Summary of Systems Security Techniques
Even though I have been told my “reports” are boring, I am posting yet another…
With the convenience of technology and the advantages in increasing productivity and simplicity it has delivered, a deviant world has emerged. This deviance is in the form of multiple variations of attacks on computer technology and the data contained within.
SYSTEMS ASSURANCE
Summary of Security Techniques
David Wheeler
Purdue University Calumet
ITS 454, Section 1
Due: February 12, 2008
Abstract
With the convenience of technology and the advantages in increasing productivity and simplicity it has delivered, a deviant world has emerged. This deviance is in the form of multiple variations of attacks on computer technology and the data contained within. Various tools and protocols exist in networking technology to authenticate networked data to ensure security and the identity of both parties involved in the transmission. Additional tools and techniques exist to prevent, detect, and deter unauthorized access to systems. Using these tools in layers will help ensure a more secure, stable networking system. Implementation of these techniques is necessary to not only prevent unauthorized access but to ensure the authenticity of data transmissions.
Summary of Security Techniques
This essay will discuss various tools and techniques used to develop and implement a more secure computer networking system. This essay will begin with an introduction of the need for computer security. In the introduction, the need for security, I intend to summarize the need for security techniques and the losses which may occur due to attacks or misuse. Once a solid ground of the need for systems security has been established, the essay will shift to a brief introduction of various security techniques. For each technique I intend to list the associated advantages and disadvantages. The essay will conclude with a summary on the need to layer the techniques in order to provide multiple layers of security.
The Need for Security
It is obvious that individuals, companies, and organizations depend on their networking systems. Organizations insist on the need for reliable, accurate transmission and storage of computer data. Lost, corrupt, or inaccurate data could lead to lost revenue, increased man-hours, and even legal actions depending on the intensity and necessity of the data. Various forms of attack techniques exist which put computer networks and their data at risk each day. In addition to these attack techniques, operator error and misuse are also vital sources of information loss and unauthorized access. Defense mechanisms exist to block unauthorized access and to prevent data corruption or loss.
Security Policies
Organizations should have security policies in place specifically outlining how an organization should defend against unauthorized traffic and how the organization’s employees should use the computer systems. A security policy is a statement that exactly defines what defenses will be configured to block unauthorized access, what constitutes acceptable use of network resources, how the organization will respond to attacks, and how employees should use the organizations resources to prevent and discourage the loss or damage to data (Weaver, 2007). For a security policy to work effectively, employees of an organization must be trained and understand the security policies. A security policy will only be advantageous if, and only if it is enforced and maintained. Security policies must be updated with changes in business configurations and the introduction of new technology.
Determining Security Needs
The security needs of an organization’s network are dependant on the organization’s operations. The security required of a system depends on what information it processes, for what purposes, the sensitivity of transmitted data, and the availability necessity of data (Boran, 2000). Security is based on three elements: confidentiality, integrity, and availability (Convery, 2004). Security needs of a system concentrate on the triad of these three elements. For example, a system may not contain highly confidential data, but must have a six-sigma uptime rating. In this example, the system described has high availability requirements and low confidentiality of data. However, the system does have a high confidentiality rating in order to defend against DoS, denial-of-service, attacks. In another example, a system may contain highly classified data and need to be available 100% of the time. In this example not only does the organization have an extremely high need for confidentiality, it also has an increased need for integrity and availability. Using various tools, techniques, and policies will help an organization achieve the levels of the triad it requires.
Cryptography
Encrypting data transmissions will help prevent and deter unauthorized access to information. Cryptography is the technique of writing of converting information into a secret, encrypted code. Cryptography can be used to protect data from theft, unauthorized modification, and authentication purposes (Kessler, 2007). These goals are achieved through the use of symmetric cryptography, asymmetric cryptography and hash functions. Hash functions use a mathematical transformation to irreversibly “encrypt” information (Kessler, 2007).
Symmetric (Secret Key) Cryptography
Symmetric cryptography, secret key encryption, uses a single key for both encryption and decryption activities. Secret key cryptography can be categorized as being either stream ciphers or block ciphers. Stream ciphers operate on a single bit at a time and implement a feedback mechanism so that the key constantly changes. A block cipher encrypts one block of data at a time using the same key on each block (Kessler, 2007).
Asymmetric (Public Key) Cryptography
Asymmetric cryptography, public key encryption, uses a key for the encryption process and a different key for the decryption process. As stated, public key encryption requires a different key for encryption and decryption. One of the keys is designated as a public key and the other is designated as a private key. The public key, used for encoding information, may be prescribed to others as necessary while the private key is kept privately by the decoder. When the decoder receives the encoded message it uses the private key to decode the information. In contrast, a sender may encode information using their private key and the receiver may decode the information using their public key. This contrasting scenario is an example of non-repudiation. Non-repudiation ensures that the send can’t deny sending the message since their private key was used to encrypt the information (Weaver, 2007).
Firewall
A firewall is a network device that has the capability to implement access control or other security techniques to enforce a particular traffic policy at a given point in a network (Convery, 2004). This capability to restrict traffic is possible using rules set in the firewall’s configuration. A firewall is the first level of defense for a network. The firewall, acting as a perimeter defense, blocks unwanted traffic from entering the network similar to a wall or mote surrounding a medieval castle. The perimeter defense mechanism acts as a choke point such as a castle’s perimeter doors and mote bridges (Sheldon, 2001). The organizational structure of the castle allows traffic, i.e. people, to leave and enter the castle structure using these choke points. External traffic is not allowed to enter the castle unless the doors and bridges are opened, similar to authorized, open ports in a network firewall. A firewall uses one or more of three methods to control traffic flowing in and out of a network. These three primary methods include Packet Filtering, Proxy Services, and Stateful Inspection (Tyson, 1999).
Packet filtering is where packets are analyzed against a set of filtering rules. Packets matching these filter rules are allowed to pass through the network while packets not meeting the rules are discarded (Tyson, 1999). Packet filtering works similar to a coffee filter. For example, a coffee filter is designed to let water flow through (i.e. approved packets) while the coffee grounds (i.e. unapproved packets) are kept out.
According to Indiana University’s Information Technology Knowledge Base, a proxy, or application level gateway, is a computer that acts as a gateway between a local network and a larger-scale network (such as the Internet (Indiana Univeristy, 2007).) A proxy server works by taking all incoming data entering on one port and forwarding that data to the rest of the network using another port. Blocking direct access between two networks provides additional security by preventing malicious mapping of the internal network.
The Stateful Inspection technique works similar to the Packet Filtering technique. In a Stateful Inspection, key parts of incoming packets are compared to a database of trusted information which is obtained by monitoring outgoing traffic for defining characteristics (Tyson, 1999). Incoming information is compared to the characteristics of the outgoing information. If the comparison provides a reasonable match, the information is allowed to pass through. If the comparison is not an appropriate match, the packets are discarded.
The safest firewall would block all traffic, but that defeats the purpose of making the connection, so you need to strictly control traffic in a secure way (Sheldon, 2001). It is important to control traffic coming in and out of a network. There are various attack methods a properly configured firewall may help prevent against. These attack methods include remote login, application backdoors, SMTP session hijacking, operating system bugs, and source routing (Tyson, 1999). Accessing a system is possible using open ports. If the firewall is blocking all unnecessary ports, many of these techniques will not work.
Operating System Security
An operating system provides two main functions: managing the resources available to the computer system and providing a reliable, stable, secure and consistent interface for applications to access the computer’s resources (Peikari & Fogie, 2004). An operating system is the primary software allowing a user to interface and take advantage of a computer’s power. User interaction with the operating system, whether through direct access or software, exposes the operating system to threats. Many operating system security techniques exist to prevent malicious attacks. It is important to use user accounts with passwords enabled. The use of password protection will prevent unauthorized users access. In addition to password protection it is also important to use firewalls, ant-virus software and ant-spyware software.
Implementing a Firewall is necessary to secure the perimeter of a computer system. As mentioned previously, a firewall is a network device that has the capability to implement access control or other security techniques to enforce a particular traffic policy at a given point in a network (Convery, 2004). Different forms of firewalls exist ranging from hardware to software based. Microsoft Windows XP Service Pack 2 and Microsoft Vista both come with a software based firewall implemented by default.
In addition to securing the perimeter of the computer system it is also necessary to use virus prevention and spyware detection software for passive and active monitoring of applications and the overall state of the computer system. Anti-virus software is software that is designed to detect viruses and prevent them from infecting the computer system. Anti-spyware programs are programs which protect a computer system against spyware.
Virus scanning refers to the process of examining files or e-mail messages for file names, file extensions, or other indications that viruses are present (Weaver, 2007). Anti-virus software works by comparing executable code of applications to patterns contained in the Anti-virus application’s signature file. If the pattern of the signature file matches the pattern in the application, the file is determined to contain a virus. Many anti-virus applications provide options to quarantine, clean, or delete the infected file. These options vary by anti-virus applications and the specific infection present.
Spyware is a form of Malware that is often associated with Browser Hijacking, Key loggers, and sending Web browsing habits to 3rd parties (University at Albany, n.d.). Anti-spyware applications work similar to anti-virus software in that that compare applications, filenames, and operating system characteristics to a database of known malware applications. In the event the criteria of a specimen matches the database, the specimen is determined to be spyware. Most Anti-spyware applications provide options to remove the applications (when possible).
Virtual Private Networks (VPN)
A virtual private network provides a way for computers or computer networks to connect and communicate securely by using the same public communication channels available on the Internet (Weaver, 2007). The technique of VPN routing is “virtual” since the path taken between connections, the tunnel, is not static in that it may change based on performance requirements and server loads on the external network. Only specified computers or networks may connect to the communication tunnel. Information transmitted in a VPN is encrypted. Outsiders to the VPN tunnel cannot decrypt the information without the appropriate decipher algorithm. VPNs can use public Internet connections and still provide a high level of security because they perform a core set of activities: encapsulation, encryption, and authentication (Weaver, 2007). Various tunneling protocols exist to handle communication with various operating system platforms.
Network Address Translation (NAT)
Network address translation (NAT) translates internal network addresses into external interface addresses (Weaver, 2007). This translation hides the internal network addressing scheme from outside sources. In the event an attacker determines IP Addresses of the internal network it becomes possible for port scans to be run on the specific addresses to determine the location of open ports. Using NAT hides these internal networking addresses making it less possible to run port scans on internal network addresses. By lessening the possibility of finding open ports it limits the vulnerability of the system.
Intrusion Detection Systems
Intrusion detection systems are used to detect behaviors that may compromise the security of a computer system. These attacks include network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (Wikipedia, 2008). An intrusion detection system consists of sensors to monitor activities and to determine security events, consoles to monitor events and alerts, and a centralized engine which logs event records in a database and uses system rules to generate alerts in the event an intrusion has occurred.
Access Control
Access control involves the use of using authentication, authorization and audits to control physical access to a system. Access control systems provide the services of identification, authentication, authorization and accountability (Wikipedia, 2008). Identification and authentication commonly uses one of four authentication factors: something you know such as a PIN number, something you have such as a token, something you are such as a biometric, or where you are located (Wikipedia, 2008). Authorization determines the access restrictions a user possesses. These access restrictions may restrict or grant access to read, write, and execute capabilities on a system. Audits are conducted to ensure accountability. For instance, a user logged on used various authentication techniques can be held liable for activity taking place through their account.
Password Security
All of the system protection tools and techniques can easily be defeated if an account password is broken by a malicious entity. Strong passwords exist in order to minimize the possibility of someone guessing or breaking the password. There are several guidelines intended to strengthen passwords. The use of strong passwords acts as a firm deterrent against password guessing attacks, and buys additional time against other attacks (Security Stats, 2000). It is recommended to create passwords using upper and lower case letters and include numeric characters. Best practices indicate that a strong password should be at least 8 alpha-numeric characters. Additionally, it is not recommended to use any dictionary word, birth date, or location as a password.
Conclusions
Each of the security techniques discussed possesses their own advantages and disadvantages. No security system should be based off of one single security technique. In a networking system or local system it is advised to develop multiple levels of security techniques arranged in a layered boundary of defense. Each layer is responsible for its own security technique while providing a failsafe to preceding techniques that may have failed or been compromised. When developing a secure system, it is also necessary to consider system resources and organizational requirements. Often the more levels of security the more resource intensive the security system. When establishing security techniques it is important to consider the needs of the business or organization. The security techniques should establish security protocols without inhibiting business. Additionally, all of the security techniques in the world will not be effective if proper policies and enforcement guidelines are not developed and maintained by the organization. Security tools and techniques are useless without proper enforcement and education of the system’s users.
References
Boran, S. (2000). IT Security Cookbook. Retrieved February 11, 2008, from the Boran
Consulting Website: http://www.boran.com/security/IT1x-5.html
Convery, S. (2004). Network Security Architectures. Indiana: Cisco Press.
Kessler, G. (2007). An Overview of Cryptography. Retrieved February 11, 2008 from the
GaryKessler.net Website: http://www.garykessler.net/library/crypto.html
Peikari, C. & Fogie, S. (2004). Operating System Overview. Retrieved February 11, 2008
from the informIT Website:
http://www.informit.com/guides/content.aspx?g=security&seqNum=15
Sheldon, T. (2001). Firewall. Retrieved February 11, 2008 from the Linktionary Website:
http://www.linktionary.com/f/firewall.html
Tyson, J. (1999). How Firewalls Work. Retrieved February 11, 2008 from the
Howstuffworks Website: http://computer.howstuffworks.com/firewall1.htm
Unknown. (2007). Intrusion detection system. Retrieved February 11, 2008 from the
Wikipedia Website: http://en.wikipedia.org/wiki/Intrusion_detection_system
Unknown (2007). What is a proxy server. Retrieved February 11, 2008 from the Indiana
University Knowledge Base Website: http://kb.iu.edu/data/ahoo.html
Unknown (2008). Access control. Retrived February 11, 2008 from the Wikipedia
Website: http://en.wikipedia.org/wiki/Access_control
Unknown (2008). Tips for choosing a good password. Retrieved February 11, 2008 from
the SecruityStats.com Website:
http://www.securitystats.com/tools/password2.html
Unknown. (n.d.). Information Security Glossary. Retrieved February 11, 2008 from the
Office of the CIO University at Albany Website:
http://www.albany.edu/its/glossary.htm
Weaver, R. (2007). Guide to Network Defense and Countermeasures. Massachusetts:
Thomson Course Technology.