Network Security. Task 1 Security Measures



Similar documents
Chapter 8: Security Measures Test your knowledge

Information Security

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

Chapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Top tips for improved network security

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web.

CloudDesk - Security in the Cloud INFORMATION

NETWORK AND INTERNET SECURITY POLICY STATEMENT

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Storing and securing your data

Protection of Computer Data and Software

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

PEER-TO-PEER NETWORK

Storage, backup, transfer, encryption of data

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

Threat Events: Software Attacks (cont.)

Computer Security Maintenance Information and Self-Check Activities

Computers and Society: Security and Privacy

Seminar Computer Security

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Acceptable Usage Policy

WEB ATTACKS AND COUNTERMEASURES

How to stay safe online

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

HIPAA Security Training Manual

How To Protect Decd Information From Harm

How Do People Use Security in the Home

Network and Workstation Acceptable Use Policy

Brainloop Cloud Security

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Stable and Secure Network Infrastructure Benchmarks

E-BUSINESS THREATS AND SOLUTIONS

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos

Countermeasures against Bots

2) applied methods and means of authorisation and procedures connected with their management and use;

Using a Firewall General Configuration Guide

GiftWrap 4.0 Security FAQ

Mountain Ash Comprehensive School Ysgol Gyfun Aberpennar. Network Security Policy

ABERDARE COMMUNITY SCHOOL

October Is National Cyber Security Awareness Month!

SHORT MESSAGE SERVICE SECURITY

The Bishop s Stortford High School Internet Use and Data Security Policy

High Speed Internet - User Guide. Welcome to. your world.

Newcastle University Information Security Procedures Version 3

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

How To Use A College Computer System Safely

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

COB 302 Management Information System (Lesson 8)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Data Security 2. Implement Network Controls

HoneyBOT User Guide A Windows based honeypot solution

Small businesses: What you need to know about cyber security

Computer Viruses: How to Avoid Infection

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Content Teaching Academy at James Madison University

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

Secure Frequently Asked Questions

Acceptable Use Policy

EXIN Information Security Foundation based on ISO/IEC Sample Exam

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

Comprehensive Anti-Spam Service

Common Remote Service Platform (crsp) Security Concept

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

How To Monitor The Internet In Idaho

CHAPTER 10: COMPUTER SECURITY AND RISKS

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

HOW SAFE IS YOUR DATA??

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3

WLAN Security Networking with Confidence

Denial of Service (DoS)

Transcription:

Task 1 Security Measures Connecting your computer to a network, particularly the Internet, can put your computer and your data at risk. It is important, therefore, that you take some steps to secure your system and files. There are three main ways of securing your computer system and its data. You can protect it with physical security, by implementing password protection and by assigning different levels of access to different users and groups. Physical security is a security mechanism based on hardware components, e.g., door locks, camera or a pass card reader, or personnel e.g. a security guard. These measures provide physical protection of resources against deliberate and accidental threats. The most common method of data access security is password protection. A password may be required to start a machine, to log on to a network, to run particular programs or to access individual folders or files. Passwords are not foolproof, however. There are several basic rules that apply to use of passwords, aimed at ensuring that unauthorised users cannot discover them. Passwords should not be written down or shared with others; they should be changed regularly; they should be a reasonable length around 8 characters and not obvious; they should be a mix of lower and upper case letters, numbers and symbols; and the system must restrict the number of times an incorrect password can be entered. Finally, you can further protect data on a computer system by applying different levels of access rights to different users or groups of users. You can offer no access to your personal folders or files, other files may be set to read only for viewing files or public files can have read/write or full access (which also allows the deletion of files or folders) to allow collaborative work. Questions 1. Should network administrators be able to find out individuals passwords? 2. State two examples of bad passwords and describe why they are unsuitable. 3. State two examples of good passwords and describe why they are suitable. 4. Describe types of physical security you may have seen in films or on television. 5. Which type of access do pupils have to the Central Resource Library? 6. Which type of access do you have to your My Documents folder? 7. Which type of access does your teacher have to your My Documents folder? 8. Which type of access does your teacher have to the Central Resource Library? Page 1

Task 2 Encryption Encryption is the transformation of data into a form unreadable by anyone without a secret decryption key. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it was not intended, including those who can see the encrypted data. Encryption may be used to make stored data private or to allow a non-secure communications channel to serve as a private communications channel. A cryptographic system uses two keys - a public key known to everyone and a private key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it. An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them and it is virtually impossible to deduce the private key if you know the public key. Public-key systems, such as Pretty Good Privacy (PGP), are becoming popular for transmitting information via the Internet. They are extremely secure and relatively simple to use. The only difficulty with public-key systems is that you need to know the recipient's public key to encrypt a message for him or her. Of course, it is possible to decrypt data by brute force, trying out every possible key until you get readable text. This however takes huge amounts of time depending upon the size of the key. The idea of a super computer designed to decrypt data is described in Dan Brown s novel, The Digital Fortress. Task To encrypt data, you must perform an operation on these binary codes. For example you might perform a logical XOR operation with a key. 0 XOR 0 = 0, 1 XOR 0 = 1, 0 XOR 1 = 1 1 XOR 1 = 0 E.g. FRED = 01000110 01010010 01000101 01000100 XOR each character using a key, e.g. 00000011 01000110 01010010 01000101 01000100 = FRED XOR 00000011 00000011 00000011 00000011 01000101 01010001 01000110 01000111 = EQFG To decrypt the data you must know the key and perform the same operation. If you try with another key the data will be garbled. Using ASCII codes, encode a four letter word using an 8 bit encryption key. Attempt to decrypt a classmates code. Page 2

Task 3 Security Requirements and Threats There are certain requirements of any network when transmitting data: Confidentiality user to user communication must be secure from unauthorised users viewing or accessing the data. Data Integrity data must be received without any changes being made to the data. Mathematical checks can be carried out to ensure that the binary data is not altered during its transmission. Availability the network must be reliable so that when users wish to make use of any network service, it is available. There are two main types of security threat when connected to a network. Passive threats where data transmissions are covertly monitored without a users knowledge and then using information without authorisation. Active threats when the data transmission is modified or a false stream is created. Questions 1. Describe a situation where the confidentiality of data is essential. 2. Describe a situation where the integrity of data is essential. 3. Describe a situation where the availability of a network is essential. 4. Describe a situation where a data stream could be under threat from a passive attack. 5. Describe a situation where a data stream could be under threat from an active attack. Page 3

Task 4 Denial of Service (DoS) Attacks In recent months there have been a series of news stories about criminals attempting to blackmail large companies by threatening to launch a Denial of Service attack on their website. The cost to a large e-commerce site of losing one day of trading can run into the hundreds of thousands of pounds as well as damaging their reputation and credibility. There is also the expense of restoring the server to full working order and securing it from further DoS attacks. In a DoS attack, you flood an Internet server with such a volume of traffic in a short time that it simply cannot cope and stops accepting requests for data. Typically, this would be a company s web or email server and in severe cases can force the server to completely cease operating. DoS attacks can also be used as a weapon against spammers, software pirates and other cyber criminals. Controversially, the search engine Lycos made available a screensaver which, when installed on a users machine, launched a distributed DoS attack on servers which persistently send junk or spam emails. Examples of denial of services are: Winnuke, Teardrop, Land, Nestea, Fraggle, Ping of Death, SYN flood, IP spoofing and Smurf attacks Task Investigate either one of the DoS examples named above or an example of a DoS attack against a large company. Prepare a presentation about your findings. Questions 1. Why would Amazon be wary of DoS attacks? 2. If no data is changed or deleted and if no viruses are released, could anyone conducting a DoS attack be charged under the Computer Misuse Act? 3. Do you agree with Lycos and their use of a DoS attack against spammers? Explain your decision. 4. How can cyber criminals make money through DoS attacks? 5. A mirror site is an exact replica of an Internet server. How can a mirror site help protect against. 6. What is meant by spoofing? 7. What is meant, therefore, by IP spoofing? Page 4

Task 5 Content Filtering Almost everyone with any experience or knowledge of the Internet will be aware of the volume of inappropriate and undesirable content on the World Wide Web. However there also exists a wealth of useful, educational and enjoyable content which you should be able to access easily. It is possible to by software programs which filter the content that can be viewed on a web browser. It screens out data by checking, for example, URLs or key words and blocking undesirable, dangerous or inappropriate Internet content. For home use the software can be installed on a single machine or organizations can block content at the server level. An alternative to trying to block the huge number of inappropriate sites is to create a walled garden. This is a sub-section of the Internet where users can only view a limited number of approved sites and all other content is blocked. While this ensures all content is suitable for the audience it does restrict the value of being able to actively research and exploit the huge number of valuable sites on the Internet. Task Search the web for information on either CyberSitter, NetNanny, CyberPatrol or similar. Write a short paragraph describing the product, how it works, how much it costs and how it can be customised to protect web users from being exposed to inappropriate content. Questions 1. In content filtering software, what are whitelists and blacklists? 2. Are there any drawbacks to installing and using content filtering software? 3. Why is content filtering important in educational settings? 4. Why is content filtering important in business settings? 5. What facilities are already available in Windows XP to filter Internet content? Page 5

Task 6 - Firewalls A firewall is a device that connects a local area network to the outside world and shields the network from unauthorised users. A firewall protects your network from unwanted Internet traffic by letting good traffic pass through while bad traffic gets blocked. When installed, a firewall exists between your computer(s) and the Internet. The firewall lets you request web pages, download files, chat, etc. while making sure other people on the internet can not access services on your computer like file or print sharing. Some firewalls are pieces of software that run on your computer. Other firewalls are built into hardware and protect your whole network from attacks. Software firewalls are programs that run on your computer and nestle themselves between your network card software drivers and your operating system. They intercept attacks before your operating system can even acknowledge them. Everyone connected to the Internet should be running some sort of firewall. Programs can be downloaded on the Internet that can scan huge ranges of IP address for vulnerabilities like file sharing services and exploit or harm your computer. Any kind of firewall will keep you safe from these types of attacks. Task Identify one software firewall and write a paragraph outlining the cost and main features of the program. Identify one hardware firewall and write a paragraph outlining the cost and main features of the device. Page 6

Task 7 Network Failure From your previous study, you should be aware of the main topologies: star, ring, bus and mesh. Each topology can fail if there is a problem with one of the nodes, the cabling linking the nodes or the software running on the nodes. Different topologies, however, react to these failures in different ways. Copy and complete the following table or amend your table from the previous module, describing the effect of node, channel and software failure in different topologies. Topology Node Failure Channel Failure Software Failure Star Ring Bus Mesh Page 7

Task 8 Avoiding Network Failure In task 7, you saw that a network can fail if there is a problem with a computer system, its software or its cabling. It is important that you do your best to protect your system. You may do this by installing anti-virus software, using fault tolerant hardware, using a UPS or regularly maintaining your hardware. There are different types of virus: Viruses infect other files; Worms make copies of themselves; Trojans perform malicious actions but do not spread; Malware is an all-encompassing term that describes any malicious software program or file operating without the users explicit consent. Anti-virus software can perform a system scan to search for viruses or run permanently, scanning emails and downloads to prevent your system from becoming infected. One of the most important components of a server is the hard disk. Since it contains the operating system, users files and all installed programs, any problem with the server hard disk can render the network unusable. To help prevent this, you may implement a Redundant Array of Independent (formerly Inexpensive) Disks, RAID. The basic idea behind RAID is to combine multiple small, inexpensive disk drives into an array to minimise the risk of data loss from hard drive failures. By mirroring data, i.e. having multiple copies on separate disks, you can reduce the dependence on a single hard disk. It is vitally important that any servers on your network are not shut down unexpectedly or incorrectly. To protect this from happening you may install an Uninterruptible Power Supply, UPS. This also regulates the voltage supply, protecting your hardware from voltage surges. Finally, a regular programme of maintenance should be undertaken. This may include such tasks as scanning and defragmenting disks, running a virus check and installing any updates or patches for operating systems or software programs. Also, when purchasing hardware you must consider the warranty options, for example is there a same day replacement service or a 24 hour hotline to help you deal with hardware problems? Task With your teacher s help, investigate which strategies are in place to avoid network failure in your school network. Prepare a presentation on this topic. State whether you feel the precautions are adequate and what additional measures, if any, you would add. Page 8

Task 9 Backup Strategies In a client server network, the server controls which users can log onto the network, which resources they may access and which files they may use. An effective backup strategy, therefore, is to have a backup server, often known as a mirror. With a backup server in place, mirroring exactly the contents of your main server, as soon as there is a problem with your main server the backup server can immediately replace it. This is not cost effective, however, since an expensive server might never be used. An alternative solution might therefore to only keep a mirror disk, an exact copy of the server s hard disk so that in the event of any disk failure the disks can be swapped over. This mirror disk must be synchronised at regular intervals to minimise data loss in the event of a disk failure. Large capacity hard disks are also expensive and so, for less critical information, a backup may be made onto magnetic tape. This is the cheapest form of backing storage but is not suitable for primary backing storage as it is a sequential medium rather than offering direct or random data access. Finally, when making duplicate copies or backups, it is important that a backup schedule is in place to ensure that a minimum of data is lost in the event of a network failure. It is recommended that three generations of backup are kept, these are called the grandparent, parent and child file according to their age. Backups should be kept in a secure location, away from the server and away from each other. Questions 1. What is meant by sequential data access? 2. What is meant by random or direct data access? 3. Name a sequential access medium. 4. Name two direct access data medium. 5. Does your school network use a backup server, a mirror disk, magnetic tape backups or a combination of all three to ensure the security of data? 6. What advice would you give to a pupil working on an important essay at home? 7. Why should backups be kept in different locations? 8. If a backup server is such an expensive option, why would some networks use them? Page 9

Homework Exercise 1 1. Describe, with examples, three levels of access which can be set on a file. (3) 2. Describe two types of physical security. (2) 3. (a) What is meant by a key in relation to data encryption? (1) (b) Describe one disadvantage of data encryption. (1) 4. A school pupil wants to obtain information as part of a homework exercise. She finds a suitable file which can be downloaded but when she tries to download the file in school, she finds that the FTP access has been barred. (a) Why might FTP access be barred by the school? (1) (b) Which application on the school network has barred FTP access? (1) 5. Network users will be able to delete and save files to their home directory but may not be allowed to change other files which they would need to access. How could a network administrator implement this? (1) 6. Describe the threats to network security posed by the following people: (a) Pupils accessing the staff network (1) (b) Employees in a law firm (1) (c) Accountants working for a company (1) (d) Ex-employees of a company (1) 7. What is meant by data integrity? (1) TOTAL(15) Page 10

Homework Exercise 2 1. An online music store is worried about network security. (a) Why might it be worried about passive network threats? (1) (b) How could it ensure the confidentiality of data saved on its servers? (1) The store receives a threatening email requesting payment of a large sum of money or else they will be subjected to a DoS attack. (c) What is meant by a DoS attack? (1) (d) Why would a DoS attack be damaging? Give two reasons. (2) 2. A school office has a local area network of desktop computers. Each office worker has arranged for one folder on their local hard disk to be shared so that other workers can copy files out of that folder. This allows workers to transfer files and messages between their computers. (a) (i) What name is given to this type of networking? (1) (ii) How can each worker ensure that only certain workers can access the shared folder on their computer? (1) (iii) How can they ensure that the other workers can only copy out of the folder and not into the folder? (1) (b) The school management have decided that it would be better to store all shared files on a central computer so that all office staff can access them from there. This was decided on the grounds of data security and data integrity. (i) What name is given to this type of networking? (1) (ii) Name one additional item of software and one additional item of hardware that would be required to implement this new system. (2) (c) For the type of network described in part (b): (i) (ii) Explain how this mode of networking provides data security and data integrity. (2) Describe an additional service which could be provided by this new networking mode and explain why it could not be provided before. (2) TOTAL(15) Page 11

Homework Exercise 3 1. A large insurance company makes extensive use of the Internet and email. The company also has computer based networked information systems and its own intranet. Some of the company s staff have access to the entire network from home using a dial-up connection. (a) (b) (c) Suggest two reasons why access to the company s network is slower from home than it is from the office. (2) The IT manager is worried that the company s network might be broken into by unauthorised people. Describe two ways a firewall could prevent unauthorised access. (2) The dial-up server offers a callback facility. When an employee dials from home, the dial-up server checks their user name and password, terminates the connection and then re-establishes the link to the employee s home number. Give two reasons why this feature is used in addition to the firewall. (2) 2. A college is planning the installation of 200 new computer workstations. Unlike its original suite of computers, these will be networked. (a) Explain how the security of user files may be ensured in this network. (1) (b) Explain why a backup strategy is necessary for this network. (1) (c) Describe a suitable backup strategy, and explain how it could be implemented. (2) 3. Why would a UPS be an important part of any large network? (1) 4. Why is a firewall described as a two way security device? (1) 5. Which network topology is most resistant to network failure? Explain your answer. (1) 6. (a) Why is Internet filtering software desirable? (1) (b) How does this software work? (2) TOTAL(16) Page 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information