privacy –can someone listen in on my call? »privacy goal: allow user to say no »security technology, e.g. encryption: allows user to enforce it n Sometimes goals of security and privacy are the same –other times orthogonal, or even in conflict

18 Security/Privacy v Availability n “I want it all, and I want it now…” –http://www.youtube.com/watch?v=1pm4fQ Rl72k http://www.youtube.com/watch?v=1pm4fQ Rl72khttp://www.youtube.com/watch?v=1pm4fQ Rl72k n “Only if your request conforms with the rules…” –society: bad for other people –organisational: confidentiality –personal: human rights

19 Balancing Rules on Privacy/Security n Ideal: –keeps the data secure… –allows the user freedom to do their job, participate in legitimate leisure activity, etc. n Unnecessarily restrictive or unexplained rules… –users get frustrated…

20 NOT Getting the balance right… n Worrying survey & report (BBC, 19/11/10): http://www.bbc.co.uk/news/business- 11793436 http://www.bbc.co.uk/news/business- 11793436 http://www.bbc.co.uk/news/business- 11793436 n BBC’s own network users so frustrated about IT restrictions stopping them doing their jobs that many (typically 41% according to a CISCO survey) ignored the rules! n Is it the same everywhere? n Is it any better today?

Download ppt "COMP1321 Networks in Organisations Richard Henson March 2014."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Chapter 12 Network Security.

Chapter 12 Network Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Virtual Private Network

Virtual Private Network
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Digital Citizenship Project

Digital Citizenship Project
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.

Similar presentations

Ads by Google