Network Security Concepts and Policies Building Blocks of Information Security. In this chapter, you learn about the following topics Fundamental concepts in network security, including identification of common vulnerabilities and threats, and mitigation strategies. Implementation of a security architecture using a lifecycle approach, including the phases of the process, their dependencies, and the importance of a sound security policy. The open nature of the Internet makes it vital for businesses to pay attention to the security of their networks. As companies move more of their business functions to the public network, they need to take precautions to ensure that the data cannot be compromised and that the data is not accessible to anyone who is not authorized to see it. Unauthorized network access by an outside hacker or a disgruntled employee can cause damage or destruction to proprietary data, negatively affect company productivity, and impede the capability to compete. The Computer Security Institute reported in its 2. Certified Ethical Hacker CEH Training Course Description ALPI offers a handson approach to the most desired information security training program in the industry. The Speakers of DEF CON 25. Speaker Index. 0 0ctane 0x00string A AlephNaughtHyrum Anderson Ayoul3 Dor Azouri. CSI Computer Crime and Security Survey available at http gocsi. Unauthorized network access can also harm relationships with customers and business partners, who might question the capability of a company to protect its confidential information. The definition of data location is being blurred by cloud computing services and other service trends. Individuals and corporations benefit from the elastic deployment of services in the cloud, available at all times from any device, but these dramatic changes in the business services industry exacerbate the risks in protecting data and the entities using it individuals, businesses, governments, and so on. Security policies and architectures require sound principles and a lifecycle approach, including whether the data is in the server farm, mobile on the employees laptop, or stored in the cloud. To start on our network security quest, this chapter examines the need for security, looks at what you are trying to protect, and examines the different trends for attacks and protection and the principles of secure network design. These concepts are important not only for succeeding with the IINS 6. Establishing and maintaining a secure computing environment is increasingly more difficult as networks become increasingly interconnected and data flows ever more freely. In the commercial world, connectivity is no longer optional, and the possible risks of connectivity do not outweigh the benefits. Therefore, it is very important to enable networks to support security services that provide adequate protection to companies that conduct business in a relatively open environment. This section explains the breadth of assumptions and challenges to establish and maintain a secure network environment. Basic Security Assumptions. Several new assumptions have to be made about computer networks because of their evolution over the years Modern networks are very large, very interconnected, and run both ubiquitous protocols such as IP and proprietary protocols. Therefore, they are often open to access, and a potential attacker can with relative ease attach to, or remotely access, such networks. Widespread IP internetworking increases the probability that more attacks will be carried out over large, heavily interconnected networks, such as the Internet. Computer systems and applications that are attached to these networks are becoming increasingly complex. In terms of security, it becomes more difficult to analyze, secure, and properly test the security of the computer systems and applications it is even more so when virtualization is involved. When these systems and their applications are attached to large networks, the risk to computing dramatically increases. Basic Security Requirements. To provide adequate protection of network resources, the procedures and technologies that you deploy need to guarantee three things, sometimes referred to as the CIA triad Confidentiality Providing confidentiality of data guarantees that only authorized users can view sensitive information. Integrity Providing integrity of data guarantees that only authorized users can change sensitive information and provides a way to detect whether data has been tampered with during transmission this might also guarantee the authenticity of data. Availability of systems and data System and data availability provides uninterrupted access by authorized users to important computing resources and data. When designing network security, a designer must be aware of the following The threats possible attacks that could compromise security. The associated risks of the threats that is, how relevant those threats are for a particular systemThe cost to implement the proper security countermeasures for a threat. A cost versus benefit analysis to determine whether it is worthwhile to implement the security countermeasures. Data, Vulnerabilities, and Countermeasures. Although viruses, worms, and hackers monopolize the headlines about information security, risk management is the most important aspect of security architecture for administrators. A less exciting and glamorous area, risk management is based on specific principles and concepts that are related to asset protection and security management. An asset is anything of value to an organization. By knowing which assets you are trying to protect, as well as their value, location, and exposure, you can more effectively determine the time, effort, and money to spend in securing those assets. A vulnerability is a weakness in a system or its design that could be exploited by a threat. Vulnerabilities are sometimes found in the protocols themselves, as in the case of some security weaknesses in TCPIP. Often, the vulnerabilities are in the operating systems and applications. Written security policies might also be a source of vulnerabilities. This is the case when written policies are too lax or are not thorough enough in providing a specific approach or line of conduct to network administrators and users. A threat is any potential danger to assets. A threat is realized when someone or something identifies a specific vulnerability and exploits it, creating exposure. If the vulnerability exists theoretically but has not yet been exploited, the threat is considered latent. The entity that takes advantage of the vulnerability is known as the threat agent or threat vector. A risk is the likelihood that a particular threat using a specific attack will exploit a particular vulnerability of a system that results in an undesirable consequence. Although the roof of the data center might be vulnerable to being penetrated by a falling meteor, for example, the risk is minimal because the likelihood of that threat being realized is negligible. An exploit happens when computer code is developed to take advantage of a vulnerability. For example, suppose that a vulnerability exists in a piece of software, but nobody knows about this vulnerability. Although the vulnerability exists theoretically, there is no exploit yet developed for it. Because there is no exploit, there really is no problem yet. A countermeasure is a safeguard that mitigates a potential risk. A countermeasure mitigates risk either by eliminating or reducing the vulnerability or by reducing the likelihood that a threat agent will be able to exploit the risk. Data Classification. To optimally allocate resources and secure assets, it is essential that some form of data classification exists. By identifying which data has the most worth, administrators can put their greatest effort toward securing that data. Without classification, data custodians find it almost impossible to adequately secure the data, and IT management finds it equally difficult to optimally allocate resources. Sometimes information classification is a regulatory requirement required by law, in which case there might be liability issues that relate to the proper care of data. By classifying data correctly, data custodians can apply the appropriate confidentiality, integrity, and availability controls to adequately secure the data, based on regulatory, liability, and ethical requirements. When an organization takes classification seriously, it illustrates to everyone that the company is taking information security seriously. The methods and labels applied to data differ all around the world, but some patterns do emerge. Google Removes 3. Apps Used to Launch DDo. S Attacks From Play Store. Google has removed roughly 3. Play Store after security researchers from several internet infrastructure companies discovered that the seemingly harmless appsoffering video players and ringtones, among other featureswere secretly hijacking Android devices to provide traffic for large scale distributed denial of service DDo. S attacks. The botnet, nicknamed Wire. X, caught the attention of security researchers at the content delivery network Akamai when it was used to attack one of its clients earlier this month. Akamais client, a multinational hospitality company, was hit with traffic from hundreds of thousands of IP addresses. We identified approximately 3. Play Store, and were in the process of removing them from all affected devices, a Google spokesperson said in a statement. The researchers findings, combined with our own analysis, have enabled us to better protect Android users, everywhere. The nefarious apps provided a variety of apparently legitimate services, with malware hidden underneath that could use an Android device to quietly participate in a DDo. S attack, so long as the device was powered on. Its not clear how many devices were infectedone Akamai researcher told journalist Brian Krebs that that number could be around 7. After noticing the attack on one of its customers, Akamai brought in researchers from a handful of tech companies including Cloudflare, Flashpoint, Google, Oracle Dyn, Risk. IQ, and Team Cymru. The group believes that the infected devices are spread throughout 1. In one instance, a Wire. X attack was accompanied by a ransom email, Cloudflares head of trust and safety Justin Paine told Gizmodo. Once the larger collaborative effort began, the investigation began to unfold rapidly starting with the investigation of historic log information, which revealed a connection between the attacking IPs and something malicious, possibly running on top of the Android operating system, the researchers wrote in a joint blog post. The best thing that organizations can do when under a DDo. S attack is to share detailed metrics related to the attack. With this information, those of us who are empowered to dismantle these schemes can learn much more about them than would otherwise be possible. This is just the latest example of apps containing malware making their way into the Google Play Store. Earlier this month, Google booted several apps that contained hidden surveillance software. Just last week, researchers found banking malware in the Play Store. With all these apps sneaking into Play, its up to you to protect yourself and your Android device. If youre ever in doubt about whether an app is safe, do some research on the developer and check out what permissions the app wants on your phone. Youve spotted an app, site, or service you like the look of, its completely free to use, and soRead more ReadAkamai, Krebs on Security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |