Computer / Network Security includes:
The control of the physical accessibility of computer / network
Preventing accidental data
Deletion, modification, compromise
Detection and prevention
Intentional violations of internal security
Unauthorized outside intrusions (hacking)
All three sides of the triangle must exist for a network intrusion to occur:
Pattern
One reason for wanting to break your security
Say
Capacity
Opportunity
Network access
The latter is only director the chance to control events.
Principles of Network Security:
Network security objectives are sometimes identified as confidential.
Only the sender and the receiver must "see" the message integrity.
Transmitter and receiver want to ensure that the message has not been altered in transit, or afterwords. Authentication
The transmitter and receiver want to confirm the identity of accessibility on the other.
Services and resources must be available and accessible.
Understanding risk:
A key principle of security is that no system is completely secure.
Information security is the management of risk in the first place.
Important element, the more it is exposed to security threats, more resources need to be taken to safeguard it.
Understanding risk management - 2:
In general, directors of education, without reacting to a threat to security in one of three ways:
Ignoring the threat or recognize, but do nothing to prevent it from happening.
Address the threat once.
Trying to complete all the security assets to the highest level, regardless of the user or management
None of these strategies taking into account the real risks are, and each of them usually leads to failure in the long term.
What are the risks?
Eavesdropping
Capture messages
Misappropriation
A similar role of the sender or recipient.
Insertion
Messages in an active connection
Imitation
Spoofing a source address in a packet or any other field in a packet
Denial of Service (DoS).
Prevent others from accessing resources, usually by a system overload.
Risk management:
When the funds and threats have been identified in risk management can be:
Approval
Mitigation
Transfer
Avoidance
Accept a risk:
If we do nothing proactive measures, you accept full exposure to security risks and consequences of the resource.
Must accept the risk only as a last resort when no other reasonable alternatives, or when the costs are very high.
With the adoption of a risk, it is always a good idea to create an emergency plan.
A contingency plan details a series of measures will be taken after the risk occurs and decrease the effect of the compromise for the loss of the asset.
Risk mitigation:
The most common way to protect computers and networks is to mitigate security risks.
By taking proactive steps to reduce it is an active subject to threats or to reduce dependence bodies of assets, you reduce the security risk.
A simple example: installing antivirus software.
Risk transfer:
Move the safety to the other party has many advantages such as:
Economies of scale, such as insurance.
Between competence and service organization.
Example: A web hosting service.
In carrying out this type of risk transfer, the details of the agreement must be clearly stated in a contract known as a service level agreement (SLA).
Avoid the risk:
The opposite of acceptance of risk is to avoid the risk altogether.
To avoid this, you must remove the source of the threat, the threat of exposure, or dependence on a resource organization.
Generally, you should avoid the risk when there is little or no options to mitigate or transfer risk, or where the consequences of achieving the risks outweigh the benefits of business risk.
An example might be military or police dBase, which, if compromised, could put lives at risk.
Implementation of security:
Thinking about security in terms of granting the least amount of privileges necessary to complete the task.
Example: Consider the case of a network administrator inadvertently open an attachment that launches a virus.
If the administrator is connected to a domain administrator, the virus will not have administrator privileges on all computers in the domain and unlimited access to almost all the information online.
Depth to:
Imagine the security of the network a number of layers.
Each layer as you pull away to get closer to town, where the critical assets exist.
In the network, each layer of defense, as if the previous coat is out ineffective or nonexistent.
The total network security will increase greatly if you stand at all levels and increase the fault tolerance of security.
Example: to protect users launch an e-mail virus transmission, in addition to antivirus software on users' computers, you can use email client software that blocks potentially dangerous file types to be executed, block potentially dangerous attachments based on their file type, and ensures that the user is running under a limited user account.
Reduce the attack surface:
An attacker needs to know of a single vulnerability to attack your network successfully, but you have to translate everything you defend your network for vulnerabilities.
The smaller your attack surface, the better chance you have to account for all assets and their protection.
Attackers will have fewer targets, and you will have less to monitor and maintain.
Example: To reduce the attack surface of individual computers on the network, you can disable services that are not used and delete the software that are not necessary.
Addressing security objectives:
Control physical access to
Servers
Workstations networked
Networking
Cable plant
Be aware of safety considerations with the media related to wireless laptops.
In recognition of security risks.
To allow data to be printed.
Involvement of floppy disks, CDs, tapes or other removable media.
Identify network security threats:
To protect your network, consider the following:
Question: Who or what, if you're protecting?
Who: The networks from intruders and their motivations.
What: types of network attacks, and how they work.
These questions form the basis for an analysis of threats.
A comprehensive analysis of threats must be the product of the exchange of ideas between people who know business processes, industry, security, etc..
Classification of specific types of attacks:
Social engineering attacks
DoS attacks
Scanning and scam
Source routing and other protocol used
Software and operating system
Trojans, viruses and worms
It 'important to understand the threats, in order to address properly.
Design plan, comprehensive protection:
RFC2196, the Site Security Handbook.
Identify what your trying to protect.
Determine what you are trying to protect.
Determine the probability of the threats that are planned.
Implement measures to protect their assets profitably.
Review the process and continue to make improvements each time a weakness is discovered.
Steps to create a safety plan:
Its overall security plan, consists of three different aspects of the protection of your network.
Prevention: measures to keep your information from being modified, destroyed or compromised.
Detection measures are implemented to recognize when a security breach has occurred or been attempted, and possibly the cause of the violation.
Response measures are implemented to recover from a security breach to recover lost or corrupted data, or restore operations of network system, and avoid in the future.
Safety Rating:
The U.S. government provides specifications for the assessment of network security implementations in a publication often called Orange Book, formerly known as the DOD Trusted Computer System.
The evaluation criteria, or TCSEC.
The Red Book, or interpretation of the Trusted Network TCSEC (TNI) explains how the TCSEC evaluation.
criteria apply to computer networks.
Canada has rating systems security, working in a similar way.
CTPEC
Safety assessments -2:
For a contract with the government, companies often required to obtain a rating of C2.
A rating of C2 has several requirements.
That operating system is able to access the monitoring data, including the two who have agreed and when asked.
Users' access to objects to be inspected (permits).
That users are identified in the system (user name and password).
That security-related events can be monitored and permanently recorded on control (audit log).
Tidak ada komentar:
Posting Komentar