Ensuring Network Security

Planning for Security 4 major threats

Unauthorized access Electronic tampering Theft –data and hardware Intentional/unintentional damage

Managing Security

10

Threat identificationWhat am I trying to protect?

What do I need to protect data from?

How likely is the threat?

What is the cost of breached security?

How can I protect data cost effectively?

Helpful sites

CERT (Computer Emergency Response Team) http://www.cert.org

BugTraq Subscription service

Rootshell ( all systems large numbers of reports)

http://slashdot.org/articles/98/10/28/228210.shtml Security focus ( all systems)

http://www.securityfocus.com) http://cve.mitre.org/

3 security traps

Security through obscurity works in the reverse

Social engineering, fishing for information does work, educate the users

Physical security, stops accidents and theft of data and parts

Level of Security Setting Policies

Establish rules,regulations and policies Set the tone and guide the users

Train the users on the policies Prevention

Take a proactive approach Authentication

Keep the data safe from unauthorized access Network authentication is the first line

of defense

Secure the Equipment Isolate and lockup servers

Protect from accidental and deliberate tampering

Secure the cables Keep intruders away from cable

Limit physical access to network Benefit of isolated cable is a reduction in

RFI

•Security Models Password Protected Shares

Share level security Security information attached to resource Applies to every user of resource Windows 95 model

Access Permissions User level security Access to the resource is checked against a

user-access database on the server Users have passwords but resources have

permissions Assigning permissions is done through groups

•Security Enhancements Firewalls

Combination of hardware and software Protection from external threat

Prevent direct communication with systems outside the network

Communication is routed through a proxy server Proxy filters and discards requests or data not considered

appropriate

Network activity is audited Tracks

Logon attempts- failed and successful Connection and disconnection from resources and systems Disables accounts Creation,deletion,opening and closing files Events and modifications, including password changes

•Enhancements…. Diskless computers

Boot ROM on NIC No disk to store data or copy to and from

Data Encryption Best encryption is hardware based Translation standard is Data Encryption Standard

(DES) Specifies key to decryption Have to transfer key

Commercial COMSEC Endorsement Program (CCEP) Newer standard may replace DES Approved vendors can incorporate classified algorithms

in communication systems

•Computer Viruses Boot sector virus

First sector of floppy or disk Executes on boot Copies to other media

File infector Activates when a file is used

Companion virus– uses name of real program with different extension

Macro virus- written as a macro for application Attaches to files accessed by the application

Polymorphic Virus- changes appearance on replication Stealth virus- hides from detection

Intercepts the probe and returns false information

•Virus Propagation Internet has opened new pathways

for spread of viruses E-mail is major source

Sends itself to addresses in address books

Trojan horse temps victims Any means of information

exchange provides potential path

•Consequences of Viruses System won’t boot Data is corrupted Erratic operation Lost partitions on disk Reformatted drive More than one misbehaving

workstations Denial of service attacks

•Virus prevention Good antivirus software

Warn Stop activation Remove Repair Check spread

Prevention No unauthorized access Well planned access and privilege assignments User profiles Software load policy Virus protection rules and training

Implementing SecuritySetup the security systemMake it as fool proof as possibleTrain network users about:

Why security existsHow to use securityConsequences of noncompliance

10

Maintaining SecurityMonitor security to assure that:

It is accomplishing its goalsIt is working as intended

Modify as neededThe best laid plans……

10

•Healthy Environment Recognize the effect of the

environment Climatic- cold, humidity, office

Degradation is usually over time not sudden

•Create the Right Environment Temperature

Avoid cycles of hot and cold Humidity

High -Promotes corrosion and thus friction temperature

Low– promotes static discharge 50-70 percent is good

Dust and smoke Acts as insulator and conductor

Human factors Industrial Factors

Noise, EMI, vibration

•Site Disaster Anything that causes you to lose data Recovery is hardware and DATA

replacement

Avoiding Data LossTape backupUninterruptible power supply (UPS)Fault-tolerant systemsDisk mirroringDisk striping with parity

10

Tape BackupFirst line of defense against data

lossRegular scheduled backupsSchedule, assign personnel, signoff logVerify success of backupUse a safe tape storage locationTest the restore ability of the tapes

10

•Implementing Backup System If you can’t get along without it …

back it up Tape drive should have capacity to backup the

largest server Backup methods

Full-marks as backed up Copy- does not mark Incremental- backs up and marks files changed since

last backup Daily copy – modified that day, no mark Differential- changed since last backup no mark

Maintain a backup log

UPSUninterruptible power supplyBattery to keep server running when power failsBuilt in conditioning & surge protectionNot for laser printers-high current draw

10

UPS as Backup Power Source

19

Fault Tolerant SystemsRaid technology

LevelsLevel 0 Striping

64k blocks divided equally across disk– no redundancy2-32 drivesLarge logical disk

Level 1 Disk mirroringTwo drives, single controller

Disk duplexingTwo drives, two controllersDisadvantage is disk space required

Level 2 Striping with ECCBlock is distributed across stripes

10

Disk Striping Combines Areas on Multiple Drives

20

Disk Mirroring Duplicates a Partition on Another Physical Disk

21

•Raid continued Level 3 ECC as Parity

Requires parity disk Level 4 Disk striping with large blocks

Full block to each disk and parity disk Level 5 striping with parity

3-32 drives Parity written across all disks for each stripe

Level 10 Mirrored drive arrays Mirrored stripe set

Sector sparing Hot fix of bad sectors Utility to notify administrator

Sector Sparing or Hot-Fixing Steps

22

Fault Tolerant Systems

10

Clustering Group of systems work as one using

shared devices. Control can be passed to another system if one system fails.

Clustering is an enhancement to fault tolerant systems not a replacement.

Optical Drives and Disks Permanent backups

CD-Rom Most common form of optical ISO 9660 specification defines format standard 650 MB

DVD 5 formats

DVD-R- 3.95 GB single sided and 7.9 double WORM

MO- magneto-optical PCR- phase change rewritable

Disaster Recovery Focus on factors you can control

Determine best prevention Enforce preventative measures Revise prevention measures Perform PM on hardware and software Train

Preparation Inventory- insurance and replacement Backup

Store offsite To recover from disaster:

Make a disaster-recovery plan Implement the plan TEST the plan!