ACCT 427 - Chapter 7 Part II
|Border Router||A device that connects an organization's information system to the internet|
|Firewall||A combination of security algorithms and router communications protocols that prevent outsiders from tapping into corporate databases and e-mail systems|
|Demilitarized Zone (DMZ)||Placing the organization's Web servers and e-mail servers in a separate network that sits outside the corporate network but is accessible from the Internet|
|Transmission Control Protocol (TCP)||Specifies the procedures for dividing files and documents into packets and for reassembly at the destination|
|Internet Protocol (IP)|| ♦Specifies the structure of the packets and how to route them to the proper destination|
•The current version of the IP protocol, IPv4, uses 32-bit long addresses.
•Consist of four 8-bit numbers separated by periods.
|2 Parts of IP Packets|| 1) Header|
|Header of the IP Packet||Contains the packet's origin and destination addresses, as well as info about the type of data contained in the body|
|Router||Special purpose devices that are designed to read the destination address fields in IP packet headers to decide where to send (route) the packet next|
|Access Control List (ACL)||A set of rules that determine which packets of information transmitted over a network, such as the Internet, are allowed entry and which are dropped|
|Static Packet Filtering||A process performed by the border router that screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header|
|ACL Firewalls||•The firewall will subject the packet to more detailed testing before allowing it to enter the internal network|
• Firewalls are designed to act as filters and only permit packets that meet specific conditions to pass.
•The final rule in the firewall ACL usually specifies that any packet not allowed entry by a previous rule should be dropped.
•Firewalls don't block all traffic, but only filter it.
•Certain traffic passes through.
|Stateful Packet Filtering||•A technique employed by firewalls in which a table is maintained that lists all established connections between the organization's computers and the Internet|
•The firewall consults this table to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer
•Enables the firewall to reject specially crafted attack packets that would have passed a simple static packet filter
|Deep Packet Inspection|| ♦When the firewall examines the data in the body of an IP packet rather than only looking at the information in the IP header|
•The process takes more time, and therefore the added cost is loss of speed
|Intrusion Prevention Systems (IPS)||♦A new type of filter designed to identify and drop packets that are part of an attack|
•Checking packet contents against a database of patterns (signatures) of known attack methods
•Developing a profile of "normal" traffic and using statistical analysis to identify packets that don't fit the profile
•Using rule bases that specify acceptable standards for specific types of traffic and dropping packets that don't conform
|Internal Firewalls for Different Departments|| •Most security incidents involve employees rather than outsiders|
•These internal firewalls help restrict the data and portions of the IS that particular employees can access
•Increases security and strengthens internal control by providing another segregation of duties
|Wireless Access Security|| •To secure wireless access, all wireless access points (devices that accept incoming wireless communications and permit connection to the network) should be located in the DMZ.|
•Treats all wireless access as if it was coming in from the Internet and forces it to go through the main firewall and intrusion prevention systems
|Hosts||♦The workstations, servers, printers, and other devices that comprise the organization's network|
|Modifying Host Configurations|| •Hosts are made more secure|
•Default configurations of most devices typically turn on a large number of optional settings that are seldom, if ever used.
•Default installations of many operating systems turn on many special purpose programs, called services, which are not essential
|Turning On Unnecessary Settings|| •Maximizes the likelihood of successful installation without the need for customer support.|
•But the cost is that it creates security weaknesses. (vulnerabilities)
|Vulnerabilities||Flaws in programs which can be exploited to either crash the system or take control of it|
|Hardening||The process of turning off unnecessary program features|
|Other Preventive Controls|| •Every host (servers, workstations, printers) should be running anti-virus and firewall software that is regularly updated.|
•COBIT states that it is important to harden and properly configure every device, including those used to protect the network (e.g., firewalls, IPS, routers, etc.) to make them resistant to tampering.
|Managing User Accounts and Privileges||♦COBIT stresses the need to carefully manage user accounts, especially when they have unlimited (administrative) rights on the computer.|
♦Users who need administrative powers on a particular computer should be assigned two accounts:
•One with administrative rights.
•One with limited privileges.
♦Users should log in under the limited account to perform routine duties.
•They should be logged into their limited account when browsing the Web or reading email.
•If they visit a compromised Website or open an infected email, the attacker will only acquire limited rights.