Network Security RisksIS Auditor RoleNetworks Are Vulnerable to AttackPowerPoint PresentationSneaker NetWANSlide 7Routers, Firewalls, GatewaysTCP/IP Internet ProtocolSecuring Messages / TransactionsAuthenticationAuthentication DevicesPasswordsSymmetric EncryptionAsymmetric EncryptionEncryption of dataSlide 17Securing TransactionsStored Account SystemStored Value Systems – E-cashNew SystemsSmart CardsSlide 23Secure Sockets LayerSecure Electronic Transaction ProtocolPublic Key Infrastructure (PKI)Slide 27Slide 28Risks to the clientActive ContentActive X ControlsSlide 32Java AppletsCookiesOperating System RisksOperating System Risks 2Computer Emergency Response Team Coordination CenterViruses, Worms, TrojansSecuring the ServerDenial of Service AttacksWeb Page DefacingMalicious Web SitesPeople & Security - PoliciesSocial EngineeringInsider RisksOnion ApproachToolsTools 2Network sniffersQuestions & DiscussionNetwork Security RisksIS Auditor RoleCollect evidence to ascertain an entities ability to:Safeguard assetsProvide data integrityEfficiency of systemsEffectiveness of systemsNetworks Are Vulnerable to AttackHackers / CrackersTerrorists InsidersLogical Attack Physical Attackhttp://www.msnbc.com/news/482181.asp#BODY$,trust,secrets,infrastructure Financial Transactions-$Trillions/year EFT/Credit CardPentagon – 500,000 attempted attacks/yearMicrosoft – HackedDenial of Service – FebruaryMelissa – I Love YouPhysical Access AttackSneaker NetHubClinicClinicClinicClinicInternet / VPNISPCSU/DSUT1Router/Packet filtering firewallInternet GatewayPCPCPCPCPCPCHubSwitchAdmin- 330 PC'sHubHubPCPCPCPCPCPCSwitchDr's Offices- 200 PC'sSwitchPCPCPCPCPCPCOperating Rooms- 20 PC'sSwitchPCPCPCPCPCClassroomsMainframeSwitchSwitchServersWANISP 2Fault toleranceRouters, Firewalls, GatewaysFirewalls-hardware/software used to protect assets from untrusted networksGateway/proxy server allow information to flow between internal and external networks but do not allow the direct exchange of packetsDMZ - isolates internal network from vulnerable web serversRouter- manages network traffic forwards packets to their correct destination by the most efficient pathFilters packets by a pre-determined set of rulesIP source address, IP destination address, source port, and destination portAre only as secure as quality of rule set designedTCP/IP Internet ProtocolIP - standard for internet message exchangeDoes not guarantee delivery of packetsPackets using IP travel similarly to a post cardDoes not provide for data integrity or timeliness, security, privacy or confidentialityTCP, with error correction services is stacked on top of IP to form TCP/IPPort – address on host where application makes itself available to incoming data23 – telnet25 - SMTPPacket – unit of information transmitted as a whole, inc. source and destination addressIP address – unique 32 bit number- 4 octets separated by periods144.92.43.178InterNICSecuring Messages / TransactionsAuthenticationSomething you haveSomething you areSomething you knowSmart cardBiometric devicesPasswordAuthentication DevicesBiometric devicesRetinal scanFingerprintsVoice recognitionFacial recognition Secure ID tokens something you have-tokensomething you know- pin used to generate password that changes once a minutePasswords Proper maintenance & procedures essential Post-it notes - on monitors and under keyboards ? Longer than 8 characters Not comprised of English words Include special characters Change regularly L0pht crack L0phtCrackSymmetric EncryptionSecret key used for encryption and decryption is identicalAlice and Bob must exchange the secret key in advanceImpractical for large numbers of people to securely exchange shared secret keysAsymmetric EncryptionPublic-private key pairs,, used to overcome the problem of shared secret keysOwner of the key knows private keyPublic key is shared with everyoneMessage confidentially- Bob encrypts a message with Alice’s public key and on receipt Alice decrypts the message with her private keyEncryption of data Keys / Cipher length is importantExpressed in bits 40 bit cipher can be broken in 3.5 hrs56 bit - 22 hours 15 min, 64 bit - 33-34 days, 128 bit - > 2000 yearsMessage integrityAuthenticationNonrepudiationMessage confidentialityMessage encryptionDigital signatureMessage DigestSecuring Transactions Data theftCustomer lists, engineering blueprints and other company secretsCompany assets vulnerable since connected to public networksCracker Kevin Mitnick stole plans for Motorola’s StarTacUsed IP spoofingTheft of money German Chaos Computer Clubused an Active X control to schedule transfer of money from the victim’s online bank account to numbered bank account controlled by crackersStored Account SystemSimilar to existing debit/credit card systemsUse existing infrastructure/payment systems based on electronic funds transferUse settlement houses/clearing housesHighly accountable and traceableTraceable - raise privacy concerns “big brother”Slow and expensive online verification is necessarySET- secure electronic transaction, CyberCashStored Value Systems – E-cashPrivate, no approval from bank neededSecurity stakes are highCounterfeitingAbsence of control & auditing Potentially $8 trillion a year marketPeople do not yet trust e-cash technologyMore popular in EuropeE-cash superior to cashDo not require proximityDo not create weight & storage problems of cashNew SystemsDigiCash, Mondex and Visa Cash Stored value and/or stored accountsE-cash is stored on an electronic device Use smart card or e-cash could be stored on a PC Electronic wallet technologyMerchant adds or subtracts e-cash value using encrypted messaging between computers or by inserting the smart card in the merchant’s smart card reader Mondex - DevicesSmart CardsCredit card sized devices w/ chip & memoryContain operating systems & applicationsReader device attached PC can read smart cardAvoid problem of e-cash being stored on insecure hard drivesSmart cards disabled when physically attackedSmart CardsWill be ubiquitousLoyalty information – frequent flier milesHealth records and health insurance informationDebit, credit, and charge
or
We will never post anything without your permission.
Don't have an account? Sign up