Chapter 11 Security, Backup and User Training 11.1 Security Threats Security ThreatsSecurity Threats 11.2 Backup and Restore Backup and RestoreBackup and.

  • Published on
    23-Dec-2015

  • View
    216

  • Download
    3

Transcript

<ul><li> Slide 1 </li> <li> Chapter 11 Security, Backup and User Training 11.1 Security Threats Security ThreatsSecurity Threats 11.2 Backup and Restore Backup and RestoreBackup and Restore 11.3 User Training and Support User Training and SupportUser Training and Support </li> <li> Slide 2 </li> <li> Chapter 11 Security, backup, support 11.1 Security Threats zConsequences of poor security: xCompany secrets fallen into wrong hands xDisclosure of personal information xInformation may be modified or destroyed xNetwork cannot function xThe network becomes a center that spreads virus zSecurity threats yExternal threatsExternal threats yInternal threatsInternal threats </li> <li> Slide 3 </li> <li> 11.1.1 Against External Threats zExternal threats ydue to hackers zMethods include: yFront-door attack xobtains an access rights to log on a system xcracking use a program to generate passwords yBackdoor attack xmakes use of the bugs in NOS yWireless attack xaccessing through wireless connection Chapter 11 Security, backup, support </li> <li> Slide 4 </li> <li> 11.1.1 Against External Threats A. Against Front-door Attacks zSeveral ways to against front-door attacks: yfirewall yrestricting access to server ydial-back Chapter 11 Security, backup, support </li> <li> Slide 5 </li> <li> 11.1.1 Against External Threats A. Against Front-door Attacks z1. Firewall yis a software (or, sw + hw) yto prevent unauthorised access ysits between xrouter, and xnetwork ydecides messages to pass through zTechniques: ypacket filtering xcompares the IP address of packets against a blacklist ynetwork address translator (NAT) xhides the IP addresses of computers inside a network Chapter 11 Security, backup, support </li> <li> Slide 6 </li> <li> 11.1.1 Against External Threats A. Against Front-door Attacks z2. Restricting access to a server ylimit access to a server ybased on the Ethernet MAC addresses z3. Dial-back yfor remote access to a LAN using modem yProcedures: x1. user dials the system x2. user logs in x3. system terminates the connection x4. system dials the preprogrammed phone number Chapter 11 Security, backup, support </li> <li> Slide 7 </li> <li> 11.1.1 Against External Threats B. Against Backdoor Attacks zBackdoor attacks ytakes advantages of security holes xproblems in NOS ydone by worm xa malicious program xinstalls a backdoor to the victim system allow hackers to get in xcarries out DoS attack overload computational resources consume the bandwidth yOutbreak: many networks are harmed in short period ySolution: update the NOS with patches regularly Chapter 11 Security, backup, support </li> <li> Slide 8 </li> <li> 11.1.1 Against External Threats C. Against Wireless Attacks zWireless signals ytravel through air yeasy to intercept zProtection yby encryption xWEP (Wired equivalent privacy) xWPA (Wi-Fi Protected Access) zIssues yThe encryption capability of many wireless devices is non-activated by default. yEncryption can be broken: xe.g. WEP (Wired equivalent privacy) has been broken zSolution: yActivate encryption yUse a strong authentication yShare out resources only when needed Chapter 11 Security, backup, support </li> <li> Slide 9 </li> <li> 11.1.2 Against Internal Threats zInternal threats yinternal users access files that they are not supposed to access xe.g. students access teachers files ycaused by ximproper account setting xusers leaving their seats without logging off xusers writing down their passwords Chapter 11 Security, backup, support </li> <li> Slide 10 </li> <li> 11.1.2 Against Internal Threats A. Account Security zAccount security ymeans managing user accounts properly yto enhance the security of a network. yincludes the following settings xSet up groups and assign access rights xRemove guest xRename the default administrative account. xSet password policies xWatch for incorrect password attempts xEstablish times of day for log on Chapter 11 Security, backup, support </li> <li> Slide 11 </li> <li> 11.1.2 Against Internal Threats B. Directory Permission zDirectory permission yrights assigned to users yincludes xcreate only add new file to a directory only similar to a mailbox on street xread only open a file for viewing, but cannot change the file xchange open/edit/delete files but, cannot grant rights to other users xfull control Chapter 11 Security, backup, support </li> <li> Slide 12 </li> <li> 11.1.2 Against Internal Threats C. Against Malicious software zMalicious software ydeveloped for the purpose of doing harm to a compute system zHow is a computer infected? yopening the attachment in an e-mail ysharing of data files yuse of illegal software yinstalling software from an unknown source yattacked by hackers who spread the virus Chapter 11 Security, backup, support </li> <li> Slide 13 </li> <li> 11.1.2 Against Internal Threats C. Against Malicious software zAvoiding infection yInstall anti-virus software in each computer. xUpdate the virus definition file regularly xScan your hard disk to check for virus regularly xScan all downloaded files and e-mail attachments yDo not open or forward e-mails with attachments from unknown sources yDo not use illegal software. yInstall firewall yInstall latest patches for OS and application software yMake sure that your computer will not boot from a floppy disk drive or CD-ROM drive Chapter 11 Security, backup, support </li> <li> Slide 14 </li> <li> 11.2 Backup and Restore (1/3) zA.Full and Incremental backups yFull backup xcopies all files from a hard disk to the backup media xcan take very long time xslow down the network xdone once every week yIncremental backup xbackup only those files modified since the last full backup xdone every night Chapter 11 Security, backup, support </li> <li> Slide 15 </li> <li> 11.2 Backup and Restore (2/3) zB.Backup medium ymagnetic tape or optical disk ychoice based on xspeed, reliability, storage duration zC.Location for storing backup copies ysafe location yaway from the network system ylocked physically Chapter 11 Security, backup, support </li> <li> Slide 16 </li> <li> 11.2 Backup and Restore (3/3) zD. Configure the scheduled backups yschedule backup after busy hours zE. Test the ability to recover from backups regularly ytest the ability to recover regularly zF. Document the procedures in restoration ywrite steps in restoring from backup copies clearly xfor other people to restore successfully Chapter 11 Security, backup, support </li> <li> Slide 17 </li> <li> 11.3 User Training and Support (1/4) zTraining for end-users include: ybasic concept about a network yhow to trouble-shoot simple problems yhow to log on the system from a workstation yhow to access network resources yhow to perform daily backup yimportance of keeping password secret yimportance of security yimportance of avoiding virus infection Chapter 11 Security, backup, support </li> <li> Slide 18 </li> <li> 11.3 User Training and Support (2/4) zModes of Training yOrientation sessions xshow users what they have and how to use it yTraining sessions xschedule some classroom training xinteraction yJob aids xQuick reference cards, manuals, keyboard shortcuts Chapter 11 Security, backup, support </li> <li> Slide 19 </li> <li> 11.3 User Training and Support (3/4) zA. Getting support yNetwork administrators may get support from xhelp menu of NOS xdocumentation from the vendors xhotline of the vendors xforums and newsgroups on the Internet xCD-ROM/Web sites of vendors yUsers should be provided with xWeb pages for simple troubleshooting xonline documents xphone numbers for technical support Chapter 11 Security, backup, support </li> <li> Slide 20 </li> <li> 11.3 User Training and Support (4/4) zB. Types of support yOut-sourced technical support services (TSS) xcarrying out routine maintenance tasks backing up files updating OS patches keeping the stocks xsolving emergency problems failure of server, router, switches, or NOS yOptions: One or two technical staff may reside in the company Chapter 11 Security, backup, support </li> </ul>

Recommended

View more >