CPT 123 Internet Skills

Class NotesInternet Security Session A

Internet Security

Why securityServer software security problemsServer software security solutionsSecurity Policies

Internet Security

Anyone connected to the Net should be concerned about data security and the safety of their system

Internet has surpassed two million reachable hosts

Number of users unknown

Internet Security

Most Internauts are well-behavedYet there does exist ill-behaved and

malicious users within the large Internaut population

Individual user that runs Internet clients seldom has anything to be concerned about

Internet Security

The office network; business networks; and government networks, on the other hand, have much to be concerned about when it comes to legacy data on their systems

Their systems could come under an INTERNAUT ATTACK

There is hope

Internet Security

In the nut shell, security is the process of keeping anyone from doing things you don’t want them to do to with, on, or from computers or peripheral devices

Determine what resources need to be protected

Internet Security

Now computers running software with sensitive legacy data is a resource to protect

Software with configuration files may contain sensitive information must be protected

Internet Security

A hacker, cracker, or attacker who compromises or impersonates a host will have access to all of its resources: files, hard drives, etc..

Internaut attackers may be more interested in the laundry further ongoing connections to other more targets.

Internet Security

Defining what needs protecting in general dictates the host-specific measures needed

Machines running sensitive files may need extra levels of passwords, file encryption, a password policy, etc..

Internet Security

If the target is network connection, the network administrator may ask for certain privileges to access the network

When these privileges are activated, extra logging activities may take place on the system

Sometimes if you want to protect all resources Internaut attackers must be stopped at the front door

Internet Security

Not all attacks come from the outsideMust define who the system must be

protected fromDifferent levels of attacks require

different levels of security

Internet Security

Security against a teenager with a modem may not be good enough for an intelligent, malicious, dedicated group of individuals

For the teenager an enhanced password system may do the job

For the others wiretapping, cryptanalysis, or monitoring the electronic emissions of computers and wires may be needed

Internet Security

The security defenses are proportional to the value of the resources and assets to be protected

Yet the cost of security on the system is also a factor

Some systems may require extra routers or computers to build a firewall gateway

Internet Security

There is also the cost of training or hiring individuals to administer the security, develop security software, or to buy security software

Too much or too little can hurt a systemKeeping hackers, crackers, or attackers

off your system depends on how assets are valued

Internet Security

An Internaut attacker that enters the system will be able to send nasty notes or data from the system, using a legal user ID or may use the system to enter other systems pretending to be one of the systems users

Internet Security

Due to the dynamic nature of the environment server software is often developed rapidly and has not passed rigorous security testing and may have serious vulnerabilities

Yet, there are tools and protocols to protect the system from being compromised

Internet Security

Yes, the largest threat exists when you decide to serve information on the Internet

When an information server is placed on the Internet, it should reside in a system designed and dedicated solely for such a purpose

Only information to be distributed should reside on that system

Internet Security

Make the assumption that information on the system will be available to the Internet public

Therefore, the server system should be disconnected from the rest of a systems network to provide minimum security exposure

Internet Security

Not always practical therefore a firewall or a firewall gateway may be necessary

A firewall gateway is to serve the line of trust at certain key points

It trust only a few other machines and only for certain functions

Internet Security

A firewall is a perimeter defenseFirewalls do not provide any protection

once an Internaut attacker has passed them

A firewall is one or more components of a network that permits only authorized inbound and outbound traffic

Internet Security

Firewalls have a higher security profile than any other component on the network

A firewall usually sits between the Internet and the local network

It provides extensive tools to enforce a security policy and is meant to screen client and server request