Friday, February 25, 2011


Most companies have networks, and they connect their LANs to the WAN. These networks hold critical information about their businesses and provides the main means of transport for bulk and sensitive information.
Network security focuses to protect the company's assets. This can be either to gain competitive advantage or to retain customer confidence. A downtime in the network would result in negative publicity, loss of revenue and loss of productivity.

As mentioned, companies have to protect their assets. These assets range from trade secrets like scientific/chemical formulae, proprietary designs to financial information.

Companies place critical information in their networks even when they know hackers can steal this information because the benefits of networking outweighs the possible loss - It increases productivity and revenue among other things simply because it is convenient.

Network Security focuses on protecting three things:

Confidentiality ensures that information cannot be read or copied (if a person is ABLE to, but doesn't, it still is a confidentiality problem) by unauthorized parties. Confidentiality includes protecting data on a server or when it is travelling across the network. This data can be payrolls, passwords, or customer information.

Consequences of breach of confidentiality include loss of trade secrets and other data to competitors. May cause financial damage or embarrassment.

Integrity ensures that information cannot be modified by unauthorized people. Loss of integrity can be intentional or unintentional, and may even be due to human error. Improperly modified and inaccurate information can become useless or dangerous. Examples of breach of Integrity is the modification of your salary in the HR database, and hacking a website to add extra information.

Loss of integrity will result in customers or partners getting the wrong information, or may even lead to an availability problem (program cannot be run).

Availability focuses on preventing resources from becoming inaccessible. This applies not only to information, but also networking devices (such as routers). An attack against availability is called a "Denial of Service" attack.

Attacks against availability would cause loss of productivity, loss of customers and customer confidence.

From the seminar, we have the following scenario:
Lambda is a company that specializes in providing online financial services to its several thousand clients all over the world. It has more than 100 employees and has its own LAN with connections to the WAN. As a high-tech company, all its records, including customer information, economic data, its employee records are in electronic form and stored in several servers in its LAN.

First of all, they would need Confidentiality because only authorized people should have access to confidential data in the servers. They would also need Integrity because the records should not be modified without permission. Finally, availability is required to ensure the financial services among other things are accessible.

Attacks can happen from outside of the network (External Attack) or inside (Internal Attack). Internal attacks are more dangerous because the attacker has privileged information and usually more clearance that an external attacker probably would not have.

Security problems can be further classified into Threats, Attacks and Vulnerabilities.

Threats are activities or people that has the potential to cause harm to the system, whether intentional or not. A threat can be a nearby volcano, a virus, or a disgruntled employee.

A vulnerability is an inherent weakness in design, configuration or implementation of a system that makes it susceptible to threats. Locating an office near a volcano is a vulnerability (the volcano is the threat). A vulnerability can also be a software bug or a misconfigured firewall.

An attack is a vulnerability being exploited by a threat. There are two types of attacks: Passive and Active.

Passive attacks are usually used to collect information without anyone knowing it. It is very silent and difficult to detect and prevent. It is usually done in reconnaissance to be used for an active attack later.

Active attacks are the realization of the threats and involves active work done by the attacker. This involves changing transmitted or stored data, deleting corrupting or delaying transmissions. An active attack is much more destructive, but easier to detect. At least one goal is harmed in an active attack.

Direct lifting from the seminar: A security policy is a document that states in writing how a company plans to protect the company's physical and information technology. It is a "living" document, meaning that the document is never finished, but is continuously updated as technology and employee requirements change. An AUP is an example of a security policy which describes allowed vs disallowed behaviors.

There are two kinds of security policy:
Default-Allow - e.g. Everyone is permitted except Tom
This can be a Wiki site where everyone is permitted to visit and read except those banned.

Default-Deny - e.g. Only Tom is allowed
This can be an email account, where only a person is permitted to enter.

Examples of security policies are:
-No internet access for anyone except those authorized
-No installation of software on work computers without approval
-No downloading of software applications of any kind (including freeware)

Policies are useless if involved parties do not know and understand them, so it's important to publicize existing policies, changes, modifications and security alerts to the organization staff.

The Return on Investment is the consideration of how much is spent on protecting an asset vs the value of the asset itself. It is not advisable to spend a $10000 security suite to protect a $500 data. A general rule is to spend less than the value of the data being protected.

There are three types of backups:
1) Full backup - Perform a full backup of the system
2) Incremental Backup - Perform a full backup first, then backup things changed since the last backup
3) Differential - Backup things changed since the last FULL backup.

Security is a battle between convenience and security. Too much security means inconvenience, and too little security opens doors for attacks. A balance needs to be found.

There are three types of hackers:
1) Black hat - A hacker that break into networks with malicious intent (e.g. personal gain, money, fame).
2) White hat - A computer security analyst who specialize in penetration testing and other testing methodologies to ensure a company's security. Also known as "Ethical Hackers". Many white hats are former black hats.
3) Grey hat - A white hat hacker who sometimes acts illegally, and sometimes in good will. They do not hack for personal gain, but may commit crimes during the course of their contract.

Motivations to hack a network include:
1) Sheer pleasure, to overcome boredom
2) To command respect and admiration of fellow hackers
3) To kill off business competitors
4) To take revenge (as in the case of a disgruntled employee)

Script kiddies are someone who downloads programs to perform their hacking. They do not need much knowledge to execute attacks and generally do not have the capability to write such malicious programs themselves.

The Morris Worm was considered the first computer worm on the Internet. It exploded in November 1988, taking advantage of a vulnerability in UNIX. The program was written to gauge the size of the internet and did not do anything malicious.

The I Love You virus on the other hand sent mails with the subject of "I Love You" and an corresponding vbs attachment. The virus spread across the world over a 5 hour period. This, however, was malicious as it clogged web servers, overwrote personal files, and caused IT managers to shut down e-mail systems.

No comments :

Post a Comment