Download Slide 1

CIST 1601 Information Security Fundamentals
Chapter 1 General Security Concepts
Collected and Compiled
By JD Willard
MCSE, MCSA, Network+,
Microsoft IT Academy Administrator
Computer Information Systems Technology
Albany Technical College
Understanding Information Security
Network Access Control (1:58)
The term information security covers a wide array of
activities in an organization, including:
Products
Processes used to prevent unauthorized access to,
modification of, and deletion of information.
Protect resources by preventing them from being
disrupted by situations or attacks.
Internally
Externally
A security administrator must deal with system
vulnerabilities and human vulnerabilities.
You must assume that you’re under attack
General Security Concepts
Understanding Information Security
The security triad or three primary areas of security focus include:
Management Security
Provide the guidance, rules,
and procedures for implementing
a security environment.
Physical
Operational Security
Includes access control,
authentication, and security topologies
after network installation is complete.
Physical Security
Involves the protection of your
assets and information from
physical access by unauthorized
personnel.
Security
Operational
Security policies fall under the Management category
Management
Securing the Physical Environment
The goal of a physical security policy is to allow only trusted
use of resources via positive identification that the entity
accessing the systems is someone or something that has
permission to do so based on the security model the
organization has chosen.
Physical security addresses the following major categories
of risks:
Physical theft
Loss of an asset
Unauthorized disclosure of information
Interruption of critical services
Power failure
Physical damage to hardware assets
Threats affecting confidentiality
Integrity and availability of critical resources
Securing the Physical Environment
It is much easier for an attacker to walk into a
reception area, masquerade as a vendor agent, and
get access to the server than to get into a physically
secured area that utilizes a guest sign-in and sign-out
sheet.
Unsecured equipment is vulnerable to social
engineering attacks. Lock the door(s) to the server
room.
Mandatory physical access controls are common in
government facilities and military installations where
users are closely monitored and very restricted.
Examining Operational Security
Operational security encompasses everything not related to design or physical
security.
Instead of focusing on the physical components where the data is stored, such
as the server, the focus is now on the topology and connections.
Issues include:
Daily operations of the network
Connections to other networks
Backup and recovery plans
Operational security includes:
Computers
Networks and communications systems
Management of information
Operational security issues include:
Network access control (NAC)
Authentication
Security topologies
Survey Your Physical Environment
The job of the security administrator is to prevent and to seek out rats (hackers).
To catch a rat you need to think like a rat.
How would a rat gain access to the building?
Is a key or code required?
Security guard?
Receptionist?
Cameras?
How would a rat gain access to the floor of the server room?
Is the elevator keyed, or can anyone use it?
Do the doorways to the stairs only open outward, or can anyone walk up and enter?
How would a rat find the server?
In the middle of the office?
In a separate room?
Door secured?
Key, badge or punchpad required?
If the rat finds the server, would anyone see what he’s doing?
Does the server room have glass windows?
Are cameras overlooking the server?
Can you physically see the server?
Would anyone question why a rat was there?
If you do use cameras where are the tape machines?
Near the server so the rat can steal the evidence?
If you can easily spot flaws in the security then a rat can spot them too.
Network Access Control (NAC)
Network Access Control (NAC) is an effective way to protect the network from malicious hosts.
NAC secures the environment by examining the user’s machine and, based on the results, grant access accordingly.
NAC provides:
Enforcement of security policy
Containment of noncompliant users
Mitigation of threats
The basic components of NAC products:
Access requestor (AR); device that requests access
Policy decision point (PDP); system that assigns a policy based on the assessment
Policy enforcement point (PEP); device that enforces the policy.
Switch
Firewall
Router
Four ways NAC systems can be integrated into the network:
Inline
out-of-band
switch based
and host based
An out-of-band intervenes and performs an assessment as hosts come online, and then grants appropriate access.
NAC business benefits include:
Compliance
Better security posture
Operational cost management
Working with Management and Policies
Reducing Risk with Security Policies (12:24)
Management and policies provide the guidance, rules, and procedures for implementing a security environment.
IT professionals can recommend policies, but they need the support of management to implement them.
As a security administrator, you’ll need to look for openings that intruders can use to enter your network. Don’t think of the
safeguards that may currently exist, but rather focus on ways someone not on your network might join it.
How do users on your network access the Internet?
Dial-up connections ?
Dial-up access on laptops at home?
Are proxy servers in use?
Private or public IP addresses?
Network Address Translation?
Wireless access points on the network? Unsecured SSID?
WAP range?
Can you access the network in the parking lot?
Remote Access allowed?
From home?
From hotel rooms?
Callback option enabled or only user credentials?
Do you use Terminal Services?
Are thin clients employed/allowed?
Are entire sessions on the server run remotely?
Is remote administration enabled?
Do users have shares on their laptops that could compromise the laptop’s data security?
What ports are open on your routers and firewalls?
Working with Management and Policies
A number of key policies are needed to secure a network.
Administrative policies lay out guidelines and expectations for upgrades,
monitoring, backups, and audits. System administrators and
maintenance staff use these policies to conduct business.
Administrative policies should clearly outline:
When and How often to upgrade.
When and how monitoring occurs.
How logs are reviewed.
Job responsible for these decisions.
How often decisions should be reviewed.
Who wrote the policy?
Who signed off on the policy?
What date were they mandated?
Administrative policies must be specific yet flexible enough to allow for
emergencies and unforeseen circumstances but not too flexible as to be
virtually ineffective or unenforceable.
Working with Management and Policies
Disaster recovery plans (DRPs) are one of the biggest headaches that IT
professionals face.
Disaster recovery plans are expensive to develop and to test, and it must
be kept current.
A good Disaster recovery plan takes into consideration tornadoes, floods,
fires, and every conceivable disaster.
Information policies refer to the various aspects of information security,
including access, classifications, marking and storage, and the
transmission and destruction of sensitive information.
Information policies may include a data classification similar to the
following:
Public - For all advertisements and information posted on the Web
Internal - For all intranet-type information
Private - Personnel records, client data, and so on
Confidential - Public Key Infrastructure (PKI) information and other
items restricted to all but those who must know them
Information policies must be as comprehensive as possible.
Working with Management and Policies
Security policies define the configuration of systems and
networks, including:
Installation of software and hardware
Network connections and network connectivity
Computer room and data center security
How identification and authentication occurs.
Access control
Audits and reports
Encryption
Antivirus software
Security policies also establish procedures and methods
used for:
Password policy
Account expiration
Failed logon attempts
Working with Management and Policies
Software design requirements outline system capabilities.
Use the requirements to have vendors explain proposed solutions.
Should be specific about security requirements.
Design requirements should be viewed as a moving target.
Usage policies cover how information and resources are used.
How users can use organizational resources and for what purposes
Rules of computer usage
Statements about privacy, ownership, and the consequences of
improper acts
Internet, remote access, and e-mail usage expectations
How users should handle incidents and who to contact if they
suspect something
Spell out the fact that monitoring can take place and that users
agree to it
Consequences for account misuse should also be stated.
Working with Management and Policies
User management policies identify how new
employees are added to the system as well as:
Training and orientation
Equipment installation and configuration
Employee transfers
This can result in privilege creep where a user acquires
administrative privileges to the system by accident.
User management policies should outline:
Notification of IT department about employee
terminations
How notifications should occur
Terminated employees accounts should be either
disabled or deleted.
Understanding the Goals of Information Security
Goals of Information Security include:
Prevention – Preventing computer or information violations.
Detection - Identifying events when they occur, identifying the
assets under attack, how the attack is occurring, and who is
responsible.
Detection may involve complicated monitoring tools or checking the
system logs. System logs will frequently tell you what was accessed
and in what manner. These logs are usually explicit in describing the
events that occurred during a security violation.
Detection should be ongoing and part of security policies and
procedures.
Response – Strategies and techniques to deal with an attack or
loss.
Have a well thought out and tested plan for response, restoring
operations, and neutralizing the threat.
Comprehending the Security Process
Appreciating Antivirus Software
The most common method used in an antivirus
program is scanning.
Scanning identifies virus code based on a unique
string of characters known as a signature.
Scanning searches files in memory, the boot sector,
and on the hard disk for identifiable virus code.
Your first step, should a system become infected with
a new virus, would be to verify antivirus software is
up to date including the virus definition files.
Comprehending the Security Process
Implementing Access Control
Authorization and Access Control (3:59)
Access Control defines how users and systems communicate and in what manner.
Three basic models are used to explain access control:
Mandatory Access Control (MAC)
MAC provides the strictest security mechanism.
It assigns security labels to both subjects and objects.
Labels are comprised of a classification and different categories.
Classification indicates the sensitivity level of the subject or object, such as secret or top-secret.
Categories enforce need to know rules. Categories should be determined by the organization based
on access control needs, such as human resources or accounting.
Under MAC, a file, printer, or computer would exist as an object. Objects are resources
accessed by groups, users, or processes.
A user or group would exist as a subject. Subjects access objects.
Access privileges to resources are assigned by administrators, are predefined based on
the security policy, and can’t be changed by users. A privilege that is not expressly
permitted is forbidden.
Users cannot share resources dynamically.
This model is usually implemented in highly secure networks, such as military facilities.
Comprehending the Security Process
Implementing Access Control
The Discretionary Access Control model (DAC)
The Discretionary Access Control model (DAC) is used in small Microsoft
workgroup networks where users commonly share folders with each other.
In the DAC model, the data owner\creator is responsible for granting other
users access to resources, and determines the level of access that will be
granted to those users, as well as limiting object access to certain days and
certain times in the day.
The DAC model uses Access Control Lists (ACLs) to map a user's access
permissions to a resource.
An ACL is a security mechanism used to designate those users who can gain
various types of access, such as read, write, and execute access, to resources on
a network. An ACL provides security as granular as the file level.
In DAC, a subject’s rights should be suspended when he is on leave or vacation
and should be terminated when he leaves the company.
Comprehending the Security Process
Implementing Access Control
Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC) allows specific people to be assigned to
specific roles with specific privileges.
RBAC uses the role to identify the users who have permissions to a resource,
and may be implemented system wide. Users may be able to access information
from any station in the network, based strictly on their role.
Privileges would be limited to the role and wouldn’t be present during the
employee’s normal job functions.
For example, a backup operator role would give anyone who occupied that role
the ability to perform backups, including the security privileges that went along
with it.
These privileges should reflect the organization's structure and responsibilities
users have in the organization.
The RBAC mode is common in network administrative roles.
Understanding Authentication
Identification and Authentication (6:32)
Authentication is the mechanism by which the unique identity is associated with a
security principal (a specific user or service).
Before authorization can occur, the identity of the account attempting to access a
resource must first be determined. This process is known as authentication.
Single-Factor Authentication (4:38)
Authentication can be generally broken into three basic forms, depending on what is
required to authorize access:
Something you know
Something you have
Something you are
The most well-known form of authentication is the use of a username and password
combination to access controlled resources. Access is not possible without both parts
required for account authentication, so a level of protection is provided.
The shortcoming of any authentication system is that the keys used may be easily
falsified and access rights may be granted to an unauthorized access attempt. Null or
easily guessed passwords are one of the most widespread examples of the potential for
this weakness.
Biometrics
Biometrics is the authentication process that uses physical characteristic to establish identification.
A user places their hand on a finger print scanner or they put their eyes against a retinal scanner. Since a person’s
fingerprint, blood vessel print, or retinal image is unique the only way the system can authenticate is if the proper
user is there.
Biometric devices typically use either a hand pattern or a retinal scan to accomplish this.
Iris profile biometric devices identify an individual b y using the colored part of the eye that surrounds the
pupil.
Facial geometry identifies a user based on the profile and characteristics of the face.
A retina scan identifies an individual by using the blood vessel pattern at the back of the eyeball. A retinal
scan is a very secure form of evidence used in high-security companies and government agencies.
When using biometrics, remember that each method has its own degree of error ratios, and some methods may
seem invasive to the users and may not be accepted gracefully.
The false acceptance rate (FAR) is a measure if the likelihood that the access system will wrongly accept an
access attempt. In other words, it will allow access to an unauthorized user.
The false rejection rate (FRR) is the percentage of identification instances in which false rejection occurs.
In false rejection, the system fails to recognize an authorized person and rejects that person as
unauthorized.
The only way for an unauthorized user to get access is to physically kidnap the authorized user and force them
through the system. For this reason, biometrics are the strongest (and the costliest) form of authentication.
Certificates
Certificates are another form of authentication.
A server or certificate authority (CA) can issue a
certificate that will be accepted by the challenging
system.
Certificates can be either physical access devices,
such as smart cards, or electronic certificates that are
used as part of the logon process.
A Certificate Practice Statement (CPS) outlines the
rules used for issuing and managing certificates.
A Certification Revocation List (CRL) lists the
revocation that must be addressed (often due to
expiration) in order to stay current.
Certificates
A certificate being issued after identification
has been verified.
Challenge Handshake Authentication Protocol (CHAP)
Challenge Handshake Authentication Protocol (CHAP) uses a
challenge/response mechanism.
Using CHAP, the initiator sends a logon request from the client to the server.
The server sends a challenge back to the client.
The challenge is encrypted and then sent back to the server.
The server compares the value from the client and, if the information matches,
grants authorization and the client logs on.
If the response fails, the session fails and the request phase starts over.
A challenge/response mechanism, sometimes referred to as a three-way
handshake, uses a secret password that verifies the identity of a user or node
without revealing the password.
CHAP is typically used for authentication on dial-up connections.
CHAP uses only encrypted passwords during the authentication process.
CHAP uses two compared values created using the MD5 hashing algorithm.
Challenge Handshake Authentication Protocol (CHAP)
CHAP Authentication
Kerberos
Kerberos (9:57)
Kerberos uses a Key Distribution Center (KDC) to authenticate a principle.
Principals are the entities to which the KDC provides services. They may be users, applications,
systems, or services.
Session keys are symmetric keys used to encrypt and decrypt information that passed between the
principals and KDC.
The Key Distribution Center (KDC) is the most important component in a Kerberos
environment. It is responsible for managing all the secret keys, authenticating all users,
and issuing tickets to valid users.
The KDC provides a ticket to the network.
A ticket granting ticket (TGT) is the entity issued by the authentication service (AS) on the KDC to a
principal.
The TGT proves principal identity throughout the communication process.
Once this ticket is issued, it can be used to authenticate against other principles.
This occurs automatically when a request or service is performed by another principal.
Kerberos v5 includes support for a process known as mutual authentication, where both
the identity of the client that is requesting authentication and the server that is
providing authentication are verified.
Single Sign-on (3:25)
Kerberos and Active Directory are two technologies that provide single sign-on
authentication. Single sign-on addresses the problem of users having to remember
multiple usernames and passwords to access different systems.
Kerberos
Kerberos Authentication Process
Multifactor Authentication
Multi-Factor Authentication (3:15)
Multifactor authentication involves the use of two or more
different forms of authentication.
Any combination of authentication methods may be used in a
multifactor solution.
Different forms include:
What you know (logon, password, PIN)
What you have (smartcard, keycard, SecureID number generator)
What you are (biometrics)
A two-factor method can potentially increase the strength of
authentication by combining authentication protocols such as
the use of a smart card in conjunction with a password or smart
card and biometrics for logon.
Multifactor Authentication
Two-factor Authentication
Mutual Authentication
Whenever two or more parties authenticate each other, this is known as
mutual authentication.
Mutual authentication checks the identity of both ends of the
connection. It is often referred to as two-way authentication.
A client may authenticate to a server, and a server authenticate to a
client when there is a need to establish a secure session between the
two and employ encryption.
Mutual authentication ensures that the client is not unwittingly
connecting and giving its credentials to a rogue server; which can then
turn around and steal the data from the real server.
Commonly, mutual authentication will be implemented when the data to
be sent during the session is of a critical nature—such as financial or
medical records.
Password Authentication Protocol (PAP)
Password Authentication Protocol (PAP) offers no
true security, but it’s one of the simplest forms of
authentication.
The username and password values are both sent to
the server as clear text and checked for a match. If
they match, the user is granted access; if they don’t
match, the user is denied access.
In most modern implementations, PAP is shunned in
favor of other, more secure authentication methods.
Security Tokens
Security tokens are similar to certificates. They contain the rights and
access privileges of the token bearer as part of the token.
Many operating systems generate a token that is applied to every action
taken on the computer system.
I
f your token doesn’t grant you access to certain information, then either
that information won’t be displayed or your access will be denied.
The authentication system creates a token every time a user connects or
a session begins.
Authentication is established on each session and is valid only for that
session.
At the completion of a session, the token is destroyed.
Security Tokens
Security Token Authentication
Smart Cards
A smart card is a type of badge or card that can allow access to multiple
resources including buildings, parking lots, and computers.
It contains information about your identity and access privileges.
The reader is connected to the workstation and validates against the
security system.
Smart Cards often also require the use of a small password called a PIN;
which further secures the smart card if lost by the true card holder.
Smart Cards increase the security of the authentication process because
it must be in your physical possession.
A whole system can become useless if the smart card is lost or stolen.
Smart Cards
The Smart Card Authentication Process
Username/Password
Using a login and password is singlefactor authentication because it consists
of only what you know.
A username and password are unique
identifiers for a logon process.
Most operating systems use a user ID
and password to accomplish identity
during the logon process.
These values can be sent across the
connection as plain text or can be
encrypted.
The logon process identifies to the
operating system, and possibly the
network, that you are who you say you
are.
The operating system might establish
privileges or permissions based on
stored data about that particular ID.
Usernames and passwords can be
intercepted and are the least secure.
Authentication Issues to Consider
Setting authentication security, especially in supporting users, can become a high-maintenance activity for
network administrators.
On one hand, you want people to be able to authenticate themselves easily
On the other hand, you want to establish security that protects your company’s resources.
Be wary of popular names or current trends that make certain passwords predictable.
Identity proofing is an organizational process that binds users to authentication methods.
Identification proofing is invoked when a person claims they are the user, but cannot be authenticated—
such as when they lose their password. They are typically asked to provide another value—such as
mother’s maiden name— to prove their identity.
Identity proofing gives the organization assurance that the user performing an authentication is the
legitimate user.
Under no circumstance should the person proofing be allowed access immediately—
instead their access information should be sent to their email account of record.
Identity proofing is the main component of authentication lifecycle management.
Authenticators for identity proofing include smart cards, biometrics, and one-time password (OTP) devices.
Distinguishing between Security Topologies
Setting Design Goals
Sending data across an insecure network, such as the
Internet, affects confidentiality and integrity.
It is the responsibility of the sender to ensure that
proper security controls are in place.
Confidentiality and integrity should be implemented to
ensure the accuracy of the data and its accessibility to
authorized personnel.
The three core security objectives for the protection of
the information assets of an organization are:
Confidentiality
Integrity
Availability
These three objectives are also referred to as the CIA
triad.
Most computer attacks result in the violation of the CIA
triad.
Confidentiality
Confidentiality, Integrity, and Availability (5:10)
Meeting the goal of confidentiality is to prevent or minimize unauthorized
access to and disclosure of data and information.
Confidentiality is the minimum level of secrecy that is maintained to protect
sensitive information from unauthorized disclosure.
In many instances, laws and regulations require specific information
confidentiality.
Confidentiality can be implemented through encryption, access control data
classification, and security awareness.
Maintaining the confidentiality of information prevents an organization from
attacks, such as shoulder surfing and social engineering, which can lead to
disclosure of confidential information and disrupt business operations.
Lack of sufficient security controls to maintain confidentiality leads to the
disclosure of information.
Integrity
Ensuring the integrity of information implies that the information is
protected from unauthorized modification and that the contents have
not been altered.
To meet the goal of integrity, you must verify that information being
used is accurate and hasn’t been tampered with.
Integrity ensures the following conditions:
The data is accurate and reliable.
The data and the system are protected from unauthorized alteration.
Attacks and user mistakes do not affect the integrity of the data and
the system.
Integrity is coupled with accountability to ensure that data is accurate
and that a final authority exists to verify this, if needed.
Availability
To meet the goal of availability, you must protect
data and prevent its loss.
Data that can’t be accessed is of little value.
If a mishap or attack brings down a key server or
database, that information won’t be available to the
people who need it. This can cause havoc in an
organization.
Your job is to provide maximum availability to your
users while ensuring integrity and confidentiality.
The hardest part of this process is determining the
balance you must maintain between these three
aspects to provide acceptable security for the
organization’s information and resources.
Accountability
The final and often overlooked goal of design concerns accountability.
Accountability involves identifying who owns or is responsible for the
accuracy of certain information in an organization.
Many of the resources used by an organization are shared between
departments and individuals.
The department or individual that is accountable for certain information
would also be responsible for verifying accuracy in the event of a datatampering incident.
You should also be able to track and monitor data changes to detect and
repair the data in the event of loss or damage.
Most systems will track and store logs on system activities and data
manipulation, and they will also provide reports on problems.
Creating Security Zones
It’s common for a network to have connections among departments,
companies, countries, and public access using private communication
paths and through the Internet.
Not everyone in a network needs access to all the assets in the network.
The term security zone describes design methods that isolate systems
from other systems or networks. You can isolate networks from each
other using hardware and software.
The Internet creates a challenge for security.
Security zones allow you to isolate systems from unauthorized users.
Here are the four most common security zones you’ll encounter:
Internet
Intranet
Extranet
Demilitarized zone (DMZ)
By implementing intranets, extranets, and DMZs, you can create a
reasonably secure environment for your organization.
Internet
The Internet is a global network connecting computers and individual networks
together.
In this environment, you should have a low level of trust in the people who use
the Internet.
You must always assume that the people visiting your website may have bad
intentions; they may want:
To buy your product
To hire your firm
To bring your servers to a screaming halt
Because the Internet involves such a high level of anonymity, you must always
safeguard your data with the utmost precautions
Intranets
Intranets are private networks implemented
and maintained by an individual company or
organization.
An intranet is the private network of the
company that contains most of the private
resources and network infrastructure
equipment of the company.
An intranet belongs to and is controlled by the
company.
Intranets use the same technologies used by
the Internet.
You can think of an intranet as an Internet that
doesn’t leave your company:
It’s internal to the company.
Access is limited to systems within the intranet.
Access to the intranet is granted to trusted
users inside the corporate network or to users
in remote locations.
Extranets
Extranets extend intranets to include outside
connections to partners.
An extranet is the public area of the company
network infrastructure that enables resources
to be accessed by external users.
An extranet is a semi-secure zone that allows
partners of the organization to access specific
resources.
The partners can be vendors, suppliers, or
similar parties who need access to your data for
legitimate reasons.
Extranet connections involve connections
between trustworthy organizations.
Security for the extranet security zone can
include a number of strategies:
Using VPN connections
Regularly auditing all services
Removing all unnecessary services
Limiting the number of services provided
Demilitarized Zone (DMZ)
A demilitarized zone (DMZ), or perimeter network, provides a layer of security and privacy between the
company infrastructure and the Internet.
A DMZ might contain Internet accessible servers such as access web servers, FTP servers, and mail-relay
servers for restrictive access by people you might not trust otherwise.
By isolating a server in a DMZ, you can hide or remove access to other areas of your network.
The internal network isn’t visible to external users lowering the threat of intrusion in the internal network.
A DMZ is a separate subnet coming off a separate router interface. Most organizations deploy, at a
minimum, two firewalls.
The first firewall is placed in front of the DMZ to allow requests from the external public interface destined for
servers in the DMZ or to route requests to an authentication proxy.
The second firewall is placed to allow outbound requests and denies public traffic to pass through the interface
that connects to the internal private network.
From there, you can decide what traffic goes where; for example, HTTP traffic would be sent to the DMZ,
and e-mail would go to the internal network.
All initial necessary connections are located on the DMZ machines. For example, a RADIUS server may be
running in the DMZ for improved performance and enhanced security, even though its database resides
inside the company intranet.
Demilitarized Zone (DMZ)
A typical DMZ
Working with Newer Technologies
Virtualization Technology
Virtualization (2:20)
Virtual environments are available to run on just about everything from servers and
routers to USB thumb drives. Hardware vendors are rapidly embracing virtualization and
developing new features to simplify virtualization techniques.
Virtual environments can be used to improve security by:
Allowing unstable applications to be used in an isolated environment.
Providing better disaster recovery solutions.
Virtual environments are also used for cost-cutting measures.
One well-equipped server can host several virtual servers, reducing the need for power and
equipment.
Forensic analysts often use virtual environments as a method of viewing the environment the same
way the criminal did.
A hypervisor or virtual machine monitor (VMM) is a virtualization platform that provides
multiple operating systems running on a host computer at the same time.
A Type 1 native or bare-metal hypervisor is software that runs directly on a hardware platform. The
guest operating systems runs at the second level above the hardware. This technique allows full
guest systems to be run in a relatively efficient manner. The guest OS is not aware it is being
virtualized and requires no modification.
A Type 2 or hosted hypervisor is software that runs within an operating system environment, and
the guest operating system runs at the third level above the hardware. The hypervisor runs as an
application or shell on another already running operating system.
Working with Newer Technologies
Virtualization Technology
Virtualization (9:22)
Security policy should address virtual environment vulnerabilities. Software without a defined business
need should not be allowed on systems, including virtual environments.
If a virtual machine is compromised, an intruder can gain control of all the guest operating systems.
In addition, because hardware is shared, most virtual machines run with very high privileges, allowing an
intruder who compromises a virtual machine to compromise the host machine, too.
Segmenting virtual machines by the information they handle.
The organization should have a policy in place that states that high-security virtual machines never share the same
hardware as virtual machines for testing or lower security applications.
Also:
Be cognizant of share files among guest and host operating systems.
Use standard locked-down virtual images.
Other areas that present issues for a virtualized environment and need special consideration are:
Deploying financial applications on virtualized shared hosting
Secure storage on storage-area network (SAN) technologies
Virtual machine environments need to be patched just like host environments and are susceptible to the
same issues as a host operating system.
Virtual Local
Area
Networks
VLANs (1:55)
A virtual local area network (VLAN) allows you to create groups of users and systems
and segment them on the network. This segmentation lets you hide segments of the
network from other segments and thereby control access.
VLANs enable you to unite network nodes logically into the same broadcast domain
regardless of their physical attachment to the network. Networks can coexist on the
same wiring and be unaware of each other.
VLANs enable administrators to segment one broadcast domain into two or multiple
domains, segmenting groups of users that have similar data sensitivity levels together
and thereby increasing security.
VLAN advantages include:
Reducing the scope of broadcasts
Improving performance and manageability
Decreased dependence on the physical topology
Switches are used to create VLANs.
A router or other routing-type device would be needed to connect these VLANs.
When a switch is compromised, the attacker could next compromise the VLANs created
by the switch.
Virtual Local Area Networks
A typical segmented VLAN
Network
Address
Translation
Network Address Translation (3:48)
Network Address Translation (NAT) acts as a liaison
between an internal network and the Internet.
NAT effectively hides your network from the world,
making it much harder to determine what systems exist
on the other side of the router.
Most new routers and current Microsoft Server operating
systems support NAT
The NAT server effectively operates as a firewall for the
network.
Typically, the router or NAT server acts as the interface
between a local area network and the Internet using one
IP address.
The router or NAT server maps all inbound and outbound
requests and maintains a table for returned messages.
NAT allows the organization to use publicly assigned IP
addresses over the Internet that is different from its
private IP addresses. In this way, NAT hides the private
network from the public.
There are specific reserved, non-Internet-routable, private
IP addresses for use on an internal network.
In Class C the range is 192.168.0.1 to 192.168.255.254.
In Class B the range is 172.16.0.1 to 172.31.255.254
In Class A the range is 10.0.0.1 to 10.255.255.254.
Port Address Translation
In addition to NAT, Port Address Translation
(PAT) is possible.
Tunneling
Tunneling refers to creating a virtual
dedicated secure connection between two
systems or networks.
Tunneling sends private data across a public
network (the Internet) by placing
(encapsulating) that data into other packets
(to prevent sniffing over the public network).
Tunnels are usually secure and present
themselves as extensions of both networks.
You create the tunnel between the two ends
by encapsulating the data in a mutually
agreed upon protocol for transmission.
Tunneling protocols usually include data
security as well as encryption.
Most tunnels are virtual private networks
(VPNs).
Several popular standards have emerged for
tunneling, with the most popular being the
Layer 2 Tunneling Protocol (L2TP).
A connection being made between
two networks across the Internet. To
each end of the network, this
appears to be a single connection.
Addressing Business Concerns
Identifying Assets
Asset identification is the process of identifying the
types and values of assets in an organization.
In some cases, the process may be as simple as
counting systems and software licenses.
The more difficult part of an asset-identification
process is attempting to assign values
to information.
In some cases, you may only be able to determine
what would happen if the information were to
become unavailable or lost.
If absence of this information would effectively shut
down the business, the information is priceless.
Addressing Business Concerns
Assessing Risk
There are several ways to perform a risk assessment or risk analysis.
They range from highly scientific formula-based methods to a conversation with
the owner.
The cost of an event and the probability that an event will occur are two of the
most important factors to consider when you’re formulating a risk assessment.
In general, you should attempt to identify the costs of replacing stolen data or
systems, the costs of downtime, and virtually any risk factor you can imagine.
You can move to risk assessment only after completing the asset identification.
After you’ve determined the costs, you can then evaluate the likelihood that
certain types of events will occur and the most likely outcome if they do occur.
Addressing Business Concerns
Identifying Threats
A threat assessment examines the potential for internal and external threats to
your systems and information.
Implementing a security policy requires that you evaluate the risks of both
internal and external threats to the data and network. It does little good to
implement a high-security environment to protect your company from the
outside if the threat is mostly internal.
A disk brought from outside containing a virus and loaded on a computer would
be immune to your external security measures.
This is a common problem in schools, libraries, and environments where people
regularly use shared resources.
Internal threats also include employee fraud, abuse or alteration of data and
theft of property.
Both policies and systems must be put in place to detect and mitigate these
possibilities.
Investigation and making recommendations to management is key
Internal and External Threats to an
Organization
Addressing Business Concerns
Internal Threats
Most well-publicized internal threats involve financial abuses,
some outright fraud or theft.
These types of threats, especially in a computer-intensive
environment, can be difficult to detect and investigate. They are
typically ongoing and involve small transactions over long
periods.
Internal policies and systems should be in place to detect,
investigate, and correct these types of problems.
Statistically, most security breaches are internal.
System failure could be considered an internal threat because
the cause of the threat comes from within the organization.
Addressing Business Concerns
External Threats
External threats are increasing at an alarming rate.
Early methods of cracking systems were primitive and labor
intensive.
Today, software packages exist that find targets automatically
and then systematically attack the targets to find their
vulnerabilities.
Many of these tools use GUIs that require little technical
expertise on the part of the would be attacker.
A Security Administrator’s job is to detect the attack, find ways
to counter it, and assist law enforcement personnel in
investigating the activity.
Telephony (2:43)
The End