Controlling Networks PDF

Controlling Networks Presented by: Luisito V. Correa Jr., CPA, CAT, MBA Scope CONTROLLING RISKS FROM SUBVERSIVE THREATS CONTROLLING RISKS FROM EQUIPMENT FAILURE ELECTRONIC DATA INTERCHANGE (EDI) CONTROLS Network Communications Risks Risks from Subversive Threats 1 Computer criminals, hacking, denial of service attacks Risks from equipment failure Equipment failures in the communications system. Corrupt transmission, data and program loss on servers 2 CONTROLLING RISKS FROM SUBVERSIVE THREATS Firewall Insulates the organization’s network from external network. Insulate portions of the organization’s intranet from internal access. Can be used to authenticate an outside user of the network, verify his or her level of access authority, and then direct the user to the program, data, or service requested. Types of Firewall Network-level firewall Provides efficient but low security access control. Use screening router that examines the source and destination addresses. Accepts or denies access requests based on filtering rules. Does not explicitly authenticate outside users. Application-level firewall Provide a higher level of customizable network security. Add overhead to connectivity. Configured to run security applications called proxies that can perform sophisticated functions such as user authentication. Provide comprehensive transmission logging and auditing tools. Dual-Homed System Firewall Denial of Service Attacks SYN Flood Attack Smurf Attack Distributed Denial of Service (DDos) Attack Controlling Denial of Service Attacks SYN Flood Attack When a user establishes a connection on the Internet a three-way handshake takes place. The connecting server sends an initiation code called a SYN (SYNchronize) packet to the receiving server. The receiving server then acknowledges the request by returning a SYNchronize–ACKnowledge (SYN-ACK) packet. Finally, the initiating host machine responds with an ACK packet code. The SYN flood attack is accomplished by not sending the final acknowledgment to the server’s SYN-ACK response, which causes the server to keep signaling for acknowledgement until the server times out. Controlling Denial of Service Attacks Prevention and Detection  Programming the firewalls to block outbound message packets that contain invalid internal IP addresses to prevent attackers from hiding their locations from the targeted site  Using Security software that is available for the targeted sites that scan for half-open connections and looks for SYN packets that have not been followed by an ACK packet. Controlling Denial of Service Attacks It is accomplished by exploiting an Internet maintenance tool called a ping. Smurf Attack The ping works by sending an echo request message to the host computer and listening for a response message. A functioning and available host must return an echo reply message that contains the exact data received in the echo request message packet. The perpetrator of a smurf attack uses a program to create a ping message packet that contains the forged IP address of the victim’s computer (IP spoofing). The ping message is then sent to the intermediary, which is actually an entire subnetwork of computers. Consequently, each intermediary node sends echo responses to the ping message, which are returned to the victim’s IP address The resulting flood echoes can overwhelm the victim’s computer and cause network congestion that makes it unusable for legitimate traffic. Controlling Denial of Service Attacks Prevention and Detection  The targeted organization can program their firewall to ignore all communication from the attacking site until the attacker’s IP address is determined Controlling Denial of Service Attacks Distributed Denial of Service (DDos) attack May take the form of a SYN flood or smurf attack. The distinguishing feature of the DDos is the sheer scope of the event. The perpetrator of a DDos attack may employ a virtual army of so-called zombie or bot (robot) computers to launch the attack. Because vast numbers of unsuspecting intermediaries are needed, the attack often involves one or more Internet Relay Chat (IRC) networks as a source of zombies. IRC is a popular interactive service on the Internet that lets thousands of people from around the world engage in real-time communications via their computers. Controlling Denial of Service Attacks Prevention and Detection  Investing in Intrusion Prevention Systems ( IPS ) that employ deep packet inspection ( DPI ) to determine when an attack is in progress. Encryption Encryption is the conversion of data into a secret code for storage in databases and transmission over networks. Encryption PRIVATE KEY ENCRYPTION PUBLIC KEY ENCRYPTION Two general approaches to encryption Private Key Encryption Advance encryption standard (AES) A 128-bit encryption technique that has become a U.S. government standard for private key encryption. The AES algorithm uses a single key known to both the sender and the receiver of the message. The receiver decodes the message with a decryption program that uses the same key the sender employs. Private Key Encryption Triple-DES encryption An enhancement to an older encryption technique called the Data Encryption Standard (DES). Triple DES provides considerably improved security over most single encryption techniques. Two forms of triple-DES encryption are EEE3 and EDE3. Private Key Encryption Hello Key 1 &q77> Key 2 G4??i Key 3 8*WW” Sender Hello Key 1 &q77> Key 2 G4??i Key 3 8*WW” Receiver Private Key Encryption Hey Key 1 W&u Key 2 yHe Key 3 uW& Sender Hey Key 1 W&u Key 2 yHe Key 3 uW& Receiver Public Key Encryption Public key encryption uses two different keys: one for encoding messages and the other for decoding them. Users never need to share their private keys to decrypt messages, thus reducing the likelihood that they fall into the hands of a criminal. Public Key Encryption RSA (Rivest-Shamir-Adleman) This method is computationally intensive and much slower than standard DES encryption. Sometimes, both DES and RSA are used together in what is called a digital envelope. The DES private key needed to decrypt the message is encrypted using RSA and transmitted along with the message. The receiver first decodes the DES key, which is then used to decode the message. Digital Message Security Feature Digital Envelope Digital Signature Digital Certificate Digital Envelope Digital envelope is an encryption method in which both DES and RSA are used together. A digital envelope is a secure electronic data container that is used to protect a message through encryption and data authentication. It allows users to encrypt data with the speed of secret key encryption and the convenience and security of public key encryption. Digital Signature Digital signature is electronic authentication that cannot be forged. It ensures that the message or document the sender transmitted was not tampered with after the signature was applied. Digital Certificate Digital certificate is a sender’s public key that has been digitally signed by trusted third parties. Verifying the sender’s identity requires a digital certificate, which a trusted third party issues, called a certification authority (CA). The digital certificate is transmitted with the encrypted message to authenticate the sender. The receiver uses the CA’s public key, which is widely publicized, to decrypt the sender’s public key attached to the message. The sender’s public key is then used to decrypt the message. Other Controls for Subversive Threats Message Message Request- Call-Back Sequence Transaction Response Devices Numbering Log Technique A sequence number All incoming and A control message Requires the dial-in is inserted in each outgoing messages, as from the sender and a user to enter a message, and any well as failed access, response from the password and be such attempt to should be recorded in receiver are sent at identified. The system delete, change a message transaction periodic, synchronized then breaks the order or duplicate a log. intervals. connection to perform message will user authentication. become apparent at The log should record The message timing the receiving end. the user ID, the time of should follow a random Call-back device dials access, and the pattern that will be the caller’s number to terminal location or difficult for the intruder establish a new telephone number. to determine and connection when the circumvent. caller is authorized. Audit Objectives Relating to Subversive Threats The auditor’s objective is to verify the security and integrity of financial transactions by determining that network controls: a) can prevent and detect illegal access both internally and from the Internet. b) will render useless any data that a perpetrator successfully captures. c) are sufficient to preserve the integrity and physical security of data connected to the network. Audit Procedures Relating to Subversive Threats 1) Review the adequacy of the firewall in achieving the proper balance between control and convenience based on the organization’s business objectives and potential risks. Criteria: flexibility, proxy services, filtering, segregation of systems, audit tools, probe for weaknesses. 2) Verify that an Intrusion Prevention Systems (IPS) with deep packet inspection (DPI) is in place for organizations that are vulnerable to DDos attacks, such as financial institutions. 3) Review security procedures governing the administration of data encryption keys. 4) Verify the encryption process by transmitting a test message and examining the contents at various points along the channel between the sending and receiving locations. 5) Review the message transaction logs to verify that all messages were received in their proper sequence. 6) Test the operation of the call-back feature by placing an unauthorized call from outside the installation. CONTROLLING RISKS FROM EQUIPMENT FAILURE CONTROLLING RISKS FROM EQUIPMENT FAILURE Line Errors The most common problem in data communications is data loss due to line error. The bit structure of the message can be corrupted through noise on the communications lines. Noise is made up of random signals that can interfere with the message signal when they reach a certain level. Electric motors, atmospheric conditions, faulty wiring, defective components in equipment, or noise spilling over from an adjacent communications channel may cause these random signals. CONTROLLING RISKS FROM EQUIPMENT FAILURE ECHO CHECK The echo check involves the receiver of the message returning the message to the sender. The sender compares the returned message with a stored copy of the original. If there is a discrepancy between the returned message and the original, suggesting a transmission error, the message is retransmitted CONTROLLING RISKS FROM EQUIPMENT FAILURE PARITY CHECK. The parity check incorporates an extra bit (the parity bit) into the structure of a bit string when it is created or transmitted. Parity can be both vertical and horizontal (longitudinal). If the number is even, the system assigns the parity bit a value of one. If the number of 1 bits is odd, a zero parity bit is added to the bit structure. CONTROLLING RISKS FROM EQUIPMENT FAILURE Audit Objectives & Procedures Relating to Equipment Failure Audit Objective:  Verify the integrity of the electronic commerce transactions by determining that controls are in place to detect and correct message loss due to equipment failure. Audit Procedures:  The auditor can select a sample of messages from the transaction log and examine them for garbled contents that line noise causes.  The auditor should verify that all corrupted messages were successfully retransmitted. ELECTRONIC DATA INTERCHANGE CONTROLS Electronic Data Interchange Electronic data interchange (EDI) is the intercompany exchange of computer-processible business information in standard format. The transmission may be either a direct connection between the trading partners or an indirect connection through a value-added network (VAN). Electronic Data Interchange Controls Electronic Data Interchange Controls TRANSACTION AUTHORIZATION AND VALIDATION a) Some VANs have the capability of validating passwords and user ID codes for the vendor by matching these against a valid customer file. The VAN rejects any unauthorized trading partner transactions before they reach the vendor’s system. b) Before being converted, the translation software can validate the trading partner’s ID and password against a validation file in the firm’s database. c) Before processing, the trading partner’s application software references the valid customer and vendor files to validate the transaction. Electronic Data Interchange Controls ACCESS CONTROL To function smoothly, EDI trading partners must permit a degree of access to private data files that would be forbidden in a traditional environment. For example, it may permit the customer’s system to access the vendor’s inventory files to determine if inventories are available. The customer may periodically access the vendor’s price list file to keep pricing information current. Alternatively, the vendor may need access to the customer’s price list to update prices. To guard against unauthorized access: a) Each company must establish valid vendor and customer files where inquiries against databases can t be validated and unauthorized attempts at access can be rejected. b) User authority tables can also be established, which specify the degree of access a trading partner is allowed. Electronic Data Interchange Controls EDI AUDIT TRAIL The absence of source documents in EDI transactions eliminates the traditional audit trail One technique for restoring the audit trail is to maintain a control log, which records the transaction’s flow through each phase of the EDI system. Audit Objectives Relating to EDI The auditor’s objectives are to determine that: a) All EDI transactions are authorized, validated, and in compliance with the trading partner agreement b) No unauthorized organizations gain access to database records c) Authorized trading partners have access only to approved data d) Adequate controls are in place to ensure a complete audit trail of all EDI transactions. Audit Procedures Relating to EDI TESTS OF AUTHORIZATION AND VALIDATION CONTROLS: a) Review agreements with the VAN facility to validate transactions and ensure that information regarding valid trading partners is complete and correct b) Examine the organization’s valid trading partner file for accuracy and completeness. TESTS OF ACCESS CONTROLS: a) The auditor should determine that access to the valid vendor or customer file is limited to authorized employees only. The auditor should verify that passwords and authority tables control access to this file and that the data are encrypted b) The auditor should reconcile the terms of the trading agreement against the trading partner’s access privileges stated in the database authority table. c) The auditor should simulate access by a sample of trading partners and attempt to violate access privileges. Audit Procedures Relating to EDI TESTS OF AUDIT TRAIL CONTROLS The auditor should verify that the EDI system produces a transaction log that tracks transactions through all stages of processing. By selecting a sample of transactions and tracing these through the process, the auditor can verify that key data values were recorded correctly at each point. Thank You and God Bless

Controlling Networks PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue