Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Systems Security
Document related concepts
no text concepts found
Transcript
Computer Network Security by Ms Josephine Ayebare [email protected] c.ug Computer Network Security 2009 Syllabus and Policies • • • • • • • • • Syllabus Lectures and lecture’s notes Private reading (An assignment+2 test/3)30% Group projects Test 1 and coursework (1st Oct 2009) Test 2 (5th Nov 2009) & 26th Nov Presentation Final Exam (70%) Must hand in on time Computer Network Security 2009 Course Outline • • • • • • • • • Introduction to network security Security threats and counter measures Risk assessment Risk mitigation Security Policies Network intrusion Detection Forensic technologies Network Security Audit Networking Security Technologies Computer Network Security 2009 Introduction • Today we will examine; • History of information • Key terms and concepts of Network security • The security systems development life cycle • The role of Network security professionals. Computer Network Security 2009 Objectives • Upon completion of this lesson students should be able to; • Describe what information security is and how it came to mean what it does today. • Discuss the history of computer security and how it evolves into information security Computer Network Security 2009 Objectives • Identify and define key terms and critical concepts of Network security • Outline the phases of the security system development life cycle • Describe issues involved in Network security Computer Network Security 2009 What is network security? • The protection of network systems that are used and the data that they process against unauthorized access. Computer Network Security 2009 History of information Security • Computer security began immediately after the first mainframes were developed • Groups developing code-breaking computations during World war II created the first modern computers • Physical controls were needed to limit access to authorized personnel to sensitive military location • Only rudimentary controls were available to defend against physical theft, espionage,and sabotage Computer Network Security 2009 The 1960s • Department of Defense’s Advance Research Project Agency (ARPA) began examining feasibility of redundant networked communications. • Dr.Lawrence Roberts developed the project from its inception Computer Network Security 2009 The 1970s and 80s • ARPANET grow in popularity as did its potential for misuse • Fundamental problems with ARPANET security were identified • No safety procedures for dial-up connections to the APANET • User identification and authorization to the system were non-existent • In the late 1970s the microprocessor expanded computing capabilities and security threats Computer Network Security 2009 R-609-Study of Computer Security Begins • Information Security began with Rand Report R-609. • The scope of computer security grew from physical security to include; • Safety of the data • Limiting unauthorized access to that data • Involvement of personnel from multiple levels of the organization Computer Network Security 2009 The 1990s • As networks of computers become more common so did the need to interconnect the networks. • Result was the internet first manifestation of a global network of networks • In the early internet deployments, security was a low priority Computer Network Security 2009 The Present • The internet has brought millions of computer networks into communication with each other many of them unsecured • Ability to secure each now influenced by the security on every computer to which it is connected Computer Network Security 2009 What is security • “The quality or state of being secure to be free from danger” • To be protected from adversaries • A successful organization should have multiple layers of security in place: • Physical security • Personal security • Operation security • Communication security • Network security Computer Network Security 2009 What is Information Security • The protection of information and its critcal element including the systems and hardware that use, store, and transmit that information • Tools, such as policy awareness, training, education, and technology are necessary • The C.I.A. triangle was the standard based on confidentiality, integrity, and availability • The C.I.A. triangle has expanded into a list of critical characteristics of information. Computer Network Security 2009 Critical Characteristics of Information • The value of information comes from the characteristics it possesses. – – – – – – – Availability Accuracy Authentication Confidentiality Integrity Utility Possession Computer Network Security 2009 Components of a Network • To fully understand the importance of network security, you need to know the elements of a network. – – – – Networking devices Host Shared peripherals Networking media Security measures must be implemented in those areas above Network security is not only limited to the above but also to people, data, software and procedures Computer Network Security 2009 Securing the components • A network can be either or both the subject of an attack and or the object of an attack. • When a network is – the subject of an attack, it is used as an active tool to conduct the attack. – the object of an attack, it is the entity being attacked. Computer Network Security 2009 Balancing Security and Access • Impossible to obtain perfect Network security – Security is not an absolute; it is a process • Security should be a balance between protection and availability • To achieve balance, the level of security must allow reasonable access, yet protect against threats Computer Network Security 2009 Bottom Up Approach • Network security should be ensured from the grass-root. – Network administrators attempt to improve the security of their network • It hardly works since it lacks critical features – Participant support – Organizational staying power Computer Network Security 2009 Top-down Approach • • • • • Initiated by upper management Issue policy, procedures, and processes Dictate the goals and expected outcomes of the project. Determine who is accountable for each required action Pluses – Clear planning – Dedicated funding – Chance to influence the Organization’s culture • May involve a formal development strategy referred to as a systems development life cycle • It’s the most successful Computer Network Security 2009 Network security development life Cycle • Network security must be managed in a manner similar to any other major system implemented • Using a methodology – Ensures a rigorous process – Avoids missing steps • Goals is to create a comprehensive security posture/program Computer Network Security 2009 Network SecuritySDLC • It may be: – Event driven – started in response to some occurrence – Plan-driven – as a result of a carefully developed implementation strategy • At the end of each phase comes a structured review Computer Network Security 2009 Investigation-Step 1 • What is the problem the system is developed to solve? • The objectives, constraints, and scope of the project are specified • Cost • Feasibility analysis is performed to assess the economic, technical feasibility of the process Computer Network Security 2009 Analysis- Step 2 • Consists of primarily – Assessments of the organisation – The status of current systems – Capability to support the proposed system • Analysts begin to determine – What the new system is expected to do – How the new system will interact with existing systems • Ends with the documentation of the findings and a feasibility analysis update Computer Network Security 2009 Logical Design-step3 • Based on security need, applications are selected. • Data support and structures capable of providing the needed inputs are identified. • Device naming, protocols enabling done, restriction defined. • An over view of the network operational functionality are portrayed. Computer Network Security 2009 Physical Design-step 4 • Specific technologies are selected to support the alternatives identified and evaluated in the logical design • Selected components are evaluated • Entire solution is presented to the end-user representatives for approval Computer Network Security 2009 Prototyping • Design a simple network but representing the system suggested by use of interactive tools (packet tracer) • It should be able to achieve all the objectives of the proposed Network as far security is concerned. • If successful, then implementation can take place. Computer Network Security 2009 Implementation-step 5 • Components are ordered, received, assembled and tested. • Users are trained and documentation created. Computer Network Security 2009 Maintenance and changestep 6 • Tasks necessary to support and modify the network for the remainder of its useful life • The life cycle continues until the process begins again from the investigation phase • When the current system can longer support the mission of the organization, a new project is implemented Computer Network Security 2009 Objectives of the Network Security SDLC • To identify threats and controls to counter them • Identify the statement of program security policy • To identify, assess and evaluate the levels of risks • To create a detailed plan of the Network Computer Network Security 2009 lecture2 Computer Network Security 2009 Security Concepts • Challenge Handshake Authentication Protocol (Chap) • Certificates • Security Tokens • Kerberos • Multi-factor • Smart Cards • Biometrics • Services and protocols • Security Topologies Computer Network Security 2009 Challenge Handshake Authentication Protocol • It’s a protocol that challenges a system to verify identity. • It doesn’t use username and password mechanism rather the initiator sends a logon request from the client to server. • Server sends a challenge to the client • Challenge is encrypted and sent back to the server. • Server compares value and acts according. • It basically involves three steps – Logon request & challenge – Response from client – Authorize or fail Computer Network Security 2009 certificates • They are a form of authentication. • Server or certificate authority can issue a certificate that will be accepted by the challenging system. • Certificates can either be physical access devices (smart cards) or electronic certificates that are used as logon process. Computer Network Security 2009 Security Tokens • Similar to certificates • Contain the rights and access privileges of the token bearer as part of the token • If your token does not grant access to certain information that information will either not be displayed or your access will be denied. • The authentication system creates a token every time a user or a session begins. • At the completion of a session, the token is destroyed. Computer Network Security 2009 Kerberos • Kerberos allows for a single sign-on to a distributed network. • Kerberos authentication process uses a Key Distribution Center (KDC) to coordinate the entire process. • The KDC provides the principle (users, programs or systems). • KDC provides a ticket to the principle. • Ticket is used to authenticate against other principle. • This occurs automatically when a request or service is performed by another principle. Computer Network Security 2009 Multi-Factor • It a method of authentication where two or more of access methods are used. • Two-factor is an authentication system that uses smart cards and passwords. Computer Network Security 2009 Smart Cards • It’s a type of card that can allow access to multiple resources including buildings, parking lots and computers. • Each area or computer will have a reader in which you can either insert your card or have it scanned. • This card contains information about your identity and access privileges. • The reader is connected to the workstation and validates against the security system. Computer Network Security 2009 Biometrics • Biometric devices use physical characteristics to identify the users • They include • hand scanners (fingerprints, scars) • retinal scanner (eye retinal patterns) • DNA scanner (unique portion of DNA structure) Computer Network Security 2009 Protocols and Services • They are a key part of security Some protocols send passwords over the network unencrypted. They include: Telnet FTP SNMP etc Computer Network Security 2009 Computer Network Security • • • • Design Goals Security Zones Technologies Business Requirement Computer Network Security 2009 Design Goals • It deals with ensuring confidentiality, Integrity, Availability, Accountability. • Also different people must be identified Computer Network Security 2009 Design Goals • Confidentiality To prevent or minimize unauthorized access and disclosure of data and information • Integrity To make sure that the data being worked on is the correct • Availability To protect data and prevent its loss Accountability who is responsible?? Computer Network Security 2009 Security Zones • This is a design method that isolates systems from other systems or networks. • Most common Security Zone – – – – Internet Intranet Extranet DMZ Computer Network Security 2009 Security Zones • It’s a global network that connects computer and networks together. • Low-trust level • Intranet It’s a private network implemented and maintained by an individual company or organization. They can also be connected to the Internet but are not available for access to users that are not authorized to be part of the Intranet. Access to the Intranet is granted to trusted users inside the corporate network or users in remote locations. Computer Network Security 2009 Security Zone • Extranet • It extends intranets to include outside connection using a secure communications channel using the Internet. • The connections are between trustworthy organizations which may be through Internet thus use of Tunneling protocol to accomplish a secure connection. Computer Network Security 2009 DMZ • Demilitarized Zone (DMZ) • It is an area where a public server is placed for accessibility by people not trusted. • Isolating a server in a DMZ access to other areas in the network is hidden. • Within the network the server can be accessed but the outsiders can not have access to the internal network. • This is accomplished by use of firewalls. Computer Network Security 2009 Network Security Technologies • Virtual Local Area Networks (VLANs) • A VLAN enables the creation of groups of users and systems and segments them according to functions or departments (grouped logically in stead of physically). • Segments are hidden away from each other. • VLAN can also be set up to control the paths that data takes to get from one point to another • Network Address Translation (NAT) • Tunneling Computer Network Security 2009 Network Address Translation (NAT) • NAT creates a unique opportunity to assist in the security of a network. • NAT extends the number of usable internet addresses • It allows the organization to a single address to the Internet for all computer connections. • NAT effectively hides a network from the world. • NAT server acts as a firewall on the network. • Also routers support NAT translation. Computer Network Security 2009 Tunneling • It refers to the ability to create a virtual dedicated connection between two systems or networks. • A tunnel is created between the two ends by encapsulating the data in a mutually agreed upon protocol for transmission. • Data passed through tunnels appears the other side as part of the network. • Tunneling protocols include data security as well as encryption. Computer Network Security 2009 Business Concerns • This is about making a conscious examination of the current security situation. • Asset identification • Risk assessment • Threats identification • Vulnerability evaluation Computer Network Security 2009 • Asset identification • It’s the process in which a company attempts to place a value on the information and systems in place Computer Network Security 2009 Security Threat and Counter Measures • Attacks • Malicious Software • Counter measures Computer Network Security 2009 Attacks • An attack is an act performed by an individual or group of individuals in attempt to access, modify or damage a system. • Attacks are classified into three: – Access Attacks – Modification and Repudiation Attacks – Denial of service Attacks Computer Network Security 2009 Access Attacks • An attempt to gain access to information that the attacker is not authorized to have. • They bleach confidentiality • Can be external or internal • Can be done through use of Physical access or capturing information over the network. Computer Network Security 2009 Physical Access Method • Dumpster diving is a physical access method. • Access to information (on paper) that has been thrown away. • Papers that contain sensitive information should be burnt done if no longer in use. Computer Network Security 2009 Capturing information over the network types • Eavesdropping It’s a process of listening in on network traffic due to carelessness of the networks in communication. Is a passive attack • Snooping It involves someone searching through the electronic files trying to find something interesting. Computer Network Security 2009 Conti • Interception is act of routinely monitoring of network traffic. • It includes putting a computer system between the sender and the receiver to capture information as it is sent. Computer Network Security 2009 Modification and Repudiation Attacks • Modification Attacks • Changing or modifying information in an unauthorized manner. • Similar to access attacks because they require access to the servers. • Involves deletion, insertion or alternation of information that appears genuine to the user. • Repudiation Attacks • Changes information to invalid or misleading Computer Network Security 2009 Denial of Service Attacks (DoS) • Denials users access to resources that they are authorized to use. • For example, an attacker may attempt to bring down an e-commerce website to prevent or deny usage by legitimate customers. • Common on the internet. • DoS can deny access to information, applications, systems or communications. • Dos attack on an application brings down the website but communication and systems continue to operate. Computer Network Security 2009 Conti DoS • DoS attack to a system the operating system is crashed. • Common Dos attack involves opening as many TCP sessions as possible. Its called TCP SYN flood Dos attack. • Distributed Denial of Service Attacks (DDoS) • Use of multiple computers to attack a single organization. • Attacker loads an attack program onto many computer systems (zombies) that use DSL or cable modems. • The master computer sends a signal to the computers instructing them to launch an attack at once on the target network or system. Computer Network Security 2009 Common Attacks • Back Door Attacks • Gains access to the system then loads a Backdoor program. • Program allows other users access without password and gives administrative privileges. • Tools used to create backdoors; Back Orifice, Netbus. Computer Network Security 2009 Conti common Attacks • Spoofing Attacks • Its an attempt by someone or something to masquerade as someone else. • Uses Program that fakes a logon • The client enters username and password which the attacker copies but still access to the user is denied Computer Network Security 2009 Conti Common Attacks • Man in the Middle • Software is place between the client (user) and server • The user intercepts and then sends the information to the server. • Server responds to the middle man knowing it’s the legitimate user. • Middle man may alter, record or compromise security standards of the user. • Middle man appears to be the server to the user. Computer Network Security 2009 Conti Common Attacks • Replay Attack • Information is captured over the network and stored for later use. • Eg security certificate from systems like kerberos tapped and later used for the authentication process. • Access is gained. Computer Network Security 2009 Conti common attacks • Password Guessing Attacks • Two types of password guessing – Brute Force Attack Its an attempt to guess passwords until a successful guess occurs. (passwords should be long) – Dictionary Attack Attack that uses a dictionary of common words to attempt to find the password of the user Computer Network Security 2009 Network Attacks in Regards to TCP/IP • TCP/IP protocol suite is broken down into four protocol or architecture layers. • Application Layer • Host-to Host or Transport layer • Internet layer • Network Interface layer Computer Network Security 2009 TCP/IP Architecture layer HTTP SMTP TCP UDP IP Network Topology Application Transport Internet Network Access Computer Network Security 2009 Application Layer • It’s the highest layer of the TCP/IP suite. • It allows applications to access services or protocols to exchange information. • Application protocols include: HTTP, FTP, SMTP, Telnet, DNS, RIP, SNMP & POP Computer Network Security 2009 Application protocols • Hypertext Transfer Protocol (HTTP) is the protocol used for web pages and the World Wide Web. • File Transfer Protocol (FTP) is an application that allows connections to the server for upload and download of files. • Simple Mail Transfer Protocol (SMTP) is the protocol that controls electronic mail communications. • Telnet is an interactive terminal emulation protocol. It allows a remote user to conduct an interactive session with a Telnet server. Computer Network Security 2009 Application Protocol • Domain Name System (DNS) allows hosts to resolve host names to an Internet Protocol (IP) address. • Routing Interior Protocol (RIP) allows routing information to be exchanged between routers on an IP Network. • Simple Network Management Protocol (SNMP) it’s a management tool that allows communications between network devices . • Post Office Protocol (POP) Computer Network Security 2009 Host-to Host/Transport • Provides the Application layer with session and datagram communications services. • Protocols in this layer are: • Transmission Control Protocol (TCP) • User Datagram Protocol (UDP) Computer Network Security 2009 Transport layer Protocols • TCP provides a reliable one-to-one connection-oriented session. It ensures that all packets have been received at the destination. Packets are decoded and sequenced properly. • UDP provides unreliable connections. It does no error checking Computer Network Security 2009 Transport Layer • TCP and UDP both use ports to define the communication process by adding it on their header in the segment. • Ports are special addresses that allow communication between hosts. • A port is a number added from the originator indicating which port to communicate with on the server. • Internet Assigned Numbers Authority (IANA) defined a list of well known port numbers Computer Network Security 2009 Transport layer • Well known TCP ports TCP Port No: Service 20 FTP (Data channel) 21 FTP (Control Channel) 23 Telnet 25 SMTP 80 HTTP 139 NetBIOS Session Service 443 HTTPS Computer Network Security 2009 Transport layer • TCP Three-Way Handshake. This a method the TCP uses to establish sessions between hosts. • A host called a client initiates the connection. It sends a TCP segment containing an initial Sequence Number( ISN) for connection and a window size to the server (SYN). • The server sends back a segment containing an ISN and a window size. (SYN/ACK) • The client sends an acknowledgement to the server agreeing to the terms. (ACK) Computer Network Security 2009 Internet Layer • This layer is responsible for routing, IP addressing and packaging. It deals with 4 protocols • Internet Protocol (IP) • Address Resolution Protocol (ARP) • Internet Control Management Protocol (ICMP) • Internet Group Management Protocol (IGMP) Computer Network Security 2009 Internet protocols • IP is responsible for ip addressing. It only routes information but doesn’t clarify for accuracy. It is interested in the destination address. If not known it sends information to the router. • ARP is responsible for resolving IP addresses to Network Interface layer including Hardware addresses (Media Access Control-MAC ) used to identify hardware network devices such as Network Interface Card (NIC) Computer Network Security 2009 Internet protocols • ICMP provides maintenance and reporting functions. PING program uses it to test for connectivity. ICMP returns feedback. Either Reply from the pinged host or Host unreachable message. Routers and other Networking Devices report path information between hosts with ICMP. • IGMP manages IP multicast groups. IP Multicast sends packets to a specified group of hosts. Computer Network Security 2009 Network Interface Layer • Responsible for placing and removing packets on the physical network Computer Network Security 2009 TCP/IP Attacks • TCP/IP can be attacked by both the outsiders and insiders. However the outsiders can be blocked by use of networking devices like routers. The insiders are more likely to carry out attacks because they have access to all protocols used in the network. Computer Network Security 2009 Network Sniffers • A network sniffer is a device that captures and displays network traffic. Computers existing on the network have the ability to operate as sniffers. Network Cards only pass up information to the protocol stack if the information is intended for that computer. • Most NICs can be placed in promiscuous mode. • Promiscuous mode allows NIC cards to capture all information that it sees on the network. Computer Network Security 2009 Port Scans • Port scan is when an attacker queries your network to determine which services and ports are open. • Note that unless routers are configured appropriately, will let all of the protocols pass through them. • Once the attacker knows the IP addresses of any system in the network, he/she can attempt to communicate with the ports open in the network. Computer Network Security 2009 TCP SYN or TCP ACK Flood Attack • TCP begins as a normal TCP connection. However in this attack the client continually sends and receives the ACK packets but does not open the session. Thus the connection doesn’t take place. Routers can track and attempt to prevent this attack. Computer Network Security 2009 TCP Sequence Number Attack • The attacker intercepts between the client and server and then responds with a sequence number similar to the one used in the original session or hijack a valid session. The victim then receives a message that there is a disconnection and so a new connection is established. Computer Network Security 2009 Malicious code • Do research on malicious code and had in before 17th September 5:00pm Computer Network Security 2009 Risk Assessment • Is the process of determining the relative risk for each vulnerability. Vulnerabilities and threats are identified. • Vulnerability is a specific avenue that threat agents can exploit to attack an information asset. • A threat is an object, person, or other entity that represents a constant danger to an asset. It therefore has potential to attack any of the assets protected. • For each threat or vulnerability the severity of impact upon the system’s confidentiality, integrity and availability, the likelihood of the vulnerability exploit occurring given existing security controls are determined. Computer Network Security 2009 Risk Assessment • The product of the likelihood of occurrence and the impact severity results in the risk level for the system based on the exposure to the threat/vulnerability pair. • Risk level is determined for each vulnerability and threat then the safeguards are identified for pairs with moderate or high risk levels. • The risk is re-evaluated to determine the remaining risk, or residual risk level, after the safeguard is implemented. Computer Network Security 2009 Risk Assessment • • • • It has three main phases: Network System Documentation Risk Determination Safeguard Determination Computer Network Security 2009 Network system Documentation Phase • It provides the background information to describe the network and the data it handles, and the assets involved and their worth. • It establishes a framework for subsequent RA phases. • Network identification that includes – Network description – Functions and Assets – Network Security level determination Computer Network Security 2009 Document Network Identification • It includes: • Documenting the Network name, the particulars of the organization in which the network belongs, the type of network and other related information. • Documenting the contacts of the network managers and other related information. • Identify the individual (s) responsible for security and the component’s Information Network Security Officer. Computer Network Security 2009 Document Network Purpose and Description (Asset Identification) • Document a brief description of the function and purpose of the Network and the organizational Business processes supported including functions and transmission of data. • Description of general technical description of the network including the physical and logical topologies. Also identify factors that raise special security concerns. Computer Network Security 2009 Document Network Identification • This includes Documenting Network Security Level using the steps below. • Describe and document the information handled by the network and identify the overall network system security level as Low, Moderate or High. • Describe requirements for the Three pillars of information Confidentiality, Integrity and Availability. Computer Network Security 2009 Risk Determination Phase • Its goal is to calculate the level of risk for each threat/vulnerability based on: • The likelihood of a threat exploiting a vulnerability • The severity of impact that the exploited vulnerability would have on the system, its data and its business function in terms of loss of confidentiality, loss of integrity and loss of availability. Computer Network Security 2009 Risk Determination Phase Steps • This six-step process is conducted for each identified threat/vulnerability pair • Identify potential dangers to information and the network (threats) • Identify the Network weakness that could be exploited (vulnerabilities) associated to generate the threat/vulnerability pair. • Identify existing controls to reduce the risk of the threat to exploit the vulnerability. Computer Network Security 2009 Risk Determination phase steps • Determine the likelihood of occurrence for a threat exploiting a related vulnerability given the existing controls. • Determine the severity of impact on the system by an exploited vulnerability. • Determine the risk level for a threat/vulnerability pair given the existing controls. Computer Network Security 2009 Risk Determination Phase Table Item No. Threat Name Vulnerability Name Risk description Exiting controls Likelihood of occurrence Computer Network Security 2009 Impact severity Risk level Identification of Network Threats • Identify threats that could have the ability to exploit Network vulnerability. • Each threat identified has potential to attack any of the assets protected. • To make this more manageable, each step in the threat identification and vulnerability identification process is managed separately and then coordinated at the end of the process. • Each threat must be further examined to assess its potential to impact organization which is called threat assessment. Computer Network Security 2009 Network Vulnerability Identification • Identify Vulnerability associated with each threat to produce a threat/vulnerability pair. • Vulnerabilities may be associated with either a single or multiple threats. • Previous documentations, reports and security bulletins may be used to identify vulnerabilities. Computer Network Security 2009 Describe Risk • Describe how the Vulnerability creates a risk in the system in terms of confidentiality, integrity and availability elements that may result in a compromise of the Network and the data it handles. Computer Network Security 2009 Identification of Existing Controls • Identify existing controls that reduce: – The likelihood or probability of a threat exploiting an identified system vulnerability. – The magnitude of impact of the exploited vulnerability on the system. • Existing controls may be management, operational and technical controls depending on the identified threat/vulnerability pair and the risk to the Network. Computer Network Security 2009 Likelihood of Occurrence (LoC) Determination • Determine the likelihood that a threat will exploit a vulnerability. • Likelihood is an estimate of the frequency or the probability of such an event. • Likelihood of occurrence is based on a number of factors that include Network architecture, information system access, existing controls, strength and nature of the threat and presence of vulnerabilities among others. Computer Network Security 2009 Likelihood of Occurrence Determination Likelihood of Occurrence Levels likelihood Description Negligible Unlikely to occur Very low Likely to occur two/three times every five years. Low Likely to occur every year or less Medium Likely to occur every six months or less High Likely to occur once per month or less Very high Likely to occur multiple times per month Extreme Likely to occur multiple times per day Computer Network Security 2009 Severity of Impact (SoI) determination • Determine the magnitude of severity of impact on the system’s operational capabilities and data if the threat is realized and exploits the associated vulnerability. • Determine the severity of impact for each threat/vulnerability pair by evaluating the potential loss in each security category (C.I.A). • The impact can be measured by loss of Network functionality, degradation of system response time, loss of public confidence or unauthorized disclosure of data. Computer Network Security 2009 Severity of Impact determination • Impact severity levels are: – – – – Insignificant-have no impact Minor-minor effect cost of repair not much Significant-Tangible harm Damaging-damage reputation ie loss of confidence and requires expenditure of significant resources to repair. – Serious-loss of connected users,compromise of information or services – Critical –cause Network to be closed permanently Computer Network Security 2009 Risk Level Determination • Risk can be expressed in terms of the likelihood of the threat exploiting the vulnerability and the impact severity of that exploitation on the C.I.A of the Network. • Mathematically Risk Level=LoC*SoI Computer Network Security 2009 Safeguard Determination Phase • This involves identification of additional controls, safeguards or corrective actions to minimize the threat exposure and vulnerability exploitation for each threat/vulnerability pair identified in Risk determination phase and resulting in moderate or high risk levels. Computer Network Security 2009 Safeguard Determination Phase steps • Identify the controls to reduce risk level of an identified threat/vulnerability pair • Determine the residual LoC of the threat if the recommended safeguard is implemented. • Determine the residual impact severity of the exploited vulnerability once the recommended safeguard is implemented. • Determine the residual risk level for the system. Computer Network Security 2009 Safeguard Determination Phase table Item No. Recommended Safeguard Description Residual LoC Residual Impact Severity Computer Network Security 2009 Residual Risk level Identification of Safeguards • Identify control safeguards for each threat/vulnerability pair with a moderate or high risk level. • Its purpose of the recommended safeguard is to reduce or minimize the level of risk. Computer Network Security 2009 Identification of Safeguards • Factors to consider when choosing a safeguard are: – Security area where the control/safeguard belongs, such as management, operational, technical; – Method the control/safeguard employs to reduce the opportunity the threat to exploit the vulnerability, – Effectiveness of the proposed control/safeguard to mitigate the risk level. – Policy and architectural parameters required for implementation. • Recommended safeguards will address the security category (C.I.A) identified during the risk analysis process that may be compromised by the exploited vulnerability. Computer Network Security 2009 Residual LoC Determination • Determine the likelihood or probability of an attack occurring • If the attack is successful how much impact does it have on the Network? Computer Network Security 2009 Residual Risk level Determination • Determine the residual risk level for the threat/vulnerability pair and its associated risk once the recommended safeguard is implemented. • Residual Risk level is determined by examining the likelihood of occurrence of the attack exploiting the vulnerability and the impact severity factors in categories of C.I.A Computer Network Security 2009 RISK MITIGATION • This is the second phase of risk management of course the first being risk Assessment. • It is a systematic methodology used by senior management to reduce mission risk. It involves prioritizing, evaluating and implementing the appropriate riskreducing controls recommended from the risk assessment process. Computer Network Security 2009 RISK MITIGATION • The risk mitigation options: • Risk Assumption-To accept the potential risk and continue operating the IT system or to implement controls to lower the risk to an acceptable level. • Risk Avoidance- To avoid the risk by eliminating the risk cause and/or consequence (eg.forgo certain functions of the system or shut down the system when risks are identified). • Risk limitation-To limit the risk by implementing controls that minimize the adverse impact of a threat,s exercising a vulnerability (eg, use of supporting, preventive, detective controls) Computer Network Security 2009 Risk Mitigation options • Risk Planning- To manage risk by developing a risk mitigation plan that prioritizes, implements, and maintains controls. • Research and Acknowledgment- To lower the risk of loss acknowledging the vulnerability or flaw and researching controls to correct the vulnerability. • Risk Transference- To transfer the risk by using other options to compensate for the loss, such as purchasing insurance. Computer Network Security 2009 Risk Mitigation note • It may not be practical to address all identified risks, so priority should be given to threat and vulnerability pairs that have the potential to cause significant mission impact or harm. Computer Network Security 2009 Risk Mitigation Strategy • When and under what circumstances should the controls be taken? • When vulnerability exists-implement assurance techniques to reduce the likelihood of a vulnerability’s being exercised. • When a vulnerability can be exercised- Apply layered protections, architectural designs and administrative controls to minimize the risk of or prevent this Computer Network Security 2009 Risk Mitigation Strategy • When loss is too great-Apply design principles, architectural designs and technical and nontechnical protections to limit the extent of the attack, thereby reducing the potential for loss. • When the attacker’s cost is less than the potential gain- Apply protections to decrease an attacker’s motivation by increasing the attacker’s cost (eg. Use of Network system controls such as limiting what a user can access and do can significantly reduce an attacker’s gain). Computer Network Security 2009 Approach for Control Implementation • The following steps must be taken: – – – – Prioritize Actions -step1 Actions ranking from High to Low -step2 List of feasible controls -step3 Cost-benefit analysis describing the cost and benefits of implementing or not implementing the controls .-step4 – Select Control -step5 – Assign Responsibility -step6 – Develop a safeguard Implementation Plan -step7 Computer Network Security 2009 Approach for Control Implementation • Prioritize Actions • Basing on the Risk levels presented in Risk assessment implementation actions are prioritized. • High takes the first priority, then meduim and lastly low • Evaluate Recommended Control Options • During this step the feasibility and effectiveness of the recommended control options are analyzed. The main objective is to select the most appropriate control option for minimizing risk. Computer Network Security 2009 Approach for Control Implementation • Conduct Cost-Benefit Analysis This is to aid management in decision making and to identify cost-effective controls. • Select Control The controls selected should combine technical, operational and management control elements to ensure adequate security for the Network. Computer Network Security 2009 Approach for Control Implementation • Assign Responsibility Appropriate persons who have the appropriate expertise and skill-sets to implement the selected control are identified, and responsibility is assigned. Computer Network Security 2009 Approach for Control Implementation • Develop a Safeguard Implementation Plan. The plan should at minimum contain the following: – – – – Risks and associated risk levels Recommended controls Prioritize actions Selected Planned controls (determined on the basis of feasibility, effectiveness, benefits to the organization, and cost) – Required resources for implementing the selected planned controls. Computer Network Security 2009 Approach for Control Implementation – – – – Lists of responsible teams and staff Start date for implementation Target completion date for implementation Maintenance requirements • Implement selected controls The implemented controls may lower the risk level but not eliminate the risk. Computer Network Security 2009 Control Categories • Controls are categorized into: • Technical Network security • Management Network Security Controls • Operational Network Security Control Computer Network Security 2009 Technical Network security • This requires security configuration to set onto machines and software installed that guards against threats. The measures should work together to secure critical and sensitive data, information, and Network functions. • Technical controls can be grouped into: – Supporting Technical controls – Preventive Technical controls – Detection and Recovery Technical controls Computer Network Security 2009 Supporting Technical Controls • These are basic controls onto which other controls are implemented. They are interrelated with other controls. They are also categorized into: – Identification- provide ability to uniquely identify users, processes and information process. – Cryptographic Key Management- Includes secure key generation, distribution, storage and maintenance – Network Security Administration- Security features must be configured ie enable/disable. – Network Protection- Protection in terms of the various security functionality to be implemented. Computer Network Security 2009 Preventive technical Controls • These basically prevent the violation of security policies. They include: – Authentication- proving that identity is what it claims to be. – Authorization-permits/denys actions for a given network. – Nonrepudiation- deals with ensuring that sender don’t deny sending information and the receivers not denying that they received the information. – Protected Communication- ensures C.A.I while in transit. It uses data encryption methods to minimize interceptions, packet sniffing, replay etc. – Transaction Privacy- protects against loss of privacy with respect to transactions performed by an individual. This achieved through use of Secure Sockets layer, secure shell. Computer Network Security 2009 Detection and Recovery Technical Controls • Detection controls warn of violation or attempted violations of security policy they include Intrusion Detection methods. • Recovery controls are used to restore lost computing resources. • Detection and Recovery controls include: – Audit- Monitoring and tracking the abnormalities after-the-fact detection of and recovery from security breaches. Computer Network Security 2009 Detection and Recovery Technical Controls – Intrusion Detection and Containment-Detects a security breach. – Proof of Wholeness- analyses network integrity and identifies exposures and potential threats. This control doesn’t prevent violations of security policy but detects violations and helps determine the type of corrective action needed. – Restore Secure State- This service enables System to return to a state that is known to be secure, after a security breach occurs. – Virus Detection and Eradication- Detects, identifies and eradicates viruses. Computer Network Security 2009 Management Security Controls • Management controls focus on the stipulation of information protection policy, guidelines and standards, which are carried out through operational procedures to fulfill the organization's goals and missions. • These controls are divided into: – Preventive Management Security Controls – Detection Management Security Controls – Recovery Management Security Controls Computer Network Security 2009 Preventive Management Security Controls • These controls include: – Assigning security responsibility to ensure that adequate security is provided for mission-critical. – Develop and maintain Network security plans to document current controls and address planned controls for Networks in support of the organizations mission. – Implement personnel security controls, including separation of duties. – Conduct security awareness and technical training to ensure that end users and system users are aware of the rules of behavior and their responsibilities in protecting the organisation’s mission. Computer Network Security 2009 Detective Management Security Controls • These controls include: – Implementing personnel security controls, including personnel clearance, background investigations, rotation of duties. – Conducting periodic review of security controls to ensure that the controls are effective. – Performing periodic system audits. – Conducting ongoing risk management to assess and mitigate risk. – Authorize Network system to address and accept residual risk. Computer Network Security 2009 Recovery Management Security Controls • These controls include: • Providing continuity of support and develop, test, and maintain the continuity of operations plan. • Establishing an incident response capability to prepare for, recognize, report, and respond to the incident and return the Network to operational status. Computer Network Security 2009 Operational Security controls • Organisation has to establish a set of controls, policies and guidelines to ensure that security procedures are enforced and implemented. Management comes in handy to make sure that the policies are implemented. Preventive Operational • Examples of operational security controls : Provide backup Secure wiring closets that house hubs and cables Safeguard computing devices Computer Network Security 2009 Operational Security controls • Detection Operational Controls include: Provide physical security (sensors and alarms) Ensure environment security (use of smoke and fire detectors, sensors and alarms). Computer Network Security 2009 Cost-Benefit Analysis • Allocate resources and implement cost-effective controls. • Identify all possible controls and evaluate their feasibility and their effectiveness. • Consideration: – Determine the impact of not and implementing the new enhanced controls. – Estimate the cost of implementation • • • • Hardware and software costs Additional policies Training costs Maintenance costs Computer Network Security 2009
