CN Topic 8
-
Upload
sarge-chisanga -
Category
Documents
-
view
238 -
download
0
Transcript of CN Topic 8
-
7/27/2019 CN Topic 8
1/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 1
NCC Education LimitedV1.0
Computer Networks
Topic 8:
Security Software
NCC Education LimitedV1.0
Computer Networks
Topic 8 Lecture 1:Network Security Threats
Security Software Topic 8 -8.3
Scope and CoverageThis topic will cover:
Network security threats
Security countermeasures
NCC Education LimitedV1.0
Installing and configuring security software
-
7/27/2019 CN Topic 8
2/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 2
Security Software Topic 8 -8.4
Learning Outcomes
By the end of this topic, students will be able to: Understand threats to the security of a network
Describe a range of security countermeasures
NCC Education LimitedV1.0
measures
Security Software Topic 8 -8.5
Tasks of Network Security
Must ensure the network offers:
Privacy
Integrity
NCC Education LimitedV1.0
Availability
Security Software Topic 8 -8.6
Network Privacy Network security should ensure that only
authorised users can access network services.
Transmitted data cannot be accessed by
unauthorised users and/or is unintelligible to
NCC Education LimitedV1.0
unauthorised users.
There are consequences if privacy is breached.
Embarrassment
Financial loss
Company secrets
-
7/27/2019 CN Topic 8
3/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 3
Security Software Topic 8 -8.7
Network Integrity
Network security should ensure that datatransmitted on the network:
Is not lost
NCC Education LimitedV1.0
Is not corrupted
Security Software Topic 8 -8.8
Network Availability
Network security should ensure that the network is
available for use:
When needed
NCC Education LimitedV1.0
Security Software Topic 8 -8.9
Network Security Problems Software
Protocol design
System configurations
NCC Education LimitedV1.0
Accidents & natural events
-
7/27/2019 CN Topic 8
4/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 4
Security Software Topic 8 -8.10
Security Threats Eavesdropping
Man-in-the-Middle Replay
Virus
Trojan
NCC Education LimitedV1.0
Worm
Traffic Analysis
Physical attacks/damage
Phishing
Denial of Service
Security Software Topic 8 -8.11
Eavesdropping
Gaining access to information when not authorised
to do so
Can involve using an authorised users computer
Could involve so histicated a roaches to listenin
NCC Education LimitedV1.0
into the network
In wireless networks, the signal can reach outside
the physical boundaries of an organisation and be
easy to access.
Security Software Topic 8 -8.12
Man-in-the-Middle - 1 A third party pretends to be one of the parties in a
two-way conversation.
Allows third party to listen to both sides of a
conversation
NCC Education LimitedV1.0
Can modify information before transmission
Messages that use a store and forward
transmission method are particularly vulnerable.
-
7/27/2019 CN Topic 8
5/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 5
Security Software Topic 8 -8.13
Man-in-the-Middle - 2
NCC Education LimitedV1.0
Security Software Topic 8 -8.14
Replay Attack
Attacker stores a set of messages for later use
Can include username and password combinations
Can be an attack on:
NCC Education LimitedV1.0
Privacy
Integrity Availability
Security Software Topic 8 -8.15
Virus A malicious program that attacks a single computer
or a network.
Often attached to other files
Attachments to emails
NCC Education LimitedV1.0
Embedded in image files
Now also on mobile phones
Some are not malicious as they do no real harm
but are just created for mischief.
-
7/27/2019 CN Topic 8
6/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 6
Security Software Topic 8 -8.16
Trojan
Often a program that appears harmless
Used to gain unauthorised access to:
NCC Education LimitedV1.0
Files
Data
Usernames & passwords
Security Software Topic 8 -8.17
Worm
A worm is a program that can:
Reproduce
Execute independently
Travel across network connections
NCC Education LimitedV1.0
A virus is dependent upon the transfer of files
between computers to spread.
A worm can execute completely independently and
spread on its own accord through network
connections.
Security Software Topic 8 -8.18
Traffic Analysis Involves analysing the traffic on the network and
identifying important business information, such as:
Customers
Key personnel
NCC Education LimitedV1.0
General business information
-
7/27/2019 CN Topic 8
7/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 7
Security Software Topic 8 -8.19
Physical Threats - 1
May be deliberate or accidental
Deliberate:
NCC Education LimitedV1.0
Theft
Deliberate damage
Security Software Topic 8 -8.20
Physical Threats - 2
Accidental
Earthquake
Fire
NCC Education LimitedV1.0
Lightning
Power failure Equipment failure
Security Software Topic 8 -8.21
Phishing Emails that claim to be from a legitimate
organisation
Intended to fool a recipient into disclosing:
Usernames & asswords
NCC Education LimitedV1.0
Bank details
PIN numbers
Often used for fraud by purchasing items or
accessing bank accounts
-
7/27/2019 CN Topic 8
8/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 8
Security Software Topic 8 -8.22
Denial of Service
An attack on network availability Network is flooded with requests
Service is slowed or completely interrupted
NCC Education LimitedV1.0
Distributed Denial of Service
Results in large time delays, loss of customers, etc.
Costs the targeted organisation money
NCC Education LimitedV1.0
Computer Networks
Topic 8 Lecture 2:Security Countermeasures
Security Software Topic 8 -8.24
Countermeasures Authentication
Encryption
Digital signatures
-
NCC Education LimitedV1.0
Physical countermeasures
Firewall
Firewalls will be discussed in detail in the next
topic
-
7/27/2019 CN Topic 8
9/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 9
Security Software Topic 8 -8.25
Authentication
Identifies the person or system attempting toconnect to the network
Determines whether they are allowed to access the
network
NCC Education LimitedV1.0
Usually involves a challenge or challenges to the
user
The user supplies a response to each challenge
If correct, they are authenticated
Security Software Topic 8 -8.26
Authentication Methods
Username and password
Personal information
PIN
NCC Education LimitedV1.0
Smart card
Security Software Topic 8 -8.27
Encryption Involves changing the information into a form that
can only be recognised by the sender and intended
recipient
If the signal is intercepted by a third party, it should
NCC Education LimitedV1.0
.
The message is manipulated using a cipher or
encryption algorithm and deciphered at the
receiving end.
Encryption is a mathematical tool.
-
7/27/2019 CN Topic 8
10/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 10
Security Software Topic 8 -8.28
Private & Public Keys Private key encrypti on involves sender and
receiver both having the key: Need to distribute the key without unauthorised
users having access to it
Repeated use of the same key makes it easier to
NCC Education LimitedV1.0
crac .
Public key encryption involves two keys: The key used to encrypt is different from the key
used to decrypt.
The encryption key is made public, hence the
name
Security Software Topic 8 -8.29
Digital Signatures - 1
A digital signature provides assurance to the
recipient of a digital document transmitted over a
network that:
The document comes from the person that claims
NCC Education LimitedV1.0
to have sent it
The contents have not been modified since it was
sent
Security Software Topic 8 -8.30
Digital Signatures - 2 Closely related to digital certificates that are on
the Internet
A Certificate Authority attests the origins of a
website, piece of software, etc.
NCC Education LimitedV1.0
-
7/27/2019 CN Topic 8
11/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 11
Security Software Topic 8 -8.31
Using Digital Signatures A hashing function is used to create a
mathematical summary of the document. Sender uses a private key to encrypt the summary
Recipient calculates the same summary using the
same hashin function
NCC Education LimitedV1.0
Recipient uses the senders public key to decrypt
the signature
If the summary calculated by the recipient matches
the summary by decoding the signature, then the
document is genuine
Security Software Topic 8 -8.32
Virus Protection
Software protects against viruses, trojans, etc.
New viruses are continually being created.
Battle to protect from new viruses never ends
Virus writers, hackers etc. look to exploit
NCC Education LimitedV1.0
Operating systems
Software
Anti-virus software vendors are quick to create
updates to match the attackers.
Security Software Topic 8 -8.33
Using Virus Protection Install anti-virus software on all networked
machines.
Keep virus definitions up to date.
U date all software, includin o eratin s stems,
NCC Education LimitedV1.0
on networked machines to fix any security holes.
Educate all users not to open files from non-trusted
sources.
-
7/27/2019 CN Topic 8
12/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 12
Security Software Topic 8 -8.34
Physical Countermeasures Physically protecting the network by:
Choosing good quality hardware and equipment
Having well installed cabling
Install fire prevention and detection equipment
NCC Education LimitedV1.0
Preventing unauthorised access to building and
rooms
Using CCTV etc.
Have a data back-up and recovery procedure as
well
Security Software Topic 8 -8.35
The Security Policy
Most large organisations have a security policy.
Focuses attention on the importance of security
Shows management backing
NCC Education LimitedV1.0
Acceptable use policy
Authorisation levels Roles and responsibilities
Security Software Topic 8 -8.36
Acceptable Use Policy A set of rules that lay out how the network may be
used
New users should be asked to sign their
acceptance of the policy before being provided with
NCC Education LimitedV1.0
network access
Ideally, this should outline the sanctions on users
who break the policy
-
7/27/2019 CN Topic 8
13/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 13
Security Software Topic 8 -8.37
Authorisation
Authorisation is the function of specifying access
rights to resources for authorised users
A network should have a policy whereby users are
granted access to resources based upon their
NCC Education LimitedV1.0
, , .
This can be done in a number of ways, e.g.
Individually
Allocating user to a domain and allocating access
rights to a domain
Security Software Topic 8 -8.38
Roles and Responsibilities
A security policy should allocate specific functions
to specific job roles.
Roles should be allocated in such a way that fraud
is made difficult.
NCC Education LimitedV1.0
Actual roles and responsibilities depend upon:
Function of the organisation Size of the organisation
Security Software Topic 8 -8.39
Business Continuity Network security should also include an analysis of
the impact of network failure
Provision should be made to deal with network
failure
NCC Education LimitedV1.0
Mirrors of data and websites
Temporary switchboards
A balance of cost against effects of network failure
-
7/27/2019 CN Topic 8
14/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 14
NCC Education LimitedV1.0
Computer Networks
Topic 8 Lecture 3:
Security Software
Security Software Topic 8 -8.41
Network Security Software
Network security software covers many categories
including:
Intrusion detection software
Antivirus software
NCC Education LimitedV1.0
Vulnerability scanners
Packet sniffers
Firewalls
Security Software Topic 8 -8.42
Intrusion Detection Software (IDS) Such software prevents any suspicious software
from intruding into a computer system
Pur ose is:
NCC Education LimitedV1.0
To identify possible threats
To prepare a report or log about the threats
To furnish this report to the security administrator
To attempt to stop any loss due to the threat
-
7/27/2019 CN Topic 8
15/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 15
Security Software Topic 8 -8.43
Antivirus Software
Really should be called anti-malware
Prevents malicious software from attacking system
Most use signatures of viruses that have been
designed earlier
NCC Education LimitedV1.0
Can prevent suspicious programs from taking
control of the computer if they find code similar to
code present in its virus directory
Continuously update their virus database when a
new code or virus appears on a network
Security Software Topic 8 -8.44
Vulnerability Scanners
Computer program that looks for weaknesses in:
Computers
Computer systems
Networks
NCC Education LimitedV1.0
Applications
Purpose is to assess the vulnerabilities present in
one or more targets
Security Software Topic 8 -8.45
Packet Sniffers Software or hardware that can intercept and log
traffic passing over a digital network or part of a
network
As data streams flow across the network, the
NCC Education LimitedV1.0
sn er cap ures eac pac e an can:
decode the packet's raw data
show the values of various fields in the packet
analyse a packets content according to the
appropriate specifications.
-
7/27/2019 CN Topic 8
16/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 16
Security Software Topic 8 -8.46
Firewalls
A firewall can be implemented both as hardwareand software.
It acts as a filter that permits authorised messages
NCC Education LimitedV1.0
messages.
We will examine firewalls in detail in the next topic.
Security Software Topic 8 -8.47
Security Risks
Threats that lead to a loss in any form to an
individual or an organisation
Such losses may include: Loss of privacy
NCC Education LimitedV1.0
Identity theft
Financial loss
Negative impact on customer relations
Loss or damage of confidential data or information
Loss in profitability
Security Software Topic 8 -8.48
Managing Security Risks This can be modelled as a three stage process:
Identify and analyse security risks
Risk assessment
Risk mana ement
NCC Education LimitedV1.0
Most security risk management systems are
designed to comply with international standards
-
7/27/2019 CN Topic 8
17/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 17
Security Software Topic 8 -8.49
Identify & Analyse Risks
The purpose of risk identification and analysis is tounderstand the possible threats that can be used
against any possible vulnerability in the security
architecture of the organisation.
NCC Education LimitedV1.0
Organisations often have multiple layers of
security.
Vulnerability scanners can be used for this
purpose.
Security Software Topic 8 -8.50
Risk Assessment
Identifies problems
Measures the likelihood of the security threat
Measures the impact of a security threat
NCC Education LimitedV1.0
impact determine how important each threat is to
an organisation.
Security Software Topic 8 -8.51
Risk Management Designing security measures against known and
possible threats is time consuming and expensive.
Most information security risk management
systems are designed to comply with international
NCC Education LimitedV1.0
.
These attempt to build safe and sound information
transfer methods and environments.
Continuous updating of these systems makes them
expensive and time consuming.
-
7/27/2019 CN Topic 8
18/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 18
Security Software Topic 8 -8.52
International Standards
ISO/IEC 27001 Information Security Auditable international standard which defines the
requirements for an Information Security
Management System (ISMS)
NCC Education LimitedV1.0
Designed to ensure the selection of adequate and
proportionate security controls
Helps to protect your information assets and give
confidence to customers
Security Software Topic 8 -8.53
Balancing Risks
Every organisation needs to decide what level of
security it needs
The two extremes are:
Total securit difficult to use
NCC Education LimitedV1.0
,
Total access, not secure
A policy needs to define how security will beenforced
Security Software Topic 8 -8.54
Spam Blocking spam is one of the biggest challenges that
organisations face.
Studies suggest that over 90% of all email traffic is
spam.
NCC Education LimitedV1.0
of spam.
Hardware is available for this purpose, known as
an anti spam appliance, and is usually operating
system independent.
-
7/27/2019 CN Topic 8
19/20
Topic 8 - Security Software Computer Networks
V1.0 Visuals Handout Page 19
Security Software Topic 8 -8.55
Small Business Security
There are a number of security features that are
ideal for a small to medium sized business:
A fairly strong firewall
Strong antivirus software and Internet Security
NCC Education LimitedV1.0
Use strong passwords and change on a monthly basis
When using a wireless connection, use a very strong
password
Raise awareness about physical security to employees
Use tools to monitor the network traffic
Security Software Topic 8 -8.56
College Security
Extra features are ideal for colleges and schools:
A firewall that allows authorised users access from
the outside and inside
Wireless connections that lead to firewalls
NCC Education LimitedV1.0
access for children
Supervision of network to guarantee updates Constant supervision by teachers, librarians, and
administrators to guarantee protection against
attacks and also to supervise users
Security Software Topic 8 -8.57
Security Software Vendors There are many
Some software is free
Some is expensive
NCC Education LimitedV1.0
Is it the best available?
-
7/27/2019 CN Topic 8
20/20
Topic 8 - Security Software Computer Networks
Security Software Topic 8 -8.58
References
Price B. (ed) (2003). Networking Complete, 3rdedition, Sybex.
Tanenbaum, A.S. & Weatherall, D.J. (2010).
Computer Networks, 5th edition, Pearson
NCC Education LimitedV1.0
Education.
International Organization for Standardization:
http://www.iso.org
Security Software Topic 8 -8.59
Topic 8 Security Software
NCC Education LimitedV1.0
Any Questions?