Security in Computer Networks
Security
- motivated by strategy
- needs clear direction and support
- needs and resources vary by organization
Computer Networks
- systems of at least two computers that interchange and process
information between themselves(network changes state)
Achieving Security in Computer Networks
Big Picture
- goals,time,money
- general direction
- education
- human resources
- privacy issues
- failure planning and disaster recovery
- media management
Nuts 'n Bolts (Small Pictures)
- Inventory:all machines,cable,wireless,data lines, software, datafeeds,
databases, all humans with access to such, external dependencies(power,water
air,heat,sewage,transport...), traffic (set up monitors now for baselines)
- Assessment:Separate data, not hardware;
delineate regions of trust;
deploy monitors at boundaries if you dont have them already;
protect data before networks;
encrypt and authenticate through untrusted channels;
risk assessment and failure planning (go not silent into that good night...);
decide if the goals are realistic
- alpha,beta,gamma... deployments and tests:Secure the perimeter by first
disallowing all access, then opening holes, start from innermost nets
work out; monitor and analyse logs;EDUCATE
- rollout:it breaks,you fix
- maintenance: one lil hole can ruin your whole life;software app monitors;
redo baselines
Tools of the Trade
- monitors:sniffers,filters,loggers
- Cops,Crack,Satan,Tripwire
- encryption,authentication,digital signatures,timestamping,legalities,
error correction
- Red book,Orange book,audit trails, separate audit/admin
- pressurized conduit,tempest,RFI/EMI shielding,power/signal filtering,
tempest fonts
- intelligent hubs,routers,firewalls
Case Studies in Intrusion
- 1995:ftp server hole, from canada, detected in logs ,countermeasures
- 1997:weak password cracked, US ,canada,germany
root exploit, intruders set up IRC channel, immediately detected by dan,
countermeasures
- 1998:multiple passwords sniffed, US, germany, webpages modified, detected
in 10 minutes by wally, recover vial dialin foneline, countermeasures
- 1998:monitoring detects near simultaneous attacks from 2 locations
in US,australia,korea,germany.. still monitoring ..
back