You are on page 1of 34

Chapter Six

IS Network and Telecommunications Risks

Topics Addressed in Chapter 6


Network and Telecommunications Technologies IT Network and Telecommunications Risks IT Network and Telecommunications Security Auditing Network Security Auditing Switches, Routers and Firewalls Auditing WLAN and Mobile Devices
2

Network & Telecommunications Technologies


A stand-alone computer has a limited amount of risk associated with it. As computers are connected to form networks, risk can increase exponentially. IT auditors need to know different kinds of networks, specific risks within an organizations network and tools to protect the systems from these risks.

Network Components
Components

in a computer network:

Computers and terminals (dumb or smart) Telecommunications channels (physical or wireless) Telecommunications processors Routers and switching devices

General Message Organization

General Message Syntax (Organization)


Header and trailer are further divided into fields
Trailer Data Field Header

Message with all three parts

Other Header Field

Destination Address Field is Used by Switches and Routers Like the Address on an 2-5 Envelope

Primary Network Topologies

CSI/FBI Survey

Companies Face Many Attack


Viruses (and other malware) Decreasing Frequency Insider abuse of net access Laptop theft Unauthorized access by insiders Denial-of-service attacks System penetration Sabotage Theft of proprietary information Fraud Telecoms eavesdropping and active wiretaps

In Order of

CSI/FBI Survey

Very Common Successful Incidents


Viruses and other malware Insider abuse of net access Laptop theft

Low-Frequency / High-Damage Attacks


Theft of proprietary information ($2.7 M / incident) Denial of service attacks ($1.4 M / incident)

Network Types

Various ways to categorize telecommunications network:


In terms of distance: local area networks and wide area networks In terms of ownership: internet, intranet, extranet Virtual private networks (VPN) Client/server networks

Virtual Private Networks (VPNs)


Site-to-Site VPN Tunnel Protected VPN Serv er Gateway Corporate Site A Internet VPN Protected Gateway Client Corporate Site B

Site-to-site VPNs protect traffic between sites Will dominate VPN traffic
Host-to-Host VPN Remote Access VPN Remote Corporate PC

A VPN is communication ov er the Internet with added security

Network Protocols and Software

Open Systems Interconnect (OSI) model


a standard architecture for networking that allows different computers to communicate across networks

Network and telecommunications software


network OS, networks management software, middleware, web browsers, e-mail software

OSI Layers
Layer OSI Name Number 1 2 Physical Data Link Purpose Physical connections between adjacent devices Use Nearly 100% dominant

End-to-end transmission in a single switched Nearly 100% network. Frame organization. Switch dominant operation Generally equivalent to the TCP/IP internet Rarely used layer. However, OSI network layer standards are not compatible with TCP/IP internet layer standards Generally equivalent to the TCP/IP transport Rarely used layer. However, OSI transport layer standards are not compatible with TCP/IP transport layer standards

Network

Transport

2-12

OSI Layers
Layer OSI Name Number 5 Session Purpose Initiates and maintains a connection between application programs on different computers If a session is broken, only have to go back to the last rollback point Brilliant idea, but few applications need it and those that do have their own methods for managing sessions 6 Presentation Designed to handle data formatting differences, data compression, and data encryption Rarely used as a layer. However, many file format standards are assigned to this layer. Some OSI applications are used
2-13

Use Rarely used

Application

In practice, a category for general file format standards used in multiple applications Governs remaining application-specific matters

Layered Communication on the Source Host

IT Network and Telecommunications Risks

Social Engineering Physical Infrastructure Threats


the elements, natural disasters, power supply, intentional human attacks

Programmed Threats
viruses, worms, Trojan horses, hoaxes, blended threats

Denial of Service Attacks Software Vulnerabilities

Malware

Malware
A general name for evil software

Viruses
Pieces of code that attach to other programs When infected programs execute, the virus executes Infects other programs on the computer Spreads to other computers by e-mail attachments, IM, peer-to-peer file transfers, etc. Antivirus programs are needed to scan arriving files
Also scans for other malware

Malware

Worms
Stand-alone programs that do not need to attach to other programs Can propagate like viruses through e-mail, etc.
But this require human gullibility, which is slow

Vulnerability-enabled worms jump to victim hosts directly Can do this because hosts have vulnerabilities
Vulnerability-enabled worms can spread with amazing speed Vendors develop patches for vulnerabilities but companies often fail or are slow to apply them

Malware

Payloads
After propagation, viruses and worms execute their payloads (damage code)
Payloads erase hard disks, send users to pornography sites if they mistype URLs Trojan horses: exploitation programs disguise themselves as system files

Malware

Attacks on Individuals
Social engineeringtricking the victim into doing something against his or her interests
Spamunsolicited commercial e-mail Credit card number theft is performed by carders Identity theft: collect enough data to impersonate the victim in large financial transactions Fraud: get-rich-quick schemes, medical scams

Malware

Attacks on Individuals
Adware pops up advertisements
Spyware collects sensitive data and sends it to an attacker Phishing: sophisticated social engineering attack in which an authentic-looking e-mail or website entices the user to enter his or her username, password, or other sensitive information

Human Break-Ins (Hacking)

Human Break-Ins
Viruses and worms rely on one main attack method
Humans can keep trying different approaches until they succeed

Hacking
Breaking into a computer Hacking is intentionally using a computer resource without authorization or in excess of authorization

Human Break-Ins (Hacking)

Scanning Phase
Send attack probes to map the network and identify possible victim hosts
Nmap programming is popular

Figure 9-4: Nmap


IP Range to Scan Type of Scan Identifie d Host and Open Ports

Social Engineering

Social engineers use their personalities and social skills to obtain confidential information or unauthorized access.
Learn about the target organization Pretend to be an IT employee or upper level manager Cajole or threaten the staff to get the information
24

Social Engineering Controls


Create and monitor a strict authentication policy for use by technical support personnel
Control public availability of information about employee and their contact information Strictly monitor remote access

Create strict firewall rules regarding outbound traffic


Train employees in social engineering tactics Limit the amount of private/confidential information available to any one employee

Remind employees to be skeptical in opening unexpected email attachments


Use penetration to evaluate the effectiveness of other social engineering controls

25

Denial of Service Attacks


A denial of service (DOS) attack occurs when a system is tied up and unable to perform its functions. Three-way handshake:
A sends an SYN packet to B B accepts and acknowledges it with SYN/ACK A returns an acknowledgment of the SYN/ACK and establishes a connection

When multiple messages are sent from A to B with the connections left open, B is tied up trying to make continuous ACK connections.

26

TCP Session Openings and Closings

Normal Three-Way Opening

SYN SYN/ACK
ACK

A SYN segment is a segment in which the SYN bit is set. One side sends a SYN segment requesting an opening. The other side sends a SYN/acknowledgment segment. Originating side acknowledges the SYN/ACK.

Distributed Denial-of-Service Flooding Attack

Attack Command Attacker 1.34.150.37 Attack Command

Handler

Zombie Attack Command Attack Packet Attack Packet

Attack Command Attack Command Handler Zombie

Victim 60.168.47.47

Attack Packet Zombie

The attacker installs handler and zombie programs on victims The attacker sends an attack command to handlers. Handlers send attack commands to zombies. The zombies overwhelm the victim with attack packets.

IT Network and Telecommunications Security

A network security defense system:


Network security administration: create a network security plan, develop and communicate a security policy for network resources, and manage passwords. Authentication: ensuring that users are who they say they are. Encryption: scramble or code data so that no one will understand without a decoder decryption key.

IT Network and Telecommunications Security

A network security defense system:


Firewalls: combine software and hardware to allow only desirable traffic. Intrusion Detection Systems: record unsuccessful access attempt and other anomalies, and detect unauthorized activities. Penetration Testing: penetrate an information system to learn about the logical access vulnerabilities. General testing tools include war dialing, port scanning, sniffers, and password crackers.

31

32

33

Auditing Network Security

An IT audit program for network security have components similar to those for auditing any IT application area, including:
Obtain an understanding of network configuration and network security administration. Evaluate physical and logical access security. Evaluate programmed threat security. Examine backup and contingency plans.
34

You might also like