200 likes | 216 Views
Unit 32 – Networked Systems Security. Internal Disaffected Staff External Internet Connections Unsecured Wireless Point Viruses introduce by email. Recap - Sources of Network Attacks. Summarise different emerging technologies that are used for Security
E N D
Internal • Disaffected Staff • External • Internet Connections • Unsecured Wireless Point • Viruses introduce by email Recap - Sources of Network Attacks
Summarise different emerging technologies that are used for Security • Examine different security systems used in Organisations • Evaluate the security measures that are used to protect networks Learning Objectives
We know about hacking and external attacks But more sinister are internal attacks People can perform an attack/exploit better when within the network infrastructure. Being inside brings you closer to the target. Obviously try and prevent unauthorised access: • Accounts, User Files and Security Logs. Balance the need to remain secure internally with the need for day to day access by authorised staff. Considerations
Servers and mass storage should be kept under lock and key. • Accessed by authorised staff only. • Racks containing: • Hubs, Switches, Routers and associated monitoring equipment also need to be locked • Administrative workstations also need high security – why? • There are a large range of suitable locks for these purposes. Locks
“Lockdown” Where have you come across physical security?
Latch Locks. • Key Code Locks. • Magnetic Locks. • Day Cards - temporary passes. • Swipe Cards. • Biometric Locks. • Iris • Retina • Fingerprint • Face Physical Locks include...
Systems that use a measure of an individual’s biology! • Increasingly used in ICT locations. • Fingerprint recognition to DNA sampling. Biometrics
The main advantage is that they give a secure “test”: • They provide a link to an actual person (who may already be known to the police enforcement). • Advantage - Biometrics’ users do not have to remember any code or pin – they are the pin. • Advantage - Once setup, it remains easy to use and inexpensive to maintain.
There are 2 main types: • Iris scans • Retinal scans • Iris scans the structures, topology and colours of the iris to create a digital file. • Retinal scans use low intensity lasers to scan the blood vessels behind the pupil of the eye – a unique map better than a fingerprint. • Both of the above systems are very favourable, as the eye changes very little over a lifetime. • Couple this with fingerprint scanning and you have a very secure entry point system. Eye Scanning
Homomorphic Encryption - Homomorphic encryption is a method of performing calculations on encrypted information without decrypting it first. Biometrics - Hand Geometry, Face recognition, Voice recognition, Typing recognition Enhanced video imaging - Capture more detail Emerging Technologies
Look into the following emerging technologies: • Enhanced video imaging - http://www.securitynewsdesk.com/could-thermal-imaging-enhance-security-productivity/ http://www.silentsentinel.com/thermal-imaging-cameras.html http://www.blackhawkenterprises.com/cctvemergingtechnologies.pdf • Homomorphic Encryption • Biometrics • Produce a short (3-4 slides) presentation on these emerging technologies. You will be selling this to a potential client • Explain the technology • Discuss the benefits, how will it help security? • Are there any drawbacks? Task Which would you suggest would be best to keep a network secure? Explain your answer.
Email Systems - Email security is a multi-layered discipline which can involve using several types of security software and security technology. • Wireless systems - Wireless networks transmit data through radio frequencies, and are open to intruders unless protected. • Networked Devices - minimum security standards are needed to help protect not only the individual device, but other devices connected to the electronic communications network. Security Measures
Look into different security measures: • Email Systems (Secure MIME, Relay agents), • Wireless systems (Security features: Site Surveys, MAC association, WEP/WPA keys, TKIP), • Networked Devices (Security features - router, switch, wireless access points) Produce a table. • Brief explanation, what is it, how it’s used • Why it is used in securing a Network? • Web links to good websites
Banks & Government Organisations What are the threats? Organisations
Banks have always needed secure areas such as vaults protected by security codes, locks and keys, and have been concerned with the authorisation and identification of staff empowered to carry out certain activities. • The honesty of staff is an important issue and careful selection and screening procedures are needed. • At the appointment stage references are usually requested and other checks made on potential employees Security
In terms of day-to-day activities, a need-to-know policy might be followed to ensure that information is not needlessly disseminated within the organisation, and that sensitive paperwork such as drawings, reports and accounts is securely locked up to minimise risk. • Customers, too, could present security concerns. • Banks need to assess security threats arising from customer interactions, and government departments involved in taxation and benefits will have similar concerns. Security
Using the Internet, research the following: • What fundamental security measures have been traditionally used in organisations such as banks? • Produce a table showing; • The systems in use. • What technology they use. How are they ensuring security of the network. • Are they using emerging technologies? • Evaluate the use of the security measures, are they still doing the job effectively? Task
Websites: • https://www.giac.org/paper/gsec/3145/alarm-cctv-unified-systems-physical-security-options-mexican-banks/105232 • http://www.securitymagazine.com/articles/85356-banking-battlegrounds-cyber-and-physical-security-risks-today • http://www.cisco.com/web/strategy/docs/finance/solution_overview_c22-550743.pdf • http://www.professionalsecurity.co.uk/news/interviews/a-future-for-physical-security-at-banks/
Summarise different emerging technologies that are used for Security • Examine different security systems used in Organisations • Evaluate the physical security measures that are used to protect networks Learning Objectives