Introduction to Access Control Week6 Part1-IS Revis.docx
P3 m2
1. M A T T H E W H O R R I G A N
HOW TO MINIMISE
SECURITY BREACHES IN
A NETWORK
2. POLICIES AND PROCEDURES
Within an organisation, there must be policies set which govern what can be done by
who, without these there would be several problems: Unsecure network, unsecure
data, anyone can access anywhere.
A data policy can be used to govern what kinds of data should be stored on the
network as well as what happens to that data; Encryption, destruction or distribution.
A Backup & Restore policy and procedure should be set in place so that the correct
steps are taken when doing a backup (and when It should be done).
There should also be a security policy on the network, this would govern how/what
antivirus and antimalware software is run.
A UAL (User Access List) can be put in place to control what a user can access this
could include: Website Access, Network Access(networked drives), Software
Installation and/or external media privileges.
A leaving policy and procedure can help protect the network for when someone has
left the company , their accounts and access methods should be disabled.
3. USER RESPONSIBILITY
After a user has signed the policy sheet, what they do
on the network is up to them and whether they will
coincide with the agreement they have signed or
not.
This would include things like how they use their email
account (for example, sending out confidential data
to a personal email), how they keep their data (On a
USB data stick is not as secure as on an encrypted
network) or whether they are going to try and access
any unauthorised materials (websites, downloads)
through avoidance techniques like a proxy.
4. TRAINING
Training all staff members is a basic thing that any
company should do, this training will teach them the
basics on how to keep their data safe and how to
keep the network safe whilst using it.
However, there is also the matter of keeping them
trained, employees should be regularly trained to
ensure that they have knowledge on the latest
techniques that are used inside the network so that
they can use them to their full advantage. This is
often called “Continuous Professional Development”.
5. PHYSICAL SECURITY
Physical Security involves protecting the physical access points of the
network:
Data storage rooms and network rooms (or any room that should not be
access by everyone) should have a secure locking mechanism (ID scan or
lock and key).
The network should have limits on how many resources can be shared
among the computers, to prevent one or two from eating up the entire
network’s resources and crashing it.
Secure entrance/exits, with a locking mechanism to access them as well as
a security guard. This will prevent unauthorised access to grounds.
CCTV cameras can help to prevent unlawful action, or to find the culprit if
something has happened.
6. RISK ASSESSMENT & PENETRATION
TESTING
Risk assessment involves a thorough look at how the
network can be damaged, this process is used to
create new policies and procedures for the future
protection of the network.
Penetration testing should be used to help detect
any faults or vulnerabilities in the physical access
points of the network. Before this is run there should
be policies set that determine what kind of backups
and restore points should be generated, to prevent
any accidental data loss. (or that the penetration
testing should be run on a proxy network).
8. IDENTIFICATION, AUTHENTICATION &
AUTHORISATION
When using any service, a user will be required to
identify themselves, this is when they give something
to the server that the server will then need to
authenticate (to check whether it is real or fake, or
ask for further details like unique numbers related to
the person or a physical form of identification) and
then the user will be authorised, if the details they
entered are authentic and they are allowed to use
the service.
9. TWO FACTOR AUTHENTICATION
The two factor standard of authentication is when
the user will need to provide two different types of
authentication. This is much more secure than a
single piece of authentication as it can be very hard
to either forge two pieces or to find out what the
second piece is.
This type of authentication is used in many places,
one of the most used places would be in ATM
machines where a physical card is required as well a
personal identification number.
10. USERNAME AND PASSWORD
AUTHENTICATION
The use of a username and password authentication
method is that the username is unique and will only
relate to one user. The password is not unique (as that
may indicate to someone that the password is being
used by someone else) but it should have minimum
requirements for complexity.
This access and authentication method is widely used
across the internet, with accessing secure data areas
or just accessing an online forum.
11. BIOMETRICS
Biometrics is another authentication method. It is a very
secure method of authenticating as it requires physical
body parts of a human being (Which can be very hard to
copy).
Biometrics will use unique parts of the human body like
feet, hands, finger prints, iris, ears and facial structure.
Some biometric scanners are not as good as their
expensive counterparts and as such, they will have a
much higher FAR (False Acceptance Rate, where people
are allowed access yet they are not on the database.)
and FRR (False Rejection Rate, where people who have
access are not allowed access.).
12. CRYPTOGRAPHY & DIGITAL
CERTIFICATES
Digital Certificates are where web pages are assigned a certificate
that will tell the user that the webpage is secure and should be
trusted. These certificates will contain information about what type
of encryption (cryptography, the data is changed so that it cannot
be read with being decrypted).
These certificates are assigned by third party companies, which are
also listed on a database so that the computer will be able to tell if
the certificate was assigned by a verified company.
The benefit of this is that it is easy for a user to determine whether
the website they are visiting is the correct one (for example, when
logging into an online banking webpage you may in fact be on a
phishing website).
A disadvantage of cryptography is that it can take a long time to
encrypt and decrypt the data, or if the encryption is inadequate
then a hacker can easily find out what the data was originally.
13. SCENARIO
Suitable authentication methods for Internal Users:
• Employees
• Physical card to scan on entrance and exit of building. (security of on-
site access, as well as in case there is an emergency a list of those who
are on-site can be gained)
• Login ID and password to access any system (user rank determines
what they can access). (Limits who can access where and can
prevent unauthorised access)
• Physical card to scan to enter high security areas. (Prevent access to
data storage or network rooms).
• Network Manager
• The same as Employees.
• Number authenticator for administrative access (Generate random
number based on PIN). (A unique number will help to prevent
someone from being able to access the administrator account
without having the physical device as well as the PIN number)
14. SCENARIO EXT.
Suitable authentication methods for external users:
• Digital Certificates for authenticity. This helps to tell the user
that the website is secure and the correct one to be one for
what they want.
• User ID and password for user unique sections. This can
prevent someone from obtaining personal information
easily.