Telenotes 7

Network Security
Basic Concepts
Major Security Threats:
1- Access and/ destruction by outside hackers.
2- Access and/ destruction by inside hackers / disgruntled employees.
- !hysical the"t #ia$ printing$ transmission #ia unauthori%ed modem$ hard&are the"t
'- (ost / damage due to e)uipment "ailure
*- +amage / destruction #ia #irus intrusion.
A complete security plan addresses all o" the abo#e.
-nternal !rotection:
1- .mployees should ha#e access to the in"ormation the need to do their job$ and no more.
Set a security policy:
A- use the ,/S to assign pri#ileges and permissions based on role.
.0ternal !rotection:
1- 1se the a#ailable interception technologies:
A- 2outers 3 4reates access lists to permit or deny packets
5- 6ire&alls 3 4an restrict access to sites and ports
4- 2AS - 2emote access setup$ 7!, net&orks ha#e increased security
!hysical Security !rotection:
A- Set policy "or dealing &ith old e)uipment &hich lea#es the company.
5 3 -n#est in physical restraint mechanisms.
Security Considerations
Analyses return on in#estment:
7alue o" data #s. cost re)uired to secure it.
Three levels of security Planning:
(o& (e#el:
+ata can be easily restored. (oss &ould ha#e ,/ "inancial or legal impact on company.
Medium (e#el:
+ata can be restored but &ith some e""ort. (oss MA8 ha#e a "inancial or legal impact on
9igh (e#el:
+ata can not be restored or &ould be e0tremely di""icult. (oss :-(( ha#e a "inancial or legal
impact on company.
,ote on .0ternal 2AS connections:
1- 5est 3 set to ha#e the ser#er dial back a speci"ic number.
2- Set policy not allo&ing employees to use personal modems "or 2AS.
- .ducate employees on the seriousness and impacts o" security risks.
Security in NOS
Share le#el #s. user le#el security.
Share le#el ; on some &indo&s plat"orms<-
1ser can share and restrict indi#idual "olders and "iles:
4an set to: 2ead /nly$ :rite /nly$ 4hange$ 6ull Access
9igher le#el creator and set security "or lo&er le#el users.
1ser (e#el
Administrator can set security based on indi#idual user -+.
1- 1ser ids and pass&ords are matched to an S-+;security -denti"ication <
number .
2- .ach id assigned to a group &ith speci"ic pri#ileges and
=roup security is maintain and managed by the administrator.
o !ass&ord policy management
!oints to include in policy:
1- Spell out to users that pass&ords a personal and pri#acy is re)uired.
2- !ass&ords are to be changed periodically. 3 1S. ,/S to re)uire it
- Set policy on pass&ord selection3 1S. ,/S to re)uire it
A- Must contain 1pper and lo&er case letters
5- Minimum lengths
4- May re)uire non alpha numeric character.
Data Encryption
E-Commerce - Secure Transactions
Information sent over the Internet can be intercepted by a third party, so credit card numbers might be
collected. To keep information secure, it must be encrypted.
The translation of data into a secret code. Encryption is the most effective way to achieve data security. To
read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.
nencrypted data is called plain text ; encrypted data is referred to as cipher text.
Public Versus Private Key Encryption
Private Key
the sender and receiver both own a secret decoder!encoder algorithm. The sender encrypts using the
algorithm and the receiver decrypts using the reverse.
Public key
-encryption is based on a certain type of mathematical algorithm
-you distribute your public key to anyone who wants it with full confidence that messages sent to you that
have been encrypted with your public key will only be readable by you.
Digital Signature:
" message that is encrypted with sender#s private
key creates a digital signature.
How to !eck Digital Signature:
How to "ake sure t!at your #$$ice %P
docu"ent !as a valid digital signature
supported in $ffice %&.
'. $pen the digitally signed $ffice document.
(. $n the Tools menu, click #ptions.
Click the Security tab, and then click Digital
Signatures to open the Digital Signature dialog
The Digital Signature dialog bo* contains
information that includes the signer+s name, the
provider of the signer+s digital signature, and the
date on which the document was digitally
To view details about a particular certificate,
click the name of the signer, and then click View
-hen a signature IS ."/I0, you will see the
following dialog bo*. 1ote that the te*t does not
appear dimmed for Signer, 0igitial I0 Issued 2y,
and 0ate, which is under the list titled 3The
following have digitally signed this document34
-hen a Signature is 1$T ."/I0, you will see the
following dialog bo*. 1ote that the te*t appears
dimmed for Signer, 0igitial I0 Issued 2y, and 0ate,
which is under the list titled 3The following
signatures will be discarded when saving changes to
the document
The following actions may cause a digital signature
to become invalid
-hen changes are made to a document that cause
recalculation. This includes volatile functions,
fields or 6ueries set to automatically refresh, and
.2" macros that change the file when they are
-hen changes are made to a document, and then
the &ndo feature is used.
Security Protocols !TTPS " SS# " SS!$
'ost Secure (ebPages use HTTPS to trans$er sensitive data)
T!ey E"ploy:
SS*- Secure Socket /ayer protocol for secure transactions.
-eb pages using this protocol!software are accessed using !ttps)
SS/ uses certi$icates to verify that a -eb server is really who it claims to be.
How SS* Encryption works
"n SS/ Certificate lets visitors know that they are really doing business with you 7not an i"postor+s
,spoo$ , site8 and that the information they send through your site-such as credit card numbers, online
forms, and financial data-is protected from interception or alteration over the -eb.
How it works:
'. " customer contacts contacts a site and accesses a secured 9/4 a page secured by a Server I0
7indicated by a 9/ that begins with 3!ttps:, instead of :ust 3http43 or by a message from the

(. The websites responds, automatically sending the customer a digital certificate, which
authenticates its site.

). ;our -eb browser generates a uni6ue 3session key3 7like a code8 to encrypt all communications
with the website.

,. ;our browser encrypts the session key with the website+s public key sent to you, so only the
website can read the session key.
<. 0epending on the browser, the user may see a key icon becoming whole or a padlock closing,
indicating that the session is secure.

=. " secure session is now established--all communications will be encrypted and can only be
decrypted by the two parties in the session. It all takes only seconds and re6uires no action by the
Email is 1$T secure. &>& can be used to encrypt email messages.
&>& ? &retty >ood &rivacy
&>& comes with plug-ins for a number of popular email clients
@icrosoft E*change, $utlook, and $utlook E*press.
&retty >ood &rivacy 7&>&8 is a popular program used to encrypt and decrypt e-mail over the Internet. It can
also be used to send an encrypted digital signature that lets the receiver verify the sender+s identity and
know that the message was not changed en route.
&>& uses a public key , encryption and private key system.
&>& is only effective if both sender and recipient have &>& software installed.
Building your Barriers
9ard&are or so"t&are &hich e0amines all incoming and e0isting tra""ic and allo&s passage based
on a certain set o" rules.
!ro0y Ser#er:
A single point o" entry de#ice "or the internet Also$ 9ard&are or so"t&are &hich e0amines all
incoming and e0isting tra""ic and allo&s passage based on a certain set o" rules.
4an also be used to hide internal -! addresses.
SS! Secure shell$
1sed in 7!, and 1ni0 and (inu0 net&orks
Protecting fro% &iruses
.irus A code imbedded with a good file.
If signature is found, file can be repaired, if not 6uarantined.
/ogic 2omb- virus due to on specific time or on a specific set of se6uences.
-orm- " virus which is a complete program and replicate ! transfer itself.
Tro:an Borse A Can simulate other programs, silently sends out data to creator.
Signature file4
0ata file used by antivirus programs used to compare known virus to those on scanned system.
@ust be kept up to date.

