telecom technology center it 基準安全防護介紹報告人：楊詔同評估師...

Telecom Technology CenterTelecom Technology Center

IT 基準安全防護介紹

報告人：楊詔同評估師

財團法人電信技術中心

95 年 9 月 19 日

- 2 -

Forward-Looking, Forward-Looking, Professional, EnergeticProfessional, Energetic

www.ttc.www.ttc.org.tworg.tw

Contents

IntroductionIT Security ProcessIT Structure AnalysisIT Baseline Protection ModelingBrief Outline of Existing Modules

- 3 -



Introduction

- 4 -



Introduction

The IT Baseline Protection Manual contains standard security safeguards, implementation advice and aids for numerous IT configurations which are typically found in IT systems today. This information is intended to assist with the rapid solution of common security problems, support endeavors aimed at raising the security level of IT systems and simplify the creation of IT security policies. The standard security safeguards collected together in the IT Baseline Protection Manual are aimed at a protection requirement which applies to most IT systems.

- 5 -



IT Security Process

- 6 -



IT Security Process

Develop an IT security policySelect and establish an appropriate

organizational structure for IT security management

Creation of an IT security conceptImplement the IT security safeguardsTraining and security awarenessMaintain IT security in ongoing

operations

- 7 -



IT Structure Analysis

- 8 -



IT Structure Analysis

The existing infrastructureThe underlying organizational and

personnel situation which forms a background to the use of the IT assets

The IT systems used, both networked and non-networked

The communication links between the IT systems and with the outside world

The IT applications run on the IT assets

- 9 -



IT Structure Analysis — Sub-task

Preparing a network planReducing complexity by identifying

groups of similar assetsCollecting information about the IT

systemsCapturing information about the IT

applications and related information

- 10 -



Analysis of A Network Plan

IT system, i.e. clients and server computers, active network components (such as hubs, switches, routers), network printers etc.

Network connections between these systems, i.e. LAN connections (e.g. ethernet, token ring), backbone technologies (e.g. FDDI, ATM), etc.

Connections between the are under consideration and the outside world, i.e. dial-in access over ISDN or modem, Internet connections using ISDN, modem or routers, radio links or leased lines to remote buildings or sites.

- 11 -



Objects Represented for Each IT System

A unique name (for example the full host name or an identification number)

Type and function (for example, database server for application X)

The underlying platform (i.e. hardware platform and operation system)

Location (e.g. building and room number)Name of the responsible administratorType of network connection and network

address

- 12 -



Network Connections Information

Type of cabling (e.g. fiber optic cable)The maximum data transmission rate

(e.g. 10 Mbps)The network protocols used on the lower

layers (e.g. ethernet, TCP/IP)For external connections, details of the

external network (e.g. Internet, name of provider)

- 13 -



IT Baseline Protection Modeling

- 14 -



Modules

IT baseline protection of generic components

InfrastructureNon-network systemsNetworked systemsData transmission systemsTelecommunicationsOther IT components

- 15 -



Threat Catalogues

Force majeureOrganizational shortcomingsHuman failureTechnical failureDeliberate Acts

- 16 -



Safeguards Catalogues

Infrastructural safeguardsOrganizational safeguardsPersonnel safeguardsSafeguards relating to hardware and

softwareSafeguards in communicationsContingency planning

- 17 -



Force Majeure

Organizational shortcomings Human Failure

Technical Failure

Deliberate Acts

ITBPM Philosophy

IT Baseline Protection of Generic Components

Infrastructure

Non-Networked Systems

Networked Systems

Data Transmission Systems Telecommunications

Other IT Components

Infrastructural safeguards

Organiza

tional s

afeguard

s Personnel safeguards

Safeguards relating to hardware and software

Safeg

uards

in C

omm

unicat

ions

Contingency Planning

- 18 -



Brief Outline of Existing Modules


- 19 -




IT Security ManagementOrganizationPersonnelContingency Planning ConceptData Backup PolicyComputer Virus Protection ConceptCrypto-ConceptHandling of Security IncidentsHardware and Software ManagementOutsourcing

- 20 -



IT Security Management

This module uses a systematic approach to establishing functional IT security management and adapting it over time in line with developments in business operations.

- 21 -




Threat Scenario — exampleOrganizational shortcomings

• T 2.66Lack of, or inadequate, IT security management

– Lack of personal responsibility– Inadequate support from management– Inadequate strategic and conceptual requirements– Insufficient or misdirected investment– Impracticability of safeguard concepts– Failure to update the IT security process

- 22 -




Recommended countermeasures — exampleOrganization

• S 2.191 Establishment of the IT security process

– Drawing up of an Information Security Policy

– Selection and establishment of an appropriate organizational structure for IT security

– Drawing up a schedule of existing IT systems

– Definition of the procedure for drawing up the IT security concept

– Implementation of IT security measures

– IT security in ongoing operations

– Maintaining secure operations

- 23 -



Organization

This module lists the organizational procedures that are basically required for IT security. Examples are the determination of responsibilities, data media administration and procedures regarding the use of passwords. They apply to every IT system.

- 24 -



Organization

Threat Scenario — exampleOrganizational shortcomings

• T 2.1 Lack of, or insufficient, rules

– Poor resource management could seriously impair scheduled operations in a computer centre e.g. simply because an order for printer paper has been forgotten.

– Hand-held fire extinguishers once purchased need to be maintained systematically so that they are ready for operation in case of fire.

- 25 -



Organization Recommended countermeasures — example

Organization• S 2.1

Specification of responsibilities and of requirements documents for IT uses– Advisable to lay down regulations on:

» Data backup» Keeping data archives» Transport of data media» Data transmission» Destruction of data media» Documentation on IT procedures, software, IT configuration» Use of passwords» Physical access permissions» Access authorizations» Access rights» Resources management» Purchase and leasing of hardware and software» Maintenance and repair work» Software: acceptance and approval» Software: application development» Privacy protection» Protection against computer viruses» Auditing» Emergency precautions» Practices in case of infringement of the security policy

- 26 -



Personnel

The "Personnel" module describes staff-related safeguards to be observed for the achievement of IT security. Examples are arrangements during staff absences, training activities, and systematic procedures regarding the termination of employment. They apply regardless of the type of IT system employed.

- 27 -



Personnel

Threat Scenario — exampleForce Majeure

• T 1.1Loss of personnel

– Due to prolonged illness, the Network Administrator was away from work

– While the Administrator was on holiday

- 28 -



PersonnelRecommended countermeasures — example

Personnel• S 3.3

Deputizing arrangements– For assumption of tasks by substitutes, sufficient

documentation must be provided on the current status of the relevant procedures and on the respective project

– As a rule, designation of a substitute will not suffice; consideration must be given to the training required by substitutes so that they will be qualified to assume the specific tasks. If it comes to light that there are persons who, on account of their specialist knowledge, cannot be replaced at short notice, their unavailability constitutes a serious threat to normal operations. In such cases, training of a substitute is of crucial importance

– Designated substitutes may be granted the necessary entry and access rights only when they actually have to act as deputies

- 29 -



Contingency Planning Concept

This module presents a procedure for drawing up a contingency planning concept and is especially important for larger IT systems.

- 30 -




Threat Scenario — exampleForce Majeure

• T 1.2– Due to voltage spikes in the power supply, the power

supply unit for an important IT system is destroyed– A power failure in an internet service provider’s storage

system resulted in this being shut down– Firmware is loaded onto an IT system for which it is

unsuited

- 31 -




Recommended countermeasures — exampleContingency Planning

• S 6.9Contingency plans for selected incidents

– Contingency plans will have to be established to provide against the following incidents:

» Fire

» Water ingress

» Power failure,

» Failure of the air-conditioning system

» Explosion

» Breakdown of data transmission

» Sabotage.

- 32 -



Data Backup Policy

This module shows how a sound data backup policy can be systematically developed. It is especially intended for larger IT systems or IT systems on which a large amount of data is stored.

- 33 -



Data Backup PolicyThreat Scenario — example

Technical Failures• T 4.13

Loss of stored data– Demagnetization of magnetic data media due to ageing or

unsuitable environmental conditions (temperature, air moisture)

– Exposure of magnetic data media to external magnetic fields– Destruction of data media by force majeure, e.g. fire or water– Inadvertent deletion or overwriting of files– Intentional or accidental setting of deletion flags in archive

systems– Technical failure of external storage (headcrash)– Faulty data media– Uncontrolled changes in stored data (loss of integrity)– Deliberate destruction of data through computer-viruses etc

- 34 -



Data Backup PolicyRecommended countermeasures — example

Contingency Planning• S 6.36

Stipulating a minimal data backup policy– Minimal data backup policy ：

» SoftwareAll software, whether purchased or created personally, is to be protected once by means of a full backup.

» System dataSystem data are to be backed up with at least one generation per month.

» Application dataAll application data are to be protected by means of a full backup at least once a month

» Protocol dataAll protocol data are to be protected by means of a full backup at least once a month

- 35 -



Computer Virus Protection Concept

The aim of the computer virus protection concept is to create a suitable package of safeguards which will enable penetration of an organization's IT systems by computer viruses to be prevented or detected as early as possible so that countermeasures can be taken and possible damage can be minimized.

- 36 -




Threat Scenario — exampleDeliberate Acts

• T 5.23Computer viruses

– W32.Bacalid

- 37 -




Recommended countermeasures — exampleHardware and Software

• S 4.33Use of a virus scanning program when exchanging of data media and data transmission

– Awareness raising» Dependence of the institution on the use of IT» Description of the hazard potential» Damage scenarios» IT systems potentially affected

– Necessary protective measures» Computer virus protection strategy» Updating computer virus scanning programs

– Procedures» Regulations on protection against computer viruses» Regulation of responsibilities

- 38 -



2006 年上半年前 20 大資安威脅

資料來源：趨勢科技， 2006/9

- 39 -



2006 年上半年資安威脅行動裝置安全威脅將成最大隱憂

行動裝置惡意程式的數量快速攀升，依據上半年累積總數與一月對照成長了 12.4 倍；相較於一月，六月的行動裝置威脅亦已是年初的 4 倍！其中去年 9 月份首次出現，在三月份已被發現到這隻能造成桌上型電腦與行動裝置交叉感染的第 17 個變種－ SYMBOS_CARDTRP.R ，顯見該類病毒活躍速度之快。 Gartner 在 2005 年第二季預測 3G行動電話將在年底突破 1 億美元大關、智慧型手機將在 2008 年達到 2 億美元的規模，相信在用戶數量激增的催化下，行動裝置安全威脅恐將急速壯大。


- 40 -



2006 年上半年資安威脅灰色軟體成長倍數

強勢推銷的廣告軟體、間諜程式等灰色軟體在上半年引發了高達 2 百萬件左右的通報案例。相較於一月，追蹤軟體成長了 7.8 倍、廣告程式 7.2倍、 BHO 6 倍，皆顯示了驚人的成長幅度。


- 41 -



2006 年上半年資安威脅犯罪程式推陳出新

使用 VoIP 語音網路釣魚詐騙手法 (Voice Phishing) 。於今年 6 月時，詐騙集團藉由電子郵件加網路電話語音手法，騙取加州聖塔巴巴拉信託銀行存款客戶的金融資料。這次是網釣新招，結合網路語音電話（ VOIP ），佈局出一個更新的仿冒詐騙陷阱。利用網路語音電話中回錯相容或容錯編碼的不良程式，誘騙受害人致電一個地方區碼的電話號碼，比如洛杉磯，用戶撥通後會聽到一段電話錄音，表示客戶存款帳戶因安全問題遭到凍結，需要進行特定手續才能回復運作，要用戶輸入帳戶號碼，而這群歹徒可能隱身世界任何角落。此案至今未破，銀行已通知客戶要提高警覺以防遭詐。


- 42 -



2006 年上半年資安威脅網路釣魚網址由 81% 下滑至 4% ；網址列覆蓋法由 13% 飆升至 96% 。網路釣魚詐騙技巧出現逆轉，網路釣魚技巧中，原本高佔 81% 比例的網路釣魚網址下滑僅剩 4% ，而網址列覆蓋法則是變成最主要手法，強占 96%的比例，較上年度綜合報告中 13% 的比例有大幅成長。


- 43 -



Crypto-Concept

This module describes a procedure whereby in a heterogeneous environment both the data stored locally and the data to be transmitted can be protected effectively through cryptographic procedures and techniques.

- 44 -



Crypto-Concept


• T 5.71Loss of confidentiality of classified information

– Reading out data– Copying data– Reading of data backups– Monitoring data transmission lines– Viewing data on a screen

- 45 -



Crypto-Concept


• S 2.161Development of a cryptographic concept

– An example of a crypto concept is shown in the following table of contents

» Definitions» Threat scenario as motivational background» Specifying the organization’s internal security policy» Influencing factors» Determining the use of the concept» Key management

- 46 -



Handling of Security Incidents

To maintain IT security in ongoing operations, it is necessary to have developed and practice a policy for the handling of security incidents. A security incident is an event whose impact could cause significant loss or damage. To prevent or contain any loss or damage, security incidents should be dealt with swiftly and efficiently.

- 47 -



Handling of Security Incidents

Threat Scenario — exampleOrganizational Shortcomings

• T 2.62Inappropriate handling of security incidents

– New computer viruses containing damaging functionality at first occur on a sporadic basis but afterwards they are found on a wide scale

– Inconsistencies are found in the log files of a firewall– New security weaknesses in the used IT systems

become known

- 48 -



Handling of Security Incidents Recommended countermeasures — example

Contingency Planning• S 6.58

Establishment of a management system for handling security incidents

– Establish a management system handling security incidents.» Inclusion in the security guidelines» Specification of responsibilities» Procedural rules and reporting channel for handling security

incidents» Escalation strategy for security incidents» Setting priorities» Methodology for investigating and assessing security incidents» Implementation of measures for taking remedial action in

connection with security incidents» Notification of parties affected» Evaluation of a security incident» Use of detection measures for security incidents» Effectiveness testing

- 49 -



Hardware and Software Management

The aim of the “Hardware and Software Management” module is to ensure that IT operations are managed and organised properly. To this end the main focus in the module is on recommendations for procedures and sequences which refer specifically to IT hardware or software components.

- 50 -




Threat Scenario — exampleTechnical Failures

• T 4.43Undocumented functions

– In a number of IT systems backdoors that were inserted and then forgotten about by the developers but were originally intended to facilitate maintenance have been found, which, however, also made it possible to obtain administrator rights with a trivial password

- 51 -





• S 4.65Testing of new hardware and software

– The testing systems in use should always be isolated from the actual production environment

– The used of isolated testing systems is also required to check self-extracting files, such as those received via e-mail, for damaging functions

- 52 -



Outsourcing

The Outsourcing module describes IT security safeguards which should be followed where work or business processes of an organization are outsourced either partially or wholly to external service providers. Outsourcing can entail both the use and operation of hardware and software, and also services.

- 53 -



Outsourcing


• T 2.84Unsatisfactory contractual arrangements with an external service provider

– Outsourced data or systems are inadequately protected because the outsourcing service provider is not aware of their protection requirement

- 54 -



Outsourcing


• S 2.250Determining an outsourcing strategy

– Expertise– Employees– IT systems and applications

- 55 -




Infrastructure

- 56 -



Infrastructure

BuildingsCablingRooms

OfficeServer RoomData Media ArchivesTechnical Infrastructure Room

Protective CabinetsWorking place at home (telecommuting)Computer Centers

- 57 -



Building

This module specifies the safeguards which must be observed in every building in which data is processed. These include safeguards relating to the power supply, fire protection and building protection, as well as organizational safeguards such as key management.

- 58 -



Building


• T 5.3 Unauthorized entry into a building

– A nocturnal break-in into an office building

- 59 -



Building


• S 1.19Protection against entering and breaking

– Protecting doors or windows through which outsiders could gain entry by means of security shutters

– Special cylinder locks, additional locks and bars

– Securing of basement light shafts

– Locking of unused side-entrances

– Burglar-proof emergency exits

– Burglar-resistant doors

– Locking of goods lifts and passenger lifts outside office hours

- 60 -



Cabling

The "Cabling" module recommends safeguards which should be adopted when laying utility and communications lines in a building. Subjects covered include fire sealing of routes, selection of appropriate types of cables and documentation of cabling.

- 61 -



Cabling


• T 5.7Line tapping

– It is thus wrong to assume that messages sent by e-mail are the equivalent of letters in the classical sense. As e-mail messages can be read throughout their journey through the internet, a more appropriate comparison is with postcards

– Some manufacturers supply sniffer programs along with their operating systems for the purpose of debugging networks. However, these can be used to intercept data as well

- 62 -



Cabling

Recommended countermeasures — exampleInfrastructure

• S 1.22Physical protection of lines and distributions

– Concealed wiring of lines– Steel-armored conduits for lines– Running lines in mechanically solid and lockable ducts– Locking of distributors– Electrical monitoring of distributors and ducts

- 63 -



Room — Office

The "Office" module covers all the safeguards to be observed in connection with the use of IT in an office. Subjects covered include closed windows and doors and supervision of visitors and contractors.

- 64 -



Room — Office

Threat Scenario — exampleHuman Error

• T 3.6Hazards posed by cleaning staff or outside staff

– Cleaning staff may accidentally detach a plug-in connection, water may seep into equipment, documents may be mislaid or even removed with the garbage

– In one computer centre, painting work was to be carried out in the machine rooms. By mistake, the painter knocked his ladder against the central emergency switch of the power supply and triggered it

- 65 -



Room — Office


• S 2.16Supervising or escorting outside staff/visitors

– Strangers (visitors, craftsmen, maintenance and cleaning staff) should not be left unattended, except in rooms specifically designed for such purposes

- 66 -



Room — Server Rooms

This module lists the safeguards to be observed in the use of a room housing a server (for IT systems or PBXs). Subjects covered include avoiding water pipes, air conditioning, local uninterruptible power supply (UPS) and smoking bans.

- 67 -





• T 4.6Voltage variations / over-voltage / under-voltage

– Over-voltages can also occur outside the electric power supply system, on all the other electrically conducting networks (e.g. telephone connections, building services management system, water or gas pipes etc.)

- 68 -





• S 1.28Local uninterruptible power supply [ups]

– Offline UPS– Online UPS

- 69 -



Room — Data Media Archives

If a room is used to accommodate data media archives, certain requirements for IT security must be adhered to. These are presented in the form of safeguards for IT Baseline Protection. Subjects covered include hand-held fire extinguishers, use of safety doors and smoking bans.

- 70 -





• T 5.4 Theft

– It was not possible to determine whether any documents had been copied or tampered with

- 71 -





• S 1.15Closed windows and doors

– Windows and outward leading doors (balconies, patios) should be closed whenever a room is unoccupied

- 72 -



Room — Technical Infrastructure Rooms

It is also necessary to take certain IT security measures in rooms where technical infrastructure is installed, for instance the PTT cable entry room, distributor room and low-voltage distribution room. These are specified in this section.

- 73 -





• T 4.1Disruption of power supply

– All infrastructure installations nowadays are either directly or indirectly dependent on electric power, e.g. lifts, pneumatic post systems, air conditioning, alarm systems and telephone private branch exchanges. Even the water supply in high-rise buildings relies on electric power due to the use of pumps to generate pressure in the upper storeys

- 74 -





• S 1.3 Adapted segmentation of circuits

– It is essential to review, and, where appropriate, to adjust the electric installation when rooms are to be used for different purposes and when changes and amendments are made to the technical equipment (IT, air-conditioning, lighting)

- 75 -



Protective cabinets

Secure cabinets can be used to increase protection in rooms where data media or hardware are kept (e.g. server rooms or data media archives). If necessary, a special server cabinet can be used as an alternative to a server room. The necessary procedures for obtaining, sitting and using a secure cabinet are described in this module.

- 76 -



Protective cabinets


• T 1.16Earthquake

– Earthquakes may lead to destruction of property

- 77 -



Protective cabinets


• S 1.40Appropriate sitting of protective cabinets

– Due to the generally high weight of protective cabinets, the load-bearing capacity of the floor must be tested before installation at the place of installation

- 78 -



Working place at home (telecommuting)

This module describes the measures required to set up a teleworkstation with an appropriate security standard in such a way that it can be used for official tasks.

- 79 -





• T 2.48Inadequate disposal of data media and documents at the home work place

– The consequential damage depends on the value of the information extracted

- 80 -





• S 1.44 Suitable configuration of a home workplace

– Sufficient space for furniture and the desktop monitor– Visual shielding of the monitor if it could be observed

through a window

- 81 -



Computer Centers

A computer centre comprises the facilities and premises necessary to operate a large data processing system installed centrally for a number of offices. This module contains recommendations as to security measures for a computer centre whose security requirements lie between those of a server room and those of a high-security computer centre.

- 82 -



Computer Centers


• T 4.1Disruption of power supply

– Power failures are actually a regular occurrence

- 83 -



Computer Centers


• S 1.56Secondary power supply

– Emergency Power Supply – UPS

- 84 -





- 85 -




DOS PC (single user)UNIX SystemsLaptop PCsPCs with a Non-Constant User PopulationPC under Windows NTPC with Windows 95Windows 2000 ClientInternet PCStand-Alone IT systems

- 86 -



DOS PC (Single User)

This module specifies the safeguards which must be adhered to when using a normal PC that is routinely used by several users. Subjects covered include PC security products, password protection, use of a virus detection program, regular backups.

- 87 -




Threat Scenario — exampleHuman Error

• T 3.8Improper use of the IT system

– The terminal is not locked during temporary absence

- 88 -





• S 4.2Screen Lock

– It should be possible for the user to activate the screen lock manually

– The screen lock should be automatically initiated after a predefined period of inactivity

- 89 -



UNIX Systems

This module considers IT systems which run under the UNIX or Linux operating systems and are operated either on a stand-alone basis or as a client in a network. Terminals or PCs which are run as terminals can be connected. Both organizational and UNIX-specific safeguards are listed.

- 90 -



UNIX Systems


• T 5.19Abuse of Administrator rights

– Misuse of user rights entails the deliberate exploitation of opportunities acquired either rightfully or illicitly to harm a system or its users

- 91 -



UNIX Systems

Recommended countermeasures — examplePersonnel

• S 3.10Selection of a trustworthy administrator and his substitute

– Administrators and their deputies can access, and possibly alter, all stored data and allocate rights in a way that allows serious potential misuse

- 92 -



Laptop PCs

Compared with a normal PC, a portable PC (laptop) requires additional IT security safeguards because it is exposed to other threats due to its mobile nature. Examples of additional safeguards which apply to laptop PCs are suitable safe-keeping during mobile use and use of an encryption product.

- 93 -



Laptop PCs


• T 5.4 Theft

– Theft of IT equipment, accessories, software or data results not only in the expense of having to replace the equipment or to restore it to working order, but also in losses resulting from lack of availability. Loss of confidentiality and the results of this can also be damaging

- 94 -



Laptop PCs


• S 4.29Use of an encryption production for laptop PCs

– In order to prevent sensitive data being read from a laptop PC which, despite all precaution, has been stolen, an encryption program should be used

- 95 -



歷年來國際重大資料遺失案件列表發生時間當事人遺失途徑事件嚴重性

2000 年 3月

英國國家安全局幹員筆記型電腦於倫敦火車站被竊

遺失北愛爾蘭的機密資料

2001 年 4月

英國國防部軍官將筆記型電腦遺忘在計程車後座

國防機密丟失

2005 年 3月

加州柏克萊大學研究所入學許可辦公室

筆記型電腦於辦公室內被竊

9.8 萬人姓名、出生日、住址、和社會安全號碼外洩

2006 年 2月

美國會計師事務所Ernst & Young員工

放在汽車中的筆記型電腦隨著汽車一起失竊

會計公司客戶 Hotel.com 的24.3 萬名顧客資料，計有姓名、地址、和信用卡號

2006 年 4月

美國退伍軍人事務部員工

工作用筆記型電腦於家中失竊

全美 2,600 萬名退伍軍人，與其配偶的個人資料全部外洩

2006 年 5月

美國學生貸款公司Texas Guaranteed Student Loan 的 IT顧問

遺失存有重要資料的硬碟

130 萬名顧客身份會有遭盜用的可能

資料來源： DIGITIME企業 IT整理， 2006/8

- 96 -



筆記型電腦安全機制

智慧卡應用 (HP提供 )

手掌靜脈辨識 (毛履兆攝影 )

TPM (台灣聯想提供 )

- 97 -



安全防護等級建議配備

Security Level

Security Chip

Enabled

System Password

Set

Hard Drive Password

Set

Secure Windows

Login

Fingerprint Available

Outstanding

Yes Yes Yes Yes Yes

Superior Yes No Yes Yes Yes

Good No No Yes Yes Yes

Normal No No No Yes Yes

資料來源： Wave System網站、

DIGITIME企業 IT整理， 2006/8

- 98 -




Networked Systems

- 99 -



Networked Systems

Server-Supported NetworkUNIX ServersPeer-to-Peer ServicesWindows NT NetworkNovell Netware 3.xNovel Netware 4.xHeterogeneous networksNetwork and System ManagementWindows 2000 ServerS/390 and zSeries Mainframes

- 100 -



Server-Supported Network

The necessary safeguards that must be taken into account when operating a server-supported network are explained in this module. These considerations are independent of the server and client operating systems.

- 101 -





• T 5.21Trojan horses

– TROJ_Generic

- 102 -





• S 2.204Prevention of insecure network access

– Every communication to the internal network must without exception be effected over a secure channel

- 103 -



Peer-to-Peer Services

This section describes how a peer-to-peer service can be securely operated for IT Baseline Protection. Topics include the design of such a network from the point of view of security, administrative options and functional limitations.

- 104 -




Threat Scenario — exampleOrganization Shortcoming

• T 2.25Reduction of transmission or execution speed caused by Peer-to-Peer functions

– BT– emule– Kazza– edonkey– ezPeer

- 105 -





• S 2.67Defining a security strategy for peer-to-peer networks

– The service to be performed by each operating system and the scope of this service should first be defined

– In particular, it should be clarified whether the peer-to-peer functions of the operating system, i.e. shared resources such as printers or directories should be used at all.

- 106 -




Data Transmission Systems

- 107 -



Data Transmission SystemsExchange of Data MediaModemSecurity Gateway (firewall)E-mailWeb ServersRemote AccessLotus NotesInternet Information ServerApache Web ServerExchange/Outlook 2000Routers and Switches

- 108 -



Exchange of Data Media

This module describes the safeguards which should be considered when exchanging data media. Technical measures, such as encryption, are described, as well as the correct choice of delivery method. These measures are addressed particularly at situations where data media are exchanged on a regular basis.

- 109 -





• T 5.29Unauthorized copying of data media

– Confidential engineering results are to be transported from a development laboratory in town X to a production site in town Y. If the data media are mailed without any supervision or control, the possibility cannot be excluded that the information on them could be copied illegally and perhaps sold to a competitor, without detection of this disclosure of information

- 110 -





• S 4.34Using encryption, checksums or digital signatures

– Protection of confidentiality by means of encryption– Integrity protection using checksums, encryption or

digital signatures

- 111 -



E-mail

The safeguards required for secure communication via e-mail on the part of both the mail server and the mail client are listed. The safeguards that have to be observed by the users are also presented.

- 112 -



E-mail


• T 5.71Loss of confidentiality of classified information

– Monitoring data transmission lines

- 113 -



E-mail

Recommended countermeasures — exampleCommunication

• S 5.63Use of GnuPG or PGP

– Encryption and digital signatures

- 114 -



Web Servers

A web server is an IT system which makes files from an information database available to web clients. A web client, also called a browser, displays the information from a web server on the user's computer. The security of web usage is based on the security of the web server, the web client and the communications link between the two. The "Web Servers" module describes the safeguards required for secure use of the web.

- 115 -



Web Servers


• T 4.39Software design errors

– XSS

- 116 -



Web Servers


• S 2.173Determining a web security strategy

– The requirements specified in the web security strategy can then be used as the basis for regular checking of whether the measures taken are in fact adequate

- 117 -



Web 2.0

WEB2.0 是由美國出版媒體公司 O'REILLY在一場會議上所提出，其中最大的一項革命性變化是從 1.0 時代的民主化，進階轉型到互動、參與和共享精神。這類似軟體業界開放程式碼的概念，讓使用者自由發揮，開發出不同的應用。部落格 (BLOG) 、影音共享的YOUTUBE 、網路相簿 FLICKR以及維基百科全書 (WIKIPEDIA) 等，都是在 WEB2.0 時代中最熱門的網站。

- 118 -



Web 2.0 Security Issue

Ajax 是一系列用來使網頁更具互動性的技術的總稱。運用這些技術，網頁與服務器可自動交換少量數據，以刷新部分網頁（如不斷變化的股價或比分），讓網頁「活」起來。

同時造就了 XSS漏洞更活耀的舞台。

- 119 -



Web 2.0 Security Event 利用 XSS漏洞的最著名事件，是 2005 年 10 月份 MySpace 網站遭到的

相對良性攻擊。 19歲的洛杉磯軟體開發員「 Samy」編寫了一段蠕蟲程序，令他獲得了

逾 100 萬網上「好友」，直至MySpace 使該程序失效。他在自己的MySpace簡介裡，置入一段 JavaScript代碼，這樣每個查看簡介的人會在不知不覺中執行這段代碼。這段代碼把他列為該用戶的好友之一，而在通常情況下，列為好友需要得到該用戶的同意，但他寫的蠕蟲使用Ajax 技術，使之在後台批准他的請求。

接著，該蠕蟲會打開該用戶自己的簡介，把惡意代碼復制進去，並把Samy添加到那裡的任何英雄列表中，還附上一句話：「 Samy 是我最敬佩的英雄」。同樣，任何查看該用戶簡介的人也會被感染，這樣Samy 的名聲和「人氣」迅速擴大到 100 萬 MySpace 會員。

此時，該網站的管理員才發覺大量活動，被迫將 MySpace 關閉數小時，以清除該蠕蟲病毒。

資料來源：英國金融時報整理， 2006/8

- 120 -




Telecommunications

- 121 -



Telecommunications

Telecommunications System (Private Branch Exchange, PBX)

Fax MachineAnswering MachineLan Connection of an IT system via ISDNFax ServersMobile PhonesPDAs

- 122 -



Mobile Phones

This section presents a set of security safeguards for the components mobile phone.

- 123 -



Mobile Phones


• T 5.2Manipulation of data or software

– There are a number of ways in which data or software can be manipulated: through incorrect data input, changes to access rights, modification of accounting data or correspondence, changes to the operating system software etc

- 124 -



Mobile Phones


• S 4.114Use of the security mechanisms provided on mobile phones

– Firewall– Anti-virus– IDS– USIM Card (certified by Common Criteria)– DRM

- 125 -



Mobile Phone Virus名稱類型平台特性破壞性

SymbOS.Commwarrior.A

(武士病毒 )

蠕蟲SPAM

EPOC 透過藍芽、 MMS傳輸

破壞手機系統及應用程式無法正常運作散播MMS給通訊錄中最多 256 個朋友、造成手機通訊費用增加利用社交工程手法，誘使接收著開啟MMS每月 14 日第一個小時會重新啟動裝置系統

SYMBOS-DAMPIG.A

(呆豬病毒 )

特洛伊木馬

EPOC 透過藍芽傳輸

關閉應用程式並植入許多種的食人魚變種蠕蟲破壞手機系統及應用程式無法正常運作

SYMBOS_SKULLS.E

(骷髏頭病毒 )

特洛伊木馬


會將應用程式圖示取代成骷髏頭破壞手機系統及應用程式無法正常運作使用者必須將手機重置，但通訊錄或檔案、程式將會全部消失其他變種會偽成新版的 Flash播放軟體其他變動會植入食人魚、病毒等惡意程式

SymbOS.Doomboot.A 特洛伊木馬

EPOC 會分別在手機裝置內植入惡意程式與SymbOS.Commwarrior.B 的複製檔裝置重新啟動後，惡意程式會開啟並造成手機部份功能無法運作資料來源：電子時報整理， 2005/8

- 126 -




SymbOS.Cabir.M

(食人魚 )

蠕蟲 EPOC 透過藍芽傳輸

攻擊手機附近藍芽手機或裝置 ( 如藍芽印表機等 )阻斷手機藍芽的連結與傳輸頻繁使用藍芽介面，造成手機電池的消耗殆盡

SymbOS.Lasco.A 病毒蠕蟲


既是藍芽蠕蟲，也是會造成感染的病毒會出現是否要透過藍芽接收訊息的提示文字會嘗將自己傳給其他藍芽裝置

SymbOS.Fontal.A 特洛伊木馬

EPOC 手機檔共用或網際網路聊天傳輸

向手機作業系統植入惡意檔，手機重新啟動時系統將無法開啟破壞手機作業系統的程式管理器，阻止用戶下載安全新的應用程式，也阻止用戶將病毒刪除只有將手機記憶體格式化並重新安裝作業系統，但重要資料將喪失

SYMBOS_LOCKNUT 特洛伊木馬

EPOC 藍芽會造成某些按鍵失效，甚至讓使用者的電話當機透過弱點導致 Symbian OS 7.0 裝置當機少數變動會安全食人魚蠕蟲

資料來源：電子時報整理， 2005/8

- 127 -




Sms_flood 駭客程式

MMS 專門針對能夠發送短信的網站，利用其功能上的一些漏洞向用戶手機發送大量短信給中毒用戶帶來了成倍的短信開支

VBS.Timofonica 蠕蟲 Windows

Outlook 該病毒通過運營商的系統向任意用戶發送罵人短信透過 Outlook 來大量散播屬 VB描述語言蠕蟲

EPOC.Ghost.Joke 玩笑程式

EPOC 透過郵件會在螢幕左上角出現” Everyone hates you” 等訊息窗

EPOC.Sprite.Joke 玩笑程式

EPOC 透過郵件會不斷出現劃過螢幕的小飛機

EPOC.Nice.Joke 玩笑程式

EPOC 透過郵件會在螢幕左上角出現不同訊息的小視窗，如” Just do it”

EPOC.Lights.Joke 玩笑程式

EPOC 透過郵件會續不斷地閃爍手機螢幕

EPOC.FalseAlarm.Joke 玩笑程式

EPOC 透過郵件會出現警告嗶聲


- 128 -




EPOC.Fake.Joke 玩笑程式

EPOC32

透過郵件出現騙人的格式化畫面

EPOC.Disowner.Joke

(EPOC_BANDINFO.A)

玩笑程式

EPOC32

透過郵件會修改用戶資訊改為” Some fool own this”會建新一個新目錄夾，用來儲存組態檔及原始用戶資訊

EPOC.Alone.Joke 玩笑程式

EPOC 透過郵件會假裝正透過紅外線在下載惡意程式接著出現 WARNING-VIRUS 的訊息會鎖住手機鍵鑑，必須輸入” Leave me alone”才能恢復正常

Backdoor.Brador.A 後門程式

WinCE 透過郵件針對 Windows Mobile 2003 或只感染Strong ARM-Based 裝置會不斷地透過 Email 將中毒裝置的 IP位置傳給攻擊駭客，同時的打開 TCP Port 2989並等待攻擊者的進一步指示駭客可遠端執行目錄內容列表、上下載檔案、顯示訊息窗或執行特定指令


- 129 -



手機中毒畫面

食人魚病毒中毒畫面（賽門鐵克網站）

Sprite 病毒會在畫面上出現飛來飛去的小飛機（賽門鐵克網站）

SYMBOS_SKULLS.E骷髏頭病毒中毒畫面（賽門鐵克網站）

- 130 -



2000 年全球第一隻手機病毒 Timofonica 的出現，起初手機上的病毒攻擊，多半仍以 PC平台為攻擊基地。隨著WAP 、 GPRS 、藍芽、 WiFi 、 3G傳輸技術、 HSDPA 及WiMAX 的接連問市，手機病毒才開始有了散播的途徑。除此之外， MMS簡訊的大行其道，更成為手機病毒藉以大量散佈的最佳管道。

- 131 -




Other IT Components

- 132 -



Other IT Components

Standard SoftwareDatabasesTelecommutingNovel eDirectory Archiving

- 133 -



Standard Software

A procedure is described as to how the life cycle of standard software can be structured, i.e. requirements catalogue, selection, testing, approval, installation and deinstallation. Aspects such as functionality tests and security characteristics, installation instructions and release notices are described.

- 134 -



Standard Software

Threat Scenario — exampleOrganization Shortcomings

• T 2.29Software testing with production data

– Software is tested with copies of production data in an isolated test environment

- 135 -



Standard Software


• S 2.83Testing standard software

– Creating test data and test cases» Standard cases» limit values» Error cases» Exceptional cases

- 136 -



Common Software Security Problem

Range & Type ErrorsBuffer overflow“Write-what-where” conditionStack overflowHeap overflowBuffer underwriteWrap-around error Integer overflow Integer coercion errorTruncation errorSign extension error

- 137 -




Range & Type ErrorsSigned to unsigned conversion errorUnsigned to signed conversion errorUnchecked array indexingMiscalculated null termination Improper string length checkingCovert storage channelFailure to account for default case in switchNull-pointer dereferenceUsing freed memoryDoubly freeing memory

- 138 -




Range & Type Errors Invoking untrusted mobile codeCross-site scriptingFormat string problem Injection problem (“data” used as something else)Command injectionLog injectionReflection injectionSQL injectionDeserialization of untrusted data

- 139 -




Environmental Problems Reliance on data layout Relative path library search Relying on package-level scope Insufficient entropy in PRNG Failure of TRNG Publicizing of private data when using inner classes Trust of system event data Resource exhaustion (file descriptor, disk space, sockets, ...)

Information leak through class cloning Information leak through serialization Overflow of static internal buffer

- 140 -




Synchronization & Timing Errors State synchronization errorCovert timing channelSymbolic name not mapping to correct objectTime of check, time of use race conditionComparing classes by nameRace condition in switchRace condition in signal handlerUnsafe function call from a signal handlerFailure to drop privileges when reasonableRace condition in checking for certificate revocation

- 141 -




Synchronization & Timing Errors Passing mutable objects to an untrusted methodMutable object returnedAccidental leaking of sensitive information through

error messagesAccidental leaking of sensitive information through

sent dataAccidental leaking of sensitive information through

data queriesRace condition within a threadReflection attack in an auth protocolCapture-replay

- 142 -




Protocol Errors Failure to follow chain of trust in certificate

validationKey exchange without entity authenticationFailure to validate host-specific certificate dataFailure to validate certificate expirationFailure to check for certificate revocationFailure to encrypt dataFailure to add integrity check valueFailure to check integrity check valueUse of hard-coded passwordUse of hard-coded cryptographic key

- 143 -




Protocol Errors Storing passwords in a recoverable formatTrusting self-reported IP addressTrusting self-reported DNS nameUsing referrer field for authenticationUsing a broken or risky cryptographic algorithmUsing password systemsUsing single-factor authenticationNot allowing password agingAllowing password agingReusing a nonce, key pair in encryption

- 144 -




Protocol Errors Using a key past its expiration dateNot using a random IV with CBC modeFailure to protect stored data from

modificationFailure to provide confidentiality for stored

data

- 145 -




General Logic Errors Ignored function return valueMissing parameterMisinterpreted function return valueUninitialized variableDuplicate key in associative list (alist)Deletion of data-structure sentinelAddition of data-structure sentinelUse of sizeof() on a pointer typeUnintentional pointer scaling Improper pointer subtraction

- 146 -




General Logic Errors Assigning instead of comparing Comparing instead of assigning Incorrect block delimitation Omitted break statement Improper cleanup on thrown exception Uncaught exception Improper error handling Improper temp file opening Guessed or visible temporary file Failure to deallocate data Non-cryptographic PRNG Failure to check whether privileges were dropped successfully

- 147 -



簡報完畢

敬請指教

- 148 -



連絡資訊

財團法人電信技術中心評估師楊詔同

地址： 220台北縣板橋市四川路 1 段 326 號 4樓辦公室電話： 02-89535600 ext 217

傳真： 02-89535655

E-mail ： [email protected]

URL ： http://www.ttc.org.tw

ITBPM Consultant

ISO 15408 Evaluator

ISO 27001 Lead Auditor

telecom technology center it 基準安全防護介紹 報告人：楊詔同 評估師...

Documents

telecom technology center it 基準安全防護介紹報告人：楊詔同評估師...