| The Need for Computer / Network Security: | | | | a virus. |
| Computer / network security includes: | | | | If the administrator is logged on as the domain |
| Control of physical accessibility to computers / | | | | administrator, the virus will have administrator privileges |
| network | | | | on all computers in the domain and thus unrestricted |
| Prevention of accidental data | | | | access to nearly all data on the network. |
| Erasure, modification, compromise | | | | Defense in Depth: |
| Detection and prevention of | | | | Imagine the security of your network as a series of |
| Intentional internal security breaches | | | | layers. |
| Unauthorized external intrusions (hacking) | | | | Each layer you pull away gets you closer to the |
| All three legs of the triangle must exist for a network | | | | center, where the critical asset exists. |
| intrusion to occur: | | | | On your network, defend each layer as though the |
| Motive | | | | previous outer layer is ineffective or nonexistent. |
| A reason to want to breach your security | | | | The total security of your network will dramatically |
| Means | | | | increase if you defend at all levels and increase the |
| The ability | | | | fault tolerance of security. |
| Opportunity | | | | Example: to protect users from launching an |
| The chance to enter the network | | | | e-mail-borne virus, in addition to antivirus software on |
| This last item is the administrator's only chance at | | | | the users' computers, you could use e-mail client |
| controlling events. | | | | software that blocks potentially dangerous file types |
| Principles of Network Security: | | | | from being executed, block potentially dangerous |
| Network security goals are sometimes identified as | | | | attachments according to their file type, and ensures |
| Confidentiality. | | | | that the user is running under a limited user account. |
| Only the sender and intended recipient should "see" the | | | | Reducing the Attack Surface: |
| message Integrity. | | | | An attacker needs to know of only one vulnerability to |
| Sender and receiver want to make sure that the | | | | attack your network successfully, whereas you must |
| message is not altered in transit, or afterwords. | | | | pinpoint all you vulnerabilities to defend your network. |
| Authentication | | | | The smaller your attack surface, the better chance |
| The sender and receiver want to confirm each other's | | | | you have of accounting for all assets and their |
| identity Availability. | | | | protection. |
| Services and resources must be available and | | | | Attackers will have fewer targets, and you will have |
| accessible. | | | | less to monitor and maintain. |
| Understanding Risk Management: | | | | Example: to lower the attack surface of individual |
| A key principle of security is that no network is | | | | computers on your network, you can disable services |
| completely secure. | | | | that are not used and remove software that is not |
| Information security deals principally with risk | | | | necessary. |
| management. | | | | Addressing Security Objectives: |
| The more important an asset, the more it is exposed | | | | Controlling Physical Access to |
| to security threats, thus the more resources you must | | | | Servers |
| put into securing it. | | | | Networked workstations |
| Understanding Risk Management - 2: | | | | Network devices |
| In general, without training, administrators respond to a | | | | Cabling plant |
| security threat in one of three ways: | | | | Being aware of security considerations with wireless |
| Ignore the threat, or acknowledge it but do nothing to | | | | media related to portable computers. |
| prevent it from occurring. | | | | Recognizing the security risk. |
| Address the threat in an ad hoc fashion. | | | | Of allowing data to be printed out. |
| Attempt to completely security all assets to the | | | | Involving floppy disks, CDs, tapes, other removable |
| utmost degree, without regard for usability or | | | | media. |
| manageability | | | | Recognizing Network Security threats: |
| None of these strategies take into account what the | | | | To protect your network, you must consider the |
| actual risk is, and all of them will usually lead to | | | | following: |
| long-term failure. | | | | Question: from whom or what are you protecting if? |
| What are Some Risks? | | | | Who: types of network intruders and their motivations. |
| Eavesdropping | | | | What: types of network attackers and how they |
| Interception of messages | | | | work. |
| Hijacking | | | | These questions form the basis for performing a |
| Taking over the role of a sender or receiver. | | | | threat analysis. |
| Insertion | | | | A comprehensive threat analysis should be the |
| Of messages into an active connection | | | | product of brainstorming among people who are |
| Impersonation | | | | knowledgeable about the business processes, industry, |
| Spoofing a source address in a packet or any field in a | | | | security, and so on. |
| packet | | | | Classifying specific Types of Attacks: |
| Denial of service (DOS). | | | | Social engineering attacks |
| Prevent others from gaining access to resources, | | | | DOS attacks |
| usually by overloading system. | | | | Scanning and spoofing |
| Managing Risk: | | | | Source routing and other protocol exploits |
| Once the assets and their corresponding threats have | | | | SOFTWARE and system exploits |
| been identified risk management can consist of: | | | | Trojans, Viruses and worms |
| Acceptance | | | | It is important to understand the types of threats in |
| Mitigation | | | | order to deal with them properly. |
| Transference | | | | Designing a Comprehensive Security Plan: |
| Avoidance | | | | RFC2196, the Site Security Handbook. |
| Accepting Risk: | | | | Identify what your are trying to protect. |
| If you take no proactive measures, you accept the full | | | | Determine what you are trying to protect it from. |
| exposure and consequences of the security threats to | | | | Determine how likely the anticipated threats are. |
| an asset. | | | | Implement measures that will protect your assets in a |
| Should accept risk only as a last resort when no other | | | | cost-effective manner. |
| reasonable alternatives exist, or when the costs are | | | | Review the process continually and make |
| extremely high. | | | | improvements each time a weakness is discovered. |
| When accepting risk, it is always a good idea to | | | | Steps to Creating a Security Plan: |
| create a contingency plan. | | | | Your security plan will generally consist of three |
| A contingency plan details a set of actions that will be | | | | different aspects of protecting your network. |
| taken after the risk is realized and will lessen the | | | | Prevention: the measures that are implemented to |
| impact of the compromise of loss of the asset. | | | | keep your information from being modified, destroyed, |
| Mitigating Risk: | | | | or compromised. |
| The most common method of securing computers | | | | Detection: the measures that are implemented to |
| and networks is to mitigate security risks. | | | | recognize when a security breach has occurred or |
| By taking proactive measures either to reduce an | | | | has been attempted, and possibly, the origin of the |
| asset's exposure to threats or reduce the | | | | breach. |
| organizations dependency on the asset, you are | | | | Reaction: the measures that are implemented to |
| mitigating the security risk. | | | | recover from a security breach to recover lost or |
| A simple example: installing antivirus software. | | | | altered data, to restore system or network operations, |
| Transferring Risk: | | | | and to prevent future occurrences. |
| Transfer security risk to another party has many | | | | Security Ratings: |
| advantage including: | | | | The U.S. government provides specifications for the |
| Economies of scale, such as insurance. | | | | rating of network security implementations in a |
| Use of another organization expertise and services. | | | | publication often referred to as the Orange Book, |
| Example: using a web hosting service. | | | | formally called the DOD Trusted Computer System. |
| When undertaking this type of risk transference, the | | | | Evaluation criteria, or TCSEC. |
| details of the arrangement should be clearly stated in a | | | | The Red book, or Trusted Network Interpretation of |
| contract known as a service level agreement (SLA). | | | | the TCSEC (TNI) explains how the TCSEC |
| Avoiding Risk: | | | | evaluation.criteria are applied to computer networks. |
| The opposite of accepting risk is to avoid the risk | | | | Canada has security rating systems that work in a |
| entirely. | | | | similar way. |
| To avoid risk, you must remove the source of the | | | | CTPEC |
| threat, exposure to the threat, or your organization | | | | Security Ratings -2: |
| reliance on the asset. | | | | To obtain a government contract, companies are |
| Generally, you avoid risk when there are little to no | | | | often required to obtain a C2 rating. |
| possibilities for mitigating or transferring the risk, or | | | | A C2 rating has several requirements. |
| when the consequences of realizing the risk far | | | | That the operating system in use be capable of |
| outweigh the benefits gained from undertaking the risk. | | | | tracking access to data, including both who accessed |
| An example can be a military or law enforcement | | | | it and when it was accessed. |
| dBase that, if compromised, could put lives at risk. | | | | That users' access to objects be subject to control |
| Implementing Security: | | | | (access permissions). |
| Think of security in terms of granting the least amount | | | | That users are uniquely identified on the system (user |
| of privileges required to carry out the task. | | | | account name and password). |
| Example: consider the case of a network administrator | | | | That security-related events can be tracked and |
| unwittingly opening an e-mail attachment that launches | | | | permanently recorded for auditing (audit log). |