networks and security a series of lectures, outlining: how networks affect security of a system...
Post on 21-Dec-2015
216 views
TRANSCRIPT
Networks and SecurityNetworks and Security
A Series of Lectures, Outlining:How Networks affect Security of a system
Security of System
Security of Network
Security of Organisation
Secure vs Trustworthy
Attack Vulnerabilities
Web references and Bibliography
Eur Ing Brian C TompsettUniversity of Hull
Networking PrinciplesNetworking PrinciplesRevisionRevision
•ISO 7 Layer Model•Names and function of layers•Layer interconnect terminology
Internet BasicsInternet Basics RevisionRevision
IP Addresses (and registrars)150.237.92.11
192.168.0.1
Domain Names (and registrars)www.dcs.hull.ac.uk
on.to / i.am / name.is
Services/Socketshttp port 80
ISO 7 Layer ModelISO 7 Layer Model
Network
Datalink
Physical
Application
Presentation
Session
TransportNetwork
Datalink
Physical
Application
Presentation
Session
Transport
Hub/Repeater
GatewayProxy/Relay
NAT/ICS/Proxy
Router
Switch/BridgePTU
FrameDatagram
PacketDatagram
Segment
Message
IP
TCP/UDP
HTTP/FTPSMTP
PPP/SLIPEthernet
10BaseT
ADSL
Internet The MovieInternet The Movie
Animation covering salient points
It has some factual errorCan you spot them?
First Mention of FirewallsCovered later
SummarySummary
Overall Networking Architecture
Role of Layers & Layer Interface
Internet Protocols
Network Interconnections
Any further revision?
What is it for?What is it for?
What is the purpose ofTrustworthy Computing?
Computer Security?
Information Security?
DataDataProceduresProceduresActivityActivityInfrastructureInfrastructureOrganisationOrganisationEnvironmentEnvironmentEntitiesEntities
EntitiesEntitiesEnvironmentEnvironmentOrganisationOrganisationInfrastructureInfrastructureActivitiesActivitiesProceduresProceduresDataData
EntitiesEntities
ProceduresProcedures
DataData
EnvironmentEnvironment
OrganisationOrganisation
InfrastructureInfrastructure
ActivitiesActivities
Information Security ModelInformation Security Model
Entities Protection
Environment Protection
Organisation Protection
Infrastructure Protection
Activity Protection
Procedure level Protection
Data Protection
Security 7 Layer ModelSecurity 7 Layer Model
Activity
Procedures
Data
Entities
Environment
Organisation
InfrastructureActivity
Procedures
Data
Entities
Environment
Organisation
Infrastructure
Translation
Relationship
Contract
Language
Protocol
Packet
Document
Business
Contact
Information
Connection
Exchange
Gateway
Exchange
EntitiesEntities
Objects being manipulated by the systemEntities can be active or passiveData about entities is being protectedEntities can be People, Organisations or ObjectsEntities themselves encompass other entities – Collection or ContainmentSecurity involves:
Physical Changes – CommissioningOperational Procedure – What they doStructure – Interrelations
EnvironmentEnvironment
The restrictions on entities
Can act to limit or constrain security or freedom of action
Legislation, Regulation, Ethics
Technical Capability, Resource Limitation
Compatibility, Standards, Procedures
Physical Limitation
OrganisationOrganisation
The Mechanism by which operations a performed
The Organisation within the environment
InfrastructureInfrastructure
That which enables activities
The physical components which may or may not be entities in their own right
ActivityActivity
The tasks which process the data
Usually a business activity
Could be a software Application
ProcedureProcedure
The component steps that enable an activity
Can be software components or human procedures
DataData
The actual data about entities
The goal of a security breach
Protected byCryptography
Integrity
Security ModelsSecurity Models
ISO 17799ISO 27001 – ISO 27000 series
SABSASherwood Applied Business Security Architecture
Based on Zachman IS Framework
Financial Security Model
Financial Security ModelFinancial Security Model
FinanceApplications for financial users, issuers of digital value, trading and
market operationsValue
Instruments that carry monetary valueGovernance
Protection of the system from non-technical threatsAccounting
Value within defined placesRights
An authentication concept – moving value between identitiesSoftware Engineering
Tools to move instructions over the netCryptography
Sharing truths between parties
ISO 17799ISO 17799
Security PolicyOrganisation of Information SecurityAsset ManagementHuman Resources SecurityPhysical and Environmental SecurityCommunications and Operational ManagementAccess ControlSystems Development, Acquisition, MaintenanceSecurity Incident ManagementBusiness Continuity ManagementCompliance
Network Security ModelNetwork Security Model
Personal Protection
Organisation Protection
Network Protection
System Protection
Application Protection
Code level Protection
Data Protection
DataDataCodeCodeApplicationApplicationSystemsSystemsInfrastructureInfrastructureOrganisationOrganisationPersonPerson
PersonPersonOrganisationOrganisationInfrastructureInfrastructureSystemsSystemsApplicationApplicationProcedureProcedureDataData
PersonPerson
ProceduresProcedures
DataData
OrganisationOrganisation
InfrastructureInfrastructure
SystemsSystems
ApplicationsApplications
Security 7 Layer ModelSecurity 7 Layer Model
Application
Procedures
Data
Person
Organisation
Infrastructure
SystemsApplication
Procedures
Data
Person
Organisation
Infrastructure
Systems
Translation
Relationship
Contract
Language
Protocol
Packet
Document
Business
Contact
Information
Connection
Exchange
Gateway
Exchange
Personal ProtectionPersonal Protection
Personal SecurityLocking Doors, Staying Safe
Personal Data ProtectionGiving out DOB, Credit Card, Family info
Securing Access to your Computer
Personal Security Policy for all
Protect others personal security
Organisation ProtectionOrganisation Protection
Organisation / Institution / CompanyA Holistic View
Corporate Image
Make public only what required
Hide internal structure & information
Window & Door into Organisation
Manages Input & Output
Doors and WindowsDoors and Windows
Decide What Services are availableWeb servers, ftp, email
Which hosts on which networks
Which domains used
On which IP nets
Hosted by whom
What registration informationNames, addresses phone numbers
Network ProtectionNetwork Protection
Protect Network as entity/resource
Manage permitted traffic flow
Manage authorised use
Architect the Network - zoning
Firewalling
Network ArchitectureNetwork Architecture
Proper use of Subnets and domainsLimit traffic to local segments
Use Bridges/Switches/Routers/Proxies
Prevent data and authority leaks
What to Firewall?What to Firewall?
Certain Protocols – netBios
Certain Responses – ping/traceroute
Certain Applications Real/IRC
Certain Systems/Networks
Control Port/Host combinationsEmail Port/25, HTTP Port/80, FTP Port/21
Rate LimitDenial of Service/Scanners
System ProtectionSystem Protection
Protect each system from misuseIncoming & Outgoing!
Control Which Services Runhttp://support.microsoft.com/?kbid=832017
Virus checkers
Application ProtectionApplication Protection
Specific Application ConfigurationParental Controls of Web Browsers
Domain/IP blockers
Spam filters
Control file/device exports
Code Level ProtectionCode Level Protection
Writing Secure CodeEven on secured system
Bad Code compromises security
Hence software updates