Securing Network Operations,

Databases, and Applications

Overview
• Introduced the operation of networks in business organizations.
This chapter will examine the basic methods by which networks
are attacked and look at hackers and their motives. An
understanding of the motives of those who try to breach systems
will help in the management of risk.

2
Learning Objectives
• describe the methods used to attack networks, including hacking,
probing and scanning
• discuss some of the basic motivations for hacking
• make a cross-cultural comparison of the controls used to secure
networks
• draft a network security policy
• explain the major issues in database security
• discuss the major factors faced in the design of secure software

3
Hacker Attacks
• Motives of hackers can vary greatly and often include the desire to
steal information for personal gain, to change details within a
system in order to defraud the system operators and simply to
cause malicious damage or frustration to system users - digital
vandalism, in effect.
• The motivation of hackers is one of the most difficult aspects of
risk management to anticipate. It is an easy step of logic to assume
that a user who desires financial gain through fraud will target
systems that contain financial records, such as credit card details;
however, it is more difficult to anticipate such threats as industrial
espionage, which could occur through accessing unexpected
streams of information, or malicious damage as quite often these
potential threats will occur completely unexpectedly through
surprising points of entry for apparently no reason other than
vandalism.
4
Motivation for Hacking

Satisfaction

Profit

Dissatisfaction

Business competition

Policy-making and price-setting

Information warfare and terrorism

5
Network Attacks
• Network attacks can be categorized according to the components
of the attack and the order in which a hacker uses tools and
techniques to attempt to access a system.
• Attack events that can be recognized within a complex distributed
denial of service attack, for example, might include probing and
scanning to find vulnerability, ways of compromising a user
account to gain access to the root account, packet sniffing to
identify packet destinations, potential use of malware or viruses
to compromise a target’s system and possibly much broader
Internet or organization-wide breaches and distributed denial of
service.

6
Physical Security
• refers to the protection of the computer system from natural
disasters and from unauthorized intruders.
• Natural disasters include a range of threats, including fire, floods,
earthquakes, volcanic activity, tidal waves, Cyclones, tornadoes
and typhoons, snow storms and lightning strikes

7
Floods
• Floods can result from rising water, such as burst water pipes,
rivers, dams, tides and waves, as well as from falling water caused
by rain or a leaking roof and burst overhead pipes. With rising
water the equipment could be damaged by the water or mud but if
it is detected early there is normally sufficient time to protect all
or part of the equipment and particularly the organization’s data.
• The location of computers, storage media, modem banks and
other important hardware as well as back-up tapes and disks
must be carefully considered in the design of the organization’s IT
capability. It would be inappropriate, for example, to create an
area of vulnerability by locating such resources in underground
levels of a building that might be prone to flooding or close to
sewerage and other pipe work that might damage the equipment
should it burst.

8
Fire
• Fire extinguishing equipment is mandatory whether the building
is located in a fire-prone area or otherwise.
• It is important to ensure that the building is equipped with
adequate smoke detectors, smoke alarm systems and fire
extinguishers and that they are tested periodically.
Microprocessor-based fire detection systems that help in early
detection of fire are also available. They allow early reaction. It is
important to select the best possible location for such equipment
as fire or smoke detectors and fire extinguishers.
• Electrical wiring is the most common cause of fire; therefore
wiring needs to be checked periodically to assess whether the
power load is within safe limits. Circuit breakers or fuses usually
cater for power overloads and sparks; however, they disconnect
the electricity supply only from specific points and cannot help to
contain the fire erupted by the sparks.
9
Lightning Strikes
• Lightning is a form of natural disaster, and there is no hard and
fast rule that defines which areas are prone to lightning strikes.
• Nonetheless, two main measures can be taken to protect an
organization from lightning disasters:
1. Switching off and unplugging computer equipment and other associated
resources in case of thunder or prediction of lightning strikes.
2. Installation of a lightning protection System.

10
Developing Network Security
Policies
• people: define who is an authorized
user of the system
• policies: defining what can be done,
to what and when
A security policy • procedures: set steps for doing tasks
should cover four • technology: products and services
available
main areas:

11
Category of Company’s Security
Insecure

• There is no security or risk management, no auditing process, no documentation and no accountability.

Partially secure

• Usually this situation arises when an insecure company attempts to stop or prevent attacks, but the
company does not possess the knowledge or resources to develop a security policy.

Semi-secure

• The internal network has a medium-level combination of software and hardware devices that protect it
from external networks. Computer security policies prevent users from manipulating critical data and
accessing data that they do not have the correct security clearance to use.

Reasonably secure

• Servers are in sealed, air-conditioned, locked rooms only accessible to administrators and maintenance
engineers.

Secure

• Servers are in sealed, air-conditioned, EMI-shielded, fireproof, security card-accessible rooms.

12
Securing Databases
• Data security is paramount to the successful operation of a
business, so steps must be taken to protect sensitive data in the
context of a company’s activities.
• The major need for security in the database management system
(DBMS) is to protect sensitive data while revealing non-sensitive
data
• Some DBMSs also allow certain types of data lock to be used, such
as the integrity and sensitivity locks, which both help protect or
maintain the sensitivity levels of elements in the database so that
they cannot be changed by end users.

13
Good Software Engineering
• Significant issues that need to be dealt with during the design
process are:
• The system architecture must reflect the user requirements, and these
requirements should be mapped to subsystems and components. Security
components must be part of this process.
• The coding process for each component can have a significant effect on
the security response of a system, and security components must be part
of this process, too.
• The testing phase of a project is the opportunity to determine compliance
with requirements and even discover unexpected behavior that results in
unexpected security issues that did not arise earlier in the design process.

14
Sound Coding
• Insecurities can enter code if either of the following errors occurs:
desired functionality is not included, or unknown and undesired
behaviour is inadvertently programmed into the code. The first of
these is easy to detect by rigorous testing, but the second flaw is
more obscure and to some extent undetectable since the
behaviour will be unknown until it occurs.
• Buffer overflows are seen as a major problem, and many common
breaches are caused in this way. The basic fault is that a buffer, a
storage space, of fixed size is allocated, then it is overwritten, in
some way, with more data than it is designed to hold.

15