Networking Strategies


Published on

Network Design, Security Analysis, Risk Assessment, DR, and BCP

Published in: Technology, Business
  • Hi Jim , wonderful and optimal persentation , would you be able to forward this presentation to , thanks
    Are you sure you want to  Yes  No
    Your message goes here
  • Very informative and thorough presentation. Is there a chance to forward via e-mail?
    Hani Mousa
    Enterprise Architect
    Are you sure you want to  Yes  No
    Your message goes here
  • hi will u pplzplz plz plz plz forword me this presentation plz plz........
    Are you sure you want to  Yes  No
    Your message goes here
  • hi can u plz fwd me this presentation...its superb ......
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Networking Strategies

  1. 1. Copyright James B. Maginnis 2000-2005 1 Organizational Kinetics Copyright 2003 - 2009 Network Design, Security Analysis, Risk Assessment, DR, and BCP Presentation By Jim Maginnis
  2. 2. Copyright James B. Maginnis 2000-2005 2 Today, There are >1 Billion Internet Users! 600 Gartner 500 400 eMarketer 300 200 Nielsen/NetRati ngs 100 Computer 0 Industry Internet Users Worldwide Almanac ( CIA) 2001 (in millions) Source: Projections vs. Reality, January 2002:
  3. 3. Copyright James B. Maginnis 2000-2005 3 Agenda • Technologies for PANs, LANs, MANs, WANs • IT Architecture and Network Design considerations • Outsourcing Decisions • Security Issues and Risk Assessments • Fault Tolerance Planning • Disaster Recover Planning • Business Continuity Planning • Management Responsibilities
  4. 4. Copyright James B. Maginnis 2000-2005 4 Analog Signals • Sound Waves ~ Electrical Waves in a Wire • Analog Signal Electrical Wave • Sound Wave Characteristics frequency (hertz) – Frequency (Hz) = cycles per second amplitude (volts) – Spectrum • 100 – 6,000 Hz • 300 – 3,000 Hz Time (sec) – Bandwidth = diff – Amplitude (dB) 1 cycle – Phase (alignment)
  5. 5. Copyright James B. Maginnis 2000-2005 5 Analog Communications Technology • Amplitude Modulation (AM), Frequency Modulation (FM), Phase Modulation (PM)
  6. 6. Copyright James B. Maginnis 2000-2005 6 Digital Signaling • Represented by square waves or pulses • Bit loss rather than attenuation loss amplitude (volts) 1 cycle time (sec) frequency (hertz) = cycles per second
  7. 7. Copyright James B. Maginnis 2000-2005 7 Broadband, Baseband, and Narrowband • Broadband means telecommunications in which a wide band of frequencies is available to transmit multiplexed information – DSL and Cable (with bandwidth expectations) • Usually analog with modem and/or multiplexer • At least 256,000 bps – Jupiter Communications • Over 6 MHz – IBM Dictionary of Computing • Baseband means one digital channel – Ethernet (―BASE‖) / Token Ring (―single band‖) • Narrow means just voice (500 to 64 kbps) – Mobile, Radio, Paging services (―dual-band‖)
  8. 8. Copyright James B. Maginnis 2000-2005 8 Connection Data Rates / Speed / Bandwidth Technology Max Data Rate Medium Technology Max Data Rate Medium GSM 9.6 to 14.4 Kbps RF USB 1.0 12 Mbps TP POTS 56 Kbps TP DS3/T-3 44.736 Mbps Coax GPRS 56 to 114 Kbps RF OC-1/DC-1 51.84 Mbps Fiber/Coax BRI ISDN 64-128 Kbps TP 802.11g 54-108 Mbps RF EDGsmE 384 Kbps RF Fast E-net 100 Mbps TP, Fiber Satellite 400 Kbps RF FDDI 100 Mbps Fiber Frame Relay Normal 56 Kbps TP/Coax OC-3/SDH 155.52 Mbps Fiber Bluetooth 1 Mbps RF IEEE 1394 400 Mbps TP DS1/T-1 1.544 Mbps Various ATM 155 / 622 Mbps TP / Fiber UMTS/.16.20 1-3/2-155 Mbps RF OC-12/STM-4 622.08 Mbps Fiber T-1C 3.152 Mbps Various SSA or SCSI 80 Mbytes/sec TP, Fiber Token Ring 4 to 16 Mbps Various Gigabit E-net 1 / 10 Gbps TP, Fiber DSL D:½ to 8 Mbps TP Fiber Channel 1 Gbps Fiber Cable D:½ to 52 Mbps Coax OC-768 40 Gbps Fiber Ethernet 10 Mbps Various DWDM 1 Petabit, 1015 Fiber
  9. 9. Copyright James B. Maginnis 2000-2005 Advantages of Segmenting – Internetworking 9 • Reduces the number of users per segment – Increase effective bandwidth and security • Switch VLANs work at wire speed • Using Bridges to segment – Each segment in a different collision domain – Same broadcast domain for non-routed protocols • Using Routers (layer-3) to segment – Reduced broadcast messages – Improved manageability • Multiple active paths • Flow and congestion control, explicit packet controls – 30% slower connectivity than a bridge
  10. 10. Copyright James B. Maginnis 2000-2005 1 0 Switches, Routers, Bridges, and Gateways • LinkSys G-kit: $183.00 • 3Com NJ200 4-port, SNMP QoS, VLAN, 1.4‖ Switch • Modular Systems start with a chassis (Cisco 6509 sold $1 billion in 1999) • Forum Phone ―Bridge‖ • Gateways (e.g. Mail) – A traffic controller from one network or service to another – Often a proxy server for security and caching
  11. 11. Copyright James B. Maginnis 2000-2005 Processors – Firewalls 1 1 • A ―real‖ firewall supports ―stateful packet inspection‖ with the ability to open packets to ensure that the ones coming from the Internet were responses to ones that went out. – SOHOware NBG800 Router/Firewall for $70 – 3COM OfficeConnect Secure Gateway for $250, NetScreen, WatchGuard, SonicWALL, SnapGear, and Cisco processors also support IPsec VPNs • Strongest firewall is Secure Computing’s SideWinder with a hardened OS, and can be purchased separately, on servers from Dell, or embedded in 3COM Ethernet cards
  12. 12. Copyright James B. Maginnis 2000-2005 Devices From The OSI Model’s Perspective 1 2 • SSL, S/MIME, PGP, and SET • NOS API • VoIP • Router/Firewall • IPsec • Bridge/Switch • Hubs/Modems
  13. 13. Copyright James B. Maginnis 2000-2005 1 3 What is a Virtual Private Network Connection? • A VPN (virtual private network) uses a public infrastructure (Internet) to provide remote offices or users access to an organization's network using ―tunneling‖ rather than using more expensive private or leased lines. • IPsec (Internet Protocol Security) provides two choices of security service: – Authentication Header (AH), which essentially allows authentication of the sender of data – Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well.
  14. 14. Copyright James B. Maginnis 2000-2005 1 4 Network Design Process • Consider Cost, Functionality, Manageability, Scalability, Adaptability, and Effectiveness • WAN vs. LAN and Upfront vs. Support Costs – Labor as much as 43% of TCO – Support normally 80% of TCO – Training, Downtime, DRP/Recovery – Client/Server, N-tier, Distributed – HP Openview – Cisco Netsys – Modeling tools
  15. 15. Copyright James B. Maginnis 2000-2005 1 5 Information Architecture Plan • Especially critical in today’s multi-vendor, distributed environment • Common vision on mandatory standards and key information & communication interfaces • Derive IT Architecture from department’s strategic and business requirements • A long term process based on as many IT and business staff as practicable with continuous review and update
  16. 16. Copyright James B. Maginnis 2000-2005 1 6 What is an Enterprise IT Architecture? • IT Architecture “A blueprint to guide how IT elements Components should work – Business flows together” and relationships – Application development – Data descriptions – Network / Telecom – Operating System(s) – Security and privacy – Risk factors – Migration Plan
  17. 17. Copyright James B. Maginnis 2000-2005 1 7 IAP Models, Protocols, and Standards • Reference Model (e.g. OSI) – a generic framework – logical breakdown of an activity • Protocol (e.g TCP/IP) – details of how to accomplish specific task – required to implement models • Standard (e.g. IEEE 802.3) – what a reference model and its protocol become when approved by an important standard-setting group (de jure standard), or are adopted by the marketplace ( de facto standard). Standards are, in essence, the blueprint for the Information Architecture
  18. 18. Copyright James B. Maginnis 2000-2005 1 8 Who Sets Standards? • Federal government: – by law can establish regulatory standards – National Institute for Standards and Technology • National standards bodies – ANSI, IEEE, or ISO • International standards bodies – ISO (International Organization for Standardization) – International Telecommunication Union (CCITT) • Other vendor groups, professional associations, trade associations, etc – IEEE, VESA, ATM Alliance, SQL group, IETF
  19. 19. Copyright James B. Maginnis 2000-2005 1 9 Standards Openness Continuum Closed • proprietary and closed (unpublished) – Intel chip, MS Windows – IBM mainframe • proprietary but licensed (for fee) – postscript • proprietary but published (free or token fee) – IBM’s original ISA bus – SUN’s NFS (network file system) – Intel’s PCI (peripheral component interconnect) • non-proprietary consortia or similar – VESA bus – ATM (asynchronous transfer mode) protocol – DVD Open • „official‟ de jure (open) standards products (published) – Ethernet, ISDN, DSL
  20. 20. Copyright James B. Maginnis 2000-2005 ―Well-Formed‖ Risk Statement 2 0 Asset Threat Vulnerability Mitigation What are you What are you How could the What is currently trying to protect? afraid of threat occur? reducing the happening? risk? Impact Probability What is the impact to the How likely is the threat given business? the controls? Well-Formed Risk Statement
  21. 21. Copyright James B. Maginnis 2000-2005 2 1 Defining Roles / Responsibilities Executive Determine Sponsor acceptable risk “What's important?” Information Assess risks Define security Measure security Security Group requirements solutions “Prioritize risks” IT Group Design and build Operate and “Best control solution” security solutions support security solutions
  22. 22. Copyright James B. Maginnis 2000-2005 2 2 Security Risk Management Process 4 Measuring 1 Assessing Program Risk Effectiveness 3 Implementing Controls 2 Conducting Decision Support
  23. 23. Copyright James B. Maginnis 2000-2005 2 3 Internet Enabled Technology Architectures Policies and Standards Network Management Software Management Firewalls Passwords Encryption Content Software Authoring Security and Data Tools Tools Infrastructure TCP/IP Hypermedia Servers Browsers Network Databases
  24. 24. Copyright James B. Maginnis 2000-2005 2 4 Requirement Sets for Two Design Options Bare “Cadillac” Bones Win- Implementation Win- UNIX UNIX dows Environments dows Off Off In Out Con- In Out Con- the the House Source sult House Source sult shelf shelf Sources
  25. 25. Copyright James B. Maginnis 2000-2005 2 5 Architecture - Internal vs. External sourcing • Costs and Knowledge base – Investment in hardware, software and facilities – Applications and database technologies • Reliability, (DRP and BCP) – Redundancy (no single point of failure) • Components, systems, multiple sites • Entire project or just portion (computer room) • Pull campus network lines or pay carrier • SSL, certificates, dynamic passwords – SecureID, CryptoCard, Safeword
  26. 26. Copyright James B. Maginnis 2000-2005 2 6 Comparison Criteria • Feasibility and Cost/Benefit • Available Resources: What can you do? • Development Time • Developmental and Operational Costs • Efficiency and Ease of Use • Compatibility • Security • Emotional: What do you want to do? • ―Evaluation_Tools‖…http://mime1.marc.gate
  27. 27. Copyright James B. Maginnis 2000-2005 2 7 Different Sources of Software Components Source of When to Go to This Internal Staffing Application Type Organization Requirements Producers Software? for Software Hardware Generally For system software and Varies Manufacturers not utilities Packaged Yes When supported Some IS and user Software task is generic staff to define Producers requirements and evaluate packages Custom Software Yes When task requires Internal staff may Producers custom support and be needed, system depending on can’t be built internally application In-House Yes When resources and Internal staff Developers staff are available and necessary though system must be built staff size may vary from scratch
  28. 28. Copyright James B. Maginnis 2000-2005 Applications – Voice Over IP 2 8 • Transmit voice over • Motivations IP data networks – Very cost effective – Voice Signal – Multimedia • Digitized communication • Compressed – Integrated voice and • Converted to IP packets data network and transmitted over IP network • Challenges – Signaling Protocols – Quality of voice • Set-up and tear down the – Interoperability calls – Security • Locate users – Integration with PSTN • Negotiate capabilities – Scalability • Waiting for IPv6
  29. 29. Copyright James B. Maginnis 2000-2005 Applications – New IPv6 Functionality 2 9 • 128-bit Addressing – Then every IP address with a microphone and speaker will be a phone and vice versa, every camera will also be searchable in real time • More Secure – Phone bill vs. credit card • Quality of Service (QoS) Queuing – Critical for CIT Voice and Video • Multicast Services – The ability to send real time information to multiple locations – Pay-per-View and per-Play • Improved Mobile Support – No wires for a billion devices remotely monitored
  30. 30. Copyright James B. Maginnis 2000-2005 Applications – Voice over ISDN and ATM 3 0 • Point-to-point ISDN and ATM networks are the solution today • 128kbps ISDN Video Conferencing works better than sharing a 1.54Mbps T1 • ATM (asynchronous transfer mode) use 53- byte cell units in a multiplexed dedicated- connection switching environment • ATM is the current most common solution for internetworking a campus or WAN backbone with real-time analog and data requirements
  31. 31. Copyright James B. Maginnis 2000-2005 3 1 5 Top Ways To Lower Costs & Raise Uptime • Converge multiple WAN/MAN backbones • Improve Quality of Service (QoS) • Support Voice Over IP (VOIP) • Cheap & easy IPsec VPNs to remote users • Improve network management control • All with different security issues
  32. 32. Copyright James B. Maginnis 2000-2005 3 2 Network Management Goals • Monitor network, backup, and vendor health • Automatic restoration options • Dedicated 7 x 24 hour local support w/DRP • Demonstrate business continuity plans • Dynamic reconfigurations • Bandwidth-on-demand (BoD) pools alternative to temporary peeking or DRP • Renewal of insurance policies • Meeting industry rules
  33. 33. Copyright James B. Maginnis 2000-2005 3 3 Need To Consider Current Environments • Platform alternatives – Host or mainframe – Mid-tier (UNIX) platforms – Mid-tier (Windows NT) – Client/Server – Three-tier web-based – Peer to Peer – Distributed • Hardware and software standards • Support resources’ ability to deploy solutions
  34. 34. Copyright James B. Maginnis 2000-2005 3 4 Metropolitan Area Nets (MANs) • Metropolitan backbones • SONET rings – solving the vulnerabilities of last mile • 25 Mbps Microwave • Single mode fiber, 10-Gigabit Ethernet will go 40 kilometers this year ($24 billion). Expected to capture 30% of high speed Internet market by ’05. (Gartner) • More ASPs, MSPs, SSPs – Trust / Security
  35. 35. Copyright James B. Maginnis 2000-2005 3 5 Trends in Telecommunications and Voice • Convergent system for V&D requirements • Open access with large bandwidth changes • Starbucks began with 2,000 802.11 routers • Virtual Private Networks for Global Model • Rainbow consortium of Microsoft, IBM, Intel, AT&T Wireless, and Verizon to create a single nationwide Wi-Fi company / network • In the meantime, Cable will be the big winner for Internet, TV, movies, and phone services – Satellite’s 25% share of TV will hold – DOCSIS 1.1 supports tiered services
  36. 36. Copyright James B. Maginnis 2000-2005 3 6 Trends in Telecommunications and Voice • Need to get all this new stuff to work together = increase in central network management software • Need to get it to work harder (60% idle) – Reselling excess capacity – Return to MIS Data Center focus • Increasing security (esp. governmental and biotechnologies) and ethical concerns • Thinner margins and continued bankruptcies • New SPAM laws and New Taxes!
  37. 37. Copyright James B. Maginnis 2000-2005 EDI – B2B Legacy Communications 3 7 High Support Needs = Security Issues Buyer Supplier RFP Response to RFP Purchase Order P.O. Acknowledgement Purchase Order Change P.O. Change Acknowledgement Functional Acknowledgement (for each Transaction ) RFP = Request for Proposal P.O. = Purchasing Order
  38. 38. Copyright James B. Maginnis 2000-2005 3 8 The Role of Extranets (was called internets) Adds everyone else‟s security problems Access Issues eBusiness No Firewalls Insecure VPNs Viruses Wireless Access
  39. 39. Copyright James B. Maginnis 2000-2005 3 9 Internet Applications = More Security Issues Businesses are rapidly installing intranets, extranets, and enterprise information portals throughout their organizations in order to enhance communication and collaboration, and to publish and share business information easily and at lower cost. E-mail (S/MIME) Telnet (SSH) Popular Uses of the File E-Commerce (SSL) Internet Transfer Protocol (PGP) Internet Relay Search Engines Chat (VPN) (Anonimizer)
  40. 40. Copyright James B. Maginnis 2000-2005 4 0 Groupware for Enterprise Collaboration Enterprise Collaboration Groupware Database Systems (ECS) support for Access communication, coordination Enterprise Security and collaboration among the Collaboration Concerns members of business teams and workgroups. Often set up with full access Electronic Electronic Collaborative Work Communications Conferencing Management Tools Tools Tools •E-Mail •Data Conferencing •Calendaring •Voice Mail, IP Phone •Voice Conferencing •Task and Project Mgt •Web Publishing •Videoconferencing •Workflow Systems •Faxing •Discussion Forums •Knowledge Mgt •Electronic Meetings •Document Sharing
  41. 41. Copyright James B. Maginnis 2000-2005 4 1 Electronic Conferencing = Access Issues • Data Conferencing – E.g.. MS-Netmeeting • Voice Conferencing • Videoconferencing – Real time need point to point connections • Discussion Forums • P-T-P Chat (IRC) • Electronic Meetings
  42. 42. Copyright James B. Maginnis 2000-2005 4 2 Communications and Collaboration Tools • Electronic Mail • Voice Mail • Faxing • Web Publishing • Calendaring/Scheduling • Task/Project Management • Workflow Systems • Knowledge Management More Access Worries!
  43. 43. Copyright James B. Maginnis 2000-2005 Applications – Internal and Off The Shelf 4 3 • Web Pages – Static vs. dynamic • Database – Storage • Legacy MIS systems Access control is a never-ending security effort!
  44. 44. Copyright James B. Maginnis 2000-2005 Applications – Buffer Overflow Prevention 4 4 #include <stdio.h> void main(void){ char buffer[50]; // gets( buffer ); fgets( buffer, 49, stdin ); buffer[49] = 0; printf("Input: %sn", buffer); } When using gets(), indeterminate behavior may result from excessive input length. Thus, fgets() should be favored over gets().
  45. 45. Copyright James B. Maginnis 2000-2005 4 5 Security Must Be Integrated With SDLC • All security considerations should be documented in the standard SDLC docs • Develop Needs Statement – Access and other Controls – Audit and Integrity Review • All test plans will include testing security, internal controls, and audit trail features and take place in a secure area • The CSO will work with the component sponsor to build and sign off on a Security Requirements Workplan and Validation Plan
  46. 46. Copyright James B. Maginnis 2000-2005 4 6 Security - Overview Accessibility to authorized, but not others – Permanent - not alterable (can't edit, delete) – Reliable - (changes detectable)
  47. 47. Copyright James B. Maginnis 2000-2005 Security – Firewalls 4 7 Stateful Inspection Checking inside packets One firewall is not enough! A DMZ (demilitarized zone) is a small network inserted between a company's private network and the outside networks to prevent external users from getting direct access to sensitive company data.
  48. 48. Copyright James B. Maginnis 2000-2005 4 8 Processors Internet Web Browsers • Modems Router Switch • Multiplexers Firewall • Internetwork Processors Load Balancer SSL Acceleration – Repeaters Switch Appli- – Hubs cation and – Switches Web Servers – Bridges Switch – Routers Firewall LAN Backbone Switch – Gateways V.92 New and Modem Legacy Data • Firewalls Bank Resources
  49. 49. Copyright James B. Maginnis 2000-2005 Security – Threats / Responses / Newsletters 4 9 • Hacking, viruses, theft, patches, shredding • Web related, DOS, spoofing, firewalls • CERT Coordination Center – At Carnegie-Mellon ( • SANS Institute – For-profit with free services ( • National Infrastructure Protection Center – Now Homeland Security ( • Microsoft ( • Trend Micro Anti-virus Software – Now Japanese owned (
  50. 50. Copyright James B. Maginnis 2000-2005 5 0 Passive vs. Active Threats CERT received 53,000 reports of active attacks in 2001 Eavesdropping / traffic Packets intended to disrupt analysis for attack or service, to gain access, or info “black markets” modify information.
  51. 51. Copyright James B. Maginnis 2000-2005 5 1 Model for Network Security
  52. 52. Copyright James B. Maginnis 2000-2005 NAT Router ―Firewall‖ Web Service Example 5 2 Web Host Internet To To from from Router with NAT that Masquerades To To from from Host Web Client Host Host Web Server FTP Server port 80 port 23
  53. 53. Copyright James B. Maginnis 2000-2005 5 3 PGP (Pretty Good Privacy) Encryption • See and Mostly used for encrypting FTP files and e-mail; is international banking standard
  54. 54. Copyright James B. Maginnis 2000-2005 5 4 Example PGP Encrypted eMail To: “John Doe" <> From: Jim Maginnis <> Subject: EBUS400: PGP Endeavor... Cc: Bcc: X-Attachments: -----BEGIN PGP MESSAGE----- Version: PGPfreeware 6.5.2 for non-commercial use <> qANQR1DBwU4D6cjDU+QAxCwQB/9IZFOIuDSIIQbwa28SQ63DDioFb4bH4bmKfopX cvdDVQ1X53fSJzyLt12RslfQToje8YxRNidYMNg1zDTT7CR9q7LRFoAwBFVtQhWJ jFNXn1+aE8oePReMi6vS0DXSSDfgDuUb1R+c8htHoeik6Oebe9R90J3d51yyCojV /5Io5nlM7T11PDaWqsjLr2ttrSySzARt5fAJ9l1mOH+hSl1YebRjZPaxWw+bsYuqN a0GYr2UdwgE1u5HQuhZ+bOIbSliShfKiNuDGHe6VJrchROHnC9Po2JWAOD7wMFq6 STZ/MPGzViaCUaaWPLSKleiURUh4Ly5/LaNYkaumO9vh+241FPqtZKqRVmHRg6dY Ro9edu01qTiXJj25cXHxeNMdA1txLxR3ontbExow+ML5kxs= =68Hd -----END PGP MESSAGE-----
  55. 55. Copyright James B. Maginnis 2000-2005 PGP: Things to be aware of… 5 5 • Does not encode mail headers – Subject can give away useful information – To and From provides traffic analysis information as well as usernames • PGP uses original file name and modification date • Certificates often verify that the sender is ―John Smith‖ but not which ―John Smith.‖ So, PGP allows pictures in certificates.
  56. 56. Copyright James B. Maginnis 2000-2005 5 6 Kerberos For Authentication (Radius Server also for centralized passwords)
  57. 57. Copyright James B. Maginnis 2000-2005 5 7 Kerberos Issues • Kerberos transfers username/passwords in open text from Masters to Slaves • Cryptographers worry that it might be breakable through reversing Ksession • V4 only uses 4 bytes for IP address, so does not support Novel, Appletalk, IPv6 • V5 allows easier spoofing and delegation but greatly improves ticket renewal and allows for public key cryptography
  58. 58. Copyright James B. Maginnis 2000-2005 5 8 Breaking DES • DES released March 17th, 1975 • Electronic Frontier Foundation concerned with wide use and exaggerated government claims of being unbreakable while attempting to bully companies into only using DES method • In 1997, RSA offered $10,000 to break; was claimed 5 months later using the Internet • Everyone now uses Triple-DES • NIST has chosen the Rijndael encryption algorithm to supplant DES starting in 2003
  59. 59. Copyright James B. Maginnis 2000-2005 5 9 Breaking RFID (40-48 bit key / 24-bit packets) • Small, wireless Radio-Frequency ID (RFID) Digital Signature Transponder (DST) consisting of a small encapsulated passive microchip and antenna coil. – Vehicular Immobilizers (automobile keys w/rolling codes) – Electronic Payment (ExxonMobil SpeedPass ) • Future use by Wal-mart and others of an EPC (Electronic Product Code) wireless barcode and may soon be available for as little as 5 cents/unit. • EPC tags lack sufficient circuitry to implement even symmetric-key cryptographic primitives, don’t use 128-bit keys, and key case/slots are not shielded
  60. 60. Copyright James B. Maginnis 2000-2005 6 0 Private and Public-Key Use
  61. 61. Copyright James B. Maginnis 2000-2005 6 1 Future Encryption Keys Secret value is added by both parties to message before the ―hash‖ function is used to get the Message Integrity Check.
  62. 62. Copyright James B. Maginnis 2000-2005 6 2 Global Scanning Activities
  63. 63. Copyright James B. Maginnis 2000-2005 6 3 Examples of Weak Passwords • Default or empty passwords • Same as the username • The word ―password‖ • Short words, 1 to 3 characters long • Words in an electronic dictionary (60,000) • User’s hobbies, family names, birthday, etc. => most likely last or maiden name • Phone number, social security number, street address, license plate number, etc.
  64. 64. Copyright James B. Maginnis 2000-2005 6 4 Password Gathering • Look under keyboard, telephone etc. • Look in the Rolodex under ―X‖ and ―Z‖ • Call up pretending to from ―micro-support‖ or a senior merger manager and ask for it • ―Snoop‖ a network for plaintext passwords. • Tap a phone line with special modem • Forward the phone line remotely and fake login request (and pass to legitimate login) • Use a ―Trojan Horse‖ program to record key stokes (e.g.:
  65. 65. Copyright James B. Maginnis 2000-2005 6 5 Viruses, Worms, and Trojan Horses • Virus - code that copies itself into other programs • Bacteria - replicates until fills disks or CPU cycles • Worm - uses email / file undocumented features • Payload - harmful things it does after it has spread • Trojan Horse - looks good, but does bad things • Logic Bomb - malicious code activates on an event • Trap Door (Back Door) - undocumented entry point. Needs Host Program Independent Trapdoors Logic Trojan Viruses Bacteria Worms Bombs Horses
  66. 66. Copyright James B. Maginnis 2000-2005 6 6 Types of Viruses • Boot Sector Virus - infects the boot sector of a disk, activating on boot up (1st MS-DOS viruses) • Memory-resident Virus - lodges in main memory as part of the residual OS • Parasitic Virus - attaches itself to executable files as part of their code. Runs when program runs • Stealth Virus - explicitly designed to hide from Virus Scanning programs • Polymorphic Virus - mutates with every new host to prevent signature detection • KEEP PATCHES & DEFINITIONS UP TO DATE
  67. 67. Copyright James B. Maginnis 2000-2005 6 7 Honey Pots, Tar Pits, and Sink Holes • A Honey pot is a trap to detect and deflect attacks with a ―dangle‖ computer or data – Such as 9/11 ―no plane at the Pentagon‖ hoax • Tar Pits are a section of a honey pot or DMZ designed to slow down TCP based attacks • Sink Holes are the network equivalent with BGP routers to assist analyzing attacks – Monitor attack noise, scans, and use of dark IPs – Ready to advertise routes and accept traffic to minimize risk while investigating incident
  68. 68. Copyright James B. Maginnis 2000-2005 6 8 What To Monitor In A Sink Hole • Scan ―Dark‖ unused IP space • Scan for infections of Worms and Bots • Look for backscatter from attacks & garbage traffic on networks (RFC-1918 leaks) • Expand dedicated Sink Hole router with a variety of tools to pull DOS/DDOS attack – Arbor Network’s Peakflow checks scan rates • 2 Router IP addresses: 1 for management and 1 for Anycast DNS caches to share load
  69. 69. Copyright James B. Maginnis 2000-2005 6 9 More Sink Hole Notes • SQL Slammer Worm doubled infections every 8.5 sec to spread 100x than Code Red – at peak, was scanning 55 million hosts / second • Sink holes have proven their value, with worm mitigation (after containment) • Need to work at various security levels • No IGB on Sinkhole; Sinkhole is a RRc • Must not loop traffic back out management interface (remotely controlled: VNC / Telnet)
  70. 70. Copyright James B. Maginnis 2000-2005 7 0 The Good, Bad, and Ugly Packets • The Good - legitimate communications • The Bad - poorly configured equipment • The Ugly - intended to do damage – Speed is too high (storming) – Host is violating port-usage policy – UDP packet contains no data – No data transfer, too many ports or IP destinations – Offset + Length > 65,608 bytes for Fragments – Responses without requests, responses have different data from requests
  71. 71. Copyright James B. Maginnis 2000-2005 7 1 So Many Packets, And So Little Time • A 50% loaded 100base-t Ethernet carries about 20,000 pps, or 1.2 million per minute • Detecting the Ugly is difficult because they are such a small fraction of the total, and the Bad often set off false alarms. Among the techniques that are being used are: – Single packet signatures • illegal flags, long fragments – Timing based techniques • DOS Floods / automated Telnet – AI programs that train or learn characteristics – Flow-based statistical schemes
  72. 72. Copyright James B. Maginnis 2000-2005 True Examples of ―Bad‖ and ―Ugly‖ 7 2 • A T1 Internet is completely jammed for 45 minutes from 120 hosts downloading 1.2 MB of files from an CAI FTP server. • One week-end before Napster was reportedly going out of business, two hosts jam the T1 connection by downloading Gigabytes of data from peer-to-peer servers. • A host appears to be repeatedly scanning the network for servers on a half-dozen different port numbers. • A rapid rate of short fragmented packets brings down a top-ten site for half a day.
  73. 73. Copyright James B. Maginnis 2000-2005 7 3 Some Techniques to Determine The Ugly 1. Data Flow follows IP Rules, transfers data: Good unless - Ugly - Speed is too high Ugly - Host is violating port-usage policy Ugly - UDP packet contains no data 2. Host is receiving rejects (TCP or ICMP) Bad - Web Server or client ending persistent connections, such as Napster Ugly - From, or to, too many ports or IP destinations
  74. 74. Copyright James B. Maginnis 2000-2005 7 4 Examples of The Ugly (continued) 3. Host is sending packets, but no replies: Bad - Web load-balancer is bypassed for down-stream traffic Ugly - No data transfer, too many ports or IP destinations 4. Fragmented IP packets. Bad unless: Ugly - very short and/or speed is too high Ugly - Offset + Length > 65,608 bytes
  75. 75. Copyright James B. Maginnis 2000-2005 7 5 Examples of The Ugly (continued) 5. Pings and Ping Responses Good - if balanced and reasonable Ugly - Responses without requests, responses have different data from requests (covert channel) Only a few new types of legitimate network activity appear each year. It’s much easier to characterize the new legitimate network protocols, than it is to keep up with the hacker community’s latest creations.
  76. 76. Copyright James B. Maginnis 2000-2005 7 6 Examples of The Ugly (continued) • Packets that violate Internet Protocols in ways that have been found to cause computers, firewalls, or intrusion detection systems (IDS) to crash or operate improperly. – Teardrop Attack - IP Fragments that overlap. – Ping of Death - IP Fragmented Datagram with Offset plus Length > 65,507 – (one method - # ping -l 65510 ) • Short packets, perhaps belonging to A above, that arrive at such a high rate that they cause damage. – Rapid TCP ―SYN‖ packets, or Isolated Fragments - tie up computer memory.
  77. 77. Copyright James B. Maginnis 2000-2005 7 7 Examples of The Ugly (continued) • Packets going to various hosts and ports that are being used to map the network - looking for vulnerable hosts. – TCP ―SYN-FIN‖ or other improper TCP Flag combinations – UDP Packets with zero data bytes – TCPs that cause TCP ―Reject‖, or UDPs that causes ICMP ―Host Unavailable‖ • Hardest to detect, packets that would belong to "The Good" except that the two hosts should not be talking to each other, at least not on that service or port number. – Detection - Compare to database of allowed Server ports.
  78. 78. Copyright James B. Maginnis 2000-2005 7 8 Microsoft Break-in Example • Employee created file on PC at home and caught 2-month old virus • Employee e-mailed virus to self at work • Was not caught by a Mail Gateway • Workstation also did not have patches nor definition files up to date • Payload was an open tunnel to a Ukrainian • Who downloaded all development source (e.g. Windows XP); was not caught = no IDS
  79. 79. Copyright James B. Maginnis 2000-2005 7 9 Anomaly-based Intrusion Detection High statistical variation in most measurable network behavior parameters results in high false-alarm rate
  80. 80. Copyright James B. Maginnis 2000-2005 8 0 Distributed Host-based IDS Highly recommended for critical servers Modules must be installed and configured on hosts.
  81. 81. Copyright James B. Maginnis 2000-2005 8 1 Signature-based IDS Data Packets are compared to a growing library of known attack signatures. These include port numbers or sequence numbers that are fixed in the exploit application, and sequences of characters that appear in the data stream.
  82. 82. Copyright James B. Maginnis 2000-2005 Six ―Signatures‖ from the Snort Database 8 2 • alert tcp $EXTERNAL_NET any -> $HOME_NET 7070 (msg: "IDS411 - RealAudio-DoS"; flags: AP; content: "|fff4 fffd 06|";) • alert udp $EXTERNAL_NET any -> $HOME_NET any (msg: "IDS362 - MISC - Shellcode X86 NOPS-UDP"; content: "|90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90|";) • alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS359 - OVERFLOW-NOOP-HP-TCP2";flags:PA; content:"|0b39 0280 0b39 0280 0b39 0280 0b39 0280|";) • alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS345 - OVERFLOW-NOOP-Sparc-TCP";flags:PA; content:"|13c0 1ca6 13c0 1ca6 13c0 1ca6 13c0 1ca6|";) • alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"IDS355 - OVERFLOW-NOOP-Sparc-UDP2"; content:"|a61c c013 a61c c013 a61c c013 a61c c013|";) • alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "IDS291 - MISC - Shellcode x86 stealth NOP"; content: "|eb 02 eb 02 eb 02|";)
  83. 83. Copyright James B. Maginnis 2000-2005 8 3 Signature-based IDS May Miss New Attacks Back Orifice Land Attack Attacks with Names Win Nuke Attacks without Names (not analyzed yet) IP Blob Trino Alarm on Activities in these areas.
  84. 84. Copyright James B. Maginnis 2000-2005 8 4 Flow-based IDS Technology An approach that recognizes normal traffic can detect new types of intrusions Attacks with Names Back Orifice Attacks without Names Land Attack (not analyzed yet) FTP Web Win Nuke Normal Network Activities IP Blob Alarm on Activities Trino in this areas. NetBIOS Email
  85. 85. Copyright James B. Maginnis 2000-2005 8 5 Flow-based Statistical Analysis A “Flow” is the stream of packets from one host to another related to the same service (e.g., Web, email, telnet, …). Data in packet Flow- Flow- Statistics Statistics headers is used to build up Counters Counters counts (leads to high Number of Packets speed). Number of Total Bytes After the flow is over, Number of Data Bytes counters are analyzed and a Start Time of Flow value is derived for the Stop Time of Flow probability that the flow was crafted, perhaps for probing Duration of Flow the network for Flag-Bit True-False Combo vulnerabilities or for denial Fragmentation Bits of service. ICMP Packet Responses to UDP Packets Counters
  86. 86. Copyright James B. Maginnis 2000-2005 8 6 IDS Types Should be Combined Host- Can detect misuse of OS access Based and file permissions. Signature Can detect attacks embedded in -Based network data - if signature is known Anomaly On host or network: can detect new -Based types, but high false alarm rate Flow- Can detect new types of attacks by Based network activity. Should be used with Host- and/or Signature-Based
  87. 87. Copyright James B. Maginnis 2000-2005 8 7 The Stages of a Network Intrusion 1. Scan the network to: Flow-based "CI" and/or signature-based • locate which IP addresses are in use, • what operating system is in use, • what TCP or UDP ports are ―open‖ (being listened to by Servers). Signature-based 2. Run ―Exploit‖ scripts against open ports 3. Gain access to ―suid‖ Shell (―root‖ privileges) Host-based 4. Download from Hacker Web site special versions of systems files that will let Cracker have free access in the future without CPU or disk usage being noticed by auditing programs. Signature-based "Port-Locking", Host-based 5. Use IRC (Internet Relay Chat) to invite others to the feast. Signature-based "Port-Locking", Host-based
  88. 88. Copyright James B. Maginnis 2000-2005 8 Web Server Browser 8 One Solution: Segment Application Application Layer Bridge-Router-Firewall Layer (HTTP) can drop packets (HTTP) Port 80 Port 31337 Transport based on Transport Layer source or destination, Layer (TCP,UDP) IP address, and/or port (TCP,UDP) Segment No. Segment No. Network Network Layer (IP) Layer (IP) IP Address Network Network IP Address Layer Layer E'net Data Token Ring Token Ring E'net Data Link Layer Link Layer Data Link Layer Data-Link Layer Ethernet Token Ring Token Ring E'net Phys. Phys. Layer Layer Phys. Layer Phys. Layer
  89. 89. Copyright James B. Maginnis 2000-2005 8 9 Simple Network Man. Protocol v1, v2, and v3 • SNMPv2 makes use of TCP for ―reliable, connection-oriented‖ server. SNMPv1 is ―connectionless‖ since it utilized UDP (rather than TCP) as the transport layer protocol. • Addressed by version 2: – Lack of support for distributed management – Functional deficiencies (since v2 can use TCP/IP and Novel IPX) • Addressed by version 3: – V1 used a community name as a password
  90. 90. Copyright James B. Maginnis 2000-2005 9 0 Security - Authentication • Authentication – process to ensure both the message’s content and sender’s identity have been verified by an authorized source and content was not altered. • Digital Certificate – contains digital identity information including; name, public key, operational period, and serial number. • Certificate Authority – authorized issuer of digital certificates
  91. 91. Copyright James B. Maginnis 2000-2005 9 1 X.509 Authentication Service (e.g. Verisign) • An International Telecommunications Union (ITU) recommendation (versus ―standard‖) for allowing computer host or users to securely identify themselves over a network. • An X.509 certificate purchased from a ―Certificate Authority‖ (trusted third party) allows a merchant to give you his public key in a way that your Browser can generate a session key for a transaction, and securely send that to the merchant for use during the transaction (padlock icon on screen closes to indicate transmissions are encrypted).
  92. 92. Copyright James B. Maginnis 2000-2005 9 2 X.509 Authentication Service (continued) • Once a session key is established, no one can ―high jack‖ the session (after your enter your credit card information, an intruder can not change the order and delivery address). • User only needs a Browser that can encrypt/decrypt with the appropriate algorithm, and generate session keys. • Merchant’s Certificate is available to the public, only the secret key must be protected. Certificates can be cancelled if secret key is compromised.
  93. 93. Copyright James B. Maginnis 2000-2005 9 3 VISA SET Steps in a Transaction 1. Customer opens account with card company or bank that supports SET 2. Bank issues X.509 certificate to Customer with RSA Public-Private Keys 3. Merchant has two certificates, one for signing messages and one for key exchange ---- 4. Customer places an order 5. The Merchant sends the customer a copy of his certificate 6. The Customer sends Order Information (OI), and Payment Information (PI) encrypted so the Merchant can not read it --- 7. Merchant requests payment by sending PI to the ―Payment Gateway‖ (who can decrypt it) and verifies Customer’s credit is good 8. Merchant confirms the order to the Customer 9. Merchant ships goods to Customer 10. Merchant sends request for payment to the Payment Gateway which handles transfer of funds
  94. 94. Copyright James B. Maginnis 2000-2005 9 4 Why Is SET Not Happening? (but PayPal is) But, Merchant must pay Issuer gets greatest benefit
  95. 95. Copyright James B. Maginnis 2000-2005 9 5 Covert Channels • Sending data in a way that network watchers (sniffer, IDS, ..) will not be aware that data is being transmitted. • For IP Networks: – Data hidden in the IP header – Data hidden in ICMP Echo Request and Response Packets – Data tunneled through an SSH connection – ―Port 80‖ Tunneling, (or DNS port 53 tunneling) – In image files.
  96. 96. Copyright James B. Maginnis 2000-2005 9 6 Packet Header Hiding: Normal Packet 20-64 bytes 20-64 bytes 0-65,488 bytes IP Header TCP Header DATA Dear Friend, I am having a good time at the beach. TCP Source Port TCP Destination Port IP Source Address IP Destination Address
  97. 97. Copyright James B. Maginnis 2000-2005 9 7 NOTE: Long IP Packets Are Fragmented 20-64 bytes 20-64 bytes 0-65,488 bytes IP Header TCP Header DATA Dear Friend, watching the waves I am having a good roll in. time at the beach. TCP Source Port The TCP TCP Destination Port Header IP Source Address IP Source Address is not IP Destination Address IP Destination Address IP Ident = x IP Ident = x repeated More Fragments = True. More Fragments = False.
  98. 98. Copyright James B. Maginnis 2000-2005 9 8 Other Convert Channel Tools • SSH (SCP, FTP Tunneling, Telnet Tunneling, X-Windows Tunneling, ...) - can be set to operate on any port (<1024 usually requires root privilege). • Loki (ICMP Echo R/R, UDP 53) • NT - Back Orifice (BO2K) plugin BOSOCK32 • Reverse WWW Shell Server - looks like a HTTP client (browser). App headers mimic HTTP GET and response commands.
  99. 99. Copyright James B. Maginnis 2000-2005 9 9 Steganography The hiding of a secret message within an ordinary message so that no one suspects it exists. Ideally, anyone scanning the data will fail to know it contains encrypted data. see
  100. 100. Copyright James B. Maginnis 2000-2005 1 0 0 Detecting Covert Channels • A network IDS will detect a ―Ping Unbalance‖ - more Ping Responses than Requests • Block all ICMP packets at firewall • Signature-based IDS will detect known rogue programs • Port 53 Tunneling - Block inbound and outbound TCP/UDP-53 packets at firewall except to/from known internal DNS servers • Port 80 Tunneling - look for long-lasting flows to outside server, excess client-to- server data flow
  101. 101. Copyright James B. Maginnis 2000-2005 1 0 1 Detecting Covert Channels (continued) • Port-profile violation • Steganography - If Zombie, look for Port- profile violation, or known hacker-site server. • Monitor for new and unknown processes • Check for new or unknown ports and devices • Know and understand all ―suid root‖ or administrator programs • If you don’t need an account - delete it! • Check System logs
  102. 102. Copyright James B. Maginnis 2000-2005 1 0 2 Middleware Security Policies and Software • No Read Up (Simple Security Property): - a subject can only read an object of less or equal security level • No write down (*-Property): - a subject can only write to an object of greater or equal security level (can not lower the security classification of information by writing to an object with a lower security level). You can contribute information to a higher security level report, but can not read the report • Reference Monitor: - a way to enforce the two rules above (security middleware)
  103. 103. Copyright James B. Maginnis 2000-2005 Alice’s program has a Trojan Horse inside 1 0 3
  104. 104. Copyright James B. Maginnis 2000-2005 Running Alice’s Program Reads Secret file 1 0 4
  105. 105. Copyright James B. Maginnis 2000-2005 1 0 5 Reference Monitor Controls Access
  106. 106. Copyright James B. Maginnis 2000-2005 1 0 6 Will Not Allow Secret Information Out
  107. 107. Copyright James B. Maginnis 2000-2005 1 0 7
  108. 108. Copyright James B. Maginnis 2000-2005 1 0 8 Other Utilities to Scan for Security Holes • Saint and Satan run exploits – Saint - – Satan - • protocol analyzer • scanner • • (has academic version) • Public snmpwalk or Bay Networks nman • Only download source format with a PGP (or GPG) certificate that you can check • makes popular commercial IDS
  109. 109. Copyright James B. Maginnis 2000-2005 1 0 9 Some MS-Windows Considerations • Standard install NOT Secure! Use few local Accounts (only Administrator and Guest) • Many undocumented and unchecked system variables and functions • SMB challenge-response and compatibility system problems, especially ports 135-139 • All powerful Administrator account, and completely open EVERYONE account • Uses more secure microkernel technologies and networking Redirectors • Trusted Domain architectures similar to NIS, but has not yet seen the same security
  110. 110. Copyright James B. Maginnis 2000-2005 1 1 0 Some UNIX Considerations • Berkley ―r‖ commands not a good idea, routinely delete all .rhost files • Issues with SUID utilities and anonymous • SunRPC, NFS, YP, NIS designed with few security mechanisms - naïve client / server assumptions allows spoofing opportunities • Open /etc/password file, use shadow file • More mature OS = fewer system calls with unchecked parameters and ACL (Access Control Lists) now similar to NT • All modern Unix’s enforce resource limits so that programs can not over inflate its priority
  111. 111. Copyright James B. Maginnis 2000-2005 1 1 1 Network Tunnels • Modems • VPNs – Virtual Private Networks • Wireless Hubs – biggest threat today!
  112. 112. Copyright James B. Maginnis 2000-2005 1 Anyone can convert their cube or office Ethernet jack into a 1 2 Wireless Hub (and add a public entry point into the Network) “30 percent of all enterprises risk security breaches because they've deployed 802.11b wireless local area networks without proper security.” - Gartner Inc. Linksys Wireless D-Link Wireless SMC Wireless Cable/DSL Router Router/Print Cable/DSL $119 Server & Card $129 Router $115
  113. 113. Copyright James B. Maginnis 2000-2005 A vs. G ―fixed‖ Wireless 802.11 Technologies 1 1 3 • Up to 11Mbps (4- • Up to 54Mbps 5Mbps common) • Very inexpensive • Only 10% premium and simple, conflicts for five times the with cordless bandwidth phones / microwave ovens, 100 – 300 ft range, penetrates • 100-150 ft most walls • Growing public • Compatible with access (2,000 802.11a Starbucks in 2003)
  114. 114. Copyright James B. Maginnis 2000-2005 1 1 4 Freeware WEP Cracking Tools • Of 120 wireless systems located by the Atlanta Journal, only 32 had activated the included encryption protection and no hardware used ―real‖ random numbers • Adam Stubblefield was the first to implement, but AirSnort and WEPCrack are the first made publicly available • AirSnort only needs approximately 5-10 million encrypted packets to guess the encryption password in under a second (
  115. 115. Copyright James B. Maginnis 2000-2005 1 1 5 WPA vs. WEP (vs. 802.1x) on WAP • Wireless Access Point (WAP) is the bridge • Weak WEP is the standard way to encrypt • WPA adds Temporal Key Integrity Protocol (TKIP); password MUST not be simple ones • 802.1x is only about port access, usually using a username/password challenge, thus, should be used with WEP (or WPA) • MAC filtering and SSID hiding don’t help • Most networks unsecured (see USA Today article and another about FBI presentation)
  116. 116. Copyright James B. Maginnis 2000-2005 1 1 6 Network Stumbler Displays 802.11 Networks ―Wardriving‖ web site maintains data base of all user uploads
  117. 117. Copyright James B. Maginnis 2000-2005 1 1 7 AiroPeek Maps Out Users WEP uses the RC4 encryption algorithm (with 40 or 80 bit key), which is weak and inappropriate (assumes packets arrive in order) to save CPU
  118. 118. Copyright James B. Maginnis 2000-2005 1 1 8 AiroPeek Maps Out Users (continued) Data sniffed off the air from non-WEP session with AiroPeek.
  119. 119. Copyright James B. Maginnis 2000-2005 1 1 9 WEP Problems • One start-up, AirDefense, has catalogued – 100 types of denial-of-service attacks jamming the airwaves with noise to shut down wireless LANs – 27 attacks to take over wireless LAN stations – 490 probes to scan wireless LANs for weaknesses – 190 ways to spoof media access control (MAC) addresses and SSIDs to assume another’s identity • Wireless LANs are a billion-dollar a year business and growing fast, but NIST has recommended against the govt. using them
  120. 120. Copyright James B. Maginnis 2000-2005 1 2 0 Wireless Defense Best Efforts • Enable highest encryption available (up to 256-bit), and upgrade firmware often • Use WPA with a strong key, change often • Change the default Admin password • Turn off router with $5 lamp timer at night • Often recommended but easy to bypass: – Using MAC address filtering, also very cumbersome for large corp. environments – Changing the default SSID, re-changing periodically, and turning off broadcasts
  121. 121. Copyright James B. Maginnis 2000-2005 1 2 1 WEP Defense Efforts (continued) • Purchase only 802.11 Hubs and PC Cards that have flash memory and can be field upgraded for new standards • Treat wireless subnets like attachments to the Web, isolated by Firewalls and Intrusion Detection Systems (IDS) • Move the transmitter inside buildings and away from windows (most common) • Use higher level security protocols
  122. 122. Copyright James B. Maginnis 2000-2005 1 Process Defense => Add Higher Process 2 2 Level Secure Protocols Application Application SSL SSL Router Transport Transport Buffers Packets that Layer Layer need to be forwarded (TCP,UDP) (TCP,UDP) (based on IP address). Network Network Layer (IP) Layer (IP) Network Network IPsec Layer Layer IPsec 802.11 802.11 Ethernet Ethernet Link Layer Link Layer Data Link Layer Data-Link Layer WEP WEP Ethernet Ethernet 802.11 802.11 Phys. Layer Phys. Layer Phys. Layer Phys. Layer
  123. 123. Copyright James B. Maginnis 2000-2005 Privacy – Cookies, Will You Allow Them? 1 2 3 • Piece of information that allows a Web site to record one’s comings and goings – Session and Permanent • Cookies are Bad – Advertising / Receiving and transmitting of data (unknown and unencrypted) – Europe is considering banning cookies • Cookies are Good – Passwords and login (encryption)
  124. 124. Copyright James B. Maginnis 2000-2005 1 2 4 What is spamming? • Spamming (from Monty Python reference) – “the practice of indiscriminate distribution of messages (for example junk mail) without permission of the receiver and without consideration for the messages’ appropriateness” • Spamming’s negative impacts – Spam has comprised 30% of all mail sent on America Online • slowing the Internet in general • shutting ISPs down completely
  125. 125. Copyright James B. Maginnis 2000-2005 1 2 5 Controlling Spamming • Disable the relay feature on SMTP (mail) servers so mail cannot be bounced off the server • Tell users not to validate their addresses by answering spam requests for replies if they want to be taken off mailing lists. Delete spam and forget it— it’s a fact of life and not worth wasting time over • Software packages, e.g. and
  126. 126. Copyright James B. Maginnis 2000-2005 10-Minute Break… 1 2 6 Question: What do you get what you cross an instructor with a spud? Answer: A Facili-Tator
  127. 127. Copyright James B. Maginnis 2000-2005 1 2 7 Encryption Policy • The 128-BIT Encryption Debate – Export 128-bit encryption is 3X10 to the 26th power times more difficult to decipher than the preceding legally exportable technology. Secure e-commerce Government‟s legal requirements For the past 20 years Recent legislation there was a limitation allows 128 bit in on exported specific circumstances encryption devices of thus paving the way for 56 bit codes the Compaq permit
  128. 128. Copyright James B. Maginnis 2000-2005 Privacy – Legislation Examples 1 2 8 • Electronic Theft (NET) Act – Imposed criminal liability for individuals who reproduce or distribute copies of copyrighted work • Digital Copyright Clarification and Technology Education Act – Limits the scope of digital copyright infringement by allowing distance learning exemptions • Online Copyright Liability Limitation Act – Seeks to protect Internet access providers from liability for direct and vicarious liability under specific circumstances where they have no control or knowledge of infringement
  129. 129. Copyright James B. Maginnis 2000-2005 Clinton’s Intellectual Property Legacy 1 2 9 • Harassment of Phil Zimmerman (PGP) • Intelligence Auth Act (IAA) of 1996 – Expands Foreign Intl Surveillance Court (FISC), circumventing 1st, 4th, 5th, and 6th amendments • Economic Espionage Act (EEA) of 1996 – Replaces most state and federal copyright laws – Violates several international treaties • Digital Millennium Copyright Act of 1998 – Makes anti-copying technology illegal – forbids even some copying of public domain information – Threatens free speech and the right of fair use
  130. 130. Copyright James B. Maginnis 2000-2005 1 3 0 Now, The PATRIOT Act • “Provide Appropriate Tools Required to Intercept and Obstruct Terrorism” • Anti-Terrorism Act (ATA), formerly known as the Mobilization Against Terrorism Act (MATA), was co-sponsored by Jon Kyl • Stewart Baker (employed by NSA to block unbreakable cryptography), "Don't look for a dramatic increase in <new wiretaps>, because the Bureau was performing such surveillance years before the bill passed, without Congress' explicit approval." • Also frees the CIA to recruit unsavory infiltrators (other terrorists) without restraint
  131. 131. Copyright James B. Maginnis 2000-2005 1 3 1 Copyright Protection Techniques • Digital Watermarks – Embedding of invisible marks – Can be represented by bits in digital content – Hidden in the source data, becoming inseparable from such data • Digital Signatures – Used to authenticate the identity of the sender of a message or the signer of a document (not to be confused with a digital certificate) – Electronic Signatures in Global and National Commerce Act (referred as the e-signature bill)
  132. 132. Copyright James B. Maginnis 2000-2005 1 3 2 Electronic Contracts and Licenses • Shrink-wrap agreements (or box top licenses) – The user is bound to the license by opening the package – This has been a point of contention for some time – The court felt that more information would provide more benefit to the consumer given the limited space available on the exterior of the package • Click-wrap contracts – The software vendor offers to sell or license the use of the software according to the terms accompanying the software – The buyer agrees to be bound by the terms based on certain conduct
  133. 133. Copyright James B. Maginnis 2000-2005 1 3 3 Biometrics Controls • Photo of face (―Snooper‖ Bowl) • Fingerprints (Laptops) • Hand geometry • Blood vessel pattern in the retina of eye • Voice Recognition • Signature • Keystroke dynamics All can be easily beaten!
  134. 134. Copyright James B. Maginnis 2000-2005 1 3 4 Security Summary • Segment and use ―real‖ firewalls with DMZ • Remove databases from Internet • Control VPN nodes and Fill wireless holes • Keep IE and application patches and viral definitions up to date (Update Expert) • Improve network management (ManageX) • Build Security Policy and Awareness • Get involved in software development • Check system / network logs and alerts
  135. 135. Copyright James B. Maginnis 2000-2005 1 3 5 Security Summary (continued) • Encrypt with 3DES or Rijndael • Setup Kerberos, Radius, Directory Services, and Window’s roaming profiles • Verify good passwords • Use host, signature, anomaly, and flow IDS • Consider Monitor Middleware • Regularly scan for security holes • Don’t use default installation for Windows • Review legal issues
  136. 136. Copyright James B. Maginnis 2000-2005 1 3 6 Other Security Policy Items • Use individual customer digital certificates over SSL for all client data access • Internet access only with hardware token • Enforce utilizing ―strong‖ passwords and every person having own account • Strict limitation of Java applet functionality • Applications not in root or nobody accounts • Track Inventory and licenses (TrackIT) • Use WebTrends Security Analyzer
  137. 137. Copyright James B. Maginnis 2000-2005 Number one security issue still remains… 1 3 7 Use cross or dot (not strip) shredder with good document destruction procedures • Targeted attack will mostly likely come through your trash – Everything there is in the ―public domain‖ – All your ―secrets‖ are out in the open
  138. 138. Copyright James B. Maginnis 2000-2005 1 3 8 Risk Assessment and Management • Part of the New Economy is a willingness to take more risks - many companies, however, work in a ―risk denial‖ mode: estimating and planning as if all variables are known • Get inputs from Software Development Plans, QA Plans, and/or Technology Plans • Identify and Prioritize exposed uncertainties and risk factors – Identify Risk Indicators (e.g. discussed security issues or technology and project experience) – Decide on avoidance, transfer, or acceptance
  139. 139. Copyright James B. Maginnis 2000-2005 1 3 9 Risk Assessment Planning (continued) • Recommend mitigation strategies for minimizing the top 10 risks => ―Actions taken to reduce or eliminate the detrimental impact of certain events.‖ – Build Prototypes and do tests modeling the workload – Management tools, regular reviews, change control – A project being late is an effect, not a risk • Don’t forget alternatives and backup plans (do nothing is always one approach) • Each with varying risk approaches – Decisions to Build or Buy Solutions (Can you imagine this effort/product for sale?) – Outsourcing and Technology Insurance can share the risks of doing business
  140. 140. Copyright James B. Maginnis 2000-2005 1 4 0 Information Gathering Methods • Tools and methods to obtain information about a subject (including the existing systems) aka Fact Finding – Interviews – Questionnaires or surveys – Workshops, Brainstorming, Storyboarding – Reviewing Documentation – Observation – Measuring – Prototyping and proofs of concept
  141. 141. Copyright James B. Maginnis 2000-2005 1 4 1 Systems Analysis Means a Holistic Approach Actively Organizational learning to Technology better use the best people, Productivity practices, & technology to Key positively People Process Areas of influence Systems productivity. Analysis Present Functional System Requirements
  142. 142. Copyright James B. Maginnis 2000-2005 1 4 2 The Big Picture
  143. 143. Copyright James B. Maginnis 2000-2005 1 4 3 The Risk Management Mindset Identification Mitigation 2. “Java 2. Mitigation by Project skills not Project avoidance: Use Finish high Finish Visual Basic enough.” (or by transfer: Out source Risk 2 Risk 2 Risk 1 Risk 1 1. mitigation by conquest: 1. “May not be Avoid / Delay, Demonstrate image super- possible to Transfer, imposition (or superimpose by delay or by images Project Accept, or Project tolerance) adequately.” Start Tolerate Start Adapted from Software Engineering: An Object-Oriented Perspective by Eric J. Braude (Wiley 2001), with permission.
  144. 144. Copyright James B. Maginnis 2000-2005 1 4 4 Investigation Includes Feasibility Analysis Economic Organizational Feasibility Feasibility Can we afford it? Is it a good fit? Technical Operational Feasibility Feasibility Does the Will it be accepted? capability exist?
  145. 145. Copyright James B. Maginnis 2000-2005 Accounting – Do benefits outweigh costs? 1 4 5 • Payback Analysis: how long will it take (usually in years) to pay back • Return on Investment (ROI): compares the lifetime profitability of alternative solutions • Net Present Value: determines the profitability in terms of today’s dollar values. This will require an estimated inflation and discount rate (for industry/company) • Currency conversion in business context allows tracking in management’s language
  146. 146. Copyright James B. Maginnis 2000-2005 1 4 6 Who is responsible for What? • Chairman of the Board => To protect and insure for continuity of the corporation • President => To protect and insure for profitability of the corporation • Managers => To maintain information as a strategic asset of the corporation • IS Security Manager => To insure written security policies are developed, implemented and followed • Users => Ultimate responsibility for accidental or intentional destruction or disclosure
  147. 147. Copyright James B. Maginnis 2000-2005 1 4 7 Security Policies • ―Guidelines‖ if management support is weak • Less effective if not applied consistently • Assures proper implementation of controls • Guides product selection and development • Demonstrates management support • Avoids liability and protects trade secrets • Helps adapt to dynamic communications • Coordinates the activities of groups – Only software approved by IT, Passwords will never be hard coded or written down, Users must sign Responsibility/Liability documents
  148. 148. Copyright James B. Maginnis 2000-2005 1 4 8 Physical Security • Access to every office, computer room, and work area must be restricted by need • And, by an appropriate method: guard or receptionist, key lock, card lock, etc. • Use of physical firewalls and fire doors for physical access security • All multi-user or communication equipment must be locked and cable kept in conduit • Use of ID Badges • Workers must never allow admittance to someone not identified
  149. 149. Copyright James B. Maginnis 2000-2005 1 4 9 Physical Security (continued) • Propped open doors require a guard • Sign-out sheets and bar code stickers for tracking all equipment • Fire Resistance materials, self-closing openings, fire extinguishing for secure areas • Example physical security systems inspector guide: 9pssig/0009pssig.html
  150. 150. Copyright James B. Maginnis 2000-2005 1 5 0 Other Physical Security Issues • Limited access to letter head, Check Stock, employee lists, and other forms • No Smoking, Eating, and Drinking in the Computer Room, not be an access site • Access to Software Installation Media • Three or more officers, or five or more employees, must not take the same airplane • Decide areas where electronic monitoring of workers will and will not be used • ―Clean Desk‖ Policy and Storage of Laptops • Positioning and moving computer screens away from windows and close blinds
  151. 151. Copyright James B. Maginnis 2000-2005 1 5 1 Other Physical Security Issues (continued) • Sensitive data not stored on local drives • Approved methods for the storage and destruction of discarded hardcopies • Can disk drives be returned to manufacturers under maintenance? • White boards must be erased after meetings • No signs indicating computer room location • Location of facilities will be in-town and away from natural and man-made hazards • Background checks or escorts for anyone being granted physical access
  152. 152. Copyright James B. Maginnis 2000-2005 1 5 2 Awareness Raising Methods • Change the log-on banner or log-in screen • New Employee packet with security policy • Ticket warnings reflecting policy violations • Conduct audits and vulnerability demos • Adopt an Annual Information Security Day • Add security questions to reviews • Purchase Security CBT and log when run • Regular emails concerning current security issues, virus warnings, etc • Post Security Policy on company Intranet • Survey middle and upper managers
  153. 153. Copyright James B. Maginnis 2000-2005 1 5 3 Tiger Team Best Practices (without panic) • Protection, Detections, and Reaction (PDR) • Computer Incident Response Team (CIRT) includes both technicians and management • Clear procedures for activating the team – Different incidents may require different people • What can be done while they’re on their way? – Do Install Plans have back out plans (capacity is a security issue)? – Automated shutdown for containment subnetting – Heighten automatic monitoring • Determine nature and scope of incident – Intrusion-logs, check modifications, monitor network / systems, coordinate with remote sites
  154. 154. Copyright James B. Maginnis 2000-2005 1 5 4 Tiger Team Best Practices (continued) • Produce, Approve, and Implement an Emergency Response Plan – E.G. backup systems, undo modifications found, and rebuild secure network • Increase security perimeter defenses, monitoring, and awareness • Non-technical issues: Public image, legal actions, customer relations, and reporting • Attack and penetration assessments – Identify Achilles heels and potential costs – Assess Risk Level of each system/subnet – Setup Automated and Manual scanning
  155. 155. Copyright James B. Maginnis 2000-2005 1 5 5 Vulnerability Report should include: • Tracking Information • Identification of the affected products, vendors, and partners • Initial impact assessment • Description of recommended test environment • Technical description • Possible exploitation details • Initial work-around, if possible • Contact information
  156. 156. Copyright James B. Maginnis 2000-2005 1 5 6 Response Team Performance Delay Metrics a. From discovery to verification b. From verification to reporting c. From reporting to acknowledgement d. From reporting to patch release e. From reporting to advisory release f. Total = (a+b) + max (d, e)
  157. 157. Copyright James B. Maginnis 2000-2005 1 5 7 Issues to Settle by Launch • Process to be used • Security goals • Manner of tracking security goals • How team will make decisions • What to do if security goals not attained – fallback positions • What to do if plan not approved – fallback positions • Define team roles • Assign team roles
  158. 158. Copyright James B. Maginnis 2000-2005 1 5 8 Distributed versus Centralized Systems A distributed system is one in which the DATA, PROCESS, and INTERFACE components of an information system are distributed to multiple locations in a computer network. Accordingly, the processing workload is distributed across the network. In centralized systems, a central, multi-user computer hosts all the DATA, PROCESS, and INTERFACE components of an information system. Users interact with the system via terminals (or terminal emulators).
  159. 159. Copyright James B. Maginnis 2000-2005 1 5 9 Flavors of Distributed Computing
  160. 160. Copyright James B. Maginnis 2000-2005 Client/Server Architecture – The Clients 1 6 0 A client/server system is a solution in which the presentation, presentation logic, application logic, data manipulation, and data layers are distributed between client PCs and one or more servers. A thin client is a A fat client is a personal personal computer that computer or workstation does not have to be very that is typically more powerful (or expensive) powerful (and expensive) in terms of processor in terms of processor speed and memory speed, memory, and because it only presents storage capacity. Most the user interface. PCs are fat clients.
  161. 161. Copyright James B. Maginnis 2000-2005 1 6 1 Multi-Tier Architecture = Better Security/Perf • A database server hosts one or more shared databases and executes all data manipulation. • A transaction server hosts services that ultimately ensure that all database updates for a single transaction succeed or fail as a whole. • An application server hosts the application or business logic and services for an IT system. • A messaging or groupware server hosts services for e-mail, calendaring, etc. • A web server hosts Internet or intranet web sites and services, communicating through thin-client interfaces such as web browsers.
  162. 162. Copyright James B. Maginnis 2000-2005 1 6 2 On-Line Transaction Processing (OLTP) • File, Database, Record, Field … Then … • What is Transaction Processing? • Audit Trails, Backup and Recovery • Data entry validation • Interactive, Real-time, and Batch • Applications – Inventory Control – Payroll – General Ledger – Financial, Marketing, Manufacturing, HR, ERP