Slide 1
Telecommunications and Network Security
NETWORK SECURITY-ITIE533
Engr. Julius S. CansinoTelecommunications and Network SecurityAt
the end of the period, the students should be able to:Understand
the Communications and network security as it relates to voice,
data, multimedia, and facsimile transmissions in terms of local
area, wide area, and remote accessKnow the security techniques to
prevent, detect, and correct errors so that integrity,
availability, and the confidentiality of transactions over networks
may be maintainedTelecommunications and Network SecurityUnderstand
the Internet/intranet/extranet in terms of firewalls, routers,
gateways and various protocolsDetermine the communications security
management and techniques, which prevent detect, and correct errors
so that the transactions over networks may be maintaineddefined as
the management of the elements of the technology of remote
computing.Several current remote computing technologies confront a
security practitioner:Dial-Up, Async, and Remote Internet
Connectivity Digital Subscriber Line (xDSL) Integrated Services
Digital Network (ISDN) Wireless computing mobile and cellular
computing, andPersonal Digital Assistants (PDAs) Cable modemsRemote
Access Security ManagementRemote Access Security ManagementSecuring
Enterprise and Telecommuting Remote ConnectivitySecuring external
connections (such as Virtual Private Networks (VPNs), Secure
Sockets Layer (SSL) Secure Shell (SSH-2), and so forth)Remote
access authentication systems (such as RADIUS and TACACS)Remote
node authentication protocols (such as Password Authentication
Protocol (PAP) andChallenge Handshake Authentication Protocol
(CHAP))Remote Access Security ManagementRemote User Management
IssuesJustification for and the validation of the use of remote
computing systemsHardware and software distributionUser support and
remote assistance issuesIntrusion Detection (ID) and
ResponseIntrusion Detection (ID) and Response is the task of
monitoring systems for evidence of an intrusion or an inappropriate
usage.This includes notifying the appropriate parties to take
action in order to determine the extent of the severity of an
incident and to remediate the incidents effects.This is not a
preventative functionIntrusion Detection (ID) and ResponseIDS Major
ConceptsCreation and maintenance of intrusion detection systems and
processes for the following:Host or network monitoringEvent
notificationCreation of a Computer Incident Response Team (CIRT)
for the following:Analysis of an event notificationResponse to an
incident if the analysis warrants itEscalation path
proceduresResolution, post-incident follow-up, and reporting to the
appropriate partiesIntrusion Detection SystemFundamental Variations
of how IDS worksNetwork vs Host-Based ID SystemNetwork-based ID
SystemsComonly reside on a discrete network segment and monitor the
traffic on that network segmentUsually consist of a network
appliance with a network Interface Card that is operating in
promiscuous mode and is intercepting and anlyzing the network
packets in real time.Host-based ID systemsUse small programs
intelligent agents, which reside on a host computer, and monitor
the operating system continuallyWrite to log files and trigger
alarmsDetect inappropriate activity only on the host computer
Intrusion Detection SystemsKnowledge- vs. Behavior Based ID
SystemSystems use a database of previous attacks and known system
vulnerabilities to look for current attempts to exploit their
vulnerabilities, and trigger an alarm if an attempt is
found.Intrusion Detection SystemAdvantages of a knowledge-based ID
System:This system is characterized by low false alarm rates (or
positives).Their alarms are standardized and are clearly
understandable by security personnel.Disadvantages of
knowledge-based ID System:This system is resource-intensive the
knowledge database continually needs maintenance and updatesNew,
unique, or original attacks often go unnoticed.
Intrusion Detection SystemBehavior-based ID SystemSystems
dynamicaly detect deviations from the learned patterns of user
behavior and an alarm is triggered when an activity is considered
intrusive occurs.Intrusion Detection SystemAdvantages of a
behavior-based ID system:The system can dynamically adapt to new,
unique, or original vulnerabilities.A behavior-based ID system is
not as dependent upon specific operating systems as a
knowledge-based ID systemDisadvantages of a behavior based ID
system:The system is characterized by high false alarm rates. High
positives are the most common failure of ID systems and can create
data noise that makes the system unusable.The activity and behavior
of the users while in the networked system may not be static enough
to effective implement a behavior-based ID systemComputer Incident
ResponseManagement consist of the ff:Coordinating the notification
and distribution of information pertaining to the incident to the
appropriate parties (those with a need to know) through a
predefined escalation pathMitigating risk to the enterprise by
minimizing the disruptions to normal business activities and the
costs associated with remediating the incident (including public
relations)Assembling teams of technical personnel to investigate
the potential vulnerabilities and to resolve specific
intrusionsComputer Incident ResponseNetwork Availabilityan area of
the Telecommunications and Network Security domain that directly
affects the Information Systems Security tenet of
AvailabilityRAIDRedundant Array of Inexpensive DisksIts primary
purpose is to provide fault tolerance and protection against file
server hard disk crashesimprove system performance by caching and
distributing disk reads from multiple disks that work together to
save files simultaneously.Computer Incident ResponseFailure
Resistant Disk Systemprotect file servers from data loss and a loss
of availability due to disk failure.It provides the ability to
reconstruct the contents of a failed disk onto a replacement disk
and provides the added protection against data loss due to the
failure of many hardware parts of the server.
BACK UP Concepts The purpose of a tape backup method is to
protect and/or restore lost, corrupted, or deleted information,
thereby preserving the data integrity and ensuring network
availability.
BACK UP ConceptsBack Up Basic Methods:Full Back Up MethodThis
backup method makes a complete backup of every file on the server
every time it is run.The method is primarily run when time and tape
space permits, and is used for system archive or baseline tape
sets.Incremental Back up MethodThis backup method only copies files
that have been recently added or changed (that day) and ignores any
other backup set.It is usually accomplished by resetting the
archive bit on the files after they have been backed up.
BACK UP ConceptsDifferential Backup MethodThis backup method
only copies files that have changed since a full backup was last
performed.This type of backup is additive because the time and tape
space required for each nights backup grows during the week as it
copies the days changed files and the previous days changed files
up to the last full backup.BACK UP CONCEPTSTape Format TypeDigital
Audio TapeDigital Audio Tape can be used to backup data systems in
addition to its original intended audio uses.Quarter Inch Cartridge
drivesThis format is mostly used for home/small office backups, has
a small capacity, and is slow, but inexpensive.8mm TapeThis format
is commonly used in Helical Scan tape drives, but was superseded by
Digital Linear Tape (DLT).Digital Linear TapeThe tape is 4mm in
size, yet the compression techniques and head scanning process make
it a large capacity and fast tape.Common Back Up Issues Slow Data
Transfer of the BackupDepending upon the volume of data that needs
to be copied, full backups to tape can take an incredible amount of
time Server Disk Space Utilization Expands Over TimeAs the amount
of data that needs to be copied increases, the length of time to
run the backup proportionally increases and the demand on the
system grows as more tapes are required.Single Point of FailuresThe
Time the Last Backup Was Run Is Never the Time of the Server
CrashWith non-continuous backup systems, data that was entered
after the last backup prior to a system crash will have to be
recreatedSingle Point of FailuresManaging Single Points of Failure
an element in the network design that, if it fails or is
compromised, can negatively affect the entire network.Network
design methodologies expend a lot of time and resources to search
for these points; here we have provided only a few.Single Point of
FailuresCabling FailuresCoaxial These are coaxial cables with many
workstations or servers attached to the same segment of cable,
which creates a single point of failure if it is broken. Exceeding
the specified effective cable length is also a source of cabling
failTwister PairTwisted Pair cables currently have two categories
in common usage: CAT3 and CAT5.The difference between these two
types is how tightly the copper wires are wound.This tightness
determines the cables resistance to interference, the allowable
distance it can be pulled between points, and the datas
transmission speed before attenuation begins to affect the
signal.Single Point of FailuresCabling Failures Fiber OpticFiber
Optic cable is immune to the effects of electromagnetic
interference (EMI) and therefore has a much longer effective usable
length (up to two kilometers in some cases).It can carry a heavy
load of activity much easier than the copper types, and as such is
commonly used for infrastructure backbones, server farms, or
connections that need large amounts of bandwidth. Single Point of
FailuresTopology FailuresEthernetThe older coaxial cable has been
widely replaced with twisted pair, which is extremely resistant to
failure, especially in a star-wired configuration.Token RingToken
ring was designed to be a more fault-tolerant topology than
Ethernet, and can be a very resilient topology when properly
implemented.Fiber Distributed Data InterfaceFDDI is a token-passing
ring scheme like a token ring, yet it also has a second ring that
remains dormant until an error condition is detected on the primary
ring.Single Point of FailuresTopology FailuresLeased LineLeased
lines, such as T1 connections and Integrated Services Digital
Network (ISDN) lines, can be a single point of failure and have no
built-in redundancy like the Local Area Network (LAN) topologies.A
common way to create fault tolerance with leased lines is to group
several T1s together with an inverse multiplexer placed at both
ends of the connection.Frame RelayFrame relay uses a public
switched network to provide Wide Area Network (WAN)
connectivity.Frame relay is considered extremely fault-tolerant
because any segment in the frame relay cloud that is experiencing
an error or failure diverts traffic to other links.Other Single
Point of FailuresPower FailureBlackouts, brownouts, surges, and
spikes are all examples of power fluctuations that can seriously
harm any electronic equipment.Network Attacks and Abusesattacks are
constantly evolving this is probably the most dynamic area of
Information Security today.Large teams and huge amounts of money
and resources are dedicated to reacting to the latest twists and
turns of intrusions into networked systems, particularly on the
Internet.Other Single Point of FailuresGeneral Classes of Network
AbusesClass A: Unauthorized Access of Restricted Network Services
by the Circumvention of Security Access ControlsClass B:
Unauthorized Use of a Network for Non-Business PurposesClass C:
EavesdroppingClass D: Denial of Service and Other Service
DisruptionsClass E: Network IntrusionClass F: ProbingNetwork Attack
and AbusesDenial of Service (DoS) AttacksFilling up a targets hard
drive storage space by using huge email attachments or file
transfersSending a message, which resets a target hosts subnet
mask, causing a disruption of the targets subnet routingUsing up
all of a targets resources to accept network connections, resulting
in additional network connections being deniedNetwork Attack and
AbusesTypes of D o S:Buffer Overflow Attackoccurs when a process
receives much more data than expected.SYN Attackoccurs when an
attacker exploits the use of the buffer space during a Transmission
Control Protocol (TCP) session initialization handshake.Teardrop
Attackconsists of modifying the length and fragmentation offset
fields in sequential Internet Protocol (IP) packets.Smurf uses a
combination of IP spoofing and ICMP to saturate a target network
with traffic, thereby launching a denial of service attack.Network
Attack and AbusesSession Hijacking AttacksIP Spoofing AttackUnlike
a Smurf attack where spoofing is used to create a DoS attack, IP
spoofing is used to convince a system that it is communicating with
a known entity that gives an intruder access.TCP Sequence Number
Attacks.TCP sequence number attacks exploit the communications
session, which was established between the target and the trusted
host that initiated the session.SummaryIn this lesson, you have
learned:Remote access security managementIntrusion detection and
responseIntrusion Detection SystemIncident ResponseBackup
concepts
33SummaryIn this lesson, you have learned:Common Backup
Issuesbiometric typesSingle Point FailuresNetwork Attack and
Abuses
34-END-Any Questions?Thank You!
