Download Systems Security

Document related concepts
no text concepts found
Transcript
Computer Network
Security
by
Ms Josephine Ayebare
[email protected]
c.ug
Computer Network Security
2009
Syllabus and Policies
•
•
•
•
•
•
•
•
•
Syllabus
Lectures and lecture’s notes
Private reading
(An assignment+2 test/3)30%
Group projects
Test 1 and coursework (1st Oct 2009)
Test 2 (5th Nov 2009) & 26th Nov Presentation
Final Exam (70%)
Must hand in on time
Computer Network Security
2009
Course Outline
•
•
•
•
•
•
•
•
•
Introduction to network security
Security threats and counter measures
Risk assessment
Risk mitigation
Security Policies
Network intrusion Detection
Forensic technologies
Network Security Audit
Networking Security Technologies
Computer Network Security
2009
Introduction
• Today we will examine;
• History of information
• Key terms and concepts of Network
security
• The security systems development life
cycle
• The role of Network security
professionals.
Computer Network Security
2009
Objectives
• Upon completion of this lesson students
should be able to;
• Describe what information security is and
how it came to mean what it does today.
• Discuss the history of computer security
and how it evolves into information
security
Computer Network Security
2009
Objectives
• Identify and define key terms and
critical concepts of Network security
• Outline the phases of the security
system development life cycle
• Describe issues involved in Network
security
Computer Network Security
2009
What is network
security?
• The protection of network systems
that are used and the data that they
process against unauthorized access.
Computer Network Security
2009
History of information
Security
• Computer security began immediately after the
first mainframes were developed
• Groups developing code-breaking computations
during World war II created the first modern
computers
• Physical controls were needed to limit access to
authorized personnel to sensitive military location
• Only rudimentary controls were available to
defend against physical theft, espionage,and
sabotage
Computer Network Security
2009
The 1960s
• Department of Defense’s Advance
Research Project Agency (ARPA)
began examining feasibility of
redundant networked
communications.
• Dr.Lawrence Roberts developed the
project from its inception
Computer Network Security
2009
The 1970s and 80s
• ARPANET grow in popularity as did its potential
for misuse
• Fundamental problems with ARPANET security
were identified
• No safety procedures for dial-up connections to
the APANET
• User identification and authorization to the
system were non-existent
• In the late 1970s the microprocessor expanded
computing capabilities and security threats
Computer Network Security
2009
R-609-Study of Computer
Security Begins
• Information Security began with Rand
Report R-609.
• The scope of computer security grew from
physical security to include;
• Safety of the data
• Limiting unauthorized access to that data
• Involvement of personnel from multiple
levels of the organization
Computer Network Security
2009
The 1990s
• As networks of computers become more
common so did the need to interconnect
the networks.
• Result was the internet first
manifestation of a global network of
networks
• In the early internet deployments,
security was a low priority
Computer Network Security
2009
The Present
• The internet has brought millions of
computer networks into
communication with each other many
of them unsecured
• Ability to secure each now influenced
by the security on every computer to
which it is connected
Computer Network Security
2009
What is security
• “The quality or state of being secure to be free
from danger”
• To be protected from adversaries
• A successful organization should have multiple
layers of security in place:
• Physical security
• Personal security
• Operation security
• Communication security
• Network security
Computer Network Security
2009
What is Information
Security
• The protection of information and its critcal
element including the systems and hardware that
use, store, and transmit that information
• Tools, such as policy awareness, training,
education, and technology are necessary
• The C.I.A. triangle was the standard based on
confidentiality, integrity, and availability
• The C.I.A. triangle has expanded into a list of
critical characteristics of information.
Computer Network Security
2009
Critical Characteristics
of Information
• The value of information comes from the
characteristics it possesses.
–
–
–
–
–
–
–
Availability
Accuracy
Authentication
Confidentiality
Integrity
Utility
Possession
Computer Network Security
2009
Components of a
Network
• To fully understand the importance of network
security, you need to know the elements of a
network.
–
–
–
–
Networking devices
Host
Shared peripherals
Networking media
Security measures must be implemented in those
areas above
Network security is not only limited to the above
but also to people, data, software and procedures
Computer Network Security
2009
Securing the components
• A network can be either or both the
subject of an attack and or the
object of an attack.
• When a network is
– the subject of an attack, it is used as an
active tool to conduct the attack.
– the object of an attack, it is the entity
being attacked.
Computer Network Security
2009
Balancing Security and
Access
• Impossible to obtain perfect Network
security
– Security is not an absolute; it is a process
• Security should be a balance between
protection and availability
• To achieve balance, the level of security
must allow reasonable access, yet protect
against threats
Computer Network Security
2009
Bottom Up Approach
• Network security should be ensured from
the grass-root.
– Network administrators attempt to improve
the security of their network
• It hardly works since it lacks critical
features
– Participant support
– Organizational staying power
Computer Network Security
2009
Top-down Approach
•
•
•
•
•
Initiated by upper management
Issue policy, procedures, and processes
Dictate the goals and expected outcomes of the project.
Determine who is accountable for each required action
Pluses
– Clear planning
– Dedicated funding
– Chance to influence the Organization’s culture
• May involve a formal development strategy referred to as a
systems development life cycle
• It’s the most successful
Computer Network Security
2009
Network security
development life Cycle
• Network security must be managed in a
manner similar to any other major system
implemented
• Using a methodology
– Ensures a rigorous process
– Avoids missing steps
• Goals is to create a comprehensive
security posture/program
Computer Network Security
2009
Network SecuritySDLC
• It may be:
– Event driven – started in response to
some occurrence
– Plan-driven – as a result of a carefully
developed implementation strategy
• At the end of each phase comes a
structured review
Computer Network Security
2009
Investigation-Step 1
• What is the problem the system is
developed to solve?
• The objectives, constraints, and scope of
the project are specified
• Cost
• Feasibility analysis is performed to assess
the economic, technical feasibility of the
process
Computer Network Security
2009
Analysis- Step 2
• Consists of primarily
– Assessments of the organisation
– The status of current systems
– Capability to support the proposed system
• Analysts begin to determine
– What the new system is expected to do
– How the new system will interact with existing systems
• Ends with the documentation of the findings and a
feasibility analysis update
Computer Network Security
2009
Logical Design-step3
• Based on security need, applications are
selected.
• Data support and structures capable of
providing the needed inputs are identified.
• Device naming, protocols enabling done,
restriction defined.
• An over view of the network operational
functionality are portrayed.
Computer Network Security
2009
Physical Design-step 4
• Specific technologies are selected to
support the alternatives identified
and evaluated in the logical design
• Selected components are evaluated
• Entire solution is presented to the
end-user representatives for
approval
Computer Network Security
2009
Prototyping
• Design a simple network but representing
the system suggested by use of
interactive tools (packet tracer)
• It should be able to achieve all the
objectives of the proposed Network as far
security is concerned.
• If successful, then implementation can
take place.
Computer Network Security
2009
Implementation-step 5
• Components are ordered, received,
assembled and tested.
• Users are trained and documentation
created.
Computer Network Security
2009
Maintenance and changestep 6
• Tasks necessary to support and modify the
network for the remainder of its useful
life
• The life cycle continues until the process
begins again from the investigation phase
• When the current system can longer
support the mission of the organization, a
new project is implemented
Computer Network Security
2009
Objectives of the
Network Security SDLC
• To identify threats and controls to
counter them
• Identify the statement of program
security policy
• To identify, assess and evaluate the levels
of risks
• To create a detailed plan of the Network
Computer Network Security
2009
lecture2
Computer Network Security
2009
Security Concepts
• Challenge Handshake Authentication Protocol
(Chap)
• Certificates
• Security Tokens
• Kerberos
• Multi-factor
• Smart Cards
• Biometrics
• Services and protocols
• Security Topologies
Computer Network Security
2009
Challenge Handshake
Authentication Protocol
• It’s a protocol that challenges a system to verify identity.
• It doesn’t use username and password mechanism rather
the initiator sends a logon request from the client to
server.
• Server sends a challenge to the client
• Challenge is encrypted and sent back to the server.
• Server compares value and acts according.
• It basically involves three steps
– Logon request & challenge
– Response from client
– Authorize or fail
Computer Network Security
2009
certificates
• They are a form of authentication.
• Server or certificate authority can issue a
certificate that will be accepted by the
challenging system.
• Certificates can either be physical access
devices (smart cards) or electronic
certificates that are used as logon
process.
Computer Network Security
2009
Security Tokens
• Similar to certificates
• Contain the rights and access privileges of the
token bearer as part of the token
• If your token does not grant access to certain
information that information will either not be
displayed or your access will be denied.
• The authentication system creates a token every
time a user or a session begins.
• At the completion of a session, the token is
destroyed.
Computer Network Security
2009
Kerberos
• Kerberos allows for a single sign-on to a distributed
network.
• Kerberos authentication process uses a Key Distribution
Center (KDC) to coordinate the entire process.
• The KDC provides the principle (users, programs or
systems).
• KDC provides a ticket to the principle.
• Ticket is used to authenticate against other principle.
• This occurs automatically when a request or service is
performed by another principle.
Computer Network Security
2009
Multi-Factor
• It a method of authentication where
two or more of access methods are
used.
• Two-factor is an authentication
system that uses smart cards and
passwords.
Computer Network Security
2009
Smart Cards
• It’s a type of card that can allow access to
multiple resources including buildings, parking lots
and computers.
• Each area or computer will have a reader in which
you can either insert your card or have it scanned.
• This card contains information about your identity
and access privileges.
• The reader is connected to the workstation and
validates against the security system.
Computer Network Security
2009
Biometrics
• Biometric devices use physical
characteristics to identify the users
• They include
• hand scanners (fingerprints, scars)
• retinal scanner (eye retinal patterns)
• DNA scanner (unique portion of DNA
structure)
Computer Network Security
2009
Protocols and Services
• They are a key part of security
Some protocols send passwords over
the network unencrypted. They
include:
Telnet
FTP
SNMP etc
Computer Network Security
2009
Computer Network
Security
•
•
•
•
Design Goals
Security Zones
Technologies
Business Requirement
Computer Network Security
2009
Design Goals
• It deals with ensuring confidentiality,
Integrity, Availability,
Accountability.
• Also different people must be
identified
Computer Network Security
2009
Design Goals
• Confidentiality
To prevent or minimize unauthorized access and disclosure
of data and information
• Integrity
To make sure that the data being worked on is the correct
• Availability
To protect data and prevent its loss
Accountability
who is responsible??
Computer Network Security
2009
Security Zones
• This is a design method that isolates
systems from other systems or networks.
• Most common Security Zone
–
–
–
–
Internet
Intranet
Extranet
DMZ
Computer Network Security
2009
Security Zones
•
It’s a global network that connects computer and networks
together.
• Low-trust level
• Intranet
It’s a private network implemented and maintained by an individual
company or organization.
They can also be connected to the Internet but are not available
for access to users that are not authorized to be part of the
Intranet.
Access to the Intranet is granted to trusted users inside the
corporate network or users in remote locations.
Computer Network Security
2009
Security Zone
• Extranet
• It extends intranets to include outside
connection using a secure communications
channel using the Internet.
• The connections are between trustworthy
organizations which may be through
Internet thus use of Tunneling protocol to
accomplish a secure connection.
Computer Network Security
2009
DMZ
• Demilitarized Zone (DMZ)
• It is an area where a public server is placed for
accessibility by people not trusted.
• Isolating a server in a DMZ access to other areas
in the network is hidden.
• Within the network the server can be accessed
but the outsiders can not have access to the
internal network.
• This is accomplished by use of firewalls.
Computer Network Security
2009
Network Security
Technologies
• Virtual Local Area Networks (VLANs)
• A VLAN enables the creation of groups of users
and systems and segments them according to
functions or departments (grouped logically in
stead of physically).
• Segments are hidden away from each other.
• VLAN can also be set up to control the paths that
data takes to get from one point to another
• Network Address Translation (NAT)
• Tunneling
Computer Network Security
2009
Network Address
Translation (NAT)
• NAT creates a unique opportunity to assist in the
security of a network.
• NAT extends the number of usable internet
addresses
• It allows the organization to a single address to
the Internet for all computer connections.
• NAT effectively hides a network from the world.
• NAT server acts as a firewall on the network.
• Also routers support NAT translation.
Computer Network Security
2009
Tunneling
• It refers to the ability to create a virtual
dedicated connection between two systems or
networks.
• A tunnel is created between the two ends by
encapsulating the data in a mutually agreed upon
protocol for transmission.
• Data passed through tunnels appears the other
side as part of the network.
• Tunneling protocols include data security as well
as encryption.
Computer Network Security
2009
Business Concerns
• This is about making a conscious
examination of the current security
situation.
• Asset identification
• Risk assessment
• Threats identification
• Vulnerability evaluation
Computer Network Security
2009
• Asset identification
• It’s the process in which a company
attempts to place a value on the
information and systems in place
Computer Network Security
2009
Security Threat and
Counter Measures
• Attacks
• Malicious Software
• Counter measures
Computer Network Security
2009
Attacks
• An attack is an act performed by an
individual or group of individuals in
attempt to access, modify or damage a
system.
• Attacks are classified into three:
– Access Attacks
– Modification and Repudiation Attacks
– Denial of service Attacks
Computer Network Security
2009
Access Attacks
• An attempt to gain access to information
that the attacker is not authorized to
have.
• They bleach confidentiality
• Can be external or internal
• Can be done through use of Physical access
or capturing information over the network.
Computer Network Security
2009
Physical Access Method
• Dumpster diving is a physical access
method.
• Access to information (on paper) that
has been thrown away.
• Papers that contain sensitive
information should be burnt done if
no longer in use.
Computer Network Security
2009
Capturing information
over the network types
• Eavesdropping
It’s a process of listening in on network
traffic due to carelessness of the
networks in communication. Is a passive
attack
• Snooping
It involves someone searching through the
electronic files trying to find something
interesting.
Computer Network Security
2009
Conti
• Interception is act of routinely
monitoring of network traffic.
• It includes putting a computer
system between the sender and the
receiver to capture information as it
is sent.
Computer Network Security
2009
Modification and
Repudiation Attacks
• Modification Attacks
• Changing or modifying information in an
unauthorized manner.
• Similar to access attacks because they require
access to the servers.
• Involves deletion, insertion or alternation of
information that appears genuine to the user.
• Repudiation Attacks
• Changes information to invalid or misleading
Computer Network Security
2009
Denial of Service
Attacks (DoS)
• Denials users access to resources that they are
authorized to use.
• For example, an attacker may attempt to bring
down an e-commerce website to prevent or deny
usage by legitimate customers.
• Common on the internet.
• DoS can deny access to information, applications,
systems or communications.
• Dos attack on an application brings down the
website but communication and systems continue
to operate.
Computer Network Security
2009
Conti DoS
• DoS attack to a system the operating system is crashed.
• Common Dos attack involves opening as many TCP sessions as
possible. Its called TCP SYN flood Dos attack.
• Distributed Denial of Service Attacks (DDoS)
• Use of multiple computers to attack a single organization.
• Attacker loads an attack program onto many computer
systems (zombies) that use DSL or cable modems.
• The master computer sends a signal to the computers
instructing them to launch an attack at once on the target
network or system.
Computer Network Security
2009
Common Attacks
• Back Door Attacks
• Gains access to the system then loads a
Backdoor program.
• Program allows other users access without
password and gives administrative
privileges.
• Tools used to create backdoors; Back
Orifice, Netbus.
Computer Network Security
2009
Conti common Attacks
• Spoofing Attacks
• Its an attempt by someone or something
to masquerade as someone else.
• Uses Program that fakes a logon
• The client enters username and password
which the attacker copies but still access
to the user is denied
Computer Network Security
2009
Conti Common Attacks
• Man in the Middle
• Software is place between the client (user) and
server
• The user intercepts and then sends the
information to the server.
• Server responds to the middle man knowing it’s
the legitimate user.
• Middle man may alter, record or compromise
security standards of the user.
• Middle man appears to be the server to the user.
Computer Network Security
2009
Conti Common Attacks
• Replay Attack
• Information is captured over the
network and stored for later use.
• Eg security certificate from systems
like kerberos tapped and later used
for the authentication process.
• Access is gained.
Computer Network Security
2009
Conti common attacks
• Password Guessing Attacks
• Two types of password guessing
– Brute Force Attack
Its an attempt to guess passwords until a
successful guess occurs. (passwords should be
long)
– Dictionary Attack
Attack that uses a dictionary of common
words to attempt to find the password of the
user
Computer Network Security
2009
Network Attacks in
Regards to TCP/IP
• TCP/IP protocol suite is broken down
into four protocol or architecture
layers.
• Application Layer
• Host-to Host or Transport layer
• Internet layer
• Network Interface layer
Computer Network Security
2009
TCP/IP Architecture
layer
HTTP
SMTP
TCP
UDP
IP
Network Topology
Application
Transport
Internet
Network Access
Computer Network Security
2009
Application Layer
• It’s the highest layer of the TCP/IP suite.
• It allows applications to access services or
protocols to exchange information.
• Application protocols include: HTTP, FTP,
SMTP, Telnet, DNS, RIP, SNMP & POP
Computer Network Security
2009
Application protocols
• Hypertext Transfer Protocol (HTTP) is the protocol used
for web pages and the World Wide Web.
• File Transfer Protocol (FTP) is an application that allows
connections to the server for upload and download of files.
• Simple Mail Transfer Protocol (SMTP) is the protocol that
controls electronic mail communications.
• Telnet is an interactive terminal emulation protocol. It
allows a remote user to conduct an interactive session with
a Telnet server.
Computer Network Security
2009
Application Protocol
• Domain Name System (DNS) allows hosts to
resolve host names to an Internet Protocol (IP)
address.
• Routing Interior Protocol (RIP) allows routing
information to be exchanged between routers on
an IP Network.
• Simple Network Management Protocol (SNMP) it’s
a management tool that allows communications
between network devices .
• Post Office Protocol (POP)
Computer Network Security
2009
Host-to Host/Transport
• Provides the Application layer with
session and datagram communications
services.
• Protocols in this layer are:
• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)
Computer Network Security
2009
Transport layer Protocols
• TCP provides a reliable one-to-one
connection-oriented session. It
ensures that all packets have been
received at the destination. Packets
are decoded and sequenced properly.
• UDP provides unreliable connections.
It does no error checking
Computer Network Security
2009
Transport Layer
• TCP and UDP both use ports to define the
communication process by adding it on their
header in the segment.
• Ports are special addresses that allow
communication between hosts.
• A port is a number added from the originator
indicating which port to communicate with on the
server.
• Internet Assigned Numbers Authority (IANA)
defined a list of well known port numbers
Computer Network Security
2009
Transport layer
• Well known TCP ports
TCP Port No: Service
20
FTP (Data channel)
21
FTP (Control Channel)
23
Telnet
25
SMTP
80
HTTP
139
NetBIOS Session Service
443
HTTPS
Computer Network Security
2009
Transport layer
• TCP Three-Way Handshake. This a method the
TCP uses to establish sessions between hosts.
• A host called a client initiates the connection. It
sends a TCP segment containing an initial
Sequence Number( ISN) for connection and a
window size to the server (SYN).
• The server sends back a segment containing an
ISN and a window size. (SYN/ACK)
• The client sends an acknowledgement to the
server agreeing to the terms. (ACK)
Computer Network Security
2009
Internet Layer
• This layer is responsible for routing, IP
addressing and packaging. It deals with 4
protocols
• Internet Protocol (IP)
• Address Resolution Protocol (ARP)
• Internet Control Management Protocol
(ICMP)
• Internet Group Management Protocol
(IGMP)
Computer Network Security
2009
Internet protocols
• IP is responsible for ip addressing. It only routes
information but doesn’t clarify for accuracy. It is
interested in the destination address. If not
known it sends information to the router.
• ARP is responsible for resolving IP addresses to
Network Interface layer including Hardware
addresses (Media Access Control-MAC ) used to
identify hardware network devices such as
Network Interface Card (NIC)
Computer Network Security
2009
Internet protocols
• ICMP provides maintenance and reporting
functions. PING program uses it to test for
connectivity. ICMP returns feedback. Either
Reply from the pinged host or Host unreachable
message. Routers and other Networking Devices
report path information between hosts with
ICMP.
• IGMP manages IP multicast groups. IP Multicast
sends packets to a specified group of hosts.
Computer Network Security
2009
Network Interface Layer
• Responsible for placing and removing
packets on the physical network
Computer Network Security
2009
TCP/IP Attacks
• TCP/IP can be attacked by both the
outsiders and insiders. However the
outsiders can be blocked by use of
networking devices like routers. The
insiders are more likely to carry out
attacks because they have access to
all protocols used in the network.
Computer Network Security
2009
Network Sniffers
• A network sniffer is a device that captures and
displays network traffic. Computers existing on
the network have the ability to operate as
sniffers. Network Cards only pass up information
to the protocol stack if the information is
intended for that computer.
• Most NICs can be placed in promiscuous mode.
• Promiscuous mode allows NIC cards to capture all
information that it sees on the network.
Computer Network Security
2009
Port Scans
• Port scan is when an attacker queries your
network to determine which services and ports
are open.
• Note that unless routers are configured
appropriately, will let all of the protocols pass
through them.
• Once the attacker knows the IP addresses of any
system in the network, he/she can attempt to
communicate with the ports open in the network.
Computer Network Security
2009
TCP SYN or TCP ACK
Flood Attack
• TCP begins as a normal TCP
connection. However in this attack
the client continually sends and
receives the ACK packets but does
not open the session. Thus the
connection doesn’t take place.
Routers can track and attempt to
prevent this attack.
Computer Network Security
2009
TCP Sequence Number
Attack
• The attacker intercepts between the
client and server and then responds
with a sequence number similar to
the one used in the original session or
hijack a valid session. The victim then
receives a message that there is a
disconnection and so a new
connection is established.
Computer Network Security
2009
Malicious code
• Do research on malicious code and
had in before 17th September 5:00pm
Computer Network Security
2009
Risk Assessment
• Is the process of determining the relative risk for each
vulnerability. Vulnerabilities and threats are identified.
• Vulnerability is a specific avenue that threat agents can
exploit to attack an information asset.
• A threat is an object, person, or other entity that
represents a constant danger to an asset. It therefore has
potential to attack any of the assets protected.
• For each threat or vulnerability the severity of impact upon
the system’s confidentiality, integrity and availability, the
likelihood of the vulnerability exploit occurring given
existing security controls are determined.
Computer Network Security
2009
Risk Assessment
• The product of the likelihood of occurrence and
the impact severity results in the risk level for
the system based on the exposure to the
threat/vulnerability pair.
• Risk level is determined for each vulnerability and
threat then the safeguards are identified for
pairs with moderate or high risk levels.
• The risk is re-evaluated to determine the
remaining risk, or residual risk level, after the
safeguard is implemented.
Computer Network Security
2009
Risk Assessment
•
•
•
•
It has three main phases:
Network System Documentation
Risk Determination
Safeguard Determination
Computer Network Security
2009
Network system
Documentation Phase
• It provides the background information to
describe the network and the data it handles, and
the assets involved and their worth.
• It establishes a framework for subsequent RA
phases.
• Network identification that includes
– Network description
– Functions and Assets
– Network Security level determination
Computer Network Security
2009
Document Network
Identification
• It includes:
• Documenting the Network name, the particulars
of the organization in which the network belongs,
the type of network and other related
information.
• Documenting the contacts of the network
managers and other related information.
• Identify the individual (s) responsible for
security and the component’s Information
Network Security Officer.
Computer Network Security
2009
Document Network Purpose
and Description (Asset
Identification)
• Document a brief description of the
function and purpose of the Network and
the organizational Business processes
supported including functions and
transmission of data.
• Description of general technical
description of the network including the
physical and logical topologies. Also
identify factors that raise special security
concerns.
Computer Network Security
2009
Document Network
Identification
• This includes Documenting Network
Security Level using the steps below.
• Describe and document the information
handled by the network and identify the
overall network system security level as
Low, Moderate or High.
• Describe requirements for the Three
pillars of information Confidentiality,
Integrity and Availability.
Computer Network Security
2009
Risk Determination Phase
• Its goal is to calculate the level of risk for
each threat/vulnerability based on:
• The likelihood of a threat exploiting a
vulnerability
• The severity of impact that the exploited
vulnerability would have on the system, its
data and its business function in terms of
loss of confidentiality, loss of integrity
and loss of availability.
Computer Network Security
2009
Risk Determination Phase
Steps
• This six-step process is conducted for each
identified threat/vulnerability pair
• Identify potential dangers to information and the
network (threats)
• Identify the Network weakness that could be
exploited (vulnerabilities) associated to generate
the threat/vulnerability pair.
• Identify existing controls to reduce the risk of
the threat to exploit the vulnerability.
Computer Network Security
2009
Risk Determination phase
steps
• Determine the likelihood of occurrence for
a threat exploiting a related vulnerability
given the existing controls.
• Determine the severity of impact on the
system by an exploited vulnerability.
• Determine the risk level for a
threat/vulnerability pair given the existing
controls.
Computer Network Security
2009
Risk Determination Phase
Table
Item
No.
Threat
Name
Vulnerability
Name
Risk
description
Exiting
controls
Likelihood of
occurrence
Computer Network Security
2009
Impact
severity
Risk
level
Identification of
Network Threats
• Identify threats that could have the ability to
exploit Network vulnerability.
• Each threat identified has potential to attack any
of the assets protected.
• To make this more manageable, each step in the
threat identification and vulnerability
identification process is managed separately and
then coordinated at the end of the process.
• Each threat must be further examined to assess
its potential to impact organization which is called
threat assessment.
Computer Network Security
2009
Network Vulnerability
Identification
• Identify Vulnerability associated with
each threat to produce a
threat/vulnerability pair.
• Vulnerabilities may be associated with
either a single or multiple threats.
• Previous documentations, reports and
security bulletins may be used to identify
vulnerabilities.
Computer Network Security
2009
Describe Risk
• Describe how the Vulnerability
creates a risk in the system in terms
of confidentiality, integrity and
availability elements that may result
in a compromise of the Network and
the data it handles.
Computer Network Security
2009
Identification of
Existing Controls
• Identify existing controls that reduce:
– The likelihood or probability of a threat
exploiting an identified system vulnerability.
– The magnitude of impact of the exploited
vulnerability on the system.
• Existing controls may be management,
operational and technical controls
depending on the identified
threat/vulnerability pair and the risk to
the Network.
Computer Network Security
2009
Likelihood of Occurrence
(LoC) Determination
• Determine the likelihood that a threat will exploit
a vulnerability.
• Likelihood is an estimate of the frequency or the
probability of such an event.
• Likelihood of occurrence is based on a number of
factors that include Network architecture,
information system access, existing controls,
strength and nature of the threat and presence
of vulnerabilities among others.
Computer Network Security
2009
Likelihood of Occurrence
Determination
Likelihood of Occurrence Levels
likelihood
Description
Negligible
Unlikely to occur
Very low
Likely to occur two/three times every five
years.
Low
Likely to occur every year or less
Medium
Likely to occur every six months or less
High
Likely to occur once per month or less
Very high
Likely to occur multiple times per month
Extreme
Likely to occur multiple times per day
Computer Network Security
2009
Severity of Impact (SoI)
determination
• Determine the magnitude of severity of impact on
the system’s operational capabilities and data if
the threat is realized and exploits the associated
vulnerability.
• Determine the severity of impact for each
threat/vulnerability pair by evaluating the
potential loss in each security category (C.I.A).
• The impact can be measured by loss of Network
functionality, degradation of system response
time, loss of public confidence or unauthorized
disclosure of data.
Computer Network Security
2009
Severity of Impact
determination
• Impact severity levels are:
–
–
–
–
Insignificant-have no impact
Minor-minor effect cost of repair not much
Significant-Tangible harm
Damaging-damage reputation ie loss of confidence and
requires expenditure of significant resources to repair.
– Serious-loss of connected users,compromise of
information or services
– Critical –cause Network to be closed permanently
Computer Network Security
2009
Risk Level Determination
• Risk can be expressed in terms of
the likelihood of the threat
exploiting the vulnerability and the
impact severity of that exploitation
on the C.I.A of the Network.
• Mathematically Risk Level=LoC*SoI
Computer Network Security
2009
Safeguard Determination
Phase
• This involves identification of additional
controls, safeguards or corrective actions
to minimize the threat exposure and
vulnerability exploitation for each
threat/vulnerability pair identified in Risk
determination phase and resulting in
moderate or high risk levels.
Computer Network Security
2009
Safeguard Determination
Phase steps
• Identify the controls to reduce risk level of an
identified threat/vulnerability pair
• Determine the residual LoC of the threat if the
recommended safeguard is implemented.
• Determine the residual impact severity of the
exploited vulnerability once the recommended
safeguard is implemented.
• Determine the residual risk level for the system.
Computer Network Security
2009
Safeguard Determination
Phase table
Item No.
Recommended
Safeguard
Description
Residual LoC
Residual Impact
Severity
Computer Network Security
2009
Residual Risk
level
Identification of
Safeguards
• Identify control safeguards for each
threat/vulnerability pair with a
moderate or high risk level.
• Its purpose of the recommended
safeguard is to reduce or minimize
the level of risk.
Computer Network Security
2009
Identification of
Safeguards
• Factors to consider when choosing a safeguard are:
– Security area where the control/safeguard belongs, such as
management, operational, technical;
– Method the control/safeguard employs to reduce the
opportunity the threat to exploit the vulnerability,
– Effectiveness of the proposed control/safeguard to mitigate
the risk level.
– Policy and architectural parameters required for
implementation.
• Recommended safeguards will address the security
category (C.I.A) identified during the risk analysis process
that may be compromised by the exploited vulnerability.
Computer Network Security
2009
Residual LoC
Determination
• Determine the likelihood or
probability of an attack occurring
• If the attack is successful how much
impact does it have on the Network?
Computer Network Security
2009
Residual Risk level
Determination
• Determine the residual risk level for the
threat/vulnerability pair and its associated
risk once the recommended safeguard is
implemented.
• Residual Risk level is determined by
examining the likelihood of occurrence of
the attack exploiting the vulnerability and
the impact severity factors in categories
of C.I.A
Computer Network Security
2009
RISK MITIGATION
• This is the second phase of risk
management of course the first being risk
Assessment.
• It is a systematic methodology used by
senior management to reduce mission risk.
It involves prioritizing, evaluating and
implementing the appropriate riskreducing controls recommended from the
risk assessment process.
Computer Network Security
2009
RISK MITIGATION
• The risk mitigation options:
• Risk Assumption-To accept the potential risk and continue
operating the IT system or to implement controls to lower
the risk to an acceptable level.
• Risk Avoidance- To avoid the risk by eliminating the risk
cause and/or consequence (eg.forgo certain functions of the
system or shut down the system when risks are identified).
• Risk limitation-To limit the risk by implementing controls
that minimize the adverse impact of a threat,s exercising a
vulnerability (eg, use of supporting, preventive, detective
controls)
Computer Network Security
2009
Risk Mitigation options
• Risk Planning- To manage risk by developing a risk
mitigation plan that prioritizes, implements, and
maintains controls.
• Research and Acknowledgment- To lower the risk
of loss acknowledging the vulnerability or flaw and
researching controls to correct the vulnerability.
• Risk Transference- To transfer the risk by using
other options to compensate for the loss, such as
purchasing insurance.
Computer Network Security
2009
Risk Mitigation note
• It may not be practical to address all
identified risks, so priority should be
given to threat and vulnerability pairs
that have the potential to cause
significant mission impact or harm.
Computer Network Security
2009
Risk Mitigation Strategy
• When and under what circumstances should the
controls be taken?
• When vulnerability exists-implement assurance
techniques to reduce the likelihood of a
vulnerability’s being exercised.
• When a vulnerability can be exercised- Apply
layered protections, architectural designs and
administrative controls to minimize the risk of or
prevent this
Computer Network Security
2009
Risk Mitigation Strategy
• When loss is too great-Apply design principles,
architectural designs and technical and
nontechnical protections to limit the extent of
the attack, thereby reducing the potential for
loss.
• When the attacker’s cost is less than the
potential gain- Apply protections to decrease an
attacker’s motivation by increasing the attacker’s
cost (eg. Use of Network system controls such as
limiting what a user can access and do can
significantly reduce an attacker’s gain).
Computer Network Security
2009
Approach for Control
Implementation
• The following steps must be taken:
–
–
–
–
Prioritize Actions -step1
Actions ranking from High to Low -step2
List of feasible controls -step3
Cost-benefit analysis describing the cost and benefits
of implementing or not implementing the controls .-step4
– Select Control -step5
– Assign Responsibility -step6
– Develop a safeguard Implementation Plan -step7
Computer Network Security
2009
Approach for Control
Implementation
• Prioritize Actions
• Basing on the Risk levels presented in Risk
assessment implementation actions are
prioritized.
• High takes the first priority, then meduim and
lastly low
• Evaluate Recommended Control Options
• During this step the feasibility and effectiveness
of the recommended control options are analyzed.
The main objective is to select the most
appropriate control option for minimizing risk.
Computer Network Security
2009
Approach for Control
Implementation
• Conduct Cost-Benefit Analysis
This is to aid management in decision
making and to identify cost-effective
controls.
• Select Control
The controls selected should combine
technical, operational and management
control elements to ensure adequate
security for the Network.
Computer Network Security
2009
Approach for Control
Implementation
• Assign Responsibility
Appropriate persons who have the
appropriate expertise and skill-sets
to implement the selected control
are identified, and responsibility is
assigned.
Computer Network Security
2009
Approach for Control
Implementation
• Develop a Safeguard Implementation Plan. The
plan should at minimum contain the following:
–
–
–
–
Risks and associated risk levels
Recommended controls
Prioritize actions
Selected Planned controls (determined on the basis of
feasibility, effectiveness, benefits to the organization,
and cost)
– Required resources for implementing the selected
planned controls.
Computer Network Security
2009
Approach for Control
Implementation
–
–
–
–
Lists of responsible teams and staff
Start date for implementation
Target completion date for implementation
Maintenance requirements
• Implement selected controls
The implemented controls may lower the
risk level but not eliminate the risk.
Computer Network Security
2009
Control Categories
• Controls are categorized into:
• Technical Network security
• Management Network Security
Controls
• Operational Network Security
Control
Computer Network Security
2009
Technical Network security
• This requires security configuration to set onto
machines and software installed that guards
against threats. The measures should work
together to secure critical and sensitive data,
information, and Network functions.
• Technical controls can be grouped into:
– Supporting Technical controls
– Preventive Technical controls
– Detection and Recovery Technical controls
Computer Network Security
2009
Supporting Technical
Controls
• These are basic controls onto which other
controls are implemented. They are interrelated
with other controls. They are also categorized
into:
– Identification- provide ability to uniquely identify users,
processes and information process.
– Cryptographic Key Management- Includes secure key
generation, distribution, storage and maintenance
– Network Security Administration- Security features
must be configured ie enable/disable.
– Network Protection- Protection in terms of the various
security functionality to be implemented.
Computer Network Security
2009
Preventive technical
Controls
• These basically prevent the violation of security policies.
They include:
– Authentication- proving that identity is what it claims to be.
– Authorization-permits/denys actions for a given network.
– Nonrepudiation- deals with ensuring that sender don’t deny
sending information and the receivers not denying that they
received the information.
– Protected Communication- ensures C.A.I while in transit. It
uses data encryption methods to minimize interceptions,
packet sniffing, replay etc.
– Transaction Privacy- protects against loss of privacy with
respect to transactions performed by an individual. This
achieved through use of Secure Sockets layer, secure shell.
Computer Network Security
2009
Detection and Recovery
Technical Controls
• Detection controls warn of violation or
attempted violations of security policy
they include Intrusion Detection methods.
• Recovery controls are used to restore lost
computing resources.
• Detection and Recovery controls include:
– Audit- Monitoring and tracking the
abnormalities after-the-fact detection of and
recovery from security breaches.
Computer Network Security
2009
Detection and Recovery
Technical Controls
– Intrusion Detection and Containment-Detects a
security breach.
– Proof of Wholeness- analyses network integrity and
identifies exposures and potential threats. This control
doesn’t prevent violations of security policy but detects
violations and helps determine the type of corrective
action needed.
– Restore Secure State- This service enables System to
return to a state that is known to be secure, after a
security breach occurs.
– Virus Detection and Eradication- Detects, identifies
and eradicates viruses.
Computer Network Security
2009
Management Security
Controls
• Management controls focus on the stipulation of
information protection policy, guidelines and
standards, which are carried out through
operational procedures to fulfill the
organization's goals and missions.
• These controls are divided into:
– Preventive Management Security Controls
– Detection Management Security Controls
– Recovery Management Security Controls
Computer Network Security
2009
Preventive Management
Security Controls
• These controls include:
– Assigning security responsibility to ensure that adequate
security is provided for mission-critical.
– Develop and maintain Network security plans to
document current controls and address planned controls
for Networks in support of the organizations mission.
– Implement personnel security controls, including
separation of duties.
– Conduct security awareness and technical training to
ensure that end users and system users are aware of
the rules of behavior and their responsibilities in
protecting the organisation’s mission.
Computer Network Security
2009
Detective Management
Security Controls
• These controls include:
– Implementing personnel security controls, including
personnel clearance, background investigations, rotation
of duties.
– Conducting periodic review of security controls to
ensure that the controls are effective.
– Performing periodic system audits.
– Conducting ongoing risk management to assess and
mitigate risk.
– Authorize Network system to address and accept
residual risk.
Computer Network Security
2009
Recovery Management
Security Controls
• These controls include:
• Providing continuity of support and
develop, test, and maintain the continuity
of operations plan.
• Establishing an incident response
capability to prepare for, recognize,
report, and respond to the incident and
return the Network to operational status.
Computer Network Security
2009
Operational Security
controls
• Organisation has to establish a set of controls,
policies and guidelines to ensure that security
procedures are enforced and implemented.
Management comes in handy to make sure that
the policies are implemented.
Preventive Operational
• Examples of operational security controls :
Provide backup
Secure wiring closets that house hubs and cables
Safeguard computing devices
Computer Network Security
2009
Operational Security
controls
• Detection Operational Controls
include:
Provide physical security (sensors and
alarms)
Ensure environment security (use of
smoke and fire detectors, sensors and
alarms).
Computer Network Security
2009
Cost-Benefit Analysis
• Allocate resources and implement cost-effective
controls.
• Identify all possible controls and evaluate their
feasibility and their effectiveness.
• Consideration:
– Determine the impact of not and implementing the new
enhanced controls.
– Estimate the cost of implementation
•
•
•
•
Hardware and software costs
Additional policies
Training costs
Maintenance costs
Computer Network Security
2009