What are sone of the potential losses associated with security breaches?
- reduced customer confidence
- loss of income when systems are offline
- cost of lawsuits for disclosure of private information
True or False: The value of an organization’s data and applications typically exceeds the cost of the physical network.
True
What are the primary goals of network security?
- confidentiality: protection from unauthorized disclosure of data.
- integrity: assurance that data has not been altered or destroyed.
- availability: providing continuous operations of hardware and software.
Business continuity involves preventing what three things to ensure that operations remain ongoing?
- disruption: loss or reduction in network service
- destruction: viruses or hard disk crash destroy data
- disaster: may destroy servers or network elements and circuits.
What are network controls?
mechanisms (such as software, hardware, rules or procedures) that are designed to reduce or eliminate the threats to network security.
What are the three main types of controls?
- preventative controls
- detective controls
- corrective controls
What is the purpose of a risk assessment?
A risk assessment is used to assign a level of risk to various threats by comparing them to the controls in a control spreadsheet.
With a risk assessment you must identify what two things?
Assets and threats
The value of an organization’s assets are a function of what three things?
- straight replacement cost
- personnel time to replace asset
- lost revenue due to absence of the asset
Threats are ranked based on what two things?
- probability of occurrence
- likely cost if the threat materializes
Describe the two pronged approach to continuity planning
- development of controls (to prevent events from having a major impact
- disaster recovery plan (to recover lost data after a disaster)
What is the difference between a virus and a worm?
- a virus is a malware program that replicates itself by spreading from one computer to another through human intervention.
- a worm is malware that spreads copies of itself from computer to computer without human intervention.
What are DoS and DDoS attacks?
Denial of Service attacks (DoS) are when an attacker bombards a server with requests so that its processor is pushed to very high usage levels. This makes it difficult to service legitimate user requests.
Distributed Denial of Service (DDoS) involves a DoS attack launched from thousands of computers from around the internet.
Name four methods for combating DoS attacks
- use multiple dispersed redundant servers
- traffic filtering (verify source IP address… not very effective)
- traffic limiting (limit aggregate rate of packets for all users)
- intrusion detection and prevention system (IDS/IPS) (perform traffic analysis to determine normal traffic patterns and block anything abnormal)
How can redundancy help improve device failure protection? Give four examples.
If one fails the organization can make use of a backup (redundancy)
Examples:
- Uninterruptible Power Supply (UPS) (detect power surges so that the user can unplug and save data)
- Redundant Array of Inexpensive Disks (RAID) (also called disk mirroring - save data on storage disks)
- Server Clustering
- Web Clustering (decentralize network resources)
Name as many of the 9 elements of a disaster recovery plan as you can
- names of decision making managers
- staff assignments and responsibilities
- list priorities for “first fix”
- location of alternative facilities
- recovery procedures for communication facilities
- actions to be takes in case of damage or threats
- manual processes after damage
- plan for updating and testing procedures
- safe storage of the DRP itself
Describe a two level disaster recovery plan DRP
level 1 - internal:
- build enough capacity and keep enough spare equipment to recover from minor disaster
level 2 - external DRP outsourcing:
- rely on professional disaster recovery firms
Describe intrusion and list the four types of intruders
Intrusion is when there is unauthorized access to a controlled resource (data and equipment)
Intruder types:
- casual intruders (limited knowledge playing with hacking)
- security experts (hackers and crackers (hackers who cause damage))
- professional hackers (break into computers for a purpose)
- employees and partners (Legitimate access to network but gain access to information that they are not authorized to use)
What is the role of network perimeter security? What is it intended to protect?
network perimeter security is intended to stop intruders at the perimeter of the network. It protects access points to the network such as: - internet - wired LAN - wireless LAN it protects these access points using: - perimeter security firewall - network address translation - physical security
What is a firewall?
a device or software designed to block data packets that do not conform to a specific set of rules
True or false: firewalls can be hardware based or software based.
true
Name four commonly used firewalls and describe each of them
- packet-level (examines the source and destination TCP&IP addresses of packets and allows or denies passage based on the access control list (ACL) rules.)
- stateful firewall (maintains information on the state of connections and performs Stateful Packet Inspections (SPI))
- application-level (controls input, output and access to a specific application or service. Also performs high-level analysis based on reassembled packet stream)
- network address translation (NAT) (used to translate a private IP address to a public routable IP address)
What are the four states of a stateful firewall?
- new
- established
- related
- invalid
Draw the typical firewall architecture
slide 36
