Basics of Internet Security



Similar documents
CISCO IOS NETWORK SECURITY (IINS)

Cisco Advanced Services for Network Security

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

COSC 472 Network Security

CMPT 471 Networking II

A typical router setup between WebSAMS and ITEd network is shown below for reference. DSU. Router

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Intro to Firewalls. Summary

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

By David G. Holmberg, Ph.D., Member ASHRAE

Security threats and network. Software firewall. Hardware firewall. Firewalls

Cisco Certified Security Professional (CCSP)

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

SonicWALL PCI 1.1 Implementation Guide

UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY

Chapter 11 Cloud Application Development

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

3. Firewall Evaluation Criteria

Information Technology Cyber Security Policy

Internet Security Firewalls

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Internet Security Firewalls

Security Technology: Firewalls and VPNs

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

- Basic Router Security -

Network Security Policy

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Potential Targets - Field Devices

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Firewalls, Tunnels, and Network Intrusion Detection

IT Security Standard: Network Device Configuration and Management

Best Practices For Department Server and Enterprise System Checklist

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

Information Technology Security Procedures

Network Security Guidelines. e-governance

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Fig : Packet Filtering

Consensus Policy Resource Community. Lab Security Policy

Central Agency for Information Technology

Name. Description. Rationale

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Best Practices for PCI DSS V3.0 Network Security Compliance

How To Protect Your Network From Attack

ADM:49 DPS POLICY MANUAL Page 1 of 5

ICANWK406A Install, configure and test network security

FIREWALLS & CBAC. philip.heimer@hh.se

Firewalls. Chapter 3

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Executive Summary and Purpose

INTRUSION DETECTION SYSTEMS and Network Security

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

8. Firewall Design & Implementation

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

STANDARD ON LOGGING AND MONITORING

SCADA SYSTEMS AND SECURITY WHITEPAPER

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

A Decision Maker s Guide to Securing an IT Infrastructure

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Building A Secure Microsoft Exchange Continuity Appliance

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

How To Secure An Rsa Authentication Agent

Intranet, Extranet, Firewall

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

INFORMATION TECHNOLOGY ENGINEER V

CSCI 4250/6250 Fall 2015 Computer and Networks Security

How To Pass A Credit Course At Florida State College At Jacksonville

Firewalls (IPTABLES)

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Passing PCI Compliance How to Address the Application Security Mandates

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Achieving PCI-Compliance through Cyberoam

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

CS5008: Internet Computing

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Transcription:

Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational goals. Technowave provides best of breed solutions to real world problems for the Small to Medium Business (SMB) market. In addition to strategic consulting, Technowave provides system architecture, project management, development and implementation services. Technowave also provides technical and knowledgeable professional with Innovative Technologies to organizations on a flexible, contract and permanent basis focusing according to the client's dynamic needs. For additional copies of this whitepaper, or to explore partnership opportunities with Technowave, please contact us as follows. Technowave Inc. 900 Pump Road, Suite 69 Richmond, VA 23238 Tel: (804) 740-0957 Fax: (804) 740-0958

Businesses rely heavily on the integrity of an ever-increasing supply of data and information, as well as the associated processing and storage systems used to manage It. The complexity of access administration and security has increased significantly as we move from centralized to distributed computing environments. Especially increased Internet use in businesses has particularly high impact on security measures deployed at a company. This section of the paper discusses some of the major threats to Internet security, and explains how these threats must be addressed in enterprise-wide networking. In every business, e-commerce and e-business initiatives are intended to bring together employees, customers, partners, suppliers, and distributors to exchange and access information through the Internet. However, these business environments create vulnerabilities that allow both internal and external users to damage the information systems through malicious acts of fraud and vandalism. Therefore, businesses should examine their vulnerabilities before developing any security solutions. The major network infrastructure elements that can be accessed and vandalized through the Internet will now be discussed. Firewalls A firewall is a device that is placed at the point where the Internet enters your facility, controlling network traffic for security purposes. Firewalls are specialized systems that are placed between external networks and companies internal networks to control access to systems connected to those internal networks. Firewalls work in conjunction with the routers to process all packets from or to remote network entities, and to allow only pre-approved traffic to or from pre-approved hosts. The following security measures should be employed to protect the firewalls:

The firewalls should hide the identity of internal hosts by connecting remote entities to the firewall instead of to the actual server by establishing a separate connection to the real service provider. Configure to accept root login only from the connected console device. Configure to discard source-routed IP packets. Configure to detect and discard IP packets carrying tunneled network packets. Configure with appropriate proxy agents for applications such as ftp, telnet and smtp. Configure to reject telnet or ftp sessions originating from external hosts or received upon the external network interface connection. Routers A router is a device that determines the next network point to which a packet of information should be forwarded. Using the routing protocols and network layer of the OSI model, a router connects two or more networks. Based on the Vertical Market Security Report 2003, the financial sector is having the worst record for router security compared to other sectors, with 94 % of financial organizations tested showing basic flaws that could cause major disruption to online banking services. Therefore, routers are highly vulnerable to attacks, including gaining routing information, spoofing, and denial of service attacks. Routers can be protected from attacks by employing the following security measures: Use strong encryption algorithm for routers password. Restrict any telnet access to a router. Display details of civil and/or criminal penalties during unauthorized access of the system.

Use Simple Network Management Protocol (SNMP) Version 3 instead of Version 1 to access a router. Control access to a router through the use of the Terminal Access Controller Access Control System Plus (TACACS+). Authenticate and secure IP routing. Hosts A host is a server that provides the application services to other hosts that request them. These hosts can be utilized as web servers, operating systems, application servers, or data base servers. In addition, a host can use different hardware and software components from different vendors. Since the host is the point of communication for both internal and external users, it is extremely visible within the network. Therefore, hosts are highly vulnerable to virus attacks and unauthorized access to protected data. Hosts can be protected from attacks by employing the following security measures: Create user accounts only for those whose jobs require access to the system, and the accounts shall be configured securely. Disable unnecessary services. Provide essential services using the most current and well-tested versions of the software configured as securely as possible. Monitor the system configuration to detect intrusion attempts or other unauthorized system modifications. It is also important to isolate the servers that are accessible to external hosts and applications. These "exposed" systems are connected to each other on a series of

isolation networks. The isolation of these exposed hosts from direct external connections reduces the likelihood that they may be compromised. Also, they should be isolated from internal systems to reduce the chance of an attack on internal resources. Applications Applications provide business functionality that is intended to bring together employees, customers, partners, suppliers, and distributors to exchange and access information through the Internet. Since the applications are easily accessible through the Internet, they are highly vulnerable to, for example virus attacks and unauthorized access to protected data. Applications can be protected from attacks by employing the following security measures: Provide application access controls that will ensure the integrity, confidentiality, and availability of data and business processes which use the data. Control the least possible number of access privileges and is based on a demonstrated need to view, add, change, or delete data. Capture operating system s audit trails to ensure that authorized and unauthorized users are accountable for all access to online functions and data access. Limit the direct access to data or database. Test and document all application access controls and access groups. Conclusion Preservation of confidentiality, integrity and availability of information is the most challenging issue in the Internet world. Although the above security measures address some major security threats, it is good to establish and implement security standards, guidelines, and procedures for each network elements.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information