Post on 28-Dec-2015
UNIT 15 WEEK 4 CLASS 2LESSON OVERVIEWPete LawrenceBTEC National Diploma Organisational System Security
Overview
Recap Keeping systems and data secure
Physical Security Biometrics Software and network security
Focus on Call back, Handshaking, Diskless networks, Backups & Audit logs.
Focus on Firewall configuration and management, virus management and control, Virtual Private Networks (VPNs), intrusion detection systems and traffic control technology, passwords, Levels of access to data and software updating.
Software and network security
To combat intrusion and subversion of a
networked computer system and
commonplace accidental damage to data and
resources, all ICT systems need to employ an
extensive range of security and data
management techniques and technologies.
Examples of counter measures
Encryption techniques
Encryption is a method of converting
normal information such as text, images
and media into a format which is
unintelligible unless you are in
possession of the key that is the basis of
the conversion.
Examples include
Examples include
• WEP (Wireless equivalence protocol) used in wireless systems allow all members of a wireless system to share a common private key which is used to encrypt all data transmitted the WEP key needs to be typed into the wireless settings on the mobile device. • Two standards 64-bit and 128-bit keys.• WEP keys are binary but can be entered in hexadecimal, as this has a direct mathematical relationship and is more a understandable format
WEP
Encryption Home
Simple ciphers (Caesar cipher)
http://secretcodebreaker.com/ciphrdk.html
Ciphers that use a key DES (Data Encryption Standard)
http://en.wikipedia.org/wiki/Data_Encryption_Standard#History_of_DES
RSA encryption (public and private key using prime numbers)
http://video.google.co.uk/videoplay
MD5 Hash
http://video.google.co.uk/videosearch?q=md5+hash
WEP (Wireless equivalence protocol)
http://news.bbc.co.uk/2/low/technology/6595703.stm
Call back Home
Dial-up systems using modems are used to establish a call back connection. The network administrators can dial into a network device like a server and it will call them back, on a pre-configured number which must be a trusted, registered line.
Q. What are the main problem with using this technology.
A. Slow connection transfers and uses dated technology.
Q. So why use it
A. 1 While dial-up may seem out of date, many remote areas and developing regions still use this technology
2 Modems are reliable and are still used as a backup connection to gain direct access to a network router in case of a major failure to the main incoming line (which could be caused by a hacker).
Handshaking Home
Handshaking techniques like CHAPS (Challenge Handshake Authentication Protocol) are used to establish a trusted connection with between hosts on a public communication s line, such as a WAN (Wide Area Network) which is considered not to be a trusted media type.
Diskless Networks
One of the greatest risks of data being stolen is caused by the ability to easily transfer data from a computer to a mobile storage device.In diskless networks workstations tend not to have:
Optical drives (CD /DVD) USB Ports (Windows can be configured
to not recognised new USB devices) BIOS lockdown
Diskless Networks cont..Home Some systems also prevent local hard drive
access, either by applying local restrictions which prevent the user from viewing, adding and removing files or removing local hard drives completely using terminal services which boot the computer from a remote location, the operation system is loaded into memory. Examples include: remote desktop (XP and Vista); VNC (Virtual Network Computing); Linux X-Windows also offers similar facilities.
Backup, Restore and Redundancy The use of backups and restoration of data
are critical in ensuring that data is safe and secure. Having centrally managed backup system, where all the data is safely copied in case of system failure, with everyone following the same standards, is essential.
Backing up data is a critical role of a network administrator. The frequency of a backup will depend on the size, type and nature of an organisation. Daily backup and normal.
Backup, Restore and Redundancy cont… Home Different types of backup include
Incremental and differential Considerations include; the quantity of
data, the appropriate media, frequency including times and the storage locationRedundancy is managed by servers running RAID (Redundant array of independent disks) which is a live backup mechanism with multiple hard disks maintaining multiple images of the data
Audit Logs Home
Keep a record of network and database activity
They record who has done what, where and when
Reference to the service accessed and the identity of the user.Syslog is one of the most common systems in use to maintain simple, auditable records of system activity across a network. The syslog server stores all access records for the network administrator to review.
Firewalls
Simple home use firewall are automatic and seldom require user intervention. Commercial firewall configuration is essential to ensure efficient and effective movement of data.
Firewalls block unwanted traffic, configure with care. In systems where data has enter into the network (such as a Email or Web server), two or more firewalls maybe installed to offer zones of security, allowing different security levels depending on the direction of the traffic.
Firewalls cont… Home
Many firewall work in conjunction with NAT (Network Address Translation) Systems, with the internal devices all hidden behind one (or a small group of) external IP address /addresses
There are 65536 UDP ports and 65536 TCP ports, as well as ICMP, IP and other protocols
Virus Management
Virus checking software come in many shapes and sizes, from those which only cover viruses, trojans and worms to comprehensive integrated security suites that interact with a firewall and the operation system.
Anti-virus checking system are only as good as the databases (dictionaries/dat files) ensure these are kept up to data
AV software runs in the background check for the icon in the system tray
Virus Management cont…
scan each file as it is opened for any ‘fingerprints’ which match the virus definitions
Identifies any ‘suspicious’ activity from a running programCorporate anti-virus system must be deployed centrally as well as local computers. Many companies will:
have a sever which downloads the latest definitions and distribute them to workstation
Virus Management cont..Home Monitor all incoming and outgoing traffic
(including attachments) for potential threats, this may be via a router, proxy, server or firewall
Use anti-virus software in partnership with administration policies to prevent systems running unacceptable software (hacking programs and games) by finding the MD5 hash for each application.
AV is used in conjunction with anti-spyware tools like windows defender
VPN’s Home
The use of VPNs allows organisations to communicate from site to site across a public system (like the internet) via a tunnel which is a agreed route for all encrypted traffic.
Therefore VPNs create a trusted connection on a system which is not trusted.
There are many protocols and methods used in the management of VPNs; the primary purpose of these is to prevent snooping and fraudulent authentication.
Intrusion Detection Systems
These go beyond the role of a firewall and will monitor traffic for undesirable manipulations from hackers and the tools they may use.
Passive systems record hacking attempts for the networks administrator to action.
Reactive systems (intrusion prevention systems) reconfigure the firewall to block the intrusion
Intrusion Detection Systems cont…Home Traffic control is managed using a
access-control list (ACL) and routing protocols.Access
list 101
Permit
TCP 192.16.0.0
0.0.0.255
172.16.10.16
0.0.0.15
Eq 80
This is a rule that has a unique number
Can be permit or deny
This could be TCP, UDP or IP
Source network device or range of devices
This is the source wildcard mask *
Destination network device or range of devices
Destination wildcard mask *
Is equal to TCP port 80
Rules are in lists and executed in order when the conditions matchIf you have a ‘deny FTP’ before an ‘permit FTP, then traffic will never be allowed ACL have a default deny all at the end. If you only write permits all other traffic is denied
Passwords
Password management is essential. Tried and tested Most commonly used in all areas of
organisational system security. Organisational policies include;
Not writing down passwords Change passwords periodically (7-90 days) Use strong passwords with eight or more
characters Use a nonsense password to avoid social
engineering.
Passwords cont…Home
How to think of a nonsense password. Try mixing nouns (names) and adjectives (something that modifies a noun). For example
Many systems will log failed attempts when users forget their password, with their username being locked out after three failed attempts.
Adjective Noun
Red Chicken
Atomic Snail
Hyper Cucumber
Micro Titan