Upload
anis-ward
View
214
Download
0
Embed Size (px)
Citation preview
CPT 123 Internet Skills
Class NotesInternet Security Session A
Internet Security
Why securityServer software security problemsServer software security solutionsSecurity Policies
Internet Security
Anyone connected to the Net should be concerned about data security and the safety of their system
Internet has surpassed two million reachable hosts
Number of users unknown
Internet Security
Most Internauts are well-behavedYet there does exist ill-behaved and
malicious users within the large Internaut population
Individual user that runs Internet clients seldom has anything to be concerned about
Internet Security
The office network; business networks; and government networks, on the other hand, have much to be concerned about when it comes to legacy data on their systems
Their systems could come under an INTERNAUT ATTACK
There is hope
Internet Security
In the nut shell, security is the process of keeping anyone from doing things you don’t want them to do to with, on, or from computers or peripheral devices
Determine what resources need to be protected
Internet Security
Now computers running software with sensitive legacy data is a resource to protect
Software with configuration files may contain sensitive information must be protected
Internet Security
A hacker, cracker, or attacker who compromises or impersonates a host will have access to all of its resources: files, hard drives, etc..
Internaut attackers may be more interested in the laundry further ongoing connections to other more targets.
Internet Security
Defining what needs protecting in general dictates the host-specific measures needed
Machines running sensitive files may need extra levels of passwords, file encryption, a password policy, etc..
Internet Security
If the target is network connection, the network administrator may ask for certain privileges to access the network
When these privileges are activated, extra logging activities may take place on the system
Sometimes if you want to protect all resources Internaut attackers must be stopped at the front door
Internet Security
Not all attacks come from the outsideMust define who the system must be
protected fromDifferent levels of attacks require
different levels of security
Internet Security
Security against a teenager with a modem may not be good enough for an intelligent, malicious, dedicated group of individuals
For the teenager an enhanced password system may do the job
For the others wiretapping, cryptanalysis, or monitoring the electronic emissions of computers and wires may be needed
Internet Security
The security defenses are proportional to the value of the resources and assets to be protected
Yet the cost of security on the system is also a factor
Some systems may require extra routers or computers to build a firewall gateway
Internet Security
There is also the cost of training or hiring individuals to administer the security, develop security software, or to buy security software
Too much or too little can hurt a systemKeeping hackers, crackers, or attackers
off your system depends on how assets are valued
Internet Security
An Internaut attacker that enters the system will be able to send nasty notes or data from the system, using a legal user ID or may use the system to enter other systems pretending to be one of the systems users
Internet Security
Due to the dynamic nature of the environment server software is often developed rapidly and has not passed rigorous security testing and may have serious vulnerabilities
Yet, there are tools and protocols to protect the system from being compromised
Internet Security
Yes, the largest threat exists when you decide to serve information on the Internet
When an information server is placed on the Internet, it should reside in a system designed and dedicated solely for such a purpose
Only information to be distributed should reside on that system
Internet Security
Make the assumption that information on the system will be available to the Internet public
Therefore, the server system should be disconnected from the rest of a systems network to provide minimum security exposure
Internet Security
Not always practical therefore a firewall or a firewall gateway may be necessary
A firewall gateway is to serve the line of trust at certain key points
It trust only a few other machines and only for certain functions
Internet Security
A firewall is a perimeter defenseFirewalls do not provide any protection
once an Internaut attacker has passed them
A firewall is one or more components of a network that permits only authorized inbound and outbound traffic
Internet Security
Firewalls have a higher security profile than any other component on the network
A firewall usually sits between the Internet and the local network
It provides extensive tools to enforce a security policy and is meant to screen client and server request