7/27/2019 Ch06 Student F13

1/34

Chapter Six

IS Network

and

Telecommunications Risks

7/27/2019 Ch06 Student F13

2/34

2

Topics Addressed in Chapter 6

Network and Telecommunications Technologies

IT Network and Telecommunications Risks

IT Network and Telecommunications Security

Auditing Network Security

Auditing Switches, Routers and Firewalls

Auditing WLAN and Mobile Devices

7/27/2019 Ch06 Student F13

3/34

Network & Telecommunications

Technologies

A stand-alone computer has a limited amount

of risk associated with it.

As computers are connected to form networks,

risk can increase exponentially.

IT auditors need to know different kinds of

networks, specific risks within anorganizations network and tools to protect the

systems from these risks.

3

7/27/2019 Ch06 Student F13

4/34

Network Components

Components in a computer network:

Computers and terminals (dumb or smart)

Telecommunications channels (physicalor wireless)

Telecommunications processors

Routers and switching devices

7/27/2019 Ch06 Student F13

5/34

2-5

General Message Organization

General Message Syntax (Organization)Header and trailer are further divided into fields

Trailer Data Field Header

Other

HeaderFieldDestinationAddress

Field is

Used by Switches and

Routers

Like the Address on an

Envelope

Message withall three parts

7/27/2019 Ch06 Student F13

6/34

Primary Network Topologies6

7/27/2019 Ch06 Student F13

7/34

CSI/FBI Survey

Companies Face Many AttackViruses (and other malware)

Insider abuse of net access

Laptop theft

Unauthorized access by insiders

Denial-of-service attacks

System penetration

SabotageTheft of proprietary information

Fraud

Telecoms eavesdropping and active wiretaps

In Order of

Decreasing Frequency

7/27/2019 Ch06 Student F13

8/34

CSI/FBI Survey

Very Common Successful Incidents

Viruses and other malware

Insider abuse of net access

Laptop theft

Low-Frequency / High-Damage Attacks

Theft of proprietary information ($2.7 M / incident)Denial of service attacks ($1.4 M / incident)

7/27/2019 Ch06 Student F13

9/34

Network Types

Various ways to categorize

telecommunications network:

In terms of distance: local area networks and widearea networks

In terms of ownership: internet, intranet, extranet

Virtual private networks (VPN)Client/server networks

7/27/2019 Ch06 Student F13

10/34

Virtual Private Networks (VPNs)

CorporateSite A

VPN

Gateway

VPN

Gateway

RemoteAccess

VPN

Tunnel

Internet

Remote

Corporate

PC

Site-to-Site

VPN

CorporateSite B

Protected

Client

Protected

Server

A VPN is communication ov er theInternet with added security

Host-to-Host

VPN

Site-to-site VPNsprotect traffic between sites

Will dominate VPN traffic

7/27/2019 Ch06 Student F13

11/34

Network Protocols and Software

Open Systems Interconnect (OSI) model

a standard architecture for networking that

allows different computers to communicate

across networks

Network and telecommunications software

network OS, networks management software,

middleware, web browsers, e-mail software

7/27/2019 Ch06 Student F13

12/34

7/27/2019 Ch06 Student F13

13/34

7/27/2019 Ch06 Student F13

14/34

7/27/2019 Ch06 Student F13

15/34

IT Network and

Telecommunications Risks

Social Engineering

Physical Infrastructure Threats

the elements, natural disasters, power supply, intentionalhuman attacks

Programmed Threats

viruses, worms, Trojan horses, hoaxes, blended threats

Denial of Service Attacks

Software Vulnerabilities

7/27/2019 Ch06 Student F13

16/34

Malware

Malware

A general name for evil software

Viruses

Pieces of code that attach to other programs

When infected programs execute, the virus executes

Infects other programs on the computer

Spreads to other computers by e-mail attachments,IM, peer-to-peer file transfers, etc.

Antivirus programs are needed to scan arriving files

Also scans for other malware

7/27/2019 Ch06 Student F13

17/34

Malware Worms

Stand-alone programs that do not need to attach toother programs

Can propagate like viruses through e-mail, etc.

But this require human gullibility, which is slow

Vulnerability-enabled worms jump to victim hostsdirectly

Can do this because hosts have vulnerabilities

Vulnerability-enabled worms can spread withamazing speed

Vendors develop patches for vulnerabilities but

companies often fail or are slow to apply them

7/27/2019 Ch06 Student F13

18/34

Malware

Payloads

After propagation, viruses and worms execute their

payloads (damage code)

Payloads erase hard disks, send users to pornography

sites if they mistype URLs

Trojan horses: exploitation programs disguise

themselves as system files

7/27/2019 Ch06 Student F13

19/34

Malware

Attacks on Individuals

Social engineeringtricking the victim into doing

something against his or her interests

Spamunsolicited commercial e-mail

Credit card number theft is performed by carders

Identity theft: collect enough data to impersonate the

victim in large financial transactions

Fraud: get-rich-quick schemes, medical scams

7/27/2019 Ch06 Student F13

20/34

Malware

Attacks on Individuals

Adware pops up advertisements

Spyware collects sensitive data and sends it to an

attacker

Phishing: sophisticated social engineering attack in

which an authentic-looking e-mail or website enticesthe user to enter his or her username, password, or

other sensitive information

7/27/2019 Ch06 Student F13

21/34

Human Break-Ins (Hacking)

Human Break-Ins

Viruses and worms rely on one main attack method

Humans can keep trying different approaches untilthey succeed

Hacking

Breaking into a computer

Hacking is intentionally using a computer resource

without authorization or in excess of authorization

7/27/2019 Ch06 Student F13

22/34

Human Break-Ins (Hacking)

Scanning Phase

Send attack probes to map the network

and identify possible victim hosts

Nmap programming is popular

7/27/2019 Ch06 Student F13

23/34

Figure 9-4: Nmap

IPRange to

Scan

Type of

Scan

Identifie

d Hostand

Open

Ports

7/27/2019 Ch06 Student F13

24/34

Social Engineering

Social engineers use their personalities and

social skills to obtain confidential

information or unauthorized access.

Learn about the target organization

Pretend to be an IT employee or upper level

manager

Cajole or threaten the staff to get theinformation

24

7/27/2019 Ch06 Student F13

25/34

Social Engineering Controls

Create and monitor a strict authentication policy for use by technical support personnel

Control public availability of information about employee and their contact information

Strictly monitor remote access

Create strict firewall rules regarding outbound traffic

Train employees in social engineering tactics

Limit the amount of private/confidential information available to any one employee

Remind employees to be skeptical in opening unexpected email attachments

Use penetration to evaluate the effectiveness of other social engineering controls

25

7/27/2019 Ch06 Student F13

26/34

Denial of Service Attacks

A denial of service (DOS) attack occurs when a system is

tied up and unable to perform its functions.

Three-way handshake:

A sends an SYN packet to B

B accepts and acknowledges it with SYN/ACK

A returns an acknowledgment of the SYN/ACK and establishes a

connection

When multiple messages are sent from A to B with the

connections left open, B is tied up trying to makecontinuous ACK connections.

26

TCP S i O i d Cl i

7/27/2019 Ch06 Student F13

27/34

TCP Session Openings and Closings

SYN

SYN/ACK

ACK

Normal Three-Way Opening

A SYN segment is a segment in which the SYN bit is set.One side sends a SYN segment requesting an opening.

The other side sends a SYN/acknowledgment segment.

Originating side acknowledges the SYN/ACK.

7/27/2019 Ch06 Student F13

28/34

Distributed Denial-of-Service Flooding Attack

Victim

60.168.47.47

Attacker

1.34.150.37

Handler

Handler

Zombie

Zombie

Zombie

Attack

Command Attack Packet

Attack Packet

Attack Packet

Attack

Command

Attack

Command Attack

Command

Attack

Command

The attacker installs handler and zombie programs on victims

The attacker sends an attack command to handlers.

Handlers send attack commands to zombies.

The zombies overwhelm the victim with attack packets.

7/27/2019 Ch06 Student F13

29/34

IT Network and

Telecommunications Security

A network security defense system:

Network security administration: create a network

security plan, develop and communicate a securitypolicy for network resources, and managepasswords.

Authentication: ensuring that users are who they

say they are.Encryption: scramble or code data so that no one

will understand without a decoder decryption key.

7/27/2019 Ch06 Student F13

30/34

IT Network and

Telecommunications Security

A network security defense system:Firewalls: combine software and hardware to allow

only desirable traffic.Intrusion Detection Systems: record unsuccessfulaccess attempt and other anomalies, and detectunauthorized activities.

Penetration Testing: penetrate an information systemto learn about the logical access vulnerabilities.General testing tools include war dialing, portscanning, sniffers, and password crackers.

7/27/2019 Ch06 Student F13

31/34

31

7/27/2019 Ch06 Student F13

32/34

32

7/27/2019 Ch06 Student F13

33/34

33

7/27/2019 Ch06 Student F13

34/34