![Page 1: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/1.jpg)
Workshop 2
Tutor: William Yeoh [email protected]
School of Computer and Information Science
Secure and High Integrity System (INFT 3002)
![Page 2: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/2.jpg)
Group project details
Form a group of 3 by Wednesday (18 Sept) Report due on 7 November, 5pm (Friday) You must pass this assessment to pass the course 3000-5000 words You may decide the company’s name, location
(not necessary Australia), etc.
![Page 3: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/3.jpg)
Task: Your group is a small newly formed IT Security Consultancy and recently have been employed on your first case
Abraham is a health administrator (MD) but he has no modern technical understanding of IT security issues.
Abraham has had no problems with IT Security until very recently when the Hospital’s network was subject to a series of attacks. In the period of 3 days, the Hospital’s website was defaced, a serious virus infected the Hospital’s e-mail and large quantities of data were corrupted
Abraham wonders why this is happening and he questions whether there is a link to his company’s partnership with a large Health Insurance Company. He is also concerned to find out who might be attacking his network and why.
He is very anxious to grow his business and knows that he needs quickly to implement some security measures so as to pass an external audit (he has had nothing more than some proprietary and outdated anti-virus software until now).
![Page 4: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/4.jpg)
Organisation Structure
W a rren C h anE xe cu tive a ss is ta n t
Ju n io r S ys A d m in
S e n io r S ys A d m in
D o u g las B ro w nC h ie f In fo rm a tio n O ff ice r
M e d ica l a nd N urs in g s ta ff
C h ie f N u rs in g O ff ice r
L u ig i R o ssiC h ie f M e d ica l O ff ice r
F in a nce o ff ice r
F in an ce m a na g er
A d m in o ff ice r
H R M an a g er
M u b a rakC h ie f A d m in O ff ice r
A b rah am W o ngM D
![Page 5: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/5.jpg)
The issues Abraham is asking for advice on are:
3. Does he need to implement some cryptographic protection of data? How?
1. What risks do you think he is facing as he gears up his business and how can he manage these risks?
2. How can he develop a suitable security policy (given the company structure above)? Supply a security policy as Appendix 1 (you may use all the resources in the Resources for Module 2 and adapt these as necessary)
4. What is a “trusted” system, why might he need one anyway, and can he implement this within her Windows NT network?
![Page 6: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/6.jpg)
The issues Abraham is asking for advice on are:
5. How can he protect his network? Currently it is a simple LAN, some databases, a mail server and a web server but he wants to add some E-Commerce functionality very soon. What will happen when his staff use wireless enabled PDA’s for the collection of patient data?
6. Why might hackers be attacking his network; why would they be interested in his company?
7. Is there any legislation to help him if his network is hacked into again?
8. What kind of legal or ethical issues will he herself face if the data in his databases or files is lost or damaged?
![Page 7: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/7.jpg)
Today’s task3. Does he need to implement some cryptographic
protection of data? How?
4. What is a “trusted” system, why might he need one anyway, and can he implement this within his Windows NT network?
![Page 8: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/8.jpg)
Hints for:3. Does he need to implement some cryptographic protection of data? How?
This section evaluates the need of implementing data cryptography
Considers what cryptography technology to be adopted
How to implement them in this situation
![Page 9: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/9.jpg)
Hints for:3. Does he need to implement some cryptographic protection of data? How?
Does he need to implement some cryptographic protection of data?
• The hospital stores sensitive information eg. Patient’s medical record, financial situation, personal details, payment history, credit card info, password, etc.
• By consolidating the business status with the current trends of attacks, what is the risk evaluation?
• ‘Is the risk of occurrence higher than the cost of implementing cryptographic protection?’
![Page 10: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/10.jpg)
Hints for:3. Does he need to implement some cryptographic protection of data? How?
Some rationale to implement: Storing large amount of sensitive info of different
nature in the IT system
Current security level of network design & data management, security policy, staff awareness, etc
Storage of backup media does not guarantee high security level to avoid data leakage
![Page 11: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/11.jpg)
Hints for:3. Does he need to implement some cryptographic protection of data? How?
Connection to Internet using Dialup modem is insecure enough
The rapid introduction of virus, trojan & malicious code produce high risk
The website was defaced recently – shows security problem
![Page 12: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/12.jpg)
Considers what cryptography technology to be adopted
![Page 13: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/13.jpg)
![Page 14: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/14.jpg)
![Page 15: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/15.jpg)
![Page 16: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/16.jpg)
![Page 17: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/17.jpg)
How to implement them in this situation?
Suggest a commercial product (eg. DES, Blowfish, RSA, Hybrid cryptosystem, etc)
Internal or outsourcing
Staff perspective
Customers perspective
Steps, etc
![Page 18: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/18.jpg)
Hints:4. What is a “trusted” system, why might he need one anyway, and can he implement this within her Windows NT network?
What is a “trusted” system
Why might he need one anyway
Can he implement this within her Windows NT network?
![Page 19: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/19.jpg)
Why might he need one anyway?
User identification and authentication- to control the access rights.
Mandatory & discretionary access control- to control the usage of objects
Object reuse protection – to avoid malicious user claim a large amount of disk space & scavenge for sensitive data
Complete mediation – checking all access including memory, outside ports & network
![Page 20: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/20.jpg)
What is a “trusted” system?
Trusted OS provides the basic security mechanism that allow a system to protect, distinguish & separate data.
It began to receive NSA evaluation in 1984
Lower the security risk of implementing a system that processes classified data
It implements security policies & accountability mechanism in an OS package
![Page 21: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/21.jpg)
Why might he need one anyway?
Audit –maintain a log of security-relevant events
Audit log reduction- Allow logging of info in a reduced data size for consultation
Trusted path – facilitate unmistakable communication in critical operations
Intrusion detection- Intrusion of the system are detected
![Page 22: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/22.jpg)
Can he implement this within his Windows NT network?
Windows NT network acquires trusted OS features as: User identification and authentication can be set for all
users & administrators
Mandatory & discretionary access control are configurable for objects eg. Files & folders
Object reuse protection as usable volume of disk for all users can be strictly controlled by Windows NT.
![Page 23: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/23.jpg)
Complete mediation, Windows NT can check system resources including memory, port status & network connections
Audit log is maintained by Windows NT Server. Log details can be checked by administrator easily
Intrusion detection, Windows NT has no intrusion detection system, however this feature can be tackled by commercial firewall products.
Windows NT network acquires trusted OS features as:
![Page 24: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/24.jpg)
Configuring Windows NT network to implement Trusted OS:
Updating Windows NT servers by patches and use latest NT version
Enforces Windows NT Server password policy and establish consistent audit
Limits usable server volume for users to enhance object reuse protection
Avoids granting unnecessary privileges to users
![Page 25: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/25.jpg)
Avoids running unnecessary services in servers
Maintain audit trial records & perform checks on these records
Install IDS in the network
Configuring Windows NT network to implement Trusted OS:
![Page 26: Workshop 2 Tutor: William Yeoh gingsun.yeoh@UniSA.edu.au School of Computer and Information Science Secure and High Integrity System (INFT 3002)](https://reader036.vdocuments.net/reader036/viewer/2022062500/5697bff81a28abf838cbf42f/html5/thumbnails/26.jpg)
Q &A
Group Discussion
s