Introduction to Information Security

Network intrusion is when somebody is able
to get access to your network and of course, in order to do that, they have to get access
to one of your computers and one of your routers. You can have loss of data and by loss of data
that can occur for various reasons including an attack – by an attacker. For example, a
Denial of Service or Distributed Denial of Service attack or somebody breaking in to
your computer and actually just deleting the data. And, we also have loss of privacy and
that is somebody coming in and reading things which they shouldn’t be reading. And, if you
think about that, that can be, when we talk about an attacker, that could be somebody
who is external to the network, that is somebody who is not an employee of the company; it
could also be an employee of the company. And so, we can distinguish between those two
by saying that one is an Insider and one is an Outsider. And so, if you think about, who
is probably going to have the most capability of causing problems? That’s going to be an
insider. And so, that’s actually a huge problem. So, when you’re considering protecting your
network, you don’t just consider people trying to break in externally; you also have to consider
Insiders as well. So, the first step in defeating the enemy is to know your enemy. And so, what
exactly does that mean? There’s different levels of skill with respect to intruders
– both insiders and outsiders. You the novices who, you know, they call them Script Kiddies,
that can download a script and hit Go in order to try to attack your network or break into
your computer; and then you have the people who are very skilled and crafted and have
very – very talented means of not only breaking into your computer or your network, but they’re
also hiding their trail. And so you need to know a little bit about both of those so that
really means you need to be just as skilled as the attackers or as skilled as you can
be in order to understand what they’re doing and what they can do. Types of attackers.
Knowing the types of attackers helps you anticipate what could possibly happen to your network.
There’s different motivations for breaking into systems for example, status, is that
the attackers look at this as something to be bragged about is that “Oh, well I broke
in to IBM’s network, I broke into Microsoft’s network.” Revenge is that that’s a huge one
especially for Insiders. When somebody gets demoted or knows that they’re going to be
fired, one of the things they can do is try to screw up a computer system or a network
and that happens quite a bit. You don’t hear about it a lot because the company doesn’t
want to admit that they have problems with their security if you think about it, especially
if they’re on the New York Stock Exchange or something like that. Financial gain – we
see that there’s – if you go out on the internet and read – there’s a lot of cyber gangs now
that actually will target, and it seems like it’s primary online betting, websites and
will try to extort money from them. And they say – that you can actually search for this
extortion and online betting websites – that they will send an email indicating that if
you don’t give me $5,000 a day or $50,000 for this week, I’m going to bring down your
website. Well, if the website’s online betting is making $10,000 a day or $50,000 a day or
$1 million a week, it actually makes sense for them to go ahead and pay. And so, that’s
actually been something that’s occurring quite a bit. And then Industrial espionage and you
know that occurs. Industrial espionage, as well as foreign state espionage, is just breaking
into a computer to try to find out what kind of secrets they have because, you know, there
could be billions of dollars involved with new patents for new products and so, if one
company can actually steal the product from another one and then beat them to the market,
then that can be a gain of billions of dollars for one company and a loss of billions for
the other. Types of Attackers. Crackers – Notice that we don’t use the term hacker. Hacker
actually came out as a term that came out of – in the 60’s for young men at MIT and
places like that – high tech universities – for people who enjoyed learning how things
work. It started out with computers, but hacking just means you want to really understand something,
understand how it works, so you can have a control over it. And so, when you use the
term hacker now, it has a pejorative negative term and that’s really not the case if you
look back at how the term hacker really came about. So, Crackers means somebody who attempts
to gain access to unauthorized resources by circumventing passwords, firewalls, or other
protective measures. You have disgruntled employees which is probably going to be the
biggest threat to you if you’re in a larger company. And why are they a bigger threat?
Well, if you think about, they have physical access already and they also have some access
to your network; all they have to do then is work from inside and figure out how the
network works, what the computer security is, so they’ve got a leg up already. They
may already have access to customer information, financial files, and job records and, plus,
they’re sitting there at their desk within the physical perimeter of the building. One
of the things you should know is when an employee is terminated, security measures should be
taken immediately. And, essentially, what’s done now is that – and this seems very harsh,
but there’s a reason they do this that when somebody is fired – is you take that person,
you don’t tell the person they’re being fired, is that you bring them to the office where
they’re being fired and, at that time, while they’re sitting in the office being talked
to, is that their network and computer privileges are taken away immediately and then they’re
essentially – they’re escorted from there outside of the building. They don’t get to
go back to their office and there’s a reason for that because when it isn’t done that way,
a lot of times they’ve gone back and actually caused a lot of harm to the computer and the
network. Criminal and Industrial spies we’ve talked about a little bit. Script Kiddies
and Packet DDoS attacks – Distributed Denial of Service attacks – you should already know
what that is, if not, read that in the book. And Script Kiddies are young, immature computer
– and it’s not really computer programmers – it’s kids who think that they’re crackers
and they can download scripts from pretty much anywhere – I mean there’s websites out
there that contain scripts – and then all you need to do is point the script at a network
and hit Go and you can cause a lot of havoc just by doing that. So, later on we’ll see
some of the research I did a few years ago that looked at intrusion detection systems
and setting up something called a honeypot. And what we found was there’s lots of attacks
going on that didn’t make any sense. For example, we were running a Linux system and there was
a lot of attacks against an IIS web server for a server which was running a Linux operating
system which doesn’t make sense. So, essentially what somebody was doing, is that you had a
Script Kiddie that downloaded something and just pointed it somewhere on the Internet
and hit Go and was trying to get something in return. And you have Terrorists – they
attack computer systems for several reasons and I have never actually heard of a real
terrorist attacking a system. They do this for making a political statement and achieving
a political goal. The terrorist attacks that I’ve heard of have essentially been between
the Palestinians and the Israelis, changing – breaking into a web server and defacing
their webpage. And, if you think “well, is that a terrorist?” Well, they’re really not
causing any critical damage to the system – they’re just trying to make a statement;
however, having said that, if somebody breaks into the Israeli Forces defense system or
the U.S. Department of Defense’s system, we’re probably not going to hear about it. So, realize
that there could have been some sorts of terrorist attacks – we just don’t know about it. Okay,
what is malicious code? Malicious code is also known as Malware and that’s anything
that falls under the rubric of computer code that can cause damage to your system. And
what this malware does is use systems well known vulnerabilities to spread to other systems
and to do harm to your system. And there’s many different types of malware including
viruses. And viruses and worms are really distinct animals. A virus is cope that copies
itself in a secretive manner – that’s what the word “surreptitiously” means – and they
also have a payload. If you think about a missile, a missile has a payload, a rocket
has a payload. What is the payload? It’s a thing there usually on the end of the system
or somewhere in the missile or rocket that actually does the damage. So, usually, a missile
is going to have a megaton payload where it hits something and it blows up; well, viruses
are the same way. Viruses, depending upon who creates them, can have a payload that
deletes files on your hard drive or can simply display a message to the user or just sit
there and do absolutely nothing. And there’s different methods that the viruses spread
including somebody runs the executable code – actually, the virus will connect to executable
code – and so, when you run the executable code, the virus runs as well and then it actually
replicates itself to other files. It’s also done by sharing disks and memory sticks, is
that it’s self-executing so once you plug something in that it can actually execute.
And opening email attachments is another big one, is when you – and that’s actually related
to running the executable code. If you recall a few years ago, there was the I Love You
virus that there was a message sent in an email with an attachment and the message said
“Love letter for you” and then there was an attachment that had the extension .txt – iloveyou.txt
– actually, the text was iloveyou.vbs.txt; VBS is a Visual Basic Scripting language and
when somebody clicked on that, what it did was is it replicated – it went in and looked
in – and this actually runs under Windows – and it got the first, I believe it was the
first 50 recipients in the address book would actually send emails of the same type to the
first 50 recipients and that’s because somebody actually clicked on that file that looked
like it was a text file, but it wasn’t. Worms are different from viruses in that they can
actually copy themselves without actually being attached to another file. They don’t
require user intervention to be launched and some worms install backdoors onto the system.
What a backdoor is it’s an open gateway that allows an attacker to actually access the
system surreptitiously. Essentially, what it does is it opens the way of allowing an
outside user to gain unauthorized access to a computer or the resources. And worms, too,
can have payloads so they can destroy data on hard disks if they like or they can just
replicate. One of the first ones was the Morris worm which was in 1988 and that was one that
was created by Robert Morris whose father worked for the NSA and I believe he was at
Princeton at the time – the son not the father – and he created a worm just to see if it
would work and how far it would replicate. Well, there was some of the code that he didn’t
write correctly because it was – what was supposed happen was that the worm was supposed
to infected a computer and once it was infected, it was supposed to realize that and stop replicating
on that computer. Well, as it turns out, he didn’t write the code correctly and so what
happened was that it would infect the computer over and over and over again and then it would
infest other computers on the network and it just about brought down the Internet. And,
of course, the Internet back then was very, very small, but it still had a great impact
on the Internet. You have Trojan programs which are, if you think about a Trojan horse,
is that it’s a program that pretends to be one thing, but it’s actually another. And
so, what the attacker does is creates a program that he hopes the user will not know it’s
a nefarious – bad program and that will try to either install it or try to do something
to actually get that on their computer. And so, those two are used for different means,
including spyware and adware, can fall under the rubric of Trojan horse. They can also
create backdoors which allows a user to access the computer. And later on, we’ll talk about
some of the other programs that did that and they were actually quite powerful and have,
actually, good uses, but they can also be used for nefarious purposes. Then you Macro
viruses and macros are scripting languages that can be used on a computer to actually
do good things – you know, Word uses the Visual Basic Scripting macro language – and so, quite
a few years ago, people were writing macro languages – macro viruses rather – to actually
infect computers. So, when somebody opened up a Word document or an Excel document, there
was a macro in that that would actually initiate its payload. And so, now if you see – if you
do use Word or Excel and you open up a document that has a macro, Word will actually say that
this has a macro, do you want to run it or not. And if you don’t know who actually sent
you that document, you should certainly say no. Other threats to network security. Realize
that it’s not possible to prepare for every possible risk to your system because there’s
some risks that you just don’t know about; for example, code that was written poorly.
And so, you have to rely on Microsoft or the people at the various other operating companies
to actually update their software and give you patches to protect you; but, what you
can try to do is to do the best you can to protect your environment for today’s threats
– that is the threats that you know about. Which means that you need to be educated,
you need to be out there making sure that your systems are patched on a regular basis
and you’re also reading all the vulnerability documents that come out. It can also be prepared
for tomorrow’s threats – that is the things you don’t know – by having a good security
policy that states that what you’re supposed to do if you are attacked. And we’ll talk
more about security policies next week. What’s a big problem with attacking is Social Engineering
and that is the people factor that you’re only as good as your weakest link. And Social
Engineering is essentially trying to gain access to resources through people. For example,
if I call you up and I say – let’s say you’re working at a help desk – and I say “Hi, I’m
the secretary for the president of the company and he can’t get in; he needs to change his
password to such and such. Would you please go ahead and change that password now.” There’s
been lots of cases of something like this actually occurring and the person at the help
desk, if they have the access to that, can change the password which means now the person
who called, which really had nothing to do with the company, has access to the president’s
account. Why is this bad? Because employees do not always observe – not why is it bad;
it’s clear why it’s bad – but, why does this occur? Employees do not always observe accepted
security practices. For example, they may put their passwords on a Post-It note and
stick that on their monitor; that’s not good security practice. So, somebody comes in,
pretends they’re a janitor, and walks around, writes down everything that’s on the sticky
notes and then is able to access the network just because of that practice. And also, employees
are fooled by attackers into giving out passwords or other access codes and this happens a lot
more than you think. And, if you think about the other types of attacks, such as phishing
– P-H-I-S-H-I-N-G, look that up in the book – that’s a form of Social Engineering – it’s
somebody who’s trying to get you to give you their password and username, social security
number, date of birth, mother’s maiden name; I’ve had some really interesting phishing
scams try to be run against me. Okay, this is some of the common attacks and defenses
– you read this on your own. Denial of Service attack. We’ve talked about a SYN flood is
a form of Denial of Service attack. Let’s see, viruses and Trojan horse programs, social
engineering. Malicious port scanning – port scanning in itself is not malicious because
as a system’s administrator, and this is something that you’ll do in this class is you’ll learn
to port scan, and essentially what that’s doing is that’s a way of auditing your network.
A port scan is accomplished by using a piece of software to actually go out and determine
what systems, what hosts are up and what ports they have open; you always want to know that
because you don’t want ports open that should not be open because that’s essentially another
possible avenue of infiltration into your system. ICMP message abuse, you can – and
that’s actually a form of Denial of Service attack so I don’t know why they didn’t include
it up here in the DoS, but that’s – there’s something called a Smurf attack that can be
used as a denial of service. Some of the defenses now. Finding the vulnerable host on the internal
network to attack. Some of the things you can do you can use proxy servers. Man-in-the-middle
attack is when an attacker operates in between two computers on a network and impersonates
one computer to intercept communications. If you use encryption in a virtual private
network, that is one way to reduce the possibility of that being a problem. New files being placed
on the system such as viruses and so on. You need to make sure that you have access control
as to who can access what accounts, who can access what directories, who can install a
program, who can modify a program, and so on. RPC attacks are Remote Procedure Call
attacks. You can setup an intrusion detection system and we’ll talk more about that later.
Okay, let me see what we’ve got in here. A socket is a port number combined with a computer’s
address; so, when you’re talking about a socket, for example, let’s see if we can get a socket
– oh, I can’t do that right here, okay – we’ll look at sockets later. Attacker software looks
for open sockets; in other words, they’re looking for a host that is up and they look
for ports that are running a service. That’s essentially what this is saying right here.
Email and communications. Home users regularly surf the web, use email, and instant messaging
programs. And so, if you think about it, let’s say you bring one of your thumb drives and
you stick it into your computer; and then you’re running your email and web surfing
at home; and you’re not as concerned about your security at home so you don’t have a
good firewall; and you click on some files that are email attachments and they end up
installing a Trojan horse on your computer; and then that Trojan horse somehow installs
itself on your thumb drive then you take your thumb drive out and you take it to work; and
you plug it in and guess what? Now you’ve infected an entirely new network just because
you weren’t careful at home. And that’s why it’s important that you update your system
at home and also get a good firewall and a virus scanner for your home computer, because
it can end up infecting other networks and computers as well. Okay, we’ve talked about
that. Always-on Connectivity. If you’ve got a broadband that means that you’re probably
always on – you’re not using a modem and dialing up – and connecting to the Internet that way.
The problem with always-on connections is that they’re easier to locate and attack because
they’re always on. And so, if you think about when you were using, I don’t know if any of
you are old enough to remember this, but when you would use a dial-up modem, you would get
on and you would stay on for 30 minutes, an hour, maybe two hours and then you would log
off. Well, the next time you got on, the DHCP server would – from the company from which
you were getting your Internet access – would allocate you another IP address. So, every
few hours or every few days, you were getting another IP address; however, now, more than
likely, you’re having the same IP address for days or weeks or even months. I think
I’ve had mine for quite a few months right now which means that I know not only your
IP address, but I also know the ports you’re running – the ports that you have open – and
so, now I can take my time and actually throw a lot of different exploits at your system
to see if I can gain access to it. And that’s why with always-on connections, you need to
be even more careful about the security you use. So you use a good firewall; you use a
good – you turn off the services you don’t absolutely, positively need; you always make
sure you patch your system; and you have a good virus scanner particularly if you’re
running Windows. The goals of network security. This isn’t all of them, but this is called
the CIA Triad. The goals of network security include confidentiality and that means that
you have good security because you want to make sure that the information you have is
only read by the people that should have access to it. For example, if you’re talking about
nuclear plans for the Department of Defense, you have a limited number of people who should
access that information. If you’re working for Microsoft and you have some new software
coming out, you don’t display that to everybody, you have a set few people that can read that
information. And so, network security allows us to keep the confidentiality of documents
to a small set or targeted set of people. Integrity. You don’t want people changing
information that should not be changing it or people who are allowed to change the information,
but change it in a way that’s not consistent with reality. And so, there’s ways of doing
that – ways of making sure the confidentiality and integrity are maintained. As well as availability
which means that when somebody needs access to a system, they should be able to access
the system. If we think about some of the attacks we’ve talked about earlier, what is
one that would reduce the availability of a service? Denial of Service attacks and Distributed
Denial of Service attacks. So, if somebody needed access to a document or a web service
and there was a denial of service attack going on, then they wouldn’t be able to access the
information. And so, all of these are critical – are critical goals of computer and network
security. Providing Secure Connectivity. It says in the past, network security emphasized
blocking attackers from accessing the corporate network – that’s outsiders. Now security deals
with trusted users and networks because you have just as many problems from insiders as
outsiders on occasion. So, you need to be just as concerned with internal network security
as external network security. Activities that require secure connectivity – and you can
take a look at that yourself. Of course each of those – what is of concern here? Let’s
take a look at this. Let’s think of confidentiality, integrity, and availability. Placing orders
for merchandise online. Do you want those orders to be confidential? Yes, because what’s
going on online? You’re sending your personal information and credit card information; paying
bills is the same. Accessing account information – do you want somebody going in and changing
your account information so your Paid To goes to them? That would be involved with integrity.
Do you want to make sure you can pay your bills on time? What if you wait until the
last minute to pay your bill – your credit card bill – and you try to log on and you
can’t because there’s a distributed denial of service attack going on against one of
your banks. And creating authentication information. Looking up personnel records. You don’t want
people who should not have access to that being able to intrude into a network and being
able to get that information, posting it on the internet, and selling it for profit. Secure
Remote Access. Nowadays, you have more and more people working from home and which is
a good thing because, you know, you can save a lot of money and time by not having to commute
– using up a lot of gas – at the same time, these people are having to access the servers
on the corporate network. So, how do you do that to make sure that you have not only authentication,
making sure that the person logging in is the person that should be logging in, but
also that any of the information that crosses the network remains confidential. And one
way you do that is through virtual private network which we’ll talk about later which
uses public/private key encryption as well as symmetric encryption to make sure that
the packets that are crossing the network remain obfuscated. You can get free VPN solutions,
you can get extremely expensive VPN solutions, and the one you select depends upon your needs.
And we’ll talk some about that later on in the course. This is showing a VPN setup. You
have – let me see how they’re doing this. This is actually going through – this isn’t
somebody working from home. This is going through computers over here – we need to access
in here. And so, you have your LAN gateway, your router, your firewall, and then right
here is where the virtual private network occurs. And so, right in here, this could
actually be traveling over the Internet. And so, let’s say instead of this over here, you
actually only have a single computer. And so, you could have a computer right here that
connects to this router with IPSec which is Internet Protocol Security – we’ll talk about
that later. And so, everything that’s going on between here and here is encrypted and
so – this would have been a much better slide if they’d showed that this is like going through
the Internet. This looks like it’s going through a company – a single company. So, if you have
the Internet in here, everything that’s going between here and here across the Internet
is encrypted. So, even if somebody were able sniff the network within here, which is possible,
but difficult, all they’re seeing is encrypted messages. It’s very difficult, depending upon
the algorithms you use for the encryption, to actually decipher those messages. Ensuring
privacy. What’s the difference between privacy and confidentiality? There is a little difference.
Privacy typically deals with personal information. We know that personal or financial information
needs to be protected and there’s a lot of laws now that are protecting people – protecting
people’s credit card information. HIPPA, the Health Information Privacy and Protection
Act, is for health information to make sure that health agencies protect your information.
Education is an effective way to maintain the privacy of information. And notice down
here it talks about education and security policies. So, if you think about it, when
you want to do something correctly, you think about it beforehand and you set guidelines
or rules or heuristics that indicate how to do things correctly. And this is the same
thing with security is that you think about what your network infrastructure is, what
type of protection you need for different types of files you have on your network, and
you set security policies to protect those policies. But, then you also have to train
and educate the users of those so they understand what the security policies are. So, without
security policies, training, and education, you’re not getting the most effect out of
your security as you could if you did have those. Also, employees are most likely to
detect security breaches. So, what you’ve got is is rather than just relying on your
system administrators to determine whether there’s been a security breach, you have another
set of eyes or another set of thousands or hundreds of thousands or tens of eyes looking
at what’s going on in your system; as long as they know what to look for so they have
to be trained and educated. Also, employees can monitor activities of their co-workers
which sounds like something out of Big Brother and 1984 if you’ve ever read that book. It
looks like, essentially, you’re spying on people, but sometimes you – it’s a good thing
because it can actually cost you your job if you’re not watching what co-workers are
doing. If you see something that looks funny, you should report that. Nonrepudiation. Remember
CIA? This is one that I would’ve added to CIA; although, now it would be CIAN. Nonrepudiation.
Nonrepudiation means that if I send you an email, let’s say in the email it says that
there’s a contract and that by accepting – by sending me an email back, that we’ve got a
contract for you to buy services. And so, you send an email back saying “Why yes, I’ll
pay you $10,000 for this service.” And later on, I deliver the services to you and you
say “Hey, I’ve got the services, but I never send this email.” Nonrepudiation means the
capability of showing that you were the only one that could’ve sent that email indicating
that you would pay for these services. And we’ll see how to do this later and it involves
encryption and digital signatures. And so, when we start talking about encryption, we
will see that encryption provides integrity, confidentiality, and the ability to authenticate
digital information. And here, it gives another definition of nonrepudiation – the capability
to prevent one participant from denying that it performed an action. And so, this is becoming
more and more important when we’re talking about doing business over the web because
otherwise, if you weren’t doing this electronically and you always have to have a face-to-face
communication, you always had to sign something in person, you would greatly reduce the capability
of conducting e-commerce. Okay, we’ve already talked about this. Take a look at this for
a second. Confidentiality prevents intentional or unintentional disclosure of communications
between sender and recipient. Integrity ensures the accuracy and consistency of information
during all processing. Availability makes sure those who are authorized to access resources
can do so in a timely and reliable manner. Hey, there’s a triangle! Okay, network defense
technologies in layers. We talked about layers last time. Remember, no single measure can
ensure complete network protection. So, rather what we do is we add layers called defense
in-depth; it’s a layered approach to network security. So, we just don’t make sure we have
passwords on our computers; we make sure we have passwords, we make sure we have some
sort of access controls for the files so that a person can only access the files to which
they need to work on, and what else do we have. We would have – we might have a host-based
intrusion detection system which we’ll talk about when we start talking about IDS’. And
we may have several firewalls with varying layers of – or varied, different rules depending
upon where the computers are residing in the network. And we can have network intrusion
detection systems. We could have proxy servers. We could have a demilitarized zone. We could
have packet filters that are sitting on the outside of the network. And so, what essentially
we’re doing is that if somebody gets passed that first layer of defense, then they’ve
got the other defenses to try to get through in order to get to that information that they
want. If they get through the first two, then they have nine more layers; if they get through
the first three, then they have eight more layers. So, essentially, what happens is unless
the attacker is very determined to get at that information, they’re going to turn around
and hightail it to somebody that isn’t using those defenses. Physicals security. You also
need – this is just as important as electronic security. Because, let’s say, that you’ve
got this great network security defense setup, but you don’t – you’re not using good locks
on your system, your network servers which are internal to your business; have the door
open; they – you don’t force people to wear badges and to authenticate themselves when
coming into the building, you’re essentially allowing people to actually get around those
network security defenses by actually using physical breaches into your system. And so,
it’s important then as an IT administrator that you also look into these things as well.
Computer locks, locked protected rooms for your critical servers, burglar alarms, and
UPS’. Well, why is that physicals security? Well, if your network goes down, you’re reducing
the availability of those network services – that information – to people who need that.
And so, UPS’ provide
some measure of access at least for as long as the UPS’ are up. And then, also for even
larger corporations who must have 24/7 access, such as banks, you could have generators as
well. I’ve seen – I’ve been to one of the largest banks in the Unites States and seen
their network room and they have – they have incredible UPS’ that are – I forgot how large
it was – 10 feet by 12 feet of car batteries kick in once the electricity goes out and
then they have power generators, that are just huge, that actually run their system
because they’re a worldwide bank. Okay, authentication. Authentication means that you need to authenticate
to a computer to tell who you are and to prove that by using some measure of either something
you know, something you have, or something that you are and we’ll talk about that shortly.
So, essentially, how this occurs now is through passwords and it’s a very simple strategy
and it works. Of course, we know that you should select good passwords which should
be, and we’ll talk a little more about this later, what is a good password? It’s a password
that’s at least eight characters if not more and uses a combination of lowercase characters,
uppercase characters, numbers, and special characters, and it’s also not something you
write down and stick on a Post-It note and leave on your computer. You should always
use different passwords for different applications although that’s very hard: a little later
on, we’ll talk about single sign-on applications for doing this. So, how can you authenticate
to a system? There’s different ways of doing this: something you know, something you have,
or something that you are. Something a user knows is essentially a PIN or a password;
that’s something that you know. Something that you have could be an access token like
an RCA SecurID card; so, in other words, in order to log in, you have to not only know
your username, but also you have to have that secure token to log in. Or, something that
you are and this deals with biometrics. So, from now on when we talk about something that
you are, this is talking about a fingerprint a palm print, a signature analysis, an iris
scan. Let me see what else. I know I’ve left out an awful lot. A facial scan; things of
that nature. And so, that’s becoming more common place because if you can increase the
reliabilities of these systems, then, you know, you can always log in anywhere you are
because you’re not going to forget your password and maybe you’ve lost your token, but you’ve
always got your thumb print or your iris to be scanned. Operating system security; we’ve
talked a little bit about this. You need to protect your operating system as well as your
applications that are running on top of the operating system; you need to make sure your
patches, hot fixes, and services packs are regularly scheduled, and that can be done
quite easily; you should stop any unneeded services which we’ve talked about. There’s
no reason to run an FTP service or a telnet service if you’re not going to be needing
that because that’s just another thing that can be attacked by an insider or an outsider.
And no one needs a guest account. And, if you’ve ever installed any operating system
and looked at the services that are turned on by default, there’s tons of them that you’re
not going to need. So, the first thing I do when I install an operating system, Windows
or Linux, I think Mac is the best one about not turning on unnecessary services, but like
installing Redhat or Fedora or Windows, is you go in and start disabling all the unneeded
services because there’s a ton of them. You’re going to need antivirus protection; more so
for Windows systems than for Linux or the Macintosh. Virus scanning is very important;
make sure you get a good one; there are some free ones. Antivirus software uses virus signatures
to detect viruses in your system and those should also be updated on a daily basis. Firewalls
and IDS’ are not enough because they do not catch viruses and we’ll see why later on.
So, you’re going to need virus protection in addition to firewalls and IDS’. Notice
that you should install antivirus software in hosts and all network computers. So, anything
that gets a packet should have antivirus protection on it. Packet filtering. Okay, you can look
at these notes yourself because we’re going to go into this extensively. I’m not sure
why this is in here. We’re going to spend a couple of weeks on packet filtering and
firewalls. A DMZ – we’ll talk about that. Intrusion Detection – we’re going to spend
a couple of weeks on that. We’re going to spend a couple of weeks on Virtual Private
Networks. We’re going to look at Network Auditing and Log Files and so on. We’ll actually do
this; I’ll give you a log file and say “Hey, what’s happening here?” Jump back here. Here’s
what you’re doing to do. You’re going to create a packet filtering firewall. I’ll tell you
what your security policies should be and you’re going to create one. You’re going to
do that in Linux. Intrusion Detection System – I’m going to have you create some intrusion
detection signatures. VPN – I’m not sure if we’re going to be able to do anything with
a VPN, but let me work on that. We’re going to work with some network auditing and log
files so I’m going to give you a certain set of log files and you have to correlate those
and tell me what went on. And graphical representation of log files. That’s great, but you’re going
to do yours in Linux. Routing and Access Control Methods – we’ll talk more about this later
on. Access control deals with having access either to a computer, a network, or to specific
files on a system. You have different methods of access control. You have Mandatory Access
Control – that’s what’s used in the military and so you have read/write access depending
on whether a document is classified Confidential, Secret, Top Secret and as to whether your
clearance Confidential, Secret, or Top Secret. Discretionary Access Control is what you’ve
probably got on your home computer right now or your Windows 98 box or your Linux box and
what that means is is that the person using the computer actually doles out access to
the files on the computer. And Role Based access control is when a person in a particular
role – let’s say a role would be a particular position in a company – and so, let’s say
the president of a company has a particular role in the company so they should have access
to various files which they need to work on. And so, anybody acting as president and logging
in as president, would actually have access to those files. So it’s not necessarily the
person logging in as an individual that is accessing the files; it’s actually the role
that they’re playing at the moment. Okay, the impact of defense. Cost of securing systems
might seem high, but in the long run, if you think about it, can save you a lot of money.
And typically, this is what happens in companies, is that they go skimping on the security until
they’re hit and then, all of a sudden, they realize how much money they’ve lost; then,
they’re going to spend a lot of money on security; sometimes even security they don’t even need.
And so, that’s why it’s you, as a system’s administrator, to properly sell security in
your company. And hopefully you do that from a top-down fashion is that you get the managers
and the vice president, the CIO involved in these decisions and so you have people at
the various highest levels understanding the importance of security so that you don’t have
to constantly sell that to everybody else. Okay, the summary. We’ve talked about all
this. You can look at this on your own. And that’s going to end this this class. Next
time, we’re going to talk about security policies. So, until then, make sure you go through these
notes, make sure you’ve got your Linux working, and make sure that you’ve got Windows working,
and let me see what else, make sure you’re getting that book and read the first and second

Leave a Reply