1 / 38

Chapter 12

Chapter 12. Communication Controls. IS Auditor Role. Collect evidence to ascertain an entities ability to: Safeguard assets Provide data integrity Efficiency of systems Effectiveness of systems. Communication Subsystem Exposures. 1) Transmission Impairments

nell-henson
Download Presentation

Chapter 12

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 12 Communication Controls

  2. IS Auditor Role • Collect evidence to ascertain an entities ability to: • Safeguard assets • Provide data integrity • Efficiency of systems • Effectiveness of systems

  3. Communication Subsystem Exposures 1) Transmission Impairments a) Attenuation--weakening of a signal b) Delay Distortion--signal transmitted through bounded media c) Noise--random electric signals 2) Component Failure • hardware, software, transmission media 3) Subversive Threats

  4. Subversive Threats

  5. Active Attack Types Intruders can: • Insert a message • Delete a message • Modify the contents of a message • Alter the order of messages • Duplicate messages • Deny message services • Establish spurious associations

  6. Types of Transmission Media

  7. Physical Component Controls • Transmission Media • bounded (or guided), unbounded • Communication Lines (public lines vs private lines) • Modems (modulator/demodualtor) Next slide • Port-Protection Devices (mitigate exposures to dial up access)

  8. Three Functions of Modem • Increase speed by multiplexing • Perform equalization for line errors and adjust for better line characteristics • Variable speed modem will compensate for various levels of noise

  9. Port-Protection Devices • Force call to only authorized number • Voice/ data switching • Request password • Audit trail of successful/unsuccessful attempts

  10. Multiplexors and Concentrators • Both allow the bandwidth or capacity of a communication line to be used more effectively • Multiplexors • frequency-division multiplexing • time-division multiplexing • Concentrators • message switching (entire message waits for clear comm. Path) • packet switching (a message is broken into several small packets) • line switching (circuit switching to find available line)

  11. Multiplexing Techniques

  12. Line Error Controls (to avoid distortion, noise, and attenuation) • Error Detection • loop checking involves the receiver sending the message back to the sender • parity checking involves adding an extra bit to a string of bits • cyclic redundancychecking involves the block of data to be transmitted is treated as a binary number

  13. Line Error Controls • Error Correction • Forward error correcting codes enables line errors to be corrected at the receiving station • Retransmissions of data in error (backward error correction), the sender sends the data again if the receiver indicates the data has been received in error

  14. Flow Controls • Stop-and-waitflow control--the sender will not transmit another frame until it receives an acknowledgment from the receiver. • Sliding-window flow control--both sender & receiver hold multiple frames of data to overlap transmission and processing of data.

  15. Topological Controls • Local Area Network Topologies • privately owned • provide high-speed communication • confined to limited geographic areas • Types of Topologies • bus topology • tree topology • ring topology • star topology

  16. Bus Topology • Nodes in the network are connected in parallel to a single communication line • Types of bus • broadband bus (uses analog signaling) • baseband bus (uses digital signaling)

  17. Bus Network Topology

  18. Tree Topology • Nodes in the network are connected to a branching communication line that has no closed loops • Use analog signaling to broadcast messages in the direction of the root of the tree.

  19. Tree Topology

  20. Ring Topology • Nodes in the network are connected via repeaters to a communication line that is configured as a closed loop • Often data is transmitted only in one direction on the ring • Point-to-point topology--each node is connected directly to another node

  21. Ring Network Topology

  22. Star Topology • Nodes in the network are connected in a point-to-point configuration to a central hub • Hub can route messages from one node to another or a subset of nodes

  23. Star Network Topology

  24. Wide Area Network Topologies • Characteristics: • Often encompass components that are owned by other parties • Provide relatively low-speed communication among nodes • Span large geographic area • Conceptually every node in the network can have a point-to-point connection with every other node

  25. Mesh Network Topology

  26. Channel Access Controls • Polling Methods • Centralized polling (one node keep polling) • Distributed polling (token passing) • Contention Methods • Carrier sense multiple access with collision detection (CSMA/CD) – each node compete with other nodes but differences will be resolved

  27. Centralized Polling Models

  28. Distributed Polling Model

  29. Link Encryption • Protects data traversing a communication channel connecting two nodes in a network • Cryptographic key might be common to all nodes in the network • Reduces expected losses from traffic analysis

  30. Link Encryption

  31. End-to-End Encryption • Protects the integrity of data passing between a send and a receiver, independently of the nodes of the data traverses • The sender encrypts data before it is given to the network for transmission to the receiver

  32. Other Subversive Threat ControlsSee Table 12-2 • Stream Ciphers • Error Propagation Codes • Message Authentication Codes • Message Sequence Numbers • Request-Response Mechanisms

  33. Controls over Subversive Threats

  34. Internetworking Controls • Internetworking is the process of connecting two or more communication networks together to allow the users of one network to communicate with the users of other networks. • Threetypes of devices are used • Bridge (e.g. Bus), Router (e.g., Bus and Ring), Gateway (e.g., Bus, Ring, MS NT, Novel)

  35. Communication Architectures & Controls • Open-systems interconnection (OSI) • IBM’s system network architecture (SNA) • Transmission control protocol/internet protocol (TCP/IP)

  36. Transmission of Data with OSI

  37. Accounting Audit Trail • Must allow a message to be traced through each node in a network • Examples • unique identifier of the source node • unique identifier of the person authorizing dispatch of the message • time and date of dispatch

  38. Operations Audit Trail • The performance and the integrity of the network depend on the availability of comprehensive operations audit trail data. • Examples: • number of messages that have traversed each link • number of messages that have traversed each node • Queue lengths at each node

More Related