1

TUTUN JUHANA TELECOMMUNICAT ION ENGINEERING DEPARTMENT

SCHOOL OF ELECTRICAL ENGINEERING & INFORMATIC SINST ITUT TEKNOLOGI BANDUNG

ET4045 Telecommunication Network Security

INTRODUCTION

2

Security Principles

3

Security is the sum of all measures taken to prevent loss of any kind

http://www.clipartof.com

4

LOSS CAN OCCUR BECAUSE OF :

5

User Errors

Deleting file(s) unintentionallyShared folders without passwordUsing weak passwords

Username: tutunPassword: tutun

Etc.

6

Code Flaws

7

Malicious Acts

Spywarewww.comphandyman.com

VirusSIM Cloning Carding

8

Hardware failure

Denial of Service (DoS)

9

Acts of nature

Denial of Service (DoS)

10

Security is the antithesis of convenience

11

Why Computers Aren’t Secure?

12

Security is an annoyance

Administrators fail to implement security features

Users circumvent security

Software shipped with its security features disabled

13

Features are rushed to market

Vendors concentrate their efforts on adding features that make their software more useful, with little thought to security

A perfect example of this is the addition of scripting language support to Microsoft Outlook and Outlook Express. Spreading e-mail viruses

14

Vendors who spend time on security are eclipsed by the competition

The least-secure products always get to market first and become standards

15

Computers and software evolve very quickly

Moore’s law : computer hardware will double in power every two years

Protocols that were not developed to be secure were adapted to purposes that they were never intended for and then grew in popularity to a far wider audience than the original creators could have imagined

16

Programmers can’t accurately predict flaws

The programmers who created a project could never come up with the complete set of attacks that the million hackers who attempt to exploit it will

17

There is little diversity in the software market

OSes Apps

IIS

Narrowing hackers targets

18

Vendors are not motivated to reveal potential flaws

They hide their product’s problem

It discourage discussion of their flaws

19

Patches are not widely deployed and can cause problems when they are installed

Not everyone gets the notice or installs the patch

In fact, the majority of users never install security patches for software unless they actually get hacked

20

Key Principles of Network Security

21

confidentiality, integrity, and availability (C-I-A)

22

Confidentiality

Preventing the unauthorized disclosure of sensitive information

23

Integrity

Maintaining the consistency, accuracy, and trustworthiness of information over its entire life cycle

24

Availability

Availability assures that a system’s authorized users have timely and uninterrupted access to the information in the system and to the network

25

Security Concepts

- Trust- Authentication- Chain of Authority- Accountability- Access Control

26

Trust

27

Authentication

Authentication is the process of determining the identity of a user Forcing the user to prove that they know a secret that should be known only to them proves that they are who they say they are

28

Chain of Authority

During the installation of a security system, the original administrator will create the root account All other accounts, keys, and certificates spring

29

Accountability

Users don’t try to circumvent security because their identity would be known and they would be held legally accountable for their actions

30

Access Control

Access control is the security methodology that allows access to information based on identity

31

Permissions-Based Access Control

32

None of those security controls works if the operating system

can be circumvented

33

Encryption-Based Access Control (Privacy)

Even if the operating system has been circumvented, stored data is still encrypted

34

Understanding Hacking

35

What Is Hacking?

Originally, the term hacker simply referred to an adept computer user, and gurus still use the term to refer to themselves in that original sense

But when breaking into computer systems (technically known as cracking) became popular, the media used the hacker to refer only to computer criminals, thus popularizing only the negative connotation

36

Black Hat vs White Hat

37

Ethical Hacking

The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a Hacker.

38

Disgruntled Employees

39

Vectors That Hackers Exploit

Connecting over the Internet

By using a computer on your network directly

By dialing in via a Remote Access Service (RAS)

serverBy connecting via anonsecure wireless network