G061 - Network Security

Learning Objective:

• explain methods for combating ICT crime and protecting ICT systems

Network Security

• ICT crime often deliberate act of theft– stealing data (whether viewing or taking),

– stealing software or equipment.

• natural disasters and mistakes by humans can also cause data to be lost or equipment to be damaged

• networked computers are prone to security problems:– hacking (unauthorised access), – viruses, spyware, malware

Network Security

Preventative measures:

• Physical Security

• Logical Security

Physical Security• lock the computer up

– entry measures to get into room/building

• security guards/CCTV cameras

• no floppy/CD/DVD drives– prevents copying & theft of data

– prevents virus being transferred onto computer system

• disable USB ports– memory sticks/removable HDD can’t be used

Software Security• firewalls,• backup,• encryption,• biometric security,• software patches & updates,• ‘anti-virus’ & anti-spyware software,• access rights,• auditing,• education of users,• user IDs, & passwords

– methods for ensuring passwords remain effective

Firewall• network security device

– stands between a network and the outside world

– can either be hardware and/or software based.

– examines data packets moving into and out of the system

• configured to permit or deny connections

– using a set of rules

– access is denied if not allowed by the rules

– rules set using the organization's security policy• configured by the system administrator

– checks data sent by users and applications

– filters websites users are permitted to visit

Backup• making copies of current data

– in case the originals are lost or corrupted (or stolen)

• back-up is made to removable storage media– memory stick, portable HDD, CD-R, DVD-R, magnetic tape….

• back-up copy is stored off-site – or in different location

• data can be restored from the back-up if required

EncryptionWhat is encryption?

• the process of disguising messages – so that only the intended recipient can understand them.

– encrypted data can only be understood by reversing the encryption process (decryption)

• data is sent in a scrambled form. – uses a random process set up using a special key value

• the data is then decoded at receiver– by reversing the encryption process (decryption)

Biometric Security• technology used to measure some feature of a person

– in order to identify them within a security system

• fingerprint– scans fingerprint, finds identifying unique marks,

– matches/does not match to record in system

• voice recognition• retina scans• facial recognition• DNA

Software patches & updates • corrects loopholes & bugs in software

– stops hackers exploiting them and gaining access

• must regularly update virus data files– so new viruses can be detected

• regular security patches to operating systems & applications– to combat security loopholes & bugs

Viruses• a virus is a piece of software that is designed to:

– cause deliberate harm to data stored on a computer

– replicate itself so that it transfers to other computers

• removable media used in an infected system can then carry the virus to another machine

• programs downloaded from the Internet can also spread a virus.

SpywareWhat?:•collects information about a person or organisation

– without the user’s knowledge

•can track a user’s keystrokes – to find out what is being typed, including passwords

Why?:•can be used to pass information on to advertisers

•can be used to find out usernames and passwords– used to hack into a user’s bank account

Virus & Spyware Protection • install anti-virus software on all computers

– detects viruses & malware (e.g. spyware)

– allows removal of infected code from file

– allows deletion of infected files

• must regularly update virus data files

Access Rights• data is commercially valuable

– could be stolen or damaged/modified

• may want to restrict access to data – so that no unauthorised changes can be made

• different users are given different access rights to data

• legal restrictions on the access to personal data– DPA

Levels of Access

None user cannot obtain information nor change data

Read only user can obtain information but not change the data

Read/write user can change data as well as obtain information

Append only user cannot change existing data but can add new data

Full administrator/supervisor level - can perform all operations

Audit Logs• logs are maintained automatically by the system

• audit logs track:– who did what,

– at which workstation,

– when it occurred.

• logs can be used to see which member of staff:– accessed particular files

– other resources

– web pages.

User IDs & PasswordsWhy?• allow access to user areas

– stop unauthorised access

– protect data

• to make individual users members of groups– allow access to files based on access rights

– allow access to resources – printers, software

• to be able to monitor use– audit logs

• to comply with the law– DPA

User IDsEffectiveness of user ID maintained by:• must be unique

– so can be sure who is doing what

• can be suspended when user is away– e.g. on holiday, leaves the company ….

• can be linked to resources– an individual machine

– software applications

– times of use

PasswordsEffectiveness of password maintained by:

1. Network Manager:– force password change frequently

– make minimum length password

– make unrecognisable words only (not in dictionary)

– must contain numbers and letters (& punctuations)

– cannot reuse passwords

– 3 incorrect password attempts account is locked

2. User:– not writing password down

– make it something others can’t guess – not personal

– make sure no one is looking when you type it in