NCC Education Limited V1.0 Computer Networks Topic 8: Security Software NCC Education Limited V1.0 Computer Networks Topic 8 Lecture 1: Network Security Threats Security Software Topic 8 - 8.3 Scope and Coverage This topic will cover: Network security threats Security countermeasures Securitysoftware NCC Education Limited V1.0 Security software Installing and configuring security software Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 2 Security Software Topic 8 - 8.4 Learning Outcomes By the end of this topic, students will be able to: Understand threats to the security of a network Describe a range of security countermeasures Install and configure essential software security NCC Education Limited V1.0 Install and configure essential software security measures Security Software Topic 8 - 8.5 Tasks of Network Security Must ensure the network offers: Privacy Integrity NCC Education Limited V1.0 Availability Security Software Topic 8 - 8.6 Network Privacy Network security should ensure that only authorised users can access network services. Transmitted data cannot be accessed by unauthorised users and/or is unintelligible to NCC Education Limited V1.0 unauthorised users. There are consequences if privacy is breached. Embarrassment Financial loss Company secrets Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 3 Security Software Topic 8 - 8.7 Network Integrity Network security should ensure that data transmitted on the network: Is not lost Is not modified NCC Education Limited V1.0 Is not modified Is not corrupted Security Software Topic 8 - 8.8 Network Availability Network security should ensure that the network is available for use: When needed Providingthe required services NCC Education Limited V1.0 Providing the required services Security Software Topic 8 - 8.9 Network Security Problems Software Protocol design System configurations Actions of people NCC Education Limited V1.0 Actions of people Accidents & natural events Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 4 Security Software Topic 8 - 8.10 Security Threats Eavesdropping Man-in-the-Middle Replay Virus Trojan NCC Education Limited V1.0 Worm Traffic Analysis Physical attacks/damage Phishing Denial of Service Security Software Topic 8 - 8.11 Eavesdropping Gaining access to information when not authorised to do so Can involve using an authorised users computer Could involve sophisticated approaches to listening NCC Education Limited V1.0 p pp g into the network In wireless networks, the signal can reach outside the physical boundaries of an organisation and be easy to access. Security Software Topic 8 - 8.12 Man-in-the-Middle - 1 A third party pretends to be one of the parties in a two-way conversation. Allows third party to listen to both sides of a conversation NCC Education Limited V1.0 Can modify information before transmission Messages that use a store and forward transmission method are particularly vulnerable. Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 5 Security Software Topic 8 - 8.13 Man-in-the-Middle - 2 NCC Education Limited V1.0 Security Software Topic 8 - 8.14 Replay Attack Attacker stores a set of messages for later use Can include username and password combinations Can be an attack on: NCC Education Limited V1.0 Privacy Integrity Availability Security Software Topic 8 - 8.15 Virus A malicious program that attacks a single computer or a network. Often attached to other files Attachments to emails NCC Education Limited V1.0 Embedded in image files Now also on mobile phones Some are not malicious as they do no real harm but are just created for mischief. Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 6 Security Software Topic 8 - 8.16 Trojan Often a program that appears harmless Used to gain unauthorised access to: Networks NCC Education Limited V1.0 Networks Files Data Usernames & passwords Security Software Topic 8 - 8.17 Worm A worm is a program that can: Reproduce Execute independently Travel across network connections NCC Education Limited V1.0 A virus is dependent upon the transfer of files between computers to spread. A worm can execute completely independently and spread on its own accord through network connections. Security Software Topic 8 - 8.18 Traffic Analysis Involves analysing the traffic on the network and identifying important business information, such as: Customers Key personnel NCC Education Limited V1.0 y p General business information Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 7 Security Software Topic 8 - 8.19 Physical Threats - 1 May be deliberate or accidental Deliberate: Fire NCC Education Limited V1.0 Fire Theft Deliberate damage Security Software Topic 8 - 8.20 Physical Threats - 2 Accidental Earthquake Fire Flood NCC Education Limited V1.0 Flood Lightning Power failure Equipment failure Security Software Topic 8 - 8.21 Phishing Emails that claim to be from a legitimate organisation Intended to fool a recipient into disclosing: Usernames &passwords NCC Education Limited V1.0 Usernames & passwords Bank details PIN numbers Often used for fraud by purchasing items or accessing bank accounts Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 8 Security Software Topic 8 - 8.22 Denial of Service An attack on network availability Network is flooded with requests Service is slowed or completely interrupted Canuse many sources to flood the network NCC Education Limited V1.0 Can use many sources to flood the network Distributed Denial of Service Results in large time delays, loss of customers, etc. Costs the targeted organisation money NCC Education Limited V1.0 Computer Networks Topic 8 Lecture 2: Security Countermeasures Security Software Topic 8 - 8.24 Countermeasures Authentication Encryption Digital signatures Anti-virus NCC Education Limited V1.0 Anti virus Physical countermeasures Firewall Firewalls will be discussed in detail in the next topic Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 9 Security Software Topic 8 - 8.25 Authentication Identifies the person or system attempting to connect to the network Determines whether they are allowed to access the network NCC Education Limited V1.0 Usually involves a challenge or challenges to the user The user supplies a response to each challenge If correct, they are authenticated Security Software Topic 8 - 8.26 Authentication Methods Username and password Personal information PIN Biometrics NCC Education Limited V1.0 Biometrics Smart card Security Software Topic 8 - 8.27 Encryption Involves changing the information into a form that can only be recognised by the sender and intended recipient If the signal is intercepted by a third party, it should be unintelligible NCC Education Limited V1.0 be unintelligible. The message is manipulated using a cipher or encryption algorithm and deciphered at the receiving end. Encryption is a mathematical tool. Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 10 Security Software Topic 8 - 8.28 Private & Public Keys Private key encryption involves sender and receiver both having the key: Need to distribute the key without unauthorised users having access to it Repeated use of the same key makes it easier to k NCC Education Limited V1.0 crack. Public key encryption involves two keys: The key used to encrypt is different from the key used to decrypt. The encryption key is made public, hence the name Security Software Topic 8 - 8.29 Digital Signatures - 1 A digital signature provides assurance to the recipient of a digital document transmitted over a network that: The document comes from the person that claims NCC Education Limited V1.0 to have sent it The contents have not been modified since it was sent Security Software Topic 8 - 8.30 Digital Signatures - 2 Closely related to digital certificates that are on the Internet A Certificate Authority attests the origins of a website, piece of software, etc. NCC Education Limited V1.0 Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 11 Security Software Topic 8 - 8.31 Using Digital Signatures A hashing function is used to create a mathematical summary of the document. Sender uses a private key to encrypt the summary Recipient calculates the same summary using the same hashing function NCC Education Limited V1.0 g Recipient uses the senders public key to decrypt the signature If the summary calculated by the recipient matches the summary by decoding the signature, then the document is genuine Security Software Topic 8 - 8.32 Virus Protection Software protects against viruses, trojans, etc. New viruses are continually being created. Battle to protect from new viruses never ends Virus writers, hackers etc. look to exploit vulnerabilities in: NCC Education Limited V1.0 vulnerabilities in: Operating systems Software Anti-virus software vendors are quick to create updates to match the attackers. Security Software Topic 8 - 8.33 Using Virus Protection Install anti-virus software on all networked machines. Keep virus definitions up to date. Update all software, including operating systems, NCC Education Limited V1.0 p , g p g y , on networked machines to fix any security holes. Educate all users not to open files from non-trusted sources. Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 12 Security Software Topic 8 - 8.34 Physical Countermeasures Physically protecting the network by: Choosing good quality hardware and equipment Having well installed cabling Install fire prevention and detection equipment Keeping wiring&equipment closets locked NCC Education Limited V1.0 Keeping wiring & equipment closets locked Preventing unauthorised access to building and rooms Using CCTV etc. Have a data back-up and recovery procedure as well Security Software Topic 8 - 8.35 The Security Policy Most large organisations have a security policy. Focuses attention on the importance of security Shows management backing Often includes key policies for users: NCC Education Limited V1.0 Often includes key policies for users: Acceptable use policy Authorisation levels Roles and responsibilities Security Software Topic 8 - 8.36 Acceptable Use Policy A set of rules that lay out how the network may be used New users should be asked to sign their acceptance of the policy before being provided with NCC Education Limited V1.0 network access Ideally, this should outline the sanctions on users who break the policy Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 13 Security Software Topic 8 - 8.37 Authorisation Authorisation is the function of specifying access rights to resources for authorised users A network should have a policy whereby users are granted access to resources based upon their grade department etc NCC Education Limited V1.0 grade, department, etc. This can be done in a number of ways, e.g. Individually Allocating user to a domain and allocating access rights to a domain Security Software Topic 8 - 8.38 Roles and Responsibilities A security policy should allocate specific functions to specific job roles. Roles should be allocated in such a way that fraud is made difficult. NCC Education Limited V1.0 Actual roles and responsibilities depend upon: Function of the organisation Size of the organisation Security Software Topic 8 - 8.39 Business Continuity Network security should also include an analysis of the impact of network failure Provision should be made to deal with network failure NCC Education Limited V1.0 Mirrors of data and websites Temporary switchboards A balance of cost against effects of network failure Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 14 NCC Education Limited V1.0 Computer Networks Topic 8 Lecture 3: Security Software Security Software Topic 8 - 8.41 Network Security Software Network security software covers many categories including: Intrusion detection software Antivirus software NCC Education Limited V1.0 Vulnerability scanners Packet sniffers Firewalls Security Software Topic 8 - 8.42 Intrusion Detection Software (IDS) Such software prevents any suspicious software from intruding into a computer system Purpose is: NCC Education Limited V1.0 p To identify possible threats To prepare a report or log about the threats To furnish this report to the security administrator To attempt to stop any loss due to the threat Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 15 Security Software Topic 8 - 8.43 Antivirus Software Really should be called anti-malware Prevents malicious software from attacking system Most use signatures of viruses that have been designed earlier NCC Education Limited V1.0 Can prevent suspicious programs from taking control of the computer if they find code similar to code present in its virus directory Continuously update their virus database when a new code or virus appears on a network Security Software Topic 8 - 8.44 Vulnerability Scanners Computer programthat looks for weaknesses in: Computers Computer systems Networks NCC Education Limited V1.0 Networks Applications Purpose is to assess the vulnerabilities present in one or more targets Security Software Topic 8 - 8.45 Packet Sniffers Software or hardware that can intercept and log traffic passing over a digital network or part of a network As data streams flow across the network, the iff t h k t d NCC Education Limited V1.0 sniffer captures each packet and can: decode the packet's raw data show the values of various fields in the packet analyse a packets content according to the appropriate specifications. Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 16 Security Software Topic 8 - 8.46 Firewalls A firewall can be implemented both as hardware and software. It acts as a filter that permits authorised messages to and froma systemwhilst blocking unauthorised NCC Education Limited V1.0 to and from a system whilst blocking unauthorised messages. We will examine firewalls in detail in the next topic. Security Software Topic 8 - 8.47 Security Risks Threats that lead to a loss in any form to an individual or an organisation Such losses may include: Loss of privacy NCC Education Limited V1.0 Identity theft Financial loss Negative impact on customer relations Loss or damage of confidential data or information Loss in profitability Security Software Topic 8 - 8.48 Managing Security Risks This can be modelled as a three stage process: Identify and analyse security risks Risk assessment Risk management NCC Education Limited V1.0 Risk management Most security risk management systems are designed to comply with international standards Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 17 Security Software Topic 8 - 8.49 Identify & Analyse Risks The purpose of risk identification and analysis is to understand the possible threats that can be used against any possible vulnerability in the security architecture of the organisation. NCC Education Limited V1.0 Organisations often have multiple layers of security. Vulnerability scanners can be used for this purpose. Security Software Topic 8 - 8.50 Risk Assessment Identifies problems Measures the likelihood of the security threat Measures the impact of a security threat A combination of probability of the threat and its NCC Education Limited V1.0 A combination of probability of the threat and its impact determine how important each threat is to an organisation. Security Software Topic 8 - 8.51 Risk Management Designing security measures against known and possible threats is time consuming and expensive. Most information security risk management systems are designed to comply with international standards NCC Education Limited V1.0 standards. These attempt to build safe and sound information transfer methods and environments. Continuous updating of these systems makes them expensive and time consuming. Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 18 Security Software Topic 8 - 8.52 International Standards ISO/IEC 27001 Information Security Auditable international standard which defines the requirements for an Information Security Management System (ISMS) NCC Education Limited V1.0 Designed to ensure the selection of adequate and proportionate security controls Helps to protect your information assets and give confidence to customers Security Software Topic 8 - 8.53 Balancing Risks Every organisation needs to decide what level of security it needs The two extremes are: Total security, difficult to use NCC Education Limited V1.0 Total security, difficult to use Total access, not secure A policy needs to define howsecurity will be enforced Security Software Topic 8 - 8.54 Spam Blocking spam is one of the biggest challenges that organisations face. Studies suggest that over 90% of all email traffic is spam. Software filters can be deployed to limit the amount NCC Education Limited V1.0 Software filters can be deployed to limit the amount of spam. Hardware is available for this purpose, known as an anti spam appliance, and is usually operating system independent. Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 19 Security Software Topic 8 - 8.55 Small Business Security There are a number of security features that are ideal for a small to medium sized business: A fairly strong firewall Strongantivirus software and Internet Security Software NCC Education Limited V1.0 Software Use strong passwords and change on a monthly basis When using a wireless connection, use a very strong password Raise awareness about physical security to employees Use tools to monitor the network traffic Security Software Topic 8 - 8.56 College Security Extra features are ideal for colleges and schools: A firewall that allows authorised users access from the outside and inside Wireless connections that lead to firewalls Compliance with laws and guidelines on Internet NCC Education Limited V1.0 Compliance with laws and guidelines on Internet access for children Supervision of network to guarantee updates Constant supervision by teachers, librarians, and administrators to guarantee protection against attacks and also to supervise users Security Software Topic 8 - 8.57 Security Software Vendors There are many Some software is free Some is expensive What does the college use? NCC Education Limited V1.0 What does the college use? Is it the best available? Topic 8 - Security Software Computer Networks V1.0 Visuals Handout Page 20 Security Software Topic 8 - 8.58 References Price B. (ed) (2003). Networking Complete, 3 rd edition, Sybex. Tanenbaum, A.S. & Weatherall, D.J . (2010). Computer Networks, 5 th edition, Pearson NCC Education Limited V1.0 Education. International Organization for Standardization: http://www.iso.org Security Software Topic 8 - 8.59 Topic 8 Security Software NCC Education Limited V1.0 Any Questions?
Hacking With Kali Linux : A Comprehensive, Step-By-Step Beginner's Guide to Learn Ethical Hacking With Practical Examples to Computer Hacking, Wireless Network, Cybersecurity and Penetration Testing