Please enable JavaScript.
Coggle requires JavaScript to display documents.
NETWORK SECURITY (SECURITY ORGANIZATIONS ROLES (SANS Institute (The…
NETWORK SECURITY
SECURITY ORGANIZATIONS ROLES
Common criteria
to replace a number of existing country-specific security assessments and was intended to establish a single high-quality standard for international use.
The Common Criteria is an international standard for evaluating IT security.
(ISC)2
The International Information Systems Security Certification Consortium, Inc. (ISC2) is a nonprofit organization that maintains a collection of industry best practices for information security.
two Focus certifications that one can take after the CISSP, and then there is the new Certification and Accreditation Professional (CAP) certification.
FIPS
The Federal Information Processing Standard (FIPS) 140 is a U.S. and Canadian government standard that specifies security requirements for cryptographic modules.
SANS Institute
The SysAdmin, Audit, Network, Security (SANS) Institute was established in 1989 as a cooperative research and education organization.
develops and maintains research documents about various aspects of information security.
operates the Internet Storm Center, an early warning system for Internet security issues.
ICSA
ICSA Labs tests firewalls against a standard set of functional and assurance criteria elements.
ICSA Labs is presently testing firewalls and VPN devices on security measures.
ICSA certification exists to provide a set of measurable, public-domain standards for commercial security products.
US-CERT
The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors.
to protect the nation’s Internet infrastructure by coordinating defense against and responses to Internet security threats.
responsible for
Disseminating cyber threat warning information
Coordinating incident-response activities
Analyzing and reducing cyber threats and vulnerabilities
CERT/CC
plays a major role in coordinating responses to Internet security threats.
a reporting center for Internet security issues.
located at the Software Engineering Institute (SEI) operated by Carnegie Mellon University.
MALAYSIA CYBER LAW
Digital Signature Act 1997
secures electronic on internet
provides regulation of the public
exist due to increases of online transactions
Computer Crimes Act 1997
protect against the misuses of computers and computer criminal activities
Gain users trust in computer system
Telemedicine Act 1997
Ensures that only qualified medical practitioners can practice telemedicine
Provides the future development and delivery of healthcare in Malaysia.
Communications and Multimedia Act 1998
Ensures that information is secure , the network is reliable and the service is affordable all over Malaysia.
Ensures high level of user's confidence in the information and communication technology industry.
Copyright (Amendment) Act 1997
Electronic Commerce Act 2006
SOURCES OF THREATS
Internet and TCP/IP
Physical
Mobile and remote users
Phone attacks
Internal threats – organization
Social engineering
METHODS OF ATTACKS
Improper Input Validation
Sniffing Activities
Authentication Compromises
Exploiting Physical Access
Denial of Service (DoS)
Virus, Worms And Trojans
SECURITY THREATS
INSECURE ARCHITECTURES
A misconfigured network is a primary entry point for unauthorized users.
CENTRALIZED SERVERS
central server can allow access to the entire networks.
CATEGORIES:
Data modification
the data are being alter from its original form
Data availability
information easily gathered by hackers
Data disclosure
the internal data are being exposed to outside user
BROADCAST NETWORKS
Using hardware (hubs, switch, router) without implement protection to save the data that has been processed there
ACTIVITIES:
Cracking
Sniffing
Hacking
Spoofing
SECURITY POLICIES
Placed all network machine behind the firewall
Authenticate all network protocols
Restrict access to secure parts of the network using MAC address
Do not allow external traffic into secure network areas
Use VLAN for added levels of switch security
NETWORK SECURITY TRENDS
Wireless Access
the slow processors, small screens, and nonexistent keyboards on cell phones and personal digital assistants (PDAs) challenge many of the standard approaches to access, authentication, and authorization.
Radio frequency (RF) connections do not respect firewalls the way wired connections do.
The Need for Speed
Many businesses are finding that multiple T1 or E1 connections to the Internet no longer suffice.
IT Staffing Shortages
The application service provider (ASP) business model will become increasingly common in the security world.
ISO/IEC 17799
Code of practice for information security management, is an information security standard that is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
intended to be a common basis and practical guideline for developing organizational security standards and effective security management practices.
SECURITY METHODS
Logon
using strong password
Administration
– depending to the network security personnel
Data Communication –
restricted connection
File System
install security patches regularly such as firewall
INTERNET SERVICES
E-mail and news
Attaching and sending documents via email
Real time conferencing services
Teleconferencing - SKYPE
Remote access to hosts
Remote administration to servers
File transfer
Peer-to-Peer or Client-Server
THREATS TERMINOLOGY
Unauthorized Disclosure
An event involving the exposure of information to entities not authorized access to the information
Information Warfare
May involve collection of tactical information
Information Theft
Get the private information without any permission
Accidental Data Loss
Delete files unfortunately
THREAT ANALYSIS OF NETWORK SECURITY
Asset Identification
Information
Employee Password, Marketing System
People
Administrators, end-users
Technology
Server, desktop
Vulnerability Assessment
Security Control Check
identifying, quantifying and prioritizing network threats
Threat Identification
In System
Unauthorized access to information through networks.
SECURITY MODEL
RESTRICTIVE SECURITY MODEL
Assumes that the protected assets are substantial, some users are not trustworthy, and that threats are likely.
Suitable for LANs/public WANs that connect to the Internet.
Firewalls and identity servers become the foundation of this model.
Ease of use for users diminishes as security tightens.
More difficult to implement.
OPEN SECURITY MODEL
The easiest to implement.
Assumes that the protected assets are minimal, user are trusted, and threats are minimal.
Simple password and server security becomes the foundation of this model.
Suitable for LANs/public WANs that are not connected to the Internet.
If security breaches occurs, the result will be in great damage or loss.
CLOSED SECURITY MODEL
User access is difficult and cumbersome.
Need many train network administrator to maintain the tight security applied.
This model assumes that the protected assets are premium, all users are not trustworthy, and that threats are frequent.
All available security measures are implement in this design.
Most difficult to implement.
LEGAL ISSUES AND PIRACY
Legal liability in such cases is likely to depend on what prevention technologies and practices are available and on whether these technologies and practices are reasonably cost-effective to implement.
A hacker or a virus could be a potential liable to take down any business operation.
The biggest reason to create and follow a security policy is when doing a BUSINESS
CAUSES OF SUCCESSFUL ATTACKS
Lack of basic firewall port blocking
Lack of updating
Lack of basic password security
DEFINE
THE NEED FOR SECURITY
Network security is needed to
• Prevent unauthorized access to the network that is of potential threat to the network and its resources.
• Prevent unauthorized access to the network that is of potential threat to the network and its resources.
• Applications that can protect the network from unauthorized access are in place.
Potential risk to network security
Hostile nations/state
Terrorist
Criminal elements
Hackers or corporate competitors
ISSUES OF ON-LINE SECURITY
CATEGORIES
Data modification
An unauthorized person changed a user profile from an existed to non existed profile.
Data availability
A term used by computer storage manufactures and to describe products and services that ensure that data continues to be available at a required level of performance in situations ranging from normal through disastrous.
Data disclosure
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized inidividual
ACTIVITES
Cracking
The modification of software to remove or disable features which are considered undesirable by the person cracking the software, especially copy protection features (including protection against the manipulation of software, serial number, hardware key, date checks and disk check)
Spoofing
A spoofing attack is a situation in which a person or program successfully masquerades as another by tells lying data, to gain an advantage
Hacking
An unauthorized individual who gained access to or control over computer network security systems
Sniffing
Packet sniffing allows individuals to capture data as it is transmitted over a network.