Network Security Overview

Information and Assets

Information?
Can exist in many forms:
data stored on computers transmitted across networks printed out written on a paper sent by fax stored on disks held on microfilm spoken in conversations over the telephone

Assets?
Information assets Paper documents Software assets Physical assets People Company image and reputation Services

Has value to organization .

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

Network Security
Protection of Integrity, Availability & Confidentiality of Network Assets and Services from associated Threats and Vulnerabilities

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

Cost of Security
Increased security increases cost of the system. Cost of security is a combination of many factors: Cost for decreased system performance Cost for increased system complexity Cost for decreased system usability Increased operation and maintenance cost
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
4

Security Vs Cost

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

Security Vs Convenience
To make the decisions concerning security of computer networks involve a tradeoff between security and convenience. More security measures may lead to inconvenience and complaints from users.

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

Difficulty in Securing Network

Securing network is g more difficult than a standalone computer because of its Connectivity y Complexity

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

Difficulty in Securing Network Connectivity More people are connected. Sometimes outsiders through Internet or Extranet. One attacker in one computer may p y pose potential threat to all the connected computers. Difficult to enforce discipline among users.
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview

Difficulty in Securing Network Complexity Difficult to keep track of changes. Multiple Operating Systems. Difficult to enforce technical security measures.
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview

Asset and Network Asset

An asset is something to which an organization assigns value. Asset req ires protection requires protection. Network Assets are:
Hardware Servers, Client stations, Communications devices (router, bridge, hub, switch, gateway, modem etc.), Peripheral devices, Cables , UPS etc. Network and client operating systems applications systems, applications, tools , software under development etc. Organization data: Database, e-mail, spreadsheet, Word processing etc. Network Data: Users access privileges, password, audit trail, network configuration and settings. User data: Personal processed data, user owned files, etc.
Ver. 1.0 #Module 1: NSM - Overview
10

Software Data / Information

Certified Network Security Manager

Threat
Threat is anything that could cause damage / harm / loss to assets. Threat would need to exploit vulnerability of the assets. Threat can be accidental or deliberate.

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

11

Threat (Contd.)
Damage to communication lines/cables Deterioration of storage media Eavesdropping Hardware f il H d failure Maintenance error Mal c ous software Malicious so twa e Misuse of resources Unauthorized network access Administrator error User error Traffic overloading Transmission error --- etc.

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

12

Vulnerability
Vulnerability is weakness associated with assets. Weakness may be exploited by threats causing loss / damage / harm to the assets assets. A vulnerability in itself does not cause harm until exploited.
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
13

Vulnerability (Contd.)
Insufficient security training Lack of security awareness Inadequate recruitment procedures Insufficient preventive maintenance Lack of identification and authentication mechanisms Transfer of passwords in clear Unprotected public network connections Poor password management etc

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

14

Threats & Vulnerabilities

Vulnerability Uncontrolled copying Unprotected communication lines Services having authentication credentials are in clear text Lack of proof of sending / receiving message Dial-up lines Wireless network Uncontrolled Internet Access Poor network design Poor network design
Certified Network Security Manager

Threat Theft Eavesdropping Eavesdropping repudiation Unauthorized access Unauthorized access Malicious code(virus, warm,trojans,spywares etc) Unauthorized network access Traffic overloading
Ver. 1.0 #Module 1: NSM - Overview
15

Security Risk
A security risk is the potential that a g given threat will exploit p vulnerabilities to cause loss/damage to asset and hence directly / indirectly to the organization It is a function of the impact of the undesirable event and the likelihood of the event occurring.

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

16

Risk Assessment
The process of identifying security risks, and determining their magnitude. Sometimes referred to as risk analysis.

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

17

Risk Assessment (Contd.)

Risk Assessment produces an estimate of the risk to an asset at a given point in time. It answers the following questions
What can go wrong How bad could it be How likely is it to occur How to manage the risk

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

18

Security ! Who Cares

Security for most organizations is in a comfortable sleep in the lap of firewalls and A i virus-software d Anti i f Lack of structured approach to deal with security Security looked upon as a static issue Too T costly! - A attitudinal problem tl ! An ttit di l bl Top management not concerned

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

19

Barriers to Security
30% 25% 20% 15% 10% 5% 0%
Certified Network Security Manager Ver. 1.0

Lack of training Pace of change Poorly defined policy Lack of management support Insufficient capital budget Complexity of technology
PwC IT Security Survey
20

#Module 1: NSM - Overview

Solution
Management concerns
Market reputation Business continuity Disaster recovery Business loss Loss of confidential data Loss of customer confidence Legal liability Cost of security
ISMS through Risk Assessment

Security measures
Technical Procedural Physical Logical Personnel Management

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

21

ISMS Standards
ISO/IEC 27001 ISMS - Requirements A specification Used as a basis for certification ISO/IEC 27002 A code of practice (not a specification) Provides best practice guidance Use as required within your business Not for certification
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
22

Types of testing
Penetration Testing
Looking the network in an Attackers eye, from outside g y , the network. Application Security Testing.

Vulnerability assessment
Review of network architecture and segmentation Critically examine the network and its components for their weakness in configuration and deployment.

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

23

Attack Types
External Attacks carried through the Internet
Company

Internal Attacks carried through the g Intranet

59% of the attacks are carried out using the Internet

38% of the attacks are carried out by employees internally

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

24

Hacking life cycle

Reconnaissance
Active / passive
Reconnaissance Clearing Tracks

Scanning Gaining access

Operating system level / application level Network level Denial of service

Maintaining access
Uploading / altering / downloading programs or data

Scanning

Maintaining Access

Covering tracks
Certified Network Security Manager Ver. 1.0

Gaining Access

#Module 1: NSM - Overview

25

Hackers starting points

www.netcraft.com www.progenic.com www progenic com www.defaultpassword.com www.archive.org

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

26

Penetration testing

Reveals a hackers view of the network or servers hacker s servers. Helps to understand the security preparedness against evolving threats. Unearths security vulnerabilities and configuration mistakes in the target system.
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
27

Vulnerability assessment

Detailed analysis of vulnerabilities present in the servers, operating systems and application, which can be exploited by external attackers or by an internal compromise.
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
28

VA - Review of configuration
Default installations are focused more towards the convenience than security security. In general, many unnecessary services are present. New vulnerabilities are discovered almost everyday. everyday

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

29

Sources of Information
CERT-IN (www.cert-in.org.in) CERT (www cert org) (www.cert.org)
CERT Advisories, Incident Notes, Vulnerability Notes

SANS (www.sans.org) AUSCERT (www.auscert.org.au) NIST (http://icat.nist.gov/icat.taf) FIRST (www.first.org)

Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
30

END of Session

Certified Network Security Manager

Ver. 1.0

#Module 1: NSM - Overview

31