Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×


Wird geladen in …3

Hier ansehen

1 von 51 Anzeige

Weitere Verwandte Inhalte

Ähnlich wie ANS_Ch_06_Handouts.pdf (20)


Aktuellste (20)


  1. 1. DILLA UNIVERSITY COLLEGE OF ENGINEERING & TECHNOLOGY School of Computing & Informatics M. Sc in Computer Science & Networking By Chapter-06 Dr. Ananda Kumar K S M.Tech, Ph.D Associate Professor, School of Comp & Info Email: anandgdk@du.edu.et COET, Dilla University 1 Course Number CN6122 Course Title Advanced Network Security
  4. 4. • Creation of information security program includes: – Creation of policies, standards, and practices, selection or creation of information security architecture and the development – Use of a detailed information security blueprint creates plan for future success – Creation of contingency planning consisting of incident response planning, disaster recovery planning, and business continuity plans • Without policy, blueprints, and planning, organization is unable to meet information security needs of various communities of interest Introduction 4 COET, Dilla University
  5. 5. Information Security Policy, Standards and Practices • Communities of interest must consider policies as basis for all information security efforts • Policies direct how issues should be addressed and technologies used • Security policies are least expensive controls to execute but most difficult to implement • Shaping policy is difficult 5 COET, Dilla University
  6. 6. COET, Dilla University Shaping Policy Difficult • Never conflict with laws • Standup in court if challenged • Be properly administered through dissemination and documented acceptance 6
  7. 7. Policy • Plan or course of action • Convey instructions • Organizational laws • Dictate acceptable and unacceptable behavior 7 COET, Dilla University
  8. 8. Policy • Define – What is right – The appeal process – What are the penalties for violating policy • Written to support the mission, vision and strategic plan of organization • For a policy to be effective, must be properly disseminated, read, understood and agreed to by all members of organization 8 COET, Dilla University
  9. 9. Standards • Detail statements of what must be done to comply with policy • Types – Informal – de facto standards – Formal – de jure standards 9 COET, Dilla University
  10. 10. Mission/Vision/Strategic Plan • Mission – written statement of organization purpose • Vision – written statement of organization goals • Strategic Plan - written statement of moving the organization toward its mission 10 COET, Dilla University
  11. 11. 11 COET, Dilla University
  12. 12. Policies • Security Policy – set of rules that protects organization's assets • Information security policy – set of rules that protects an organization’s information assets 12 COET, Dilla University
  13. 13. Enterprise Information Security Policy (EISP) • General Information Security Document • Shapes the philosophy of security in IT • Executive-level document, usually drafted by or with CIO of the organization, 2-10 pages • Typically addresses compliance in two areas – Ensure meeting requirements to establish program – Responsibilities assigned therein to various organizational components – Use of specified penalties and disciplinary action 13 COET, Dilla University
  14. 14. Information Systems Security Policy (ISSP) • Issue-Specific Security Policy • Addresses specific areas of technology • Requires frequent updates • Contains a statement on the organization’s position on a specific issue 14 COET, Dilla University
  15. 15. 3 Approaches to ISSP • Create independent document tailored to a specific issue – Scattered approach – Departmentalized • Create single comprehensive document covering all issues – Centralized management and control – Tend to over generalize the issue 15 COET, Dilla University
  16. 16. Cont.. • Create a modular plan – Unified policy creation and administration – Maintain each specific issue’s requirements 16 COET, Dilla University
  17. 17. Systems-Specific Policy (SysSP) • SysSPs frequently codified as standards and procedures • used when configuring or maintaining systems • Systems-specific policies fall into two groups – Access control lists (ACLs) – Configuration rules 17 COET, Dilla University
  18. 18. ACL Policies • Restrict access from anyone & anywhere • Can regulate specific user, computer, time, duration, file • What regulated – Who can use the system – What authorization users can access – When authorization users can access – Where authorization users can access 18 COET, Dilla University
  19. 19. ACL Policies • Authorization determined by persons identity • Can regulated specific computer equipment • Regulate access to data – Read – Write – Modify – Copy – Compare 19 COET, Dilla University
  20. 20. Rule Policies • Rule policies are more specific to operation of a system than ACLs • May or may not deal with user directly • Many security systems require specific configuration scripts telling systems what actions to perform on each set of information they process 20 COET, Dilla University
  21. 21. Policy Management • Must be managed as they constantly changed and grow • Must be properly disseminated • Must be properly managed • Responsible individual – Policy administrator – manager – Not necessarily a technically oriented person 21 COET, Dilla University
  22. 22. Reviews • Schedule – Retain effectiveness in changing environment – Periodically reviewed – Should be defined and published – Should be reviewed at least annually • Procedures and practices – Recommendations for change – Reality one person draft 22 COET, Dilla University
  23. 23. Document Configuration Management • Include date of original • Includes date of revision • Include expiration date 23 COET, Dilla University
  24. 24. Information Classification • Classification of information is an important aspect of policy • Policies are classified, least for “internal use only”. • A clean desk policy stipulates that at end of business day, classified information must be properly stored and secured • In today’s open office environments, may be beneficial to implement a clean desk policy 24 COET, Dilla University
  25. 25. The Information Security Blueprint • Security Blueprint is the basis for design, selection, and implementation of – all security policies, – education and training programs, and – technological controls • More detailed version of security framework (outline of overall information security strategy for organization) • Should specify tasks to be accomplished and the order in which they are to be realized • One approach to selecting a methodology by which to develop an information security blueprint is to adopt a published model or framework for information security. 25 COET, Dilla University
  26. 26. ISO 17799 • Information technology – code of practice for information security management from • ISO (International Organization for Standards) • IEC (International Electro-technical Commission) • One of the most widely referenced and often discussed security models • ISO/IEC 17799 – Purpose – “give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization. – Provides a common basis – Must pay for these 26 COET, Dilla University
  27. 27. NIST Security Models • Another possible approach described in documents available from Computer Security Resource Center of National Institute for Standards and Technology (NIST) • Publically available at no charge • Several publications dealing with various aspects 27 COET, Dilla University
  28. 28. NIST Special Publication 800-14 • Security supports mission of organization is an integral element of sound management • Security should be cost-effective; owners have security responsibilities outside their own organizations • Security responsibilities and accountability should be made explicit; security requires a comprehensive and integrated approach • Security should be periodically reassessed; security is constrained by societal factors 28 COET, Dilla University
  29. 29. IETF Security Architecture • Internet Engineering Task Force • Security Area Working Group acts as advisory board for protocols and areas developed and promoted by the Internet Society • RFC 2196: Site Security Handbook covers five basic areas of security with detailed discussions on development and implementation 29 COET, Dilla University
  30. 30. Key Technology Components • SETA – Security Education, Training and Awareness – Employee errors among top threats – Purpose • Improve awareness of need to protect • Develop skills and knowledge • Build in-depth knowledge to design, implement, or operate security programs 30 COET, Dilla University
  31. 31. Security Education • Everyone in an organization needs to be trained and aware of information security; not every member needs formal degree or certificate in information security • When formal education for individuals in security is needed, an employee can identify curriculum available from local institutions of higher learning or continuing education • A number of universities have formal coursework in information security 31 COET, Dilla University
  32. 32. Security Training • Involves providing members of organization with detailed information and hands-on instruction designed to prepare them to perform their duties securely • Management of information security can develop customized in-house training or outsource the training program 32 COET, Dilla University
  33. 33. Security Awareness • One of least frequently implemented but most beneficial programs is the security awareness program • Designed to keep information security at the forefront of users’ minds • Need not be complicated or expensive • If the program is not actively implemented, employees begin to “tune out” and risk of employee accidents and failures increases 33 COET, Dilla University
  34. 34. 2. Computer forensics: Legal, ethical and policy issues COET, Dilla University 34
  35. 35. What is Computer Forensics?  Computer forensics (also known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media.  The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information. COET, Dilla University 35
  36. 36. Cont..  Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts. (The word forensics means “to bring to the court.”)  Forensics deals primarily with the recovery and analysis of evidence.  Evidence can take many forms, from fingerprints left on a window to DNA evidence recovered from blood stains to the files on a hard drive. COET, Dilla University 36
  37. 37. Cont..  Because computer forensics is a new discipline, there is little standardization and consistency across the courts and industry.  As a result, it is not yet recognized as a formal “scientific” discipline.  We define computer forensics as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law. COET, Dilla University 37
  38. 38. Why is Computer Forensics Important?  Adding the ability to practice sound computer forensics will help you ensure the overall integrity and survivability of your network infrastructure.  You can help your organization if you consider computer forensics as a new basic element in what is known as a “defense-in-depth” (is a military strategy that seeks to delay rather than prevent the advance of an attacker)approach to network and computer security.  For instance, understanding the legal and technical aspects of computer forensics will help you capture vital information if your network is compromised and will help you prosecute the case if the intruder is caught. COET, Dilla University 38
  39. 39. What happens if you ignore computer forensics?  You risk destroying vital evidence or having forensic evidence ruled inadmissible in a court of law.  Also, you or your organization may run afoul(conflict) of new laws that mandate regulatory compliance and assign liability if certain types of data are not adequately protected.  Recent legislation makes it possible to hold organizations liable in civil or criminal court if they fail to protect customer data. COET, Dilla University 39
  40. 40. Cont..  Computer forensics is also important because it can save your organization money.  Many managers are allocating a greater portion of their information technology budgets for computer and network security.  International Data Corporation (IDC) reported that the market for intrusion-detection and vulnerability- assessment software will reached 1.45 billion dollars in 2006.  In increasing numbers, organizations are deploying network security devices such as intrusion detection systems (IDS), firewalls, proxies, and the like, which all report on the security status of networks. COET, Dilla University 40
  41. 41. Goal of computer forensics From a technical standpoint, the main goal of computer forensics is to identify, collect, preserve, and analyze data in a way that preserves the integrity of the evidence collected so it can be used effectively in a legal case. COET, Dilla University 41
  42. 42. What are some typical aspects of a computer forensics investigation?  First, those who investigate computers have to understand the kind of potential evidence they are looking for in order to structure their search.  Crimes involving a computer can range across the spectrum of criminal activity, from child pornography to theft of personal data to destruction of intellectual property. COET, Dilla University 42
  43. 43. Cont..  Second, the investigator must pick the appropriate tools to use.  Files may have been deleted, damaged, or encrypted, and the investigator must be familiar with an array of methods and software to prevent further damage in the recovery process. COET, Dilla University 43
  44. 44. Types of data are collected in computer forensics.  Two basic types of data are collected in computer forensics.  Persistent data is the data that is stored on a local hard drive (or another medium) and is preserved when the computer is turned off.  Volatile data is any data that is stored in memory, or exists in transit, that will be lost when the computer loses power or is turned off.  Volatile data resides in registries, cache, and random access memory (RAM).  Since volatile data is ephemeral, it is essential an investigator knows reliable ways to capture it. COET, Dilla University 44
  45. 45. Legal Aspects of Computer Forensics  Anyone overseeing network security must be aware of the legal implications of forensic activity.  Security professionals need to consider their policy decisions and technical actions in the context of existing laws.  For instance, you must have authorization before you monitor and collect information related to a computer intrusion.  There are also legal ramifications to using security monitoring tools. COET, Dilla University 45
  46. 46. Cont..  Computer forensics is a relatively new discipline to the courts and many of the existing laws used to prosecute computer-related crimes, legal precedents, and practices related to computer forensics are in a state of flux.  New court rulings are issued that affect how computer forensics is applied.  The best source of information in this area is the United States Department of Justice’s Cyber Crime web site. COET, Dilla University 46
  47. 47. Three areas of law related to computer security o The first is found in the United States Constitution. o The Fourth Amendment allows for protection against unreasonable search and seizure, and the Fifth Amendment allows for protection against self-incrimination (law, the giving of evidence that might tend to expose the witness to punishment for crime). o Although the amendments were written before there were problems caused by people misusing computers, the principles in them apply to how computer forensics is practiced. COET, Dilla University 47
  48. 48. Cont.. Second, anyone concerned with computer forensics must know how three U.S. Statutory laws affect them o Wiretap Act (18 U.S.C. 2510-22) o Pen Registers and Trap and Trace Devices Statute (18 U.S.C. 3121-27) o Stored Wired and Electronic Communication Act (18 U.S.C. 2701-120) COET, Dilla University 48
  49. 49. Cont..  Third, the U.S. Federal rules of evidence about hearsay, authentication, reliability, and best evidence must be understood.  In the U.S. there are two primary areas of legal governance affecting cyber security actions related to the collection of network data: (1) authority to monitor and collect the data and (2) the admissibility of the collection methods.  Of the three areas above, the U.S. Constitution and U.S. Statutory Laws primarily govern the collection process, while the Federal Rules of Evidence deal mostly with admissibility. COET, Dilla University 49
  50. 50. References Reference Text Books: 1. Computer Forensics US-CERT Produced 2008 by US-CERT, a government organization. 2. C.Easttom, Computer Security Fundamentals, Prentice Hall, May 2005. 3. D. Russell and G.T. Gangemi, Computer Security Basics, OReilly& Associates, 1991. COET, Dilla University 50
  51. 51. THANK YOU COET, Dilla University 51