Information Systems Security - PowerPoint PPT Presentation

About This Presentation

Information Systems Security


Cabling Types - Coaxial. Copper wire insulated by braided metallic ground shield. Less vulnerable to EMI. Two main types. 10BASE2 (Thinnet) (185 meters) – PowerPoint PPT presentation

Number of Views:172
Avg rating:3.0/5.0
Slides: 87
Provided by: cltAstate91
Learn more at:


Transcript and Presenter's Notes

Title: Information Systems Security

Information Systems Security
  • Telecommunications
  • Domain 7

OSI Reference Model
  • Physical
  • Datalink
  • Network
  • Transport
  • Session
  • Presentation
  • Application

  • Dynamic
  • RIP I
  • RIP II
  • OSPF
  • BGP

Cabling Types - Coaxial
  • Copper wire insulated by braided metallic ground
  • Less vulnerable to EMI
  • Two main types
  • 10BASE2 (Thinnet) (185 meters)
  • 10BASE5 (Thicknet) (500 meters)
  • Mainly used in one-way networks (TV)
  • Two-way networks required special equipment
  • Larger minimum arc radius than TP

(No Transcript)
Cabling Type - TP
  • Copper-based
  • Two major types
  • UTP
  • Least secure
  • Susceptible to EMI, cross-talk, and eavesdropping
  • Less security than fiber or coaxial
  • Most commonly used today
  • STP
  • Extra outer foil shielding

Cabling Type - Fiber
  • Data travels as photons
  • Higher speed, less attenuation, more secure
  • Expensive and harder to work with
  • Two major types
  • Multimode
  • Less expensive with slower speed
  • Single mode
  • Faster speeds available but more and delicate

Signal Issues
  • Attenuation
  • Interference from environment
  • Cable runs are too long
  • Poor quality cable
  • Cross Talk
  • Signals radiate from a wire and interfere with
    other wires
  • Data corruption
  • More of a problem with UTP

Transmission Types
  • Analog
  • Carrier signal used to move data
  • Signal works at different frequencies
  • Used in broadband networks
  • Digital
  • Discrete units of voltage
  • Moves data in binary representation
  • Cleaner signal compared to analog

Encoding Techniques
Parameter AM FM Digital
Signal-to-noise ratio Low Moderate High
Cost Moderate Moderate High
Performance over time Moderate Excellent Excellent
Installation Adjustments required No adjustments No adjustments
Synchronous or Asynchronous
  • Sync
  • Prior agreement of data TX rules
  • Sending system sends a clocking pulse
  • Stop and start bits are not required
  • T-lines optical lines use synchronous
  • Asynchronous
  • Must use start/stop bits
  • Dial-up connections use asynchronous

Broadband or Baseband
  • Baseband
  • TX media only uses one channel
  • Digital signaling
  • Used over TP or Coax
  • Broadband
  • Multiple channels
  • TXs more data at one time
  • Can use analog signaling
  • Used over coax or fiber (at 100Mbps or more)
  • Can carry video, audio, data, and images

Plenum Cable
  • Polyvinyl chloride can give off dangerous
    chemicals if burned
  • Plenum rated cable is made of safe fluoropolymers
  • Should be used in dropped ceilings and raised
    floorings and other ventilation areas

Number of Receivers
  • Unicast
  • One system communicates to one system
  • Multicast
  • One system communicates to many systems
  • Class D addresses dedicated to this
  • Opt-in method (webcasts, streaming video)
  • Broadcast
  • One system communicates to all systems
  • Destination address contains specific values

Types of Networks
  • Local Area Network (LAN)
  • Limited geographical area
  • Ethernet and Token Ring
  • Metropolitan Area Network (MAN)
  • Covers a city or town
  • Wide Area Network (WAN)
  • ATM, Frame Relay, X.25

Network Terms
  • Internet
  • Network of networks providing a communication
  • The web runs on top of this Internet
  • Intranet
  • Employs Internet technology for internal use
  • HTTP, web browsers, TCP/IP

Network Terms
  • Extranet
  • Intranet type of network that allows specific
    entities to communicate
  • Usually business partners and suppliers
  • B2B networks
  • Shared DMZ area or VPN over the Internet

Network Configuration
  • DMZ
  • Network segment that is between the protected
    internal network and the external (non-trusted)
  • Creates a buffer zone
  • Systems in DMZ will be the 1st to come under
    attack and must be properly fortified

Physical Layer
  • Network Topologies
  • Physical connection of system and devices
  • Architectural layout of network
  • Choice determined by higher level technologies
    that will run on it
  • Types (Bus, Ring, Star, Mesh)

  • Nodes are connected to a backbone through drops
  • Linear bus one cable with no branches
  • Tree network with branches
  • Easy to extend
  • Single node failure affects ALL participants
  • Cable is the single point of failure

  • Interconnection of nodes in circle
  • Each node is dependent upon the physical
    connection of the upstream node
  • Data travels unidirectionally
  • One node failure CAN affect surrounding nodes
  • Used more in smaller networks

  • All computers are connected to central device
  • Central device is single point of failure
  • No node-to-node dependencies

  • Network using many paths between points
  • Provides transparent rerouting when links are
  • High degree of fault tolerance
  • Partial Mesh Not every link is redundant
  • Internet is an example
  • Full Mesh All nodes have redundancy

Media Access
  • Dictates how system will access the media
  • Frames packets with specific headers
  • Different media access technologies
  • CSMA
  • Token Ring
  • Polling
  • Protocols within the data link

Carrier Sense Multiple Access
  • CSMA/CD (Collision Detection)
  • Monitors line to know when it is free
  • When cable not busy, data is sent
  • Used in Ethernet
  • CSMA/CA (Collision Avoidance)
  • Listens to determine is line is busy
  • Sends out a warning that message is coming
  • All other nodes go into waiting mode
  • Used in 802.11 WLANs

Wireless Standards (802.x)
  • 802.11 2.4 GHz range at 1-2 Mbps
  • 802.11b 2.4 GHz up to 11 Mbps
  • 802.11a 5 GHz up to 54 Mbps
  • 802.11g 2.4 GHz up to 54 Mbps
  • 802.11i Security protocol (replace WEP)
  • 802.15 Wireless PANs
  • 802.16 Wireless MANs

Access Points
  • Connects a wireless network to a wired network
  • Devices must authenticate to the AP before
    gaining access to the environment
  • AP works on a specific frequency that the
    wireless device must tune itself to

Service Set ID (SSID)
  • WLANs can be logically separated by using subnet
  • Wireless devices and APs use SSID when
    authenticating and associating
  • Should not be considered a security mechanism

Authenticating to the AP
  • Station sends probe to all channels looking for
    the closest AP
  • AP will respond with the necessary information
    and a request for credentials
  • If WEP key is required, AP sends a challenge to
    the device and device encrypts with key and send
    it back
  • If no WEP key, could request SSID value and MAC

Wired Equivalent Protocol (WEP)
  • Protocol used to encrypt traffic for all IEEE
    wireless standards
  • Riddled with security flaws
  • Improper implementation of security mechanisms
  • No randomness (uses the same password)
  • No Automated Dynamic Key Refresh Method (DKRM),
    requires manual refresh

More WEP Woes
  • Small initialization vector values
  • Uses a 24-bit value
  • Exhaust randomness is as little as 3 hours
  • Uses stream cipher (RC4)
  • No data integrity
  • Use XORs flip a bit in ciphertext the
    corresponding bit in plaintext is flipped

Wireless Application Protocol (WAP)
  • Requires a different protocol stack than TCP/IP
  • WAP allows wireless devices to access the
  • Provides functions at each of the OSI layers
    similar to TCP/IP
  • Founded in 1997 by cell phone companies

Wireless Transport Layer Security
  • Security layer of the WAP
  • Provides privacy, integrity, and authentication
    for WAP applications
  • Data encrypted with WTLS must be decrypted and
    reencrypted with SSL or TLS

Common Attacks
  • Eavesdropping on traffic and spoofing
  • Erecting a rogue AP
  • Man-in-the-middle
  • Unauthorized modification of data
  • War driving
  • Cracking WEP
  • Birthday attacks
  • Weak key attacks (airsnort, WEPCrack)

War Driving
  • Necessary Components
  • Antenna (omnidirectional is best)
  • Sniffers (TCPDump, Ethereal)
  • NetStumbler, AirSnort, or WEPCrack
  • NetStumbler finds APs and Logs
  • Network name
  • SSID
  • MAC
  • Channel ID
  • WEP (yes or no)

Wireless Countermeasures
  • Enable WEP
  • Change default SSID and dont broadcast
  • Implement additional authentication
  • Control the span of the radio waves
  • Place AP in DMZ
  • Implement VPN for wireless stations
  • Configure firewall for known MAC and IP

TCP/IP Suite
  • TCP connection oriented transport layer
    protocol that provides end-to-end reliability
  • IP connectionless network layer protocol that
    provides the routing function
  • Includes other secondary protocols

Port and Protocol Relations
  • Well known port numbers are 0-1023
  • FTP is 20 and 21
  • SMTP is 25
  • SNMP is 161
  • HTTP is 80
  • Telnet is 23
  • HTTPS is 443
  • Source is usually a high dynamic number while
    destination is usually under 1024

Address Resolution Protocol (ARP)
  • Maps the IP address to the MAC address
  • Data link understands MAC, not IP
  • Element in man-in-the middle attacks
  • Intruder spoofs its MAC address against the
    destinations IP address into ARP cache
  • Countermeasures
  • Static ARP, active monitoring, and IDS to detect

ARP Poisoning
  • Insert bogus IP to MAC addressing mapping in
    remote system
  • Misdirect traffic to attackers computer
  • Ideal scenario for man-in-the-middle attack

Internet Control Message Protocol (ICMP)
  • Status and error messaging protocol
  • Ping is an example
  • Used by hackers for host enumeration
  • Redirects traffic by sending bogus ICMP messages
    to a router

Simple Network Management Protocol (SNMP)
  • Master and agent model
  • Agents gather status information about network
  • Master polls agent and provides an overall view
    of network status
  • Runs on ports 161 and 162

Simple Mail Transfer Protocol (SMTP)
  • Transmits mail between different mail servers
  • Security issue with mail servers
  • Improperly configured mail relay
  • Sendmail functions

Other Protocols
  • FTP
  • TFTP
  • Telnet

Repeater Device
  • Works at the physical layer
  • Extends a network
  • Helps with attenuation
  • No intelligence built in

Hub Devices
  • Works at the physical layer
  • Connects several systems and devices
  • Also called multipoint repeater/concentrators
  • All data is broadcast
  • No intelligence

Bridge Device
  • Functions at the data link layer
  • Extends a LAN by connecting similar or dissimilar
  • Filtering capabilities
  • Uses the MAC address
  • Forwards broadcast data
  • Transparent Ethernet
  • Source Routing Token Ring

Switch Device
  • Transfers connection from one circuit to another
  • Faster than bridges
  • Originally made decisions based on MAC
  • Major functionality takes place at Data Link
  • Newer switches work at the Network layer and use
    IP addresses

Virtual LAN (VLAN)
  • Logical containers used to group users, systems,
    and resources
  • Does not restrict administration based upon the
    physical location of device
  • Each VLAN has its own security policy
  • Used in switches
  • Can be static or dynamic

Router Device
  • Works at the network layer
  • Can connect similar or dissimilar networks
  • Blocks broadcast
  • Uses routing tables
  • Bases decisions on IP addresses
  • Can work as a packet filtering firewall wit the
    use of Access Control Lists

Gateway Device
  • Translates different protocols or software
  • Mail gateways allows for different mail
    applications to communicate
  • Data gateways allow heterogeneous clients and
    servers to communicate
  • Security gateways firewalls and perimeter
    security devices

Bastion Host Device
  • Gateway between an internal network and an
    external network used for security
  • Hardened system
  • Disable unnecessary accounts
  • Disable unnecessary services
  • Disable unnecessary subsystems
  • Remove administrative tools
  • Up to date with patches and fixes
  • All systems in DMZ should be Bastion Hosts

Firewall Characteristics
  • Generation 1 Packet Filtering
  • Generation 2 Proxy
  • Generation 3 Stateful
  • Generation 4 Dynamic Packet Filtering
  • Generation 5 Kernel Proxies
  • All provide transparent protection to internal

Packet Filtering
  • Simplest and least expensive
  • Screens with a set of ACL
  • Referred to as a Layer 3 device
  • Access depends on network and transport layer
  • Best in low-risk environments
  • 1st generation firewall

Circuit Level Proxy
  • Makes access decisions based on network and
    transport layer information
  • Not application or protocol dependent
  • More protection than a packet filter
  • SOCKS is the most common used
  • Hides information about the network they protect
  • 2nd generation firewall

Application Layer Proxy
  • Access decision is based on data payload
  • Must understand the command structure of payload
  • Provides a high level of protection
  • Can filter application specific commands
  • Logs user activity
  • Requires manual configuration of each client
  • 2nd generation firewall

Stateful Firewall
  • Makes access decisions based on IP addresses,
    protocol commands, historical comparisons, and
    contents of packet
  • Uses a state engine and state table
  • Monitor connection-oriented and connectionless
  • Expensive and complex to administer
  • 3rd generation firewall

Dynamic Packet Filtering Firewalls
  • Combination of application proxies and state
    inspection firewalls
  • Dynamically changes filtering rules based on
    several different factors
  • May examine the contents and not just the header
    of packets
  • Decisions based on history and admin rules
  • 4th generation firewall

Firewall Placement
  • Segments internal network subnets and sections to
    enforce the security policy
  • Acts as a choke point between trusted and
    untrusted entities
  • Creates a DMZ
  • Could use screened host, dual-homed, or screened

Screened Host
  • Usual configuration is a router filtering for a
  • Reduces the amount of traffic the firewall has to
    work with
  • Screening device is a filtering router
  • Screened host is the firewall

Dual Homed
  • Two or more interfaces
  • One interface for each network
  • Allows for one firewall to create more than one
  • Forwarding and routing need to be turned off or
    packets would not be inspected by firewall
  • All inbound traffic directed to the Bastion Host,
    then proxied, and passed to 2nd router

Screened Subnet
  • Buffer zone is created by implementing two
    routers or two firewalls and this creating a
    single DMZ
  • Provides the most protection out of the three
    architectures because three devices must be
    compromised before attacker can get through to
    the internal network.

SLIP Dialup Protocol
  • Serial Line Internet Protocol
  • Moves IP data over serial lines
  • Largely replaced by PPP
  • SLIP does not provide
  • Header and data compression
  • Packet sequencing
  • Authentication features
  • Classless IP addressing

PPP Dial Up Protocol
  • Point-to-Point Protocol
  • Moves digital data over telecommunications lines
  • Full duplex protocol
  • Can use synchronous and asynchronous
  • Authentication through
  • PAP
  • CHAP
  • EAP

Authentication Protocols
  • Password Authentication Protocol (PAP)
  • Authenticates remote users
  • Credentials are sent in plain text
  • Challenge Handshake Authentication Protocol
  • Authenticates remote users
  • Encrypts usernames and passwords
  • Client uses users password to encrypt the
  • Protects against man-in-the-middle attacks

EAP Authentication
  • Extensible Authentication Protocol
  • Allows for authentication protocols to be added
    to give more flexibility
  • Supports multiple frameworks
  • Developed for PPP, but now used in LAN and
    wireless authentication

VPN Technologies
  • Tunneling involves establishing and maintaining a
    logical network connection
  • Packets are encapsulated within IP packets and
    encryption is used for security
  • Voluntary tunneling client manages connection
  • Compulsory tunneling carrier provider manages
    connection setup

PPTP Tunneling Protocol
  • Encapsulating protocol used more for end-to-end
    VPNs instead of gateway VPNs
  • Data link layer protocol that provides single
    point-to-point connection
  • Works only with TCP/IP
  • Works at the Internet layer

L2TP Tunneling Protocol
  • Works at the data link layer
  • Can provide VPNs over WAN links using frame
    relay, X.25, or ATM
  • Cannot encrypt data
  • Uses IPSec for security
  • Developed by CISCO to combine L2F and PPTP

IPSec Tunneling Protocol
  • Provides network layer protection
  • Used for gateway-to-gateway VPNs
  • Provides authentication, integrity, and
  • Only works over IP and is becoming the de facto

Domain Name Services
  • Works within a hierarchical naming structure
  • Host name to IP address mapping
  • DNS server that holds resource records for a zone
    is the authority for that zone
  • Uses forward-lookup tables and reverse-lookup
  • Uses iterative and non-iterative procedures

Network Address Translation
  • Invented due to the shortage of IP addresses
  • Allows companies to use private addresses
  • Can use static mapping on 1-1 relationship
  • Can use dynamic mapping
  • Port address translation (PAT)
  • One address is used for all hosts
  • Older term was hiding NAT
  • Can be implemented with software (ICS)

Fiber Distributed Data Interface (FDDI)
  • Token passing is the media method
  • Two rings for fault tolerance
  • Operates up to 100 Mbps
  • CDDI is possible with shorted distances

Synchronous Optical Network(SONET)
  • Physical layer standard used by telephony
  • Dual ringed and self-healing
  • Used to connect T1 and T3 channels
  • Carries nearly any higher level protocol
  • Supports 52 Mbps
  • Built in support for maintenance
  • SONET 3 is coming with 155.5 Mbps

Dedicated Lines
  • Physical communication lines connecting two
  • Usually more expensive than other options
  • Leased from larger service providers
  • T1 1.544 Mbps
  • T3 44.736 Mbps

Public Switched Telephone Network (PSTN)
  • Also known as POTS
  • Interconnected systems operated by different
  • All digital except for the last mile
  • Analog converted to digital at Central Office

Integrated Services Digital Network (ISDN)
  • Moves the last mile from analog to digital
  • Data rates of 64 Kbps
  • Circuit-switched instead of packet-switched
  • Uses bearer channels to move data and a single
    separate channel (D) to setup
  • Used by most companies as backup
  • BRI 2 64-kbps B channels and 1 D
  • PRI 23 64-kbps B channels and 1 D

Digital Subscriber Line (DSL)
  • Digital solution for the last mile
  • Very high frequency
  • Must be a POP within 2.5 miles
  • Farther from a POP, lower the bandwidth
  • Always On technology
  • 32 Mbps for upstream traffic
  • 32 Kbps for downstream traffic

Cable Modems
  • Service provided by local cable company
  • Security issues of neighborhood sniffing
  • Cable modem converts RF to digital
  • Could overload cable companies
  • Most offer speeds up to 2 Mbps but is shared with

  • First WAN packet-switching technology
  • Considered a fat protocol because of error
    detection and correction overhead
  • Has been replaced by frame relay
  • Virtual circuits are used
  • Customers share and pay for the same network

Frame Relay
  • Fastest WAN packet-switching protocol
  • Path set up for two locations to communicate
  • Path is permanently configured (PVC)
  • Could be dynamically built (SVC)
  • Customers are offered a dedicated rate of flow
  • Inexpensive with rates from 56K to T1

Asynchronous Transfer Mode (ATM)
  • Provides the highest bandwidth
  • Uses 53-byte fixed cells
  • Intelligence is hardware based
  • Technology used for Internets backbone
  • Equipment is expensive
  • Available in Constant Bit Rate (CBR), Variable
    Bit Rate (VBR), Available Bit Rate (ABR) or
    Unspecified Bit Rate (UBR)

Multiplexing (MUX)
  • Receives data from different sources and places
    on one communication line
  • Combines two or more channels onto one
    transmission medium
  • Two types
  • FDM (used by broadband)
  • TDM (used by T1 and T3)

Voice over IP (VoIP)
  • Moving voice data in packets
  • Allows combining of voice and data
  • Long distance calls can be done cheaply
  • Uses packet switching instead of telephones
    circuit switching
  • Can experience jittering and latency

Private Branch Exchange (PBX)
  • Telephone switch that resides on the customers
  • A T1 or T3 connects the switch to the providers
    central office
  • Used for switching calls between internal lines
    and the PSTN
  • New versions are called Centrex where switching
    occurs at Central Office

PBX Considerations
  • Not usually included in security assessment
  • Compromising and reconfiguring the telephone
    switch by hackers
  • Attackers obtaining free long distance
  • Disclosure of sensitive information
  • Phreakers (telephone hackers)
Write a Comment
User Comments (0)