computer network security 2009 computer network security by ms josephine ayebare...
TRANSCRIPT
Computer Network Security 2009
Computer Network Computer Network SecuritySecurity
bybyMs Josephine AyebareMs Josephine Ayebare
josephineayebare@[email protected]
Computer Network Computer Network SecuritySecurity
bybyMs Josephine AyebareMs Josephine Ayebare
josephineayebare@[email protected]
Computer Network Security 2009
Syllabus and Policies• Syllabus• Lectures and lecture’s notes• Private reading• (An assignment+2 test/3)30%• Group projects• Test 1 and coursework (1st Oct 2009)• Test 2 (5th Nov 2009) & 26th Nov Presentation• Final Exam (70%)• Must hand in on time
Computer Network Security 2009
Course Outline• Introduction to network security• Security threats and counter measures• Risk assessment• Risk mitigation• Security Policies• Network intrusion Detection• Forensic technologies• Network Security Audit• Networking Security Technologies
Computer Network Security 2009
Introduction• Today we will examine;• History of information• Key terms and concepts of Network
security• The security systems development life
cycle• The role of Network security
professionals.
Computer Network Security 2009
Objectives• Upon completion of this lesson students
should be able to;• Describe what information security is
and how it came to mean what it does today.
• Discuss the history of computer security and how it evolves into information security
Computer Network Security 2009
Objectives• Identify and define key terms and
critical concepts of Network security
• Outline the phases of the security system development life cycle
• Describe issues involved in Network security
Computer Network Security 2009
What is network security?
• The protection of network systems that are used and the data that they process against unauthorized access.
Computer Network Security 2009
History of information Security
• Computer security began immediately after the first mainframes were developed
• Groups developing code-breaking computations during World war II created the first modern computers
• Physical controls were needed to limit access to authorized personnel to sensitive military location
• Only rudimentary controls were available to defend against physical theft, espionage,and sabotage
Computer Network Security 2009
The 1960s• Department of Defense’s Advance
Research Project Agency (ARPA) began examining feasibility of redundant networked communications.
• Dr.Lawrence Roberts developed the project from its inception
Computer Network Security 2009
The 1970s and 80s• ARPANET grow in popularity as did its
potential for misuse• Fundamental problems with ARPANET security
were identified• No safety procedures for dial-up connections
to the APANET• User identification and authorization to the
system were non-existent• In the late 1970s the microprocessor
expanded computing capabilities and security threats
Computer Network Security 2009
R-609-Study of Computer Security Begins
• Information Security began with Rand Report R-609.
• The scope of computer security grew from physical security to include;
• Safety of the data• Limiting unauthorized access to that
data • Involvement of personnel from multiple
levels of the organization
Computer Network Security 2009
The 1990s• As networks of computers become
more common so did the need to interconnect the networks.
• Result was the internet first manifestation of a global network of networks
• In the early internet deployments, security was a low priority
Computer Network Security 2009
The Present• The internet has brought millions of
computer networks into communication with each other many of them unsecured
• Ability to secure each now influenced by the security on every computer to which it is connected
Computer Network Security 2009
What is security• “The quality or state of being secure to be
free from danger”• To be protected from adversaries• A successful organization should have
multiple layers of security in place:• Physical security• Personal security• Operation security• Communication security• Network security
Computer Network Security 2009
What is Information Security
• The protection of information and its critcal element including the systems and hardware that use, store, and transmit that information
• Tools, such as policy awareness, training, education, and technology are necessary
• The C.I.A. triangle was the standard based on confidentiality, integrity, and availability
• The C.I.A. triangle has expanded into a list of critical characteristics of information.
Computer Network Security 2009
Critical Characteristics of Information
• The value of information comes from the characteristics it possesses.– Availability– Accuracy– Authentication– Confidentiality– Integrity– Utility– Possession
Computer Network Security 2009
Components of a Network
• To fully understand the importance of network security, you need to know the elements of a network.– Networking devices– Host– Shared peripherals– Networking media
Security measures must be implemented in those areas above
Network security is not only limited to the above but also to people, data, software and procedures
Computer Network Security 2009
Securing the components
• A network can be either or both the subject of an attack and or the object of an attack.
• When a network is– the subject of an attack, it is used as
an active tool to conduct the attack.– the object of an attack, it is the entity
being attacked.
Computer Network Security 2009
Balancing Security and Access
• Impossible to obtain perfect Network security– Security is not an absolute; it is a process
• Security should be a balance between protection and availability
• To achieve balance, the level of security must allow reasonable access, yet protect against threats
Computer Network Security 2009
Bottom Up Approach• Network security should be ensured
from the grass-root.– Network administrators attempt to improve
the security of their network
• It hardly works since it lacks critical features– Participant support– Organizational staying power
Computer Network Security 2009
Top-down Approach• Initiated by upper management• Issue policy, procedures, and processes• Dictate the goals and expected outcomes of the
project.• Determine who is accountable for each required action• Pluses
– Clear planning – Dedicated funding– Chance to influence the Organization’s culture
• May involve a formal development strategy referred to as a systems development life cycle
• It’s the most successful
Computer Network Security 2009
Network security development life Cycle
• Network security must be managed in a manner similar to any other major system implemented
• Using a methodology– Ensures a rigorous process– Avoids missing steps
• Goals is to create a comprehensive security posture/program
Computer Network Security 2009
Network SecuritySDLC• It may be:
– Event driven – started in response to some occurrence
– Plan-driven – as a result of a carefully developed implementation strategy
• At the end of each phase comes a structured review
Computer Network Security 2009
Investigation-Step 1• What is the problem the system is
developed to solve?• The objectives, constraints, and scope
of the project are specified• Cost• Feasibility analysis is performed to
assess the economic, technical feasibility of the process
Computer Network Security 2009
Analysis- Step 2• Consists of primarily
– Assessments of the organisation– The status of current systems– Capability to support the proposed system
• Analysts begin to determine– What the new system is expected to do– How the new system will interact with existing
systems
• Ends with the documentation of the findings and a feasibility analysis update
Computer Network Security 2009
Logical Design-step3• Based on security need, applications are
selected.• Data support and structures capable of
providing the needed inputs are identified.
• Device naming, protocols enabling done, restriction defined.
• An over view of the network operational functionality are portrayed.
Computer Network Security 2009
Physical Design-step 4• Specific technologies are selected to
support the alternatives identified and evaluated in the logical design
• Selected components are evaluated• Entire solution is presented to the
end-user representatives for approval
Computer Network Security 2009
Prototyping• Design a simple network but
representing the system suggested by use of interactive tools (packet tracer)
• It should be able to achieve all the objectives of the proposed Network as far security is concerned.
• If successful, then implementation can take place.
Computer Network Security 2009
Implementation-step 5• Components are ordered,
received, assembled and tested.• Users are trained and
documentation created.
Computer Network Security 2009
Maintenance and change-step 6
• Tasks necessary to support and modify the network for the remainder of its useful life
• The life cycle continues until the process begins again from the investigation phase
• When the current system can longer support the mission of the organization, a new project is implemented
Computer Network Security 2009
Objectives of the Network Security SDLC• To identify threats and controls to
counter them• Identify the statement of program
security policy• To identify, assess and evaluate the
levels of risks• To create a detailed plan of the
Network
Computer Network Security 2009
Security Concepts• Challenge Handshake Authentication Protocol
(Chap)• Certificates• Security Tokens• Kerberos• Multi-factor• Smart Cards• Biometrics• Services and protocols• Security Topologies
Computer Network Security 2009
Challenge Handshake Authentication Protocol• It’s a protocol that challenges a system to verify
identity.• It doesn’t use username and password mechanism
rather the initiator sends a logon request from the client to server.
• Server sends a challenge to the client• Challenge is encrypted and sent back to the server.• Server compares value and acts according.• It basically involves three steps
– Logon request & challenge– Response from client– Authorize or fail
Computer Network Security 2009
certificates• They are a form of authentication.• Server or certificate authority can issue
a certificate that will be accepted by the challenging system.
• Certificates can either be physical access devices (smart cards) or electronic certificates that are used as logon process.
Computer Network Security 2009
Security Tokens• Similar to certificates• Contain the rights and access privileges of the
token bearer as part of the token• If your token does not grant access to certain
information that information will either not be displayed or your access will be denied.
• The authentication system creates a token every time a user or a session begins.
• At the completion of a session, the token is destroyed.
Computer Network Security 2009
Kerberos• Kerberos allows for a single sign-on to a distributed
network.• Kerberos authentication process uses a Key Distribution
Center (KDC) to coordinate the entire process.• The KDC provides the principle (users, programs or
systems).• KDC provides a ticket to the principle.• Ticket is used to authenticate against other principle.• This occurs automatically when a request or service is
performed by another principle.
Computer Network Security 2009
Multi-Factor• It a method of authentication
where two or more of access methods are used.
• Two-factor is an authentication system that uses smart cards and passwords.
Computer Network Security 2009
Smart Cards• It’s a type of card that can allow access to
multiple resources including buildings, parking lots and computers.
• Each area or computer will have a reader in which you can either insert your card or have it scanned.
• This card contains information about your identity and access privileges.
• The reader is connected to the workstation and validates against the security system.
Computer Network Security 2009
Biometrics• Biometric devices use physical
characteristics to identify the users• They include • hand scanners (fingerprints, scars)• retinal scanner (eye retinal patterns)• DNA scanner (unique portion of DNA
structure)
Computer Network Security 2009
Protocols and Services• They are a key part of security Some protocols send passwords
over the network unencrypted. They include:
TelnetFTPSNMP etc
Computer Network Security 2009
Computer Network Security
• Design Goals• Security Zones• Technologies• Business Requirement
Computer Network Security 2009
Design Goals• It deals with ensuring
confidentiality, Integrity, Availability, Accountability.
• Also different people must be identified
Computer Network Security 2009
Design Goals• Confidentiality To prevent or minimize unauthorized access and
disclosure of data and information• Integrity To make sure that the data being worked on is the
correct• Availability To protect data and prevent its loss Accountability who is responsible??
Computer Network Security 2009
Security Zones• This is a design method that isolates
systems from other systems or networks.
• Most common Security Zone– Internet– Intranet– Extranet– DMZ
Computer Network Security 2009
Security Zones• It’s a global network that connects computer and networks
together.• Low-trust level• Intranet It’s a private network implemented and maintained by an
individual company or organization.
They can also be connected to the Internet but are not available for access to users that are not authorized to be part of the Intranet.
Access to the Intranet is granted to trusted users inside the corporate network or users in remote locations.
Computer Network Security 2009
Security Zone• Extranet• It extends intranets to include outside
connection using a secure communications channel using the Internet.
• The connections are between trustworthy organizations which may be through Internet thus use of Tunneling protocol to accomplish a secure connection.
Computer Network Security 2009
DMZ• Demilitarized Zone (DMZ)• It is an area where a public server is placed
for accessibility by people not trusted.• Isolating a server in a DMZ access to other
areas in the network is hidden.• Within the network the server can be
accessed but the outsiders can not have access to the internal network.
• This is accomplished by use of firewalls.
Computer Network Security 2009
Network Security Technologies
• Virtual Local Area Networks (VLANs)• A VLAN enables the creation of groups of
users and systems and segments them according to functions or departments (grouped logically in stead of physically).
• Segments are hidden away from each other.• VLAN can also be set up to control the paths
that data takes to get from one point to another
• Network Address Translation (NAT)• Tunneling
Computer Network Security 2009
Network Address Translation (NAT)
• NAT creates a unique opportunity to assist in the security of a network.
• NAT extends the number of usable internet addresses
• It allows the organization to a single address to the Internet for all computer connections.
• NAT effectively hides a network from the world.
• NAT server acts as a firewall on the network.• Also routers support NAT translation.
Computer Network Security 2009
Tunneling• It refers to the ability to create a virtual
dedicated connection between two systems or networks.
• A tunnel is created between the two ends by encapsulating the data in a mutually agreed upon protocol for transmission.
• Data passed through tunnels appears the other side as part of the network.
• Tunneling protocols include data security as well as encryption.
Computer Network Security 2009
Business Concerns• This is about making a conscious
examination of the current security situation.
• Asset identification• Risk assessment• Threats identification• Vulnerability evaluation
Computer Network Security 2009
• Asset identification• It’s the process in which a
company attempts to place a value on the information and systems in place
Computer Network Security 2009
Security Threat and Counter Measures
• Attacks• Malicious Software• Counter measures
Computer Network Security 2009
Attacks• An attack is an act performed by an
individual or group of individuals in attempt to access, modify or damage a system.
• Attacks are classified into three:– Access Attacks– Modification and Repudiation Attacks– Denial of service Attacks
Computer Network Security 2009
Access Attacks• An attempt to gain access to
information that the attacker is not authorized to have.
• They bleach confidentiality• Can be external or internal• Can be done through use of Physical
access or capturing information over the network.
Computer Network Security 2009
Physical Access Method• Dumpster diving is a physical
access method.• Access to information (on paper)
that has been thrown away.• Papers that contain sensitive
information should be burnt done if no longer in use.
Computer Network Security 2009
Capturing information over the network types• Eavesdropping It’s a process of listening in on network
traffic due to carelessness of the networks in communication. Is a passive attack
• Snooping It involves someone searching through
the electronic files trying to find something interesting.
Computer Network Security 2009
Conti • Interception is act of routinely
monitoring of network traffic.• It includes putting a computer
system between the sender and the receiver to capture information as it is sent.
Computer Network Security 2009
Modification and Repudiation Attacks
• Modification Attacks• Changing or modifying information in an
unauthorized manner.• Similar to access attacks because they require
access to the servers.• Involves deletion, insertion or alternation of
information that appears genuine to the user.• Repudiation Attacks• Changes information to invalid or misleading
Computer Network Security 2009
Denial of Service Attacks (DoS)
• Denials users access to resources that they are authorized to use.
• For example, an attacker may attempt to bring down an e-commerce website to prevent or deny usage by legitimate customers.
• Common on the internet.• DoS can deny access to information,
applications, systems or communications.• Dos attack on an application brings down the
website but communication and systems continue to operate.
Computer Network Security 2009
Conti DoS• DoS attack to a system the operating system is
crashed.• Common Dos attack involves opening as many TCP
sessions as possible. Its called TCP SYN flood Dos attack.
• Distributed Denial of Service Attacks (DDoS)• Use of multiple computers to attack a single
organization.• Attacker loads an attack program onto many computer
systems (zombies) that use DSL or cable modems.• The master computer sends a signal to the computers
instructing them to launch an attack at once on the target network or system.
Computer Network Security 2009
Common Attacks• Back Door Attacks• Gains access to the system then loads
a Backdoor program.• Program allows other users access
without password and gives administrative privileges.
• Tools used to create backdoors; Back Orifice, Netbus.
Computer Network Security 2009
Conti common Attacks• Spoofing Attacks• Its an attempt by someone or
something to masquerade as someone else.
• Uses Program that fakes a logon• The client enters username and
password which the attacker copies but still access to the user is denied
Computer Network Security 2009
Conti Common Attacks• Man in the Middle• Software is place between the client (user)
and server• The user intercepts and then sends the
information to the server.• Server responds to the middle man knowing
it’s the legitimate user.• Middle man may alter, record or compromise
security standards of the user.• Middle man appears to be the server to the
user.
Computer Network Security 2009
Conti Common Attacks• Replay Attack• Information is captured over the
network and stored for later use.• Eg security certificate from systems
like kerberos tapped and later used for the authentication process.
• Access is gained.
Computer Network Security 2009
Conti common attacks• Password Guessing Attacks• Two types of password guessing
– Brute Force Attack Its an attempt to guess passwords until a
successful guess occurs. (passwords should be long)
– Dictionary Attack Attack that uses a dictionary of common
words to attempt to find the password of the user
Computer Network Security 2009
Network Attacks in Regards to TCP/IP
• TCP/IP protocol suite is broken down into four protocol or architecture layers.
• Application Layer• Host-to Host or Transport layer• Internet layer• Network Interface layer
Computer Network Security 2009
TCP/IP Architecture layer
Application
Transport
Internet
Network Access
HTTP SMTP
TCP UDP
IP
Network Topology
Computer Network Security 2009
Application Layer• It’s the highest layer of the TCP/IP suite.• It allows applications to access services
or protocols to exchange information.• Application protocols include: HTTP,
FTP, SMTP, Telnet, DNS, RIP, SNMP & POP
Computer Network Security 2009
Application protocols• Hypertext Transfer Protocol (HTTP) is the protocol used for
web pages and the World Wide Web.
• File Transfer Protocol (FTP) is an application that allows connections to the server for upload and download of files.
• Simple Mail Transfer Protocol (SMTP) is the protocol that controls electronic mail communications.
• Telnet is an interactive terminal emulation protocol. It allows a remote user to conduct an interactive session with a Telnet server.
Computer Network Security 2009
Application Protocol• Domain Name System (DNS) allows hosts to
resolve host names to an Internet Protocol (IP) address.
• Routing Interior Protocol (RIP) allows routing information to be exchanged between routers on an IP Network.
• Simple Network Management Protocol (SNMP) it’s a management tool that allows communications between network devices .
• Post Office Protocol (POP)
Computer Network Security 2009
Host-to Host/Transport• Provides the Application layer with
session and datagram communications services.
• Protocols in this layer are:• Transmission Control Protocol (TCP)• User Datagram Protocol (UDP)
Computer Network Security 2009
Transport layer Protocols
• TCP provides a reliable one-to-one connection-oriented session. It ensures that all packets have been received at the destination. Packets are decoded and sequenced properly.
• UDP provides unreliable connections. It does no error checking
Computer Network Security 2009
Transport Layer• TCP and UDP both use ports to define the
communication process by adding it on their header in the segment.
• Ports are special addresses that allow communication between hosts.
• A port is a number added from the originator indicating which port to communicate with on the server.
• Internet Assigned Numbers Authority (IANA) defined a list of well known port numbers
Computer Network Security 2009
Transport layer• Well known TCP ports TCP Port No: Service 20 FTP (Data channel) 21 FTP (Control Channel) 23 Telnet 25 SMTP 80 HTTP 139 NetBIOS Session Service 443 HTTPS
Computer Network Security 2009
Transport layer• TCP Three-Way Handshake. This a method the
TCP uses to establish sessions between hosts.• A host called a client initiates the connection.
It sends a TCP segment containing an initial Sequence Number( ISN) for connection and a window size to the server (SYN).
• The server sends back a segment containing an ISN and a window size. (SYN/ACK)
• The client sends an acknowledgement to the server agreeing to the terms. (ACK)
Computer Network Security 2009
Internet Layer• This layer is responsible for routing, IP
addressing and packaging. It deals with 4 protocols
• Internet Protocol (IP)• Address Resolution Protocol (ARP)• Internet Control Management Protocol
(ICMP)• Internet Group Management Protocol
(IGMP)
Computer Network Security 2009
Internet protocols• IP is responsible for ip addressing. It only
routes information but doesn’t clarify for accuracy. It is interested in the destination address. If not known it sends information to the router.
• ARP is responsible for resolving IP addresses to Network Interface layer including Hardware addresses (Media Access Control-MAC ) used to identify hardware network devices such as Network Interface Card (NIC)
Computer Network Security 2009
Internet protocols• ICMP provides maintenance and reporting
functions. PING program uses it to test for connectivity. ICMP returns feedback. Either Reply from the pinged host or Host unreachable message. Routers and other Networking Devices report path information between hosts with ICMP.
• IGMP manages IP multicast groups. IP Multicast sends packets to a specified group of hosts.
Computer Network Security 2009
Network Interface Layer
• Responsible for placing and removing packets on the physical network
Computer Network Security 2009
TCP/IP Attacks• TCP/IP can be attacked by both the
outsiders and insiders. However the outsiders can be blocked by use of networking devices like routers. The insiders are more likely to carry out attacks because they have access to all protocols used in the network.
Computer Network Security 2009
Network Sniffers• A network sniffer is a device that captures and
displays network traffic. Computers existing on the network have the ability to operate as sniffers. Network Cards only pass up information to the protocol stack if the information is intended for that computer.
• Most NICs can be placed in promiscuous mode.• Promiscuous mode allows NIC cards to capture
all information that it sees on the network.
Computer Network Security 2009
Port Scans• Port scan is when an attacker queries your
network to determine which services and ports are open.
• Note that unless routers are configured appropriately, will let all of the protocols pass through them.
• Once the attacker knows the IP addresses of any system in the network, he/she can attempt to communicate with the ports open in the network.
Computer Network Security 2009
TCP SYN or TCP ACK Flood Attack
• TCP begins as a normal TCP connection. However in this attack the client continually sends and receives the ACK packets but does not open the session. Thus the connection doesn’t take place. Routers can track and attempt to prevent this attack.
Computer Network Security 2009
TCP Sequence Number Attack
• The attacker intercepts between the client and server and then responds with a sequence number similar to the one used in the original session or hijack a valid session. The victim then receives a message that there is a disconnection and so a new connection is established.
Computer Network Security 2009
Malicious code
• Do research on malicious code and had in before 17th September 5:00pm
Computer Network Security 2009
Risk Assessment• Is the process of determining the relative risk for each
vulnerability. Vulnerabilities and threats are identified.• Vulnerability is a specific avenue that threat agents can
exploit to attack an information asset.• A threat is an object, person, or other entity that
represents a constant danger to an asset. It therefore has potential to attack any of the assets protected.
• For each threat or vulnerability the severity of impact upon the system’s confidentiality, integrity and availability, the likelihood of the vulnerability exploit occurring given existing security controls are determined.
Computer Network Security 2009
Risk Assessment• The product of the likelihood of occurrence
and the impact severity results in the risk level for the system based on the exposure to the threat/vulnerability pair.
• Risk level is determined for each vulnerability and threat then the safeguards are identified for pairs with moderate or high risk levels.
• The risk is re-evaluated to determine the remaining risk, or residual risk level, after the safeguard is implemented.
Computer Network Security 2009
Risk Assessment• It has three main phases:• Network System Documentation • Risk Determination• Safeguard Determination
Computer Network Security 2009
Network system Documentation Phase
• It provides the background information to describe the network and the data it handles, and the assets involved and their worth.
• It establishes a framework for subsequent RA phases.
• Network identification that includes– Network description– Functions and Assets– Network Security level determination
Computer Network Security 2009
Document Network Identification
• It includes: • Documenting the Network name, the
particulars of the organization in which the network belongs, the type of network and other related information.
• Documenting the contacts of the network managers and other related information.
• Identify the individual (s) responsible for security and the component’s Information Network Security Officer.
Computer Network Security 2009
Document Network Purpose and Description
(Asset Identification)• Document a brief description of the
function and purpose of the Network and the organizational Business processes supported including functions and transmission of data.
• Description of general technical description of the network including the physical and logical topologies. Also identify factors that raise special security concerns.
Computer Network Security 2009
Document Network Identification
• This includes Documenting Network Security Level using the steps below.
• Describe and document the information handled by the network and identify the overall network system security level as Low, Moderate or High.
• Describe requirements for the Three pillars of information Confidentiality, Integrity and Availability.
Computer Network Security 2009
Risk Determination Phase
• Its goal is to calculate the level of risk for each threat/vulnerability based on:
• The likelihood of a threat exploiting a vulnerability
• The severity of impact that the exploited vulnerability would have on the system, its data and its business function in terms of loss of confidentiality, loss of integrity and loss of availability.
Computer Network Security 2009
Risk Determination Phase Steps
• This six-step process is conducted for each identified threat/vulnerability pair
• Identify potential dangers to information and the network (threats)
• Identify the Network weakness that could be exploited (vulnerabilities) associated to generate the threat/vulnerability pair.
• Identify existing controls to reduce the risk of the threat to exploit the vulnerability.
Computer Network Security 2009
Risk Determination phase steps
• Determine the likelihood of occurrence for a threat exploiting a related vulnerability given the existing controls.
• Determine the severity of impact on the system by an exploited vulnerability.
• Determine the risk level for a threat/vulnerability pair given the existing controls.
Computer Network Security 2009
Risk Determination Phase Table
Item No.
Threat Name
Vulnerability Name
Riskdescription
Exiting controls
Likelihood of occurrence
Impact severity
Risk level
Computer Network Security 2009
Identification of Network Threats
• Identify threats that could have the ability to exploit Network vulnerability.
• Each threat identified has potential to attack any of the assets protected.
• To make this more manageable, each step in the threat identification and vulnerability identification process is managed separately and then coordinated at the end of the process.
• Each threat must be further examined to assess its potential to impact organization which is called threat assessment.
Computer Network Security 2009
Network Vulnerability Identification
• Identify Vulnerability associated with each threat to produce a threat/vulnerability pair.
• Vulnerabilities may be associated with either a single or multiple threats.
• Previous documentations, reports and security bulletins may be used to identify vulnerabilities.
Computer Network Security 2009
Describe Risk• Describe how the Vulnerability
creates a risk in the system in terms of confidentiality, integrity and availability elements that may result in a compromise of the Network and the data it handles.
Computer Network Security 2009
Identification of Existing Controls
• Identify existing controls that reduce:– The likelihood or probability of a threat
exploiting an identified system vulnerability.– The magnitude of impact of the exploited
vulnerability on the system.• Existing controls may be management,
operational and technical controls depending on the identified threat/vulnerability pair and the risk to the Network.
Computer Network Security 2009
Likelihood of Occurrence (LoC) Determination
• Determine the likelihood that a threat will exploit a vulnerability.
• Likelihood is an estimate of the frequency or the probability of such an event.
• Likelihood of occurrence is based on a number of factors that include Network architecture, information system access, existing controls, strength and nature of the threat and presence of vulnerabilities among others.
Computer Network Security 2009
Likelihood of Occurrence
DeterminationLikelihood of Occurrence Levels
likelihood Description
Negligible Unlikely to occur
Very low Likely to occur two/three times every five years.
Low Likely to occur every year or less
Medium Likely to occur every six months or less
High Likely to occur once per month or less
Very high Likely to occur multiple times per month
Extreme Likely to occur multiple times per day
Computer Network Security 2009
Severity of Impact (SoI) determination
• Determine the magnitude of severity of impact on the system’s operational capabilities and data if the threat is realized and exploits the associated vulnerability.
• Determine the severity of impact for each threat/vulnerability pair by evaluating the potential loss in each security category (C.I.A).
• The impact can be measured by loss of Network functionality, degradation of system response time, loss of public confidence or unauthorized disclosure of data.
Computer Network Security 2009
Severity of Impact determination
• Impact severity levels are:– Insignificant-have no impact– Minor-minor effect cost of repair not much– Significant-Tangible harm – Damaging-damage reputation ie loss of confidence
and requires expenditure of significant resources to repair.
– Serious-loss of connected users,compromise of information or services
– Critical –cause Network to be closed permanently
Computer Network Security 2009
Risk Level Determination
• Risk can be expressed in terms of the likelihood of the threat exploiting the vulnerability and the impact severity of that exploitation on the C.I.A of the Network.
• Mathematically Risk Level=LoC*SoI
Computer Network Security 2009
Safeguard Determination Phase
• This involves identification of additional controls, safeguards or corrective actions to minimize the threat exposure and vulnerability exploitation for each threat/vulnerability pair identified in Risk determination phase and resulting in moderate or high risk levels.
Computer Network Security 2009
Safeguard Determination Phase
steps• Identify the controls to reduce risk level of an
identified threat/vulnerability pair• Determine the residual LoC of the threat if the
recommended safeguard is implemented.• Determine the residual impact severity of the
exploited vulnerability once the recommended safeguard is implemented.
• Determine the residual risk level for the system.
Computer Network Security 2009
Safeguard Determination Phase
tableItem No. Recommended
Safeguard Description
Residual LoC Residual Impact Severity
Residual Risk level
Computer Network Security 2009
Identification of Safeguards
• Identify control safeguards for each threat/vulnerability pair with a moderate or high risk level.
• Its purpose of the recommended safeguard is to reduce or minimize the level of risk.
Computer Network Security 2009
Identification of Safeguards
• Factors to consider when choosing a safeguard are:– Security area where the control/safeguard belongs, such
as management, operational, technical;– Method the control/safeguard employs to reduce the
opportunity the threat to exploit the vulnerability,– Effectiveness of the proposed control/safeguard to
mitigate the risk level.– Policy and architectural parameters required for
implementation. • Recommended safeguards will address the security
category (C.I.A) identified during the risk analysis process that may be compromised by the exploited vulnerability.
Computer Network Security 2009
Residual LoC Determination
• Determine the likelihood or probability of an attack occurring
• If the attack is successful how much impact does it have on the Network?
Computer Network Security 2009
Residual Risk level Determination
• Determine the residual risk level for the threat/vulnerability pair and its associated risk once the recommended safeguard is implemented.
• Residual Risk level is determined by examining the likelihood of occurrence of the attack exploiting the vulnerability and the impact severity factors in categories of C.I.A
Computer Network Security 2009
RISK MITIGATION• This is the second phase of risk
management of course the first being risk Assessment.
• It is a systematic methodology used by senior management to reduce mission risk. It involves prioritizing, evaluating and implementing the appropriate risk-reducing controls recommended from the risk assessment process.
Computer Network Security 2009
RISK MITIGATION• The risk mitigation options:• Risk Assumption-To accept the potential risk and
continue operating the IT system or to implement controls to lower the risk to an acceptable level.
• Risk Avoidance- To avoid the risk by eliminating the risk cause and/or consequence (eg.forgo certain functions of the system or shut down the system when risks are identified).
• Risk limitation-To limit the risk by implementing controls that minimize the adverse impact of a threat,s exercising a vulnerability (eg, use of supporting, preventive, detective controls)
Computer Network Security 2009
Risk Mitigation options• Risk Planning- To manage risk by developing
a risk mitigation plan that prioritizes, implements, and maintains controls.
• Research and Acknowledgment- To lower the risk of loss acknowledging the vulnerability or flaw and researching controls to correct the vulnerability.
• Risk Transference- To transfer the risk by using other options to compensate for the loss, such as purchasing insurance.
Computer Network Security 2009
Risk Mitigation note• It may not be practical to address
all identified risks, so priority should be given to threat and vulnerability pairs that have the potential to cause significant mission impact or harm.
Computer Network Security 2009
Risk Mitigation Strategy
• When and under what circumstances should the controls be taken?
• When vulnerability exists-implement assurance techniques to reduce the likelihood of a vulnerability’s being exercised.
• When a vulnerability can be exercised- Apply layered protections, architectural designs and administrative controls to minimize the risk of or prevent this
Computer Network Security 2009
Risk Mitigation Strategy
• When loss is too great-Apply design principles, architectural designs and technical and nontechnical protections to limit the extent of the attack, thereby reducing the potential for loss.
• When the attacker’s cost is less than the potential gain- Apply protections to decrease an attacker’s motivation by increasing the attacker’s cost (eg. Use of Network system controls such as limiting what a user can access and do can significantly reduce an attacker’s gain).
Computer Network Security 2009
Approach for Control Implementation
• The following steps must be taken:– Prioritize Actions -step1– Actions ranking from High to Low -step2– List of feasible controls -step3– Cost-benefit analysis describing the cost and
benefits of implementing or not implementing the controls .-step4
– Select Control -step5– Assign Responsibility -step6– Develop a safeguard Implementation Plan -step7
Computer Network Security 2009
Approach for Control Implementation
• Prioritize Actions• Basing on the Risk levels presented in Risk
assessment implementation actions are prioritized.
• High takes the first priority, then meduim and lastly low
• Evaluate Recommended Control Options• During this step the feasibility and effectiveness
of the recommended control options are analyzed. The main objective is to select the most appropriate control option for minimizing risk.
Computer Network Security 2009
Approach for Control Implementation
• Conduct Cost-Benefit Analysis This is to aid management in decision
making and to identify cost-effective controls.
• Select Control The controls selected should combine
technical, operational and management control elements to ensure adequate security for the Network.
Computer Network Security 2009
Approach for Control Implementation
• Assign Responsibility Appropriate persons who have the
appropriate expertise and skill-sets to implement the selected control are identified, and responsibility is assigned.
Computer Network Security 2009
Approach for Control Implementation
• Develop a Safeguard Implementation Plan. The plan should at minimum contain the following:– Risks and associated risk levels– Recommended controls– Prioritize actions– Selected Planned controls (determined on the basis
of feasibility, effectiveness, benefits to the organization, and cost)
– Required resources for implementing the selected planned controls.
Computer Network Security 2009
Approach for Control Implementation
– Lists of responsible teams and staff– Start date for implementation– Target completion date for implementation– Maintenance requirements
• Implement selected controls The implemented controls may lower
the risk level but not eliminate the risk.
Computer Network Security 2009
Control Categories• Controls are categorized into:• Technical Network security• Management Network Security
Controls• Operational Network Security
Control
Computer Network Security 2009
Technical Network security
• This requires security configuration to set onto machines and software installed that guards against threats. The measures should work together to secure critical and sensitive data, information, and Network functions.
• Technical controls can be grouped into:– Supporting Technical controls– Preventive Technical controls– Detection and Recovery Technical controls
Computer Network Security 2009
Supporting Technical Controls
• These are basic controls onto which other controls are implemented. They are interrelated with other controls. They are also categorized into:– Identification- provide ability to uniquely identify
users, processes and information process.– Cryptographic Key Management- Includes secure
key generation, distribution, storage and maintenance
– Network Security Administration- Security features must be configured ie enable/disable.
– Network Protection- Protection in terms of the various security functionality to be implemented.
Computer Network Security 2009
Preventive technical Controls
• These basically prevent the violation of security policies. They include:– Authentication- proving that identity is what it claims to
be.– Authorization-permits/denys actions for a given network.– Nonrepudiation- deals with ensuring that sender don’t
deny sending information and the receivers not denying that they received the information.
– Protected Communication- ensures C.A.I while in transit. It uses data encryption methods to minimize interceptions, packet sniffing, replay etc.
– Transaction Privacy- protects against loss of privacy with respect to transactions performed by an individual. This achieved through use of Secure Sockets layer, secure shell.
Computer Network Security 2009
Detection and Recovery Technical
Controls• Detection controls warn of violation or
attempted violations of security policy they include Intrusion Detection methods.
• Recovery controls are used to restore lost computing resources.
• Detection and Recovery controls include:– Audit- Monitoring and tracking the
abnormalities after-the-fact detection of and recovery from security breaches.
Computer Network Security 2009
Detection and Recovery Technical
Controls– Intrusion Detection and Containment-Detects a
security breach.– Proof of Wholeness- analyses network integrity
and identifies exposures and potential threats. This control doesn’t prevent violations of security policy but detects violations and helps determine the type of corrective action needed.
– Restore Secure State- This service enables System to return to a state that is known to be secure, after a security breach occurs.
– Virus Detection and Eradication- Detects, identifies and eradicates viruses.
Computer Network Security 2009
Management Security Controls
• Management controls focus on the stipulation of information protection policy, guidelines and standards, which are carried out through operational procedures to fulfill the organization's goals and missions.
• These controls are divided into:– Preventive Management Security Controls– Detection Management Security Controls– Recovery Management Security Controls
Computer Network Security 2009
Preventive Management Security
Controls• These controls include:
– Assigning security responsibility to ensure that adequate security is provided for mission-critical.
– Develop and maintain Network security plans to document current controls and address planned controls for Networks in support of the organizations mission.
– Implement personnel security controls, including separation of duties.
– Conduct security awareness and technical training to ensure that end users and system users are aware of the rules of behavior and their responsibilities in protecting the organisation’s mission.
Computer Network Security 2009
Detective Management Security Controls
• These controls include:– Implementing personnel security controls, including
personnel clearance, background investigations, rotation of duties.
– Conducting periodic review of security controls to ensure that the controls are effective.
– Performing periodic system audits.– Conducting ongoing risk management to assess and
mitigate risk.– Authorize Network system to address and accept
residual risk.
Computer Network Security 2009
Recovery Management Security Controls
• These controls include:• Providing continuity of support and
develop, test, and maintain the continuity of operations plan.
• Establishing an incident response capability to prepare for, recognize, report, and respond to the incident and return the Network to operational status.
Computer Network Security 2009
Operational Security controls
• Organisation has to establish a set of controls, policies and guidelines to ensure that security procedures are enforced and implemented. Management comes in handy to make sure that the policies are implemented.
Preventive Operational • Examples of operational security controls :
Provide backup Secure wiring closets that house hubs and cables Safeguard computing devices
Computer Network Security 2009
Operational Security controls
• Detection Operational Controls include: Provide physical security (sensors
and alarms) Ensure environment security (use of
smoke and fire detectors, sensors and alarms).
Computer Network Security 2009
Cost-Benefit Analysis• Allocate resources and implement cost-
effective controls.• Identify all possible controls and evaluate
their feasibility and their effectiveness.• Consideration:
– Determine the impact of not and implementing the new enhanced controls.
– Estimate the cost of implementation• Hardware and software costs• Additional policies• Training costs• Maintenance costs