Ensuring Network Security

1
Ensuring Network Security

• Planning
• Physical Security
• Data Security
• Passwords
• Auditing
• Encryption
• Sniffing
• Firewalls
• Viruses

2
Security Planning

• Unauthorized access
• Electronic Tampering
• Theft
• Intentional damage
• Unintentional damage

3
Physical Security

• Access to hardware
• Locked Doors
• Locked Cabinets
• Access to the system console
• Screen Passwords
• Locked keyboards (removing keyboard)
• Access to network wiring/switches/routers

4
Physical Environment

• Power source
• Noise sources
• Air conditioning (temperature control)
• Dust and smoke
• Water problems (flood possible?)

5
Data Security

• Share Level Security vs. User Level Security
• Proper passwords
• Length
• Uncommon names
• Use of non alphanumeric characters
• Controlled access (Screen/Keyboard Locks)
• Use of a Routed vs. Flat network architecture
• Audit use of the system

6
Windows Security Permissions

• Full (all of the below)
• Read
• Execute
• Write
• Delete
• None (no access)

7
Auditing

• Check for
• Logon attempts
• Connection to resources
• Connection termination
• Directory creation, modification, or deletion
• Server events and modifications
• Password changes

8
Microsoft Gotchas

• Microsoft operating systems have a tendency to
  store passwords on the local hard disk in the
  Windows registry to save time when logging in to
  remote services. This can be quite dangerous!

9
Flat Network
Hub
User 1129.123.7.56
User 3129.123.6.123
Internet
Monitor sees some traffic from all 3 users
User 2129.123.3.88
10
Routed Network
User 2Subnet 3
User 1Subnet 7
User 3Subnet 6
Router
Internet
Monitor cant see traffic other than its own
subnet
Monitor on Subnet 1
11
Sniffers

• Sniffer, Snoop, Tcpdump
• Promiscuous mode
• Many protocols
• Interpretation

12
Login Security

• Usernames/Passwords may be in plain text over the
  network
• Email security
• Netscape/Eudora leave configuration files on each
  PC.
• Webmail is an IMAP interface to a mail server
• can use SSL for security

13
Encryption

• DES (Digital Encryption Standard)
• Secure Shells
• Secure Web Pages
• Pretty Good Privacy
• Private Keys
• Publics
• Signatures

14
How safe is encryption?

• 4 character password (alphabetic characters only)
  cracking time (maybe a minute on a 450mhz
  computer)
• 40 bit key (can be cracked in 24hours on a
  parallel computing system)
• 128 bit key (probably not able to be cracked in a
  millennium)

15
Secure Shell (SSH)

• Use of encryption based on keys/certificates
• Block undesired hosts from accessing
• All data on the wire is encrypted
• Can be used for interactive communication and
  copying files

16
Secure Web Sites

• Keys/Cookies
• New key/encryption code for each access
• Encryption of data over the wire
• Keep track of trusted hosts that access the site.

17
Pretty Good Privacy

• Encryption of keys
• 40 bit
• 128 bit
• Creating your authenticated signature
• Your key ring
• Submitting your public key to a database
• Email and PGP

18
PGP System
International Database
PGP
Public keys
Private key
Data
User 1
PGP
Key Ring
Key Ring
Message can be entirely encrypted or just the
signature can be encrypted.
User 2
19
Firewalls

• Purpose
• Disadvantages
• Slowdown of packets
• Inconvenient for users
• Advantages
• Slows down hacking attempts
• Limits incoming traffic
• Overcomes IP number limitations (NAT)

20
Firewalls (cont.)

• Setup
• Addressing
• Name Service
• Reuse of IP numbers inside the firewall (NAT)
• Proxies
• E-mail
• Web
• FTP

21
Viruses/Trojans/Macros

• Viruses spread by
• floppies
• downloaded files
• Email
• Viruses are removed by
• Deleting the affected file
• Running a virus scanning/cleaning program

22
Companion Viruses

• Looks like a real program (WORD.EXE)
• Make replace a logon program and grab
  usernames/passwords
• Usually renames the actual executable and calls
  that executable from the bogus program.

23
Macro Viruses

• The virus infects the Macro definitions of a
  program (like Microsoft Word) and then infects
  every document created by the original program.
• These viruses are difficult to detect because
  they havent infected an executable program.

24
Polymorphic Viruses

• These change appearance every time they
  replicate. They may even change each time the
  computer is rebooted.
• Since they change frequently, virus checkers have
  a hard time determining a pattern or fingerprint
  of the virus.

25
Stealth Virus

• These hide from detection
• They may use hidden files or may modify the
  operating system so a standard directory scan
  doesnt show the virus file.
• They also return false information to virus
  checkers.

26
Trojans

• Trojan Horses
• Look like a benign game or program
• After a period of time they execute the virus
• Some may be cleaned with virus protection
  software.
• Some masquerade as Windows programs and removal
  will crash the system

27
Back Doors

• Provide access to system through published,
  unused, or unpublished ports.
• Sometimes are put there by programmers,
  engineers, or hackers
• They are hard to protect against unless you can
  find their access port and firewall protect
  against it.

28
Virus Consequences

• Cant boot
• Data is scrambled or unreadable
• Erratic or slow operation of the computer
• Excessive disk activity
• Disk drive is erased or data is lost.
• Disk is reformatted

29
Virus Protection

• Test each disk write for a particular pattern
  unique to the virus
• Test for writes to the disk boot block
• Test for code that might access PC hardware
• Scan files for virus patterns

30
D.O.S. Attacks

• Denial of Service
• Flood of useless packets/data
• Hard/Impossible? To track
• Good example of distributed computing
• Can a firewall protect the network?

31
Email Virus

• Use innocent email messages as the transport.
• Grab address book entries to spread
• Infect critical windows programs
• The user doesnt know he is infecting others
• Can be prevented by using email front end
  scanners.

32
Backups

• What kind of backup system should we use?
• Even a fault tolerant disk system can fail!
• Always back up
• Rotate several copies of backups in case one tape
  is unreadable
• Check the backups to see if they are readable
• Store the tapes or removable media in a safe
  place

33
Backup Strategy

• Full Backup
• Incremental Backup
• Copy
• Daily Copy
• Logging
• Date, tape-set number, type, which computer

34
UPS

• Handles short duration power failures
• Can alert the operator of power failure
• Decide how long the UPS needs to power the system
• Does the server display or printer need to be on?
• How much power does the server need (load)?
• Does the UPS have an RS232 control port?
• Life span of the UPS battery(ies)

35
RAID!

• Redundant Array of Independent Disks
• RAID 0
• Disk Striping
• No fault tolerance
• RAID 1
• Disk Mirroring
• High Disk Overhead (2-2GB disks2GB)
• High Write overhead (write to both disks)

36
MORE RAID!

• RAID 5
• disk striping
• parity blocks
• Requires at least 3 disk drives
• Can improve disk performance
• lose and replace 1 disk drive and no data is lost
• overhead is 1/N nnumber of disks, 5 10GB disks
  40 GB storage
• RAID 10
• Mirrored across 2 identical RAID 0 disk arrays

37
Hot Fixing

• Identify a bad sector
• Move the data to a free good sector
• Mark the bad sector
• Update the file allocation tables

38
Disaster Recovery

• Prevention
• What can I control?
• What is the best method?
• Keep updating your prevention methods
• Keep up on maintenance
• Training!

39
Disaster Preparation

• Plan ahead
• Use fault tolerance equipment
• Maintain backups
• Test your preparation plan!