Class notes for ED 503
For finding acronyms use Acronyms.
Three levels of management.
- Low level does the work
- Middle level defines what is necessary to protect and how to protect it
- High level decides on policy and allocates funding
Due care - procedureal - put it in or the initial setup
Due diligence - monitoring and updating
For the IT staff, level one is the hands-on people. They do desktop support and handle some small problems.
Level two are still hands-on but function at a higher level.
Level three are specialists.
Teir one gathers information
Teir two sees trends
Port 25 is mail
Port 80 is html and internet
network topology see
Webopedia
Wireless - radio frequency or RF and InfraRed (light) IR line of sight required
war driving, war chalking, net stumbler, jigle wireless
SSID service set identification
WEP wired equivalent privacy 802.11 encryption protocol
Three parts of security - Types of control - technical, operation, managerial
technical - firewall, IDS, cameras, content filtering, proxy, encryption
operational - user training, how to make sure things work properly - actually making the plan work
management - written policies, acceptable use, HR, warning banner
Three states of Data
- storage
- transmission
- processing
BC Wipe non-classified wipe of machine
Storage - offsite and encrypted
SMARTCARD electronic memory and possibly an integrated circuit
DMZ demilitaried zone - semi-trusted area put your web, mail, ftp - proxy server
PORTS http 80 smtp 25 https 443 pop 110 ftp 21 dns 53
DAPE denigh all permit by exception
2 X 65,535 ports TCP/UDP
VPN - virtual private network - encrypted tunnel across untrusted network
VPN goes through firewall
RAS - remote access service - comes in behind firewall
CIA - confidentiality, Integrity, availability
AAA
Authentication - are you who you say you are? Three types - have(SMARTCARD), know(password), are(fingerprint)
Authorization - can see various resources RSA SecureID
Accounting - when did you see this and what did you do (activity logs)
Security devices on a network
Firewall, Proxy, Router(ACL- Access Control List), content filtering, authentication
- Application -smtp, pop3
- Presentation
- Session - HTTPS
- Transport - TCP and UDP
- Network - IP
- DataLink - MAC, ARP
- Physical
OSI model explained online OSI
OSI model quick explanationQuick OSI
TCP connection oriented UDP connectionless
NAT - network address translation - take non-routable addresses and translates to routable addresses.
10.0.0.1 to 215.222.322.040.
Signal Flooding - SYN ACK - TCP
Malicious code - virus, worms, trojan horse, javacode, ActiveX
Viruses - boot, macro, file, network
Worms
Trojan horse
Buffer overflow
Spoofing
Man in the Middle
Social Engineering
BruteForce Attack
Dictionary Attack
Instant messaging - sharing files
DDoS handler and zombies
Birthday attack - logical random numbers matching factors
RAS - remote access service
telnet, identification (no MAC No IP) authenticating
Wardialer
802.1 EAP extensive authentication protocol - biometric and smartcards
Extranet - across Internet to tie into the intranet - assigns IP address
Encryption
KERBERO - MIT centralized server that can then authenticate to encrypted and then you get an authorized key for a certain period - ticket is given
Secure shell - encryption (tunnel encapulation)
IPsecurity = is a whole suite with encryption and keys
Public key and Private key
Two kinds of keys
Symetrical - shared key, is fast, key management and how to transmit key
Assymetrical - two keys (private and public) slower
Digital certificates - Assymetrical with two keys
VLAN virtual local area network software divides up a LAN
Honeypot - something that is attractive - can be a trap
Email is like a postcard in pencil
Clear text or plain text protocol
telnet, SMTP, PoP,HTTP, SNMP, IMAP,br>
Instant messaging
Problem with file sharing
File sharing - Kazaa,eDonkey sites
Physical Security - locked room, no windows, good environment (groundskeeping staff, janitors)
Computer Incident
- Written policy
- Documentation
- Secure
- Leave to pros
Incident Response IR Handling
P - preparation (toolkit) and clothes
I - identification - id there has been an incident - id if the event is an incident
C - contain - take pictures of screen, cables and important items - only use still photos no video camera
E - eradication - run antivirus (load OS if necessary - whatever is required)
R - recovery - file shares, printer, programs - machine should return to whatever condition it was before
F - followup - go back and make sure the problem is still gone
Management Controls - Policies and they must be written
Component of Security Plan
- definitions
- authority
- Rules of Behavior RoB - details in security plan - passwords - What happens if you break rules
- Acceptable Use Policy - details in security plan - one page to sign
- Identify systems - email, systems, servers, purpose, location, ID inventory, user base, technical point of control, owner of system SA
- Privacy
- Roles and Responsibilities - separation of duties, security officier, firewalls, antivirus
- Disaster Recovery Plan - DRP - Backups, when completed, how often, where stored (Cross section of users should makeup committee)
- Continuity of Operation Coop
- Warning banner - ID organization, Rules and regulations for using site, monitoring
Backups - types of sites
- hot sites - ready to go
- warm sites - almost ready to go
- cold sites - days or months away
- Recovery in a truck
Disposal and Destruction policy
Human Resource POlicy - Employee hiring, termination, code of ethics
Privlege Management - roles, rules, system access
User training
Configuration management - configuration control board
Risk Analysis and Assessment
What is there? What are we trying to protect? How important is the data to us?
Quantitative - financial considerations - how much will this cost us?
Qualitative - embarrassment - quality of life impact - much harder to do - opinion oriented
Created by Kelly S. Wright, July 2003
Shenandoah University
Systems Security ED 503
Send comments to: Kelly Wright
