ATS 7 - 1

The Art of Tech SupportJohn Abbott College

InfoSec for Tech Support -- Part 2

M. E. Kabay, PhD, CISSP

Director of Education, NCSA

President, JINBU Corp

Copyright © 1997 JINBU Corp.

All rights reserved

ATS 7 - 2

More about InfoSec. . .

DPMRP Levels of InfoWar Defences

ATS 7 - 3

DPMRP

Disaster Prevention, Mitigation and Recovery Planning

– prevent: good security, planning reduces likelihood of incident

– mitigation: minimize consequences of incident

– recovery: get back in business as fast as possible given resources available

– planning: think, discuss, argue and test before the incident, not during the incident

AKA “Business Resumption Planning” or BRP; also “Disaster Recovery Planning” = DRP

ATS 7 - 4

VIDEO:When Disaster

StrikesCommonwealth Films

Boston, MA

Take detailed notes on the following video and submit a one-page or longer summary of the key points you learned. Submit your report as part of your homework.

4

ATS 7 - 5

Schwartau’s Levels of InfowarSchwartau, W. (1994). Information Warfare:

Chaos on the Electronic Superhighway. Thunder's Mouth Press (New York). ISBN 1-56025-080-1. 432 pp. Index.

Second edition (1996) has +400 pp extra stuff Level I: Interpersonal Level II: Intercorporate Level III: International

5

ATS 7 - 6

Level I Infowar:InterpersonalCyberspace shadow vulnerable Invasion of privacy Impersonation Interference

6

ATS 7 - 7

Level I: Privacy

Snooping through files & e-mail Shopping data for market research

– Supermarket– Video store

Medical information SIN / SSN allow correlation of databases

– link many sources of info– credit ratings, DMV– violation to request SIN / SSN unless

bank / govt

7

ATS 7 - 8

Level I: Impersonation

In cyberspace– Fraudulent e-mail; e.g., Texas A&M prof– Pseudonymous on-line chat; e.g.,

paedophiles In realspace

– Stealing dial tone using wireless phone– Stealing identity; e.g., movie The Net

8

ATS 7 - 9

Level I: Interference Phones

– Billing hospital phones to victim’s home #– Forwarding church calls to brothel– Disconnections– Turning home phone into pay phone

Credit profiles– Fraudulent entries– Deleting files

Credit card numbers– Neighbourwood Watch with a difference– Toronto CN Tower merchants + accountant– Organized crime– BBS

9

ATS 7 - 10

Level II Infowar:Intercorporate Industrial espionage Theft Sabotage

10

ATS 7 - 11

Level II: Espionage

American Airlines spill tables to Northwest Airlines

GM Opel plans to Volkswagen IBM plans to Hitachi Britannica subscription lists

11

ATS 7 - 12

Level II: Theft

ATM Fraud– Hartford, CT

Phone fraud– U$2-8 billion / year

12

ATS 7 - 13

Level II: Sabotage

Virgin Airways sues British Airways Consultants leave logic bombs in client code Moles

– hired by MCI in Carey, NC– installed a hardware network analyzer – captured 50,000 calling card IDs from MCI,

Sprint, AT&T 21 criminals in Europe

– sold calls cheap– U$140M of calls

13

ATS 7 - 14

Level III: InternationalGovernments accused by US analysts of engaging

in infowar: France Japan Russia China South Korea Israel Sweden Switzerland Canada (!) New Zealand

14

ATS 7 - 15

Level III: Terrorists Immediate damage potential

– World Trade Center: most damage to business not building

– Phone grid– Air traffic control– Stock exchange

Long-term damage potential– random errors in software and data– fraudulent e-mail causing stock market

disruption– spamming the Internet to

saturate bandwidth

15

ATS 7 - 16

Civil Defence in Cyberspace Learn about technology and issues Set corporate policies to support internal

security Set national security priorities to include

security in cyberspace Joint civilian/military/police cooperation Mandatory reporting of security breaches Otherwise.....

16

ATS 7 - 18

Defences

Hardware inventories, locks and network management

Network anti-virus software Software license and version management Secure data channels Workstation audit trails Centralized backup tools Password tokens Single logon Encryption

ATS 7 - 19

Hardware Management

Manual inventories Locks Network management software; e.g.,

– Lan Support Group Bindview– Frye Computer Systems LAN Directory– Symantec Corp Norton Administrator for

Networks– Microcom Inc LANlord– Blue Lance LT Auditor NLM

ATS 7 - 20

Workstations and Network Anti-Virus Tools

Signature-based– files of characteristic assembly code or ASCII

strings– must be updated constantly

Generic or heuristic– look for types of code or behaviour pathognomic

for viruses Heterogeneous

– scan for PC or MAC viruses on UNIX or Netware servers

See NCSA Web pages for hot links to many AV vendors (http://www.ncsa.com)

ATS 7 - 21

Software License Improvements Tier-pricing Software Metering

– GradientNetwork Licensing System (NLS) w/ HP

– OSF (Open Software Foundation)

• Novell

• Many UNIX– Microsoft: License Service Application

Programming Interface

ATS 7 - 22

Secure Data Channels

New secure versions of LAN OS; e.g.,– Novell Netware 4.0

Add-on components; e.g., – Fibermux Corp FX709 bridge for Ethernet– Security Dynamics ACE/Server

Encrypting modems; e.g.,– Centel Federal Systems Tel/Assure– Millidyne Inc Auditor

Secure transactions over Web; e.g., – Secure Sockets Layer (SSL)

ATS 7 - 23

Workstation Audit Trails

Who did what when to which files and records?

TSRs

Configurability

Reporting capabilities

Encrypted audit trails

ATS 7 - 24

Workstation Audit Trails (cont’d) Netware-specific tools include

– Network Management Inc LANtrail– Blue Lance Inc LT Auditor

More generic:– Connect Computer Co Lanscope– Saber Software Corp Saber Meter

ATS 7 - 25

Centralized Backup

Automatic control of backup

Portable units a problem

Tools available;

– e.g., for Netware:

• Connor HSM (Hierarchical Storage Management)

• Systems Enhancement Total Network Recall

– for UNIX: SyntaxTotalBackup

ATS 7 - 31

Password Tokens

14:27Enter ID: G674$2Enter PW: A32H7296Q*3 * Valid *14:28

A32H7296Q*3

8N27^#11929

ATS 7 - 36

Password Tokens (cont’d)

Passive Challenge/response Cryptographically sound Universally-portable algorithms Physically secure E.g., Security Dynamics SecurID Card

ATS 7 - 38

Single Logon

Problem: authentication on

multiple systems across network

Give me your

password!

Now give me a completely

different password!

*$%”?(@#)!

ATS 7 - 39

Single Logon (cont’d)

People have trouble with multiple passwords Password policies vary (length, composition,

aging) Having to enter many passwords slows down

work Passwords transmitted across network are

subject to sniffing Solution is complex but possible (e.g.,

Kerberos)

ATS 7 - 40

Encryption

Symmetric– e.g., DES

Asymmetric– e.g., PKC

ATS 7 - 41

Encryption: DES

Data Encryption Standard– example of symmetric encryption algorithm

Cleartext

Key: 7dhHG0(Jd*/89f-0ejf-pt2@...

ENCRYPT Ciphertext

Ciphertext

Key: 7dhHG0(Jd*/89f-0ejf-pt2@...

DECRYPTCleartext

ATS 7 - 42

Encryption: PKC

Public Key Cryptosystem– example of asymmetric encryption

Cleartext

Key: 7dhHG0(Jd*/89f-0ejf-pt2@...

ENCRYPT Ciphertext

Ciphertext

Key: fu3f93jgf912=kjh#1sdfjdh1&...

DECRYPTCleartext

ATS 7 - 43

Encryption: PKC (cont’d)PGP is an example of the PKC Key generation produces 2 keys Each can decrypt the ciphertext produced by the

other One is defined as public Other is kept as private

Can easily send a message so only the desired recipient can read it:

– encrypt using the _______________’s_______________ key

– decrypt using the _______________’s_______________ key

ATS 7 - 44

Encryption: PKC (cont’d) Signing a document using PKC

This is the original text.

Create message hashand encrypt only hashwith private key.

83502758

Unencryptedhash of msg

This is the original text.

8u3ofdjghdjc9d_j3$

Encryptedhash of msg

ATS 7 - 45

This is the original text.

8u3ofdjghdjc9d_j3$

Encryptedhash of msg

Encryption: PKC (cont’d) Verifying the signature using PKC

Create message hashand decrypt only hashwith public key…

83502758

Unencryptedhash of msg

83502758

Newly computedhash of msg

. . . and now comparethe two hashes

ATS 7 - 46

Encryption: PGP Demo

Watch as your instructor demonstrates the actions of PGP (ViaCrypt commercial version 4.0) and take notes on what you see and learn.

Signing a document with a private key Validating a signature with a public key Effect of a single-byte change on validity of a

digital signature Encrypting a document using a public key Decrypting a document using a private key Effect of a single-byte change on decryption

ATS 7 - 47

People Are Fundamental

Most expensive security equipment worthless without cooperation of users

Need Information Security Officer(s) Proper technical training for InfoSec staff &

Information Technology group Well-reasoned security policies a must Security awareness training for all employees Security awarness reminders all the time Security monitoring, reward, punishment Support for refusing to break policies or

commit illegal acts

ATS 7 - 48

National Computer Security Association Membership organization Monthly NCSA News Conferences (12/yr) CompuServe NCSA FORUMS (3) Anti-virus phone support

ATS 7 - 49

National Computer Security Association Security audits InfoSec awareness and training programs Computer Ethics and Responsibility

Campaign Carlisle, PA: 717-258-1816 Infobot: any e-mail to info@ncsa.com Web site: http://www.ncsa.com

ATS 7 - 50

Homework: Readings

Read and make notes on the extract from The NCSA Guide to Information Security on Information Warfare

Answer all the review questions from the instructor

Submit your chapter summary, video summary, notes on demonstration and review questions after the quiz at the start of lecture 8