Introduction to Systems and Network Security

1
Introduction to Systems and Network Security
Course Given By Learning Tree
International New York Education Center
April 12 - April 15th ,
2005 CBS Black Rock Building
51 West 52nd Street ( 18th
Floor ) New York , NY
10019 Attended by Louis J. Bottino
ACB-560
2
Introduction to Systems and Network Security

• Introduction to Internet and System Security
• A Cryptography Primer
• Authentication
• System Intrusion
• Network Intrusion
• Network Confidentiality
• Security Administration
• Course Summary
• Course Evaluation

3
Introduction to Systems and Network Security

• Introduction to Internet and System Security
• - The Why, What and Who of Security
• - A Security Model
• - Formulating A Security Policy
• - Risk Analysis

4
Introduction to Systems and Network Security

• Introduction to Internet and System
  Security
• Today Many Large Corporations, Government
  Entities, and the
• Military are Studying the Why, What and
  Who of Security
• (1) The Costs of Computer Security
  Breaches Can Be Massive
• (2) When a Large Company Experiences
  a Security Breach
• (a) Business Can Be Stolen
  by Competitors
  
• (b) Loss of Reputation Can
  Occur
• (c) Network Service Can Be
  Stopped or Degraded
• (3) All Companies and Business
  Regardless of Size Should Have a
• Disaster Recovery Plan in
  Place.

5
Introduction to Systems and Network Security

• Introduction to Internet and System
  Security
• The Definition of Computer Security
  
• A System or Network is Secure If
  You Can Trust the Accuracy
• and Confidentiality of the Data, and
  the System Behaves as Expected
• We Are Protecting - Stored
  Information
• -
  Accuracy of Information
  
• -
  Information Value
  
• -
  Organizations Privacy
  
• We Are Protecting from - Hackers
  
  
  
• 
  - Criminal Intruders
  
• 
  - Corporate Raiders
  
  
• 
  - Insiders
  
  
• 
  - Contractors
  

6
Introduction to Systems and Network Security

• Introduction to Internet and System
  Security
• The Latest Accepted Security Model
  Includes These Types of
• Intrusion - (a) Masquerade
  (c) Modification
• (b) Interception
  (d) Denial of Service
• To Prevent Masquerade - We Have
  Authentication, The Process of
• Verifying an Identity Claimed by or
  For a System Entity
• To Prevent Interception - We Have
  Confidentiality, The Property
• That Information Is Not Disclosed to
  Unauthorized Individuals.
• To Prevent Modification - We Have
  Integrity, The Property
• That Data Has Not Been Changed,
  Destroyed or Lost.
• To Prevent Denial of Service - We
  Have Availability, The Property
• of Being Accessible and Usable Upon
  Demand By an Authorized
• Entity.

7
Introduction to Systems and Network Security

• Introduction to Internet and System
  Security
• Private Companies, the Government
  Entities and the Military Have
• All Started to Formulate Internet and
  Computer Security Policies.
• (1) Policy Design Requires a
  Thorough Understanding of the
• Potential Risks
• Approach To Security Policy
• (1) No Two Organizations Have the
  Same Requirements. Risks,
• Costs and Threats, All Vary
  With Circumstance.
• Threat Reduction
• (1) Threat Reduction Is The Process
  of Evaluating All Possible
• Risks and Eliminating Those
  That Are Not Relevant To Your
• Organization.

8
Introduction to Systems and Network Security

• Introduction to Internet and System
  Security
• There are Four Approaches To Risk
  Management. We Can
• (a) Ignore The Risk
• (b) Accept The Risk
• (c) Defend Against the Risk
• (d) Pass On the Risk
• Defending Against the Risk
• (1) Any Security Policy Must
  Address All The Issues Related to
• This Risk
• (2) A Technology-Based Solution
  is Invariably the Preferred
• Solution
• (3) After Identifying The Acceptable
  Risk, Mitigating Impact and
• Deployed Defenses Against
  Defendable Risks, What Is Left Is
• Residual Risk.

9
Introduction to Systems and Network Security

• A Cryptography Primer
• - Symmetric Encryption
• - Asymmetric Encryption
• - Hash Functions
• - Digital Signatures

10
Introduction to Systems and Network Security

• A Cryptography Primer / Symmetric
  Asymmetric Encryption
• Encryption - Process Designed For Exchanging
  Confidential Information
• (1) Information Entering The Encryptor
  Is Called Cleartext
• (2) Encrypted Information I Known As
  Ciphertext
• (3) Decryption Is Task Of Turning The
  Ciphertext back Into Cleartext
• Algorithmic Encryption Systems
• Relationship Between Cleartext /
  Ciphertext Depends On An Algorithm
• 
  
• Keyed Encryption
• Relationship Depends On An Algorithm And a
  Key , Only Key Changed
• Initialization Value ( IV )
• When Same Data Is Encrypted At Different
  Times Produces Different
• Ciphertext

11
Introduction to Systems and Network Security

• A Cryptography Primer / Symmetric
  Asymmetric Encryption
• Symmetric Encryption - Key A and Key B
  are Identical.
• Asymmetric Encryption - Key A and Key B
  are Different
• General Types of Encryption (1) Stream
  I (2) Block
• RC4 Encryption Method
  
  
• Uses Cipher Stream , Popular Because Its
  Fast , Easy To Implement
• and Difficult to Attack
• DES Is The U.S. Data Encryption Standard
  
  
• Uses Block Ciphers With Blocks of 64
  Bits , Later Replaced With The
• Advanced Encryption Standard (AES)
• Triple DES
• Uses Two Keys To Encrypt the Data Three
  Times

12
Introduction to Systems and Network Security

• A Cryptography Primer / Symmetric
  Asymmetric Encryption
• Additional Symmetric Encryptions
• Blowfish - Uses An Open Source Algorithm
  and 64-bit Block Cipher
• with a Variable-Length Key
• Twofish - Uses An Open Source Algorithm
  and and 128-bit Cipher
• with Three Possible Key Lengths
• IDEA - International Data Encryption
  Algorithm Block Cipher With
• Fixed Block and Key Lengths
• Issues With Symmetric Encryption Systems
  
• (1) Key Distribution How Do Parties Far
  Apart Share a Key
• (2) Repeated Use of the Key - If The
  Key is Used For Multiple
• Messages The Key Can Be Cracked.

13
Introduction to Systems and Network Security

• A Cryptography Primer / Symmetric
  Asymmetric Encryption
• Asymmetric Encryptions Solve the Key
  Distribution Problem. The Public Key
  Encryption Is The Most Common Form
• (1) Two Keys Are Used Public and
  Private. Both Form are a Key Pair.
• (2) Data Encrypted with the Public
  Key Can Only Be Decrypted
• with the Corresponding Private
  Key
• (3) Public Key Encryption Can Check
  For Confidentiality
• (4) Public Key Encryption Can Check
  For Authentication

14
Introduction to Systems and Network Security

• A Cryptography Primer / Symmetric
  Asymmetric Encryption
• Additional Asymmetric Encryptions
• D-H Key Generation Another Solution to
  The Key Distribution Problem. Provides For
  the Sharing of a Secret on Both Sides.
  Also Only Works In One Direction.
• RSA Asymmetric Encryption - Allows
  Encryption Using Either Key
• Slow Relative To Symmetric Encryption.
  Session Key Encrypts Body
• of Message.
• Pretty Good Privacy (PGP) - Used To
  Encrypt the Message Itself. Modern PGP Uses D-H
  to Generate a Shared Session Key.
• Issues With Asymmetric Encryption
  Systems
• (1) Subceptible To Bucket Brigade or
  Man-Inthe-Middle Attacks.
• (2) What Happens If A Private Key Is
  Stolen ?
• (3) How Can A Recipient Be Sure That
  a Given Public Key
• Belongs to a Particular
  Individual.

15
Introduction to Systems and Network Security

• A Cryptography Primer / Symmetric
  Asymmetric Encryption
• Distribution of Public Keys
• Many Systems Distribute Public Keys
  Using X.509 Digital Certificates
• Public Key Infrastructure ( PKI ) -
• Essentially The Ability To Trace Public
  Key Ownership To An Individual or Service.
• Elliptic Curve Cryptography (ECC)
• (1) Fairly New Form of Public Key
  Encryption. Based on The
• Properties of a Class of
  Mathematical Functions
• (2) Mathematics Easy , Reversing
  Functions Difficult.
• (3) Used In Smart Cards and
  Telephones
• (4) While Concepts are Complex ,
  Implementations are
• Computationally Fast.
• .

16
Introduction to Systems and Network Security

• A Cryptography Primer / Hash Functions
• Hash Functions Used To Ensure The
  Integrity of Information
• (1) Unlike Encryption Hashing Cannot Be
  Reversed
• (2) Sometimes Called Messages Digests
  Because The Hash of a
• Large Message Is Generally Small
• Cryptographic Hash Functions -
• (a) Computationally Difficult and
  Impossible to Recover Result
• (b) Size of Hash Small With Respect
  to Data.
• (c) When a Shared Secret is Hashed
  With Data We Have a
• Hashed Message Authentication
  Code ( HMAC)
• (d) The MD-5 More Secure Than Previous
  Forms of Algorithms
• (e) Secure Hash Algorithm (SHA) New
  Government Standard With

17
Introduction to Systems and Network Security

• A Cryptography Primer / Digital Signatures
• If Alice Encrypts the Hash Message
  With Her Private Key, Bob Can
• Verify That Alice Had Hashed the
  Message. When Alice Adds More
• Information She Creates A Digital
  Signature.
• Methods For Creating Digital
  Signatures
• (a) Hashing Algorithms
• (b) Encryption Algorithms
• Speed Restricts The Use Of Digital
  Signatures For Streaming Data.
• Message Authentication Code (MAC)
• (1) Used As an Alternative To Digital
  Signatures In Real-Time.
• (2) Generated By Combining An
  Authentication Key With the Data
• Before Hashing
• (3) Receiving Party Generates The MAC
  Locally and Compares With
• One Attached to Message.

18
Introduction to Systems and Network Security

• Authentication
• - User Authentication
• - Host Authentication
• - Authentication Workshop

19
Introduction to Systems and Network Security
Introduction to Systems and Network Security
Authentication / Introduction
Authentication - The Process of
Verifying An Identity Which Is Claimed By Or
For A System Entity Two Steps To
Authentication Process (1) Presenting
Identifier To The Security System. (2)
Generating Information That Collaborates
Binding Between Entity and
Identify Usernames and Passwords
(1) User Authentication Involves Logging-in
to a Computer or Network. (2) Passwords
Are Usually Stored As A Hash. (3)
Username Provides Identification For User,
But Password Provides Information
That Can Be Verified.

20
Introduction to Systems and Network Security
Introduction to Systems and Network Security
User Authentication / Attacks And
Countermeasures There Are Five Main
Methods For Attacking Static Passwords -
(a) Social Engineering (b) Guessing
Passwords (c) Cracking Passwords
(d) Trojan Horses (e) Replaying
Used Passwords The Crack Utility -
Widely Used Tool For Checking User
Passwords For Quality Trojan
Horses Prints The Systems Usual
Username / Password Prompts And Collects Login
Attempts (1) Programs Left Running
After A User Leaves A Workstation (2)
Computers Impersonating Others (3)
Clever Trojan Horses Actually Allow The Login
To Complete To Avoid Alerting The
User.

21
Introduction to Systems and Network Security
Introduction to Systems and Network Security
User Authentication / One Time Passwords
Biometrics (1) S /Key - Mechanism For
One-Time Passwords Uses Most Common
Repeated Hash Algorithm (2) One-Time
Passwords In Everything (OPIE )
Popular Implementation and Compatible With S
/Key (3) Electronic Token
Token is Synchronized With Similar Device
At The Host Comptr Another Type of
Authentication is Biometrics -

(a) Fingerprint (b) Hand Shape (c)
Retina Pattern (d) Iris Pattern (e)
Voiceprint

22
Introduction to Systems and Network Security
Introduction to Systems and Network Security
Host Authentication / Names and Addresses
Main Threat to Host Authentication Is
That a Host Will Masquerade As An Authorized
Host . This Known As Spoofing .
Internet Protocol (IP) Addresses (1)
Convey Information on Host ID And Location.
(2) Each IP Address Must Be Unique
Domain Name System (DNS) - Names Are
Resolved By Contacting a Server. IP
and Media Access Control (MAC) Address, LAN
Address, Physical Address Address
Resolution Protocol (ARP) Dynamic Method
to Map IP Addresses to MAC Addresses.

23
Introduction to Systems and Network Security
Introduction to Systems and Network Security
Host Authentication / Names and Addresses
Countermeasures to Address Spoofing -
(a) Spoof Detection (b) Static
Address Mapping (c) Using an
ARP Server (d) Dont Rely on Address
as The Only Source of Host
Authentication (e) Duplicate Address
Detection ( DAD ) - Protocol
Implementations that Detect and Report
Spoofing Downside Disconnection
from the Network (f) Static
Address Mapping - Most
Implementations of TCP/ IP Allow for Manual
(Static) Entries in the Address
Mapping Table.

24
Introduction to Systems and Network Security
Introduction to Systems and Network Security
Host Authentication / Strong Authentication
Additional Countermeasures to Address
Spoofing - An IP Address Alone Not A
Secure Authentication Technique So
We Have Three Main Techniques For This -
(a) IP sec - Proves the Ownership of
the IP Address (b) Kerberos -
Proves Application is Running for the User.
(c) Digital Certificates - Token
Provided By a Trusted Third Party
Three Major Tools Exist For Strong Host
Authentication (a) IP sec (b) Kerberos
(c) Applications Based on PK Cryptography
Kerberos Is A Trusted Third-Party
Authentication Service - Included in
Many UNIX TCP /IP Implementations -
Part of Windows 2000/2003 TCP/IP
Implementation IEEE 802.1x is a Newer
Protocol for Authenticating Access to
Ports.

25
Introduction to Systems and Network Security

• System Intrusion
• - File Permissions
• - File Encryption
• - OS Hardening
• - Viruses and Other Malware
• - System Logging

26
Introduction to Systems and Network Security

• System Intrusion / Access Control File
  Permissions
• There Are Three Types of Access
  Control -
• (a) Discretionary Access Control ( DAC
  )
• (b) Mandatory Access Control ( MAC)
• (c) Role-Based Access Control ( RBAC
  )
• Permissions are Usually Set By the
  Owner of a Resource
• (1) DAC Approach - No One Else Knows
  Appropriate Settings
• (2) File Permissions Should Be Set
  as Restrictively as Possible
• (3) Many Tools Exist For Auditing
  the Permissions of Systems Files
• ( i.e. Computer Oracle and
  Password System (COPS) an Older
• Tool For UNIX Systems )

27
Introduction to Systems and Network Security

• System Intrusion / File Encryption
• Cryptography Has Two Main Uses On An
  Operating System
• - Protecting The Confidentiality of
  Data Files
• - Checking The Integrity of System
  Files
• (1) Many Text Editors And Word
  Processors Provide Some Sort of
• Encryption
• (2) Microsoft Word , Wordperfect, and
  VI have Password-Protection
• Schemes As Other Applications.
  ( i.e. WinZip )
• Encryption Utility
• - PGP Disk is an Encryption
  Application That Enables a User to
• Set Aside an Area of Disk Space
  For Storing Sensitive Data.
• Data Recovery
• - The Recovery Process Allows
  Decryption of a File Without
• Having The Private Key of The
  User Who Encrypted The File.

28
Introduction to Systems and Network Security

• System Intrusion / Disk Management
• Systems That Have Poorly Managed
  Disk Usage Can Be Attacked
• By Filling The Disk With Data.
  This Is Called a Data Flood .
• This Can Be Done By - (1)
  Sending Large e-Mail Messages
• 
  (2) Uploading Large Files With FTP
• - If Not Remedied Programs Writing
  to the Disk Are Blocked
• and Processing May Slow Down.
• - Most Multiuser OS Prevent this
  With Disk Quotas .
• - Many UNIX Systems and Windows
  2000 / 2003 Come With
• Quota Software

29
Introduction to Systems and Network Security

• System Intrusion / Viruses and Other Malware
• Typical Effects of a Virus On a
  Computer System Include
• (a) Denial of Service (DOS) or
  Performance Degradation
• (b) Compromise of Security
  Settings
• (c) Release of Confidential
  Information
• (d) Deletion or Modification of
  Files
• (e) Backdoor Access to Your
  Computer, or Computer Controllable
• Hacker. Can Be Used As a
  Zombie.
• Viruses Can Be Imported From
• (a) Floppy Disk , (b) E-mail ,
  (c) The Web
• Virus is Also Commonly Referred
  to in Other Types of Malware
• (a) Trojan Horses
• (b) Worms
• (c) Hostile Macros

30
Introduction to Systems and Network Security

• System Intrusion / Viruses and Other Malware
  Continued
• Hostile Macro
• A Program or Code Segment Written
  in the Macro Language of
• an Application. Some Macros
  Replicate While Others Damage
• Documents.
• Searching Existing Viruses -
• Both UNIX and Microsoft Windows
  Have Software to Scan For
• Viruses ( i e. One Method
  Verifying file Checksums ) Some of
• These Software Packets Include
  
• (a) ISS Safe Suite ( S2) and
  COPS for UNIX Platforms
• (b) Norton Anti Virus, McAfee Virus
  Scan for Win32 Platforms
• - Most Systems Have Software
  Available to Detect Specific Viruses
• by Signature.
• - Some Viruses May Be Detected
  Generically

31
Introduction to Systems and Network Security

• System Intrusion / Viruses and Other Malware
  Continued II
• Firewall and Mail Systems Can Be
  Used to Check for Viruses
• - Both Are Effective Because Data
  Must Pass Through One Point
• - Running Anti-Virus Software on
  Servers, Workstations and
• Firewalls / Mail Gateways Helps
  Ensure Protection
• Adware Comes in Three Different
  Forms
• (1) Ads on Web Pages That Report
  Back To Their Sponsors
• (2) Single-Pixel Images Embedded
  in Web Page
• (3) Collections of Ads Downloaded
  to Your Computer and
• Displayed by Software on Your
  Computer.
• Spy ware Can Be Used To Watch
  Activity on Your System
• (1) Keystrokes (2) Web Sites
  Visited (3) Files
• Log Files are Invaluable When
• (1) Detecting Intrusions

32
Introduction to Systems and Network Security

• Network Intrusion
• - Network Vulnerabilities
• - Network Denial of Service
• - Firewalls
• - Personal Firewalls
• - Intrusion Detection Systems

33
Introduction to Systems and Network Security

• Network Intrusion / Network Vulnerabilities
• Network Service Scanning - One Way to
  Verify Which Services Are Running Is to Use
  a Network Scanner. Some Will Identify Which
  TCP / UDP Ports Are Open.
• - Its Essential to Check That
  Services Have Not Been Replaced With
• Trojan Horse Programs.
• - Check For Trojan Horses Using 1)
  FTP 2) Telnet
• If the Latest Network Service Security
  Patches are Not Installed
• Network Services May Be Vulnerable to
  -
• (a) Worms ( i.e. the infamous code
  red worm )
• (b) Buffer-Overflow Attacks (
  Parameters That Are Larger Than
• Expected May Behave In an
  Unpredictable Manner )
• (c) Denial of Service Attacks

34
Introduction to Systems and Network Security

• Network Intrusion / Network Denial of
  Service
• Protecting Against Denial of Service
  is One of the Most Difficult
• Tasks, There Will Always Be Some
  Residual Risk.
• - Not All Denials of Service Are
  Intentional - Some May Be Caused
• By a Configuration Error
• - One Such Attack is Caused by
  Duplicate IP Addresses
• With Your Internal Network , You Have
  Control Over Who Has Access
• (1) It is Physically Under Your
  Control ( the exception is wireless
• networks )
• (2) Likelihood of Detection is Also a
  Deterrent
• With External Network Connections, No
  Such Physical Security
• (1) Anyone With An Internet Connection
  Can Launch The Attack
• (2) Very Difficult to Identify the
  Actual Source

35
Introduction to Systems and Network Security

• Network Intrusion / External DoS Attacks
• External Attacks Fall Into Three
  Main Categories
• (1) Disruption of IP Services
• (2) Resource Bombardment
• (3) Specific Protocol Attacks
• Attacks On Protocols or Applications
• - Most Protocol Stacks And
  Applications Were Not Initially
• Designed With Security In Mind
• - Many Recent Attacks Have Focused
  On Vulnerabilities In
• Protocols and Applications Due to
  The Lack of Concern For
• Security
• - The TCP Reset Attack \as Described
  in
• http // kerneltrap.org/node/3072
  is an Example of the Design
• Weakness in the TCP Protocol.
• - Many Other Vulnerabilities Exist
• It Is Essential That the Latest
  Implementations and Patches Are
• Used.

36
Introduction to Systems and Network Security

• Network Intrusion / Firewall Technologies
• One Access Control Device That
  Restricts Access To Your Host
• Computer is Known as a Firewall.
• (1) A Firewall Provides a
  Controlled Separation Between Networks
• of Different Levels of Trust
  
• (2) There Are Several Different
  Technologies That Can Be Used In
• a Firewall
• The Four Main Technologies Are
• (a) Stateless Packet Filters
• (b) Stateful Packet Filters
• (c) Circuit-Level Gateways
• (d) Application Proxies

37
Introduction to Systems and Network Security

• Network Intrusion / Firewall Technologies
  II
• Stateless Packet Filtering -
• (1) This Technology is Used in Many
  Firewalls. It Is Usually Used
• in Combination With a Device
  Based on Another Technology.
• (2) Works By Passing or Blocking
  Packets Based On Any
• Combination of File
  Parameters Such as Source Address,
• Source Destination, etc
• (3) Called Stateless Because The
  Pass/ Block Decision is Made
• Only On The Contents of the
  Packet Being Processed.
• Stateful Packet Filters
• (1) The Action of Stateful Packet
  Filters is Often Called Stateful
• Packet Inspection (SPI) .
• (2) Stateful Packet Filters Can
  Allow Or Deny Packets Based on
• (a) Contents of The Current
  Packet
• (b) Contents of the Previous
  Packets

38
Introduction to Systems and Network Security

• Network Intrusion / Firewall Technologies
  III
• Circuit Level Gateways (CLGs) -
• (1) Circuit Level Gateways Work at
  The Transport Level.
• (2) Caller Connects to a TCP Port
  On The Gateway
• (3) Gateway Connects to Destination
  on The Other Side
• Application Proxies
• (1) Sometimes Referred to as
  Application Level Gateways (ALGs)
• (2) Usually Have Deliberately
  Limited Capabilities
• Choice of Firewall Technologies Is
  Often Between Application
• Proxies and Stateful Filters
• Most Current Firewall Products Offer
  Very Similar Functionality
• (a) Many Firewall Products are
  Hybrids
• (b) Stateful Packet Filters Include
  Proxies For Some Protocols
• (c) The Technology Deployed Is
  Often Hidden

39
Introduction to Systems and Network Security

• Network Intrusion / Firewall Architectures
• The Best Firewall Architecture For
  An Organization Depends On
• (1) Security Requirements
• (2) Kinds of Information Services
  To Be Supported
• (3) Expected Traffic Levels
• Firewall Architecture Requirements
• (1) The Internal Access to External
  Services Limited to Authorized
• Users
• (2) Very Restricted External Access
  to Internal Network
• Types of Firewall Architectures
• (1) The Classic Firewall
  Architecture
• (2) Belt and Braces Firewall
• (3) The Chapman Architecture
• Other Protection Devices Include
• (1) Personal Firewalls
• (2) Intrusion Detection Systems

40
Introduction to Systems and Network Security

• Network Confidentiality
• - LAN Confidentiality
• - Exterior Network Confidentiality

41
Introduction to Systems and Network Security

• Network Confidentiality / LAN
  Confidentiality
• Protocol Analyzer Software
• (1) This Software Allows Any Host to
  Capture All LAN Traffic
• (2) Only Countermeasures Can Be Used to
  Stop Traffic From Reaching
• Snooping Hosts or to Encrypt
  All Data
• (3) Not Only Can Sensitive Information
  Be Captured, But Many Login/
• Password Sequences Are Sent
  Unencrypted
• Note Routers Have Information Based
  on IP Addresses
• and Switches Have Information Based
  on MAC Addresses
• There Are Three Possible Attack
  Sources
• (a) Legally Connected Hosts
• (b) Illegally Connected Hosts
• (c) Non-Connected Hosts

42
Introduction to Systems and Network Security

• Network Confidentiality / LAN
  Confidentiality
• Wireless LAN Issues
• (1) Wireless LANs Have a Special Set
  of Problems
• (2) By Definition , No Physical
  Contact to the Network is Required
• (3) The Most Common Wireless LANs Are
  Based on the IEEE 802.11b
• Standard.
• (4) IEEE 802.11x Has An Associated
  Private Mechanism Called Wired
• Equivalent Privacy (WEP)
• Wireless LANs Are Critical to Many
  Organizations Infrastructures
• (a) Improvements in Wireless
  Security Began in 2001.
• (b) First Improvement Was WEP2,
  Renamed Temporal Key Integrity
• Protocol (TKIP)
• The Only Step That You Can Take to
  Avoid Potential Eavesdropping
• of Traffic Leaving Your Organization
  is to Encrypt Data.
• (a) At the Source Host
• (b) At the Firewall

43
Introduction to Systems and Network Security

• Network Confidentiality /
  Encryption Services
• One Issue That Must Be Decided Is
  Where Encryption Will Occur
• (1) Application Encryption ( i.e.
  PGP Has This Capability )
• (2) Middleware Encryption ( i.e.
  Usually Provided At The Transport
• Layer )
• (3) Encryption At The Network Layer
  ( IP Sec Provides Encryption
• At The Network Layer )
• The Encryption of Data For Network
  Confidentiality Is Often
• Provided By a Virtual Private Network
  (VPN)
• (1) Allows Secure Communication Of
  Data Across a Non-Secure
• Network
• (2) Usually Allows Authentication
  And Integrity Services
• IP Sec Can Provide The Following
  Security Features
• (a) Authentication (b)
  Confidentiality (c) Integrity (d) Replay
• One Issue With Any Encryption System
  Is Where The Encryption

44
Introduction to Systems and Network Security

• Security Administration
• - The Necessity of Ongoing Security
  
• Management
• - Logs and Logging
• - How to Response to Incidents
• - The Important of Keeping Current

45
Introduction to Systems and Network Security

• Security Admin / The Necessity of Ongoing
  Security Management
• The Most Critical Factor In Ongoing
  Security Management Is Planning
• The Objective of The Plan Is to Define
  How You Are Going To
• Manage The Risks That You Have
  Identified -
• (a) Accepted Risks
• (b) Defensible Risks
  
  
• (c) Residual Risks
• Security Administrators Generally Log
  For Different Reasons
• (a) Trouble shooting (b) Legal
  Reasons (c) Intrusion Detection and
• 
  Attack
  Recovery
• Intrusion Detection Systems That
  Process Logs Generally Look For
• Anomalies
• (a) Excessive Login Failures
• (b) Multiple Attempts To Access
  Non-Existent Systems
• (c) Attempts To Exploit Known Bugs

46
Introduction to Systems and Network Security

• Security Administration / How To
  Response To Incidents
• There Are Six Basic Steps To Incident
  Response That Need To Be In
• Your Policy
• (1) Tbe Actual Preparation And
  Planning ( Planning )
• (2) Deciding Who Should Be Notified
  of What ( Notification )
  
• (3) Assessing The Seriousness of the
  Event ( Assessment )
• (4) The Actual Steps Taken During
  The Event ( Handling )
• (5) Steps To Take During The Aftermath
  ( Aftermath )
• (6) An Assignment of Responsibility
  ( Responsibility )
• The Site Security Handbook ( RFC 2196 )
  Makes Specific
• Recommendations For Each of These Areas
• Computer Security Incidents Require
  Preparation As Does Any
• Other Disaster Incident

47
Introduction to Systems and Network Security

• Course Summary
• The Strengths And Weaknesses of Computer
  and Network Security Systems
• Common Methods of Attack Used Against
  Computer Systems and Networks
• Which Countermeasures to Deploy
  Against Common Threats
• Some Tips For Organizing A Security
  Policy For Your Organization