ATS 7 - 1 The Art of Tech Support John Abbott College InfoSec for Tech Support -- Part 2 M. E....
Transcript of ATS 7 - 1 The Art of Tech Support John Abbott College InfoSec for Tech Support -- Part 2 M. E....
ATS 7 - 1
The Art of Tech SupportJohn Abbott College
InfoSec for Tech Support -- Part 2
M. E. Kabay, PhD, CISSP
Director of Education, NCSA
President, JINBU Corp
Copyright © 1997 JINBU Corp.
All rights reserved
ATS 7 - 2
More about InfoSec. . .
DPMRP Levels of InfoWar Defences
ATS 7 - 3
DPMRP
Disaster Prevention, Mitigation and Recovery Planning
– prevent: good security, planning reduces likelihood of incident
– mitigation: minimize consequences of incident
– recovery: get back in business as fast as possible given resources available
– planning: think, discuss, argue and test before the incident, not during the incident
AKA “Business Resumption Planning” or BRP; also “Disaster Recovery Planning” = DRP
ATS 7 - 4
VIDEO:When Disaster
StrikesCommonwealth Films
Boston, MA
Take detailed notes on the following video and submit a one-page or longer summary of the key points you learned. Submit your report as part of your homework.
4
ATS 7 - 5
Schwartau’s Levels of InfowarSchwartau, W. (1994). Information Warfare:
Chaos on the Electronic Superhighway. Thunder's Mouth Press (New York). ISBN 1-56025-080-1. 432 pp. Index.
Second edition (1996) has +400 pp extra stuff Level I: Interpersonal Level II: Intercorporate Level III: International
5
ATS 7 - 6
Level I Infowar:InterpersonalCyberspace shadow vulnerable Invasion of privacy Impersonation Interference
6
ATS 7 - 7
Level I: Privacy
Snooping through files & e-mail Shopping data for market research
– Supermarket– Video store
Medical information SIN / SSN allow correlation of databases
– link many sources of info– credit ratings, DMV– violation to request SIN / SSN unless
bank / govt
7
ATS 7 - 8
Level I: Impersonation
In cyberspace– Fraudulent e-mail; e.g., Texas A&M prof– Pseudonymous on-line chat; e.g.,
paedophiles In realspace
– Stealing dial tone using wireless phone– Stealing identity; e.g., movie The Net
8
ATS 7 - 9
Level I: Interference Phones
– Billing hospital phones to victim’s home #– Forwarding church calls to brothel– Disconnections– Turning home phone into pay phone
Credit profiles– Fraudulent entries– Deleting files
Credit card numbers– Neighbourwood Watch with a difference– Toronto CN Tower merchants + accountant– Organized crime– BBS
9
ATS 7 - 10
Level II Infowar:Intercorporate Industrial espionage Theft Sabotage
10
ATS 7 - 11
Level II: Espionage
American Airlines spill tables to Northwest Airlines
GM Opel plans to Volkswagen IBM plans to Hitachi Britannica subscription lists
11
ATS 7 - 12
Level II: Theft
ATM Fraud– Hartford, CT
Phone fraud– U$2-8 billion / year
12
ATS 7 - 13
Level II: Sabotage
Virgin Airways sues British Airways Consultants leave logic bombs in client code Moles
– hired by MCI in Carey, NC– installed a hardware network analyzer – captured 50,000 calling card IDs from MCI,
Sprint, AT&T 21 criminals in Europe
– sold calls cheap– U$140M of calls
13
ATS 7 - 14
Level III: InternationalGovernments accused by US analysts of engaging
in infowar: France Japan Russia China South Korea Israel Sweden Switzerland Canada (!) New Zealand
14
ATS 7 - 15
Level III: Terrorists Immediate damage potential
– World Trade Center: most damage to business not building
– Phone grid– Air traffic control– Stock exchange
Long-term damage potential– random errors in software and data– fraudulent e-mail causing stock market
disruption– spamming the Internet to
saturate bandwidth
15
ATS 7 - 16
Civil Defence in Cyberspace Learn about technology and issues Set corporate policies to support internal
security Set national security priorities to include
security in cyberspace Joint civilian/military/police cooperation Mandatory reporting of security breaches Otherwise.....
16
ATS 7 - 18
Defences
Hardware inventories, locks and network management
Network anti-virus software Software license and version management Secure data channels Workstation audit trails Centralized backup tools Password tokens Single logon Encryption
ATS 7 - 19
Hardware Management
Manual inventories Locks Network management software; e.g.,
– Lan Support Group Bindview– Frye Computer Systems LAN Directory– Symantec Corp Norton Administrator for
Networks– Microcom Inc LANlord– Blue Lance LT Auditor NLM
ATS 7 - 20
Workstations and Network Anti-Virus Tools
Signature-based– files of characteristic assembly code or ASCII
strings– must be updated constantly
Generic or heuristic– look for types of code or behaviour pathognomic
for viruses Heterogeneous
– scan for PC or MAC viruses on UNIX or Netware servers
See NCSA Web pages for hot links to many AV vendors (http://www.ncsa.com)
ATS 7 - 21
Software License Improvements Tier-pricing Software Metering
– GradientNetwork Licensing System (NLS) w/ HP
– OSF (Open Software Foundation)
• Novell
• Many UNIX– Microsoft: License Service Application
Programming Interface
ATS 7 - 22
Secure Data Channels
New secure versions of LAN OS; e.g.,– Novell Netware 4.0
Add-on components; e.g., – Fibermux Corp FX709 bridge for Ethernet– Security Dynamics ACE/Server
Encrypting modems; e.g.,– Centel Federal Systems Tel/Assure– Millidyne Inc Auditor
Secure transactions over Web; e.g., – Secure Sockets Layer (SSL)
ATS 7 - 23
Workstation Audit Trails
Who did what when to which files and records?
TSRs
Configurability
Reporting capabilities
Encrypted audit trails
ATS 7 - 24
Workstation Audit Trails (cont’d) Netware-specific tools include
– Network Management Inc LANtrail– Blue Lance Inc LT Auditor
More generic:– Connect Computer Co Lanscope– Saber Software Corp Saber Meter
ATS 7 - 25
Centralized Backup
Automatic control of backup
Portable units a problem
Tools available;
– e.g., for Netware:
• Connor HSM (Hierarchical Storage Management)
• Systems Enhancement Total Network Recall
– for UNIX: SyntaxTotalBackup
ATS 7 - 31
Password Tokens
14:27Enter ID: G674$2Enter PW: A32H7296Q*3 * Valid *14:28
A32H7296Q*3
8N27^#11929
ATS 7 - 36
Password Tokens (cont’d)
Passive Challenge/response Cryptographically sound Universally-portable algorithms Physically secure E.g., Security Dynamics SecurID Card
ATS 7 - 38
Single Logon
Problem: authentication on
multiple systems across network
Give me your
password!
Now give me a completely
different password!
*$%”?(@#)!
ATS 7 - 39
Single Logon (cont’d)
People have trouble with multiple passwords Password policies vary (length, composition,
aging) Having to enter many passwords slows down
work Passwords transmitted across network are
subject to sniffing Solution is complex but possible (e.g.,
Kerberos)
ATS 7 - 40
Encryption
Symmetric– e.g., DES
Asymmetric– e.g., PKC
ATS 7 - 41
Encryption: DES
Data Encryption Standard– example of symmetric encryption algorithm
Cleartext
Key: 7dhHG0(Jd*/89f-0ejf-pt2@...
ENCRYPT Ciphertext
Ciphertext
Key: 7dhHG0(Jd*/89f-0ejf-pt2@...
DECRYPTCleartext
ATS 7 - 42
Encryption: PKC
Public Key Cryptosystem– example of asymmetric encryption
Cleartext
Key: 7dhHG0(Jd*/89f-0ejf-pt2@...
ENCRYPT Ciphertext
Ciphertext
Key: fu3f93jgf912=kjh#1sdfjdh1&...
DECRYPTCleartext
ATS 7 - 43
Encryption: PKC (cont’d)PGP is an example of the PKC Key generation produces 2 keys Each can decrypt the ciphertext produced by the
other One is defined as public Other is kept as private
Can easily send a message so only the desired recipient can read it:
– encrypt using the _______________’s_______________ key
– decrypt using the _______________’s_______________ key
ATS 7 - 44
Encryption: PKC (cont’d) Signing a document using PKC
This is the original text.
Create message hashand encrypt only hashwith private key.
83502758
Unencryptedhash of msg
This is the original text.
8u3ofdjghdjc9d_j3$
Encryptedhash of msg
ATS 7 - 45
This is the original text.
8u3ofdjghdjc9d_j3$
Encryptedhash of msg
Encryption: PKC (cont’d) Verifying the signature using PKC
Create message hashand decrypt only hashwith public key…
83502758
Unencryptedhash of msg
83502758
Newly computedhash of msg
. . . and now comparethe two hashes
ATS 7 - 46
Encryption: PGP Demo
Watch as your instructor demonstrates the actions of PGP (ViaCrypt commercial version 4.0) and take notes on what you see and learn.
Signing a document with a private key Validating a signature with a public key Effect of a single-byte change on validity of a
digital signature Encrypting a document using a public key Decrypting a document using a private key Effect of a single-byte change on decryption
ATS 7 - 47
People Are Fundamental
Most expensive security equipment worthless without cooperation of users
Need Information Security Officer(s) Proper technical training for InfoSec staff &
Information Technology group Well-reasoned security policies a must Security awareness training for all employees Security awarness reminders all the time Security monitoring, reward, punishment Support for refusing to break policies or
commit illegal acts
ATS 7 - 48
National Computer Security Association Membership organization Monthly NCSA News Conferences (12/yr) CompuServe NCSA FORUMS (3) Anti-virus phone support
ATS 7 - 49
National Computer Security Association Security audits InfoSec awareness and training programs Computer Ethics and Responsibility
Campaign Carlisle, PA: 717-258-1816 Infobot: any e-mail to [email protected] Web site: http://www.ncsa.com
ATS 7 - 50
Homework: Readings
Read and make notes on the extract from The NCSA Guide to Information Security on Information Warfare
Answer all the review questions from the instructor
Submit your chapter summary, video summary, notes on demonstration and review questions after the quiz at the start of lecture 8