Professional Documents
Culture Documents
Chapter 5
Security at different layer
Physical Security
Physical security measures are taken in order to protect these assets from physical threats
including theft, vandalism, fire and natural disasters.
Physical security is often the first concern in facilities with high asset concentration
especially that used in critical systems for business processes.
Deterrence: Methods and measures that are meant to deter attackers and intruders or
prevent natural events and accidents from affecting protected assets. The simple method
for this is through the use of physical barriers and signs. The signs serve as a warning to
any intruder that their actions will bring physical harm or prosecution. The physical
barriers are meant to prevent access entirely or simply to provide protection from external
factors like storms or vehicular accidents.
Detection: Allows security personnel to detect and locate potential intruders using
surveillance equipment like cameras, motion sensors, security lights and personnel like
security guards and watch dogs.
There are three most important components of a physical security plan include access
control, surveillance, and security testing.
1
IAS Chapter 5 Lecture Note Prepared by Abraham A
Wolkite University College of Computing and Informatics Department of IT
Access control: may start at the outer edge of your security perimeter. You can use
fencing and video surveillance to monitor access to your facility and secure the
outdoor area.
Examples of a comprehensive access control system and strategy would include also use of
advanced locks, access control cards or biometric authentication and authorization.
When evaluating physical security, you will want to look at the operations and controls both
inside and outside the facility. You also want to focus on specific logical areas like:
2
IAS Chapter 5 Lecture Note Prepared by Abraham A
Wolkite University College of Computing and Informatics Department of IT
3
IAS Chapter 5 Lecture Note Prepared by Abraham A
Wolkite University College of Computing and Informatics Department of IT
Ensure that visitors are required to have badges and are not allowed access to
sensitive areas unescorted.
Ensure that visitors are required to be escorted at all times.
Ensure that proper accountability and control exists for all modems and wireless
access points within the facility.
Ensure that critical executive staff offices are not left unsecured in off hours.
Ensure that all cleaning staff entering the facility are known and identified; any
changes to staff should require prior authorization.
Ensure that all sensitive documentation and electronic media are appropriately
disposed of.
Ensure that manual shredder/shredding pickup service lifecycles are secure.
Ensure that sensitive operational documents or electronics are not left unattended
for inappropriate periods of time.
Ensure that user system account information or network topologies are not written
down or posted in work areas or otherwise left unsecured.
Your first line of defense may include fenced walls or razor wires that are good in
preventing the average by-passer from entering your security perimeter.
Protective barriers are used for preventing forced entry of persons or vehicles, and
should always be complemented by a sort of gates and other points of security
checks.
Locks are a method to enable only individuals with a key or access control card to
open or lock a door or gate. Locks may be connected to a more comprehensive
security monitoring system.
Your physical security should incorporate surveillance cameras and sensors that
track movements and changes in environment. You also need security lighting to
ensure all monitored areas are visible at any given moment.
Security guards should cover all entry points to your facility while also securing
business critical areas indoors. Water-, smoke- and heat detectors, as well as
firefighting systems are your protection against water leakages and fire.
Your last point of defense against unauthorized access is the use of smart cards,
biometric identification, and in-person clearance aimed at allowing only authorized
personnel get into a restricted area. In any event, you need to assess all possible
scenarios and study past examples of successful physical security procedures before
implementing feasible countermeasures for your facilities.
4
IAS Chapter 5 Lecture Note Prepared by Abraham A
Wolkite University College of Computing and Informatics Department of IT
Software Security
Software security is an idea implemented to protect software against malicious attack and
other hacker risks so that the software continues to function correctly under such
potential risks. Security is necessary to provide integrity, authentication and availability.
It is the process of engineering software so that the software can continue to withstand
and function correctly under malicious attacks.
– It is the process of designing, building, and testing software for security.
Today’s software
– Today’s software is troubled with both design flaws and implementation bugs,
resulting in unacceptable security risks.
– The notion of software security risk has become common, yet we have only
recently begun to systematically investigate how to build secure software system.
– The practice of software security remains in its infancy.
Software security problems
– Software defects with security ramifications-including implementation bugs
(such as buffer overflows) and design flaws (such as inconsistent error handling)-
promise to be with us for years.
– Internet based software applications are easy to exploit and have become
common attack targets.
Software security practices
– Good software security practice leverages good software engineering principles
and practices.
– It involves thinking security early in the software lifecycle, knowing and
understanding common problems (such as language-based flaws and pitfalls),
designing for security, and subjecting all software artifacts to thorough risk
analysis, review and testing.
Pillars of Software Security
Software security is an ongoing activity that requires a cultural shift.
– It takes work; no magic tool that will result in secure software.
Software security borrows heavily from software engineering, programming languages,
and security engineering.
There are three pillars of software security:
– applied risk management,
– Software security best practices, and
– Knowledge.
We cannot test quality (or security) into software.
Applied Risk Management
5
IAS Chapter 5 Lecture Note Prepared by Abraham A
Wolkite University College of Computing and Informatics Department of IT
A way to gather the requisite data to make a good judgment call, based on knowledge of
vulnerabilities, threats, impacts, and probabilities.
It can be performed at the architectural level (called threat modeling or security design
analysis) and at the level of tracking and mitigating as a full software development
lifecycle (SDLC) activity.
Software Security Best Practices
The software security best practices (micro-processes) can be applied regardless of the
core software development process (such as waterfall model, spiral development, or
CMMi) used to create a set of software artifacts.
The software artifacts can include:
Requirements and use cases, Source code,
Architecture documents, Test results, and
Design documents, Feedback from the field.
Test plans,
Knowledge
Gathering, encapsulating, and sharing security knowledge that can provide a solid
foundation of software security practices is the third pillar.
– Knowledge management and training play a central role in encapsulating and
spreading the emerging discipline more efficiently.
Software security knowledge can be organized into seven knowledge categories:
– Principles, – Exploits,
– Guidelines, – Attack patterns, and
– Rules, – Historic risks
– Vulnerabilities,
Any software designed to identify, prevent, stop and repair the damage caused by others on your
computer or network can be called security software. Security software may be focused on
preventing attacks from reaching their target, on limiting the damage attacks can cause if they
reach their target and on tracking the damage that has been caused so that it can be repaired. As
the nature of malicious code evolves, security software also evolves.
Firewall
6
IAS Chapter 5 Lecture Note Prepared by Abraham A
Wolkite University College of Computing and Informatics Department of IT
There are also dedicated hardware firewalls that have no other function other
than protecting a network from unauthorized access.
Antivirus
Antispyware
Network Security
Network security is any activity designed to protect the usability and integrity of your
network and data. It includes both hardware and software technologies. Effective network
security manages access to the network. It targets a variety of threats and stops them from
entering or spreading on your network.
Network security combines multiple layers of defenses at the edge and in the network.
Each network security layer implements policies and controls. Authorized users gain
access to network resources, but malicious actors are blocked from carrying out exploits
and threats.
7
IAS Chapter 5 Lecture Note Prepared by Abraham A
Wolkite University College of Computing and Informatics Department of IT
Digitization has transformed our world. How we live, work, play, and learn have all
changed. Every organization that wants to deliver the services that customers and
employees demand must protect its network. Network security also helps you protect
proprietary information from attack. Ultimately it protects your reputation.
Access control
o Not every user should have access to your network. To keep out potential
attackers, you need to recognize each user and each device. Then you can
enforce your security policies. You can block noncompliant endpoint devices
or give them only limited access. This process is network access control
(NAC).
Application security
o Any software you use to run your business needs to be protected, whether
your IT staff builds it or whether you buy it. Unfortunately, any application
may contain holes, or vulnerabilities, that attackers can use to infiltrate your
network. Application security encompasses the hardware, software, and
processes you use to close those holes.
Behavioral analytics
o To detect abnormal network behavior, you must know what normal behavior
looks like. Behavioral analytics tools automatically discern activities that
deviate from the norm. Your security team can then better identify indicators
of compromise that pose a potential problem and quickly remediate threats.
8
IAS Chapter 5 Lecture Note Prepared by Abraham A
Wolkite University College of Computing and Informatics Department of IT
o Organizations must make sure that their staff does not send sensitive
information outside the network. Data loss prevention, or DLP, technologies
can stop people from uploading, forwarding, or even printing critical
information in an unsafe manner.
Email security
o Email gateways are the number one threat vector for a security breach.
Attackers use personal information and social engineering tactics to build
sophisticated phishing campaigns to deceive recipients and send them to sites
serving up malware. An email security application blocks incoming attacks
and controls outbound messages to prevent the loss of sensitive data.
Firewalls
o Firewalls put up a barrier between your trusted internal network and untrusted
outside networks, such as the Internet. They use a set of defined rules to allow
or block traffic. A firewall can be hardware, software, or both. Cisco offers
unified threat management (UTM) devices and threat-focused next-generation
firewalls.
o Cybercriminals are increasingly targeting mobile devices and apps. Within the
next 3 years, 90 percent of IT organizations may support corporate
applications on personal mobile devices. Of course, you need to control which
devices can access your network. You will also need to configure their
connections to keep network traffic private.
Network segmentation
classifications are based on endpoint identity, not mere IP addresses. You can
assign access rights based on role, location, and more so that the right level of
access is given to the right people and suspicious devices are contained and
remediated.
o SIEM products pull together the information that your security staff needs to
identify and respond to threats. These products come in various forms,
including physical and virtual appliances and server software.
VPN
10
IAS Chapter 5 Lecture Note Prepared by Abraham A
Wolkite University College of Computing and Informatics Department of IT
network resources. Many times, the employees who have already left the company still have
access permissions to company’s resources. This can lead to security breach.
Create a “No Wireless” Policy: Wireless access devices are hard to secure and monitor.
Therefore, they should be turned off on the network. Personal devices should not be
permitted on a corporate network. If you must have wireless corporate assets, you should
create a policy to cover these devices.
Implement Intrusion Detection System: The intrusion detection system will detect and
prevent all attacks aimed at a system/network.
Create an Incident Response Plan: The incident response plan should be created and
Computer Emergency Repair Team (CERT) and Secret Service should be included in it. This
ensures that staff members or security personnel know who to call first and how to
investigate an event in case of an emergency or theft.
Web security
A web security solution will control your staff’s web use, block web-based threats, and
deny access to malicious websites. It will protect your web gateway on site or in the
cloud. "Web security" also refers to the steps you take to protect your own website.
Web Security Threats:
Table 1.1 provides a summary of the types of security threats faced in using the Web. One way
to group these threats is in terms of passive and active attacks. Passive attacks include
eavesdropping on network traffic between browser and server and gaining access to information
on a Web site that is supposed to be restricted. Active attacks include impersonating another
user, altering messages in transit between client and server, and altering information on a Web
site.
traffic in transit
Confidentiality Eavesdropping on the o Loss of Encryption,
information web proxies
Net o Loss of privacy
Theft of info from
server Theft of data
from client Info
about network
configuration
Info about which
client talks to server
Denial of Killing of user threads o Disruptive Difficult to
Service prevent
Flooding machine o Annoying
with
bogus requests o Prevent user from
getting
Filling up disk or o work done
memory
Isolating machine by
DNS attacks
Authentication Impersonation of o Misrepresentation Cryptographic
of user techniques
legitimate users o Belief that false
Data forgery o information is
valid
A number of approaches to providing Web security are possible. The various approaches that
have been considered are similar in the services they provide and, to some extent, in the
mechanisms that they use, but they differ with respect to their scope of applicability and their
relative location within the TCP/IP protocol stack.
Figure: 1.1 Relative Location of Security Facilities in the TCP/IP Protocol Stack
12
IAS Chapter 5 Lecture Note Prepared by Abraham A
Wolkite University College of Computing and Informatics Department of IT
When businesses connect their systems and computers, one user's problems may affect everyone
on the network. Despite the many benefits of using networks, networking raises a greater
potential for security issues such as:
Data loss
Security breaches
Malicious attacks, such as hacking and viruses
You can implement measures to reduce your network's vulnerability to unauthorized access or
damage. It may not be possible, or economically practical, to eliminate all vulnerabilities, so
performing an IT risk assessment is important in deciding what measures to implement.
13
IAS Chapter 5 Lecture Note Prepared by Abraham A
Wolkite University College of Computing and Informatics Department of IT
Regular maintenance of your computer network is an essential part of keeping your systems
running smoothly and securely. Redundant data, disused software, forgotten mailboxes and
remains of old updates can slow down your network system, potentially causing efficiency and
productivity issues for business.
Bucking up files
Password routines
System logs
Removing access from employees who leave
If your staff need to access the network while off-site, consider a virtual private network. This
creates a secure link and protects information sent and received.
Whichever technology solution you select, security should be a priority. If you're unsure how to
proceed, seek expert advice from your internet service provider, system provider, installer or an
adviser.
14
IAS Chapter 5 Lecture Note Prepared by Abraham A