Unit 32 Assignment 2
Within the context of computer networking, auditing is the process of analysing a network for its usage and security. There are several third-party auditing applications available, but Microsoft Windows comes built in with tools for auditing. Audits can also be done manually without software, but I will be looking at the effectiveness and uses of automated audits.
Auditing tools carry out automated scans (audits) that determine the security and functionality of a network. On top of this, audits also review the performance/optimisation of a network. Once an audit is complete, a report, summarising any findings, is sent to network administrators for action to be taken.
While scanning, auditing tools view all network nodes, they scan all files and services and look out for possible threats. These can be identified if certain patterns a found, or if unauthorised items or known threats are detected.
The data retrieved from the network by the audit can be used to find out many things:
- Which logins are regularly targeted
- What is being used/accessed by certain users
- The time of occurrences
- Possible malicious files
- Network Intrusion
Education and Training of Users
An organisation might utilise a work base that is not tech-savvy, meaning that network safety knowledge that comes naturally to computer professionals won’t be known by them. This is why an organisation might choose to train new employees in the basics of competent, safe network use. The training will likely recite or paraphrase measures and procedures already established in the organisation’s policy documents. All that new employees need to know is how to safely use the local network in ways relevant to their position/rank.
By educating employees of correct network use, protection against both internal and external threats is increased.
Configuring and ‘Locking Down’ the User Environment
System administrators can apply settings to the operating systems to alter the usable functions to the user environment.
File and Folder Permissions
To prevent misuse of folders and files on a shared network, administrators can assign permissions to user groups and specific folders/files. This is beneficial to security because it prevents the deletion, modification, or viewing of items that shouldn’t be used by certain people.
Allows the user to read the contents of folders and files it is applied to.
Read and execute
Allows the user to read the contents of folders and files, and to run any executables it is applied to.
Grants read permission and allows the addition of new files into a folders and to edit the contents of a file.
Grants read and write permissions and allows for the moving and deletion of a folders or its files.
Allows for unrestricted reading, writing, moving or deleting of folders and files with no exceptions.
Organisations have their own policies regarding security, workstation use, and network use. The purpose of these policies is to outline rules that legally bind those attached to it. In the college’s case, students and staff are required to follow the policies to ensure fair and secure system use.
St Helens College’s ICT Services Policy is an example of users being given responsibilities. The document outlines the rules, regulations and measures for network use in different situations, who the rules apply to, and who to contact in the event of a problem.
Failing to follow your organisation’s officially documented policies will result in punishment ranging from suspension to legal action.
Source(s): St. Helens College’s ICT Services Policy, https://www.giac.org/paper/gsec/1691/good-security-policy-necessary/103074, My own Unit 7 Assignment 2 work
Lock and Key
An obvious method of preventing unwanted access to something is using a lock. Keys can be given only to those trusted with certain assets. A good lock cannot easily be bypassed and restricts access to a server room. Keys can also be printed with security codes that prevent the creation of duplicates so that access cannot be distributed to untrusted people. If someone physically accesses a server, they can potentially cause major damage. A lock and key is a cheap first line of defence against unwanted access.
Source(s): http://www.articlesfactory.com/articles/site-security/importance-of-locks-and-keys.html, My own Unit 7 Assignment 2 Work
If there is a break-in to an organisation’s building, and the intruder is able to make his/her way to a workstation or other network-connected computer, they can use local access to intrude the network. This would be especially damaging if the attacker is able to login to an administrator’s account, thus giving them full access and control of network files.
Controlled Building Access
Similar to lock and key security, controlled building access is a way of preventing physical access to a network by entering the building it is based in. It is the act of monitoring and handing those who enter the network’s home building, where only those who are authorised to do so may enter certain areas or even the building as a whole. Two examples of controlled building access are CCTV cameras and ID badges
Issuing staff, students and visitors with ID badges proves to others that they are authorised to be in the organisation. These ID badges are a simple way of identifying people who belong in the organisation. If a person is seen without an ID badge inside the organisation, they will be questioned as to why they are there and possibly asked to leave. Without any policy to control who can go in or out of the organisation, anybody would be able to enter the premise unstopped. Some ID cards can also be used to access certain areas within an organisation, with people being given access rights and privileges based on their role.
Closed-circuit television (CCTV) cameras is a TV system which sends its signal to its assigned monitors, for the purpose of surveillance and/or security. CCTV cameras are placed in high security areas in order to display and record all action within its field of view. This is helpful for three things: First, it displays any unusual happenings to a person viewing the monitors, allowing them to handle a situation as it happens. Second, any recordings can be referred to later in order to prove something or find a responsible culprit in the event of a crime. And third, it acts as a deterrent to potential criminals who fear being caught for their crimes.
Source(s): http://whatis.techtarget.com/definition/CCTV-closed-circuit-television, http://blog.idville.com/post/2013/12/10/Benefits-of-Photo-ID-Badges.aspx, my own Unit 7 Assignment 2 work
The Method Used to Store Passwords on a Server and Authenticate a User Who Logs in at a Remote Machine
One of the uses of cryptography in computer networking is authentication. This is the act of identifying and verifying a user and validating their access to network services. When a user creates a password and uses it to login to their network account, there is a far more complex series of steps taking place behind the scenes.
The process of securely storing a password and retrieving it later and authenticating access is done using what is called a ‘hashing algorithm’. A hash is a fixed-length value that represents inputted data as a nonsensical series of characters, created using a formula that ensures that any two different strings of text produce a different hash.
In order to validate a user’s password for login, the hash along with the password itself is encrypted with a public key and transmitted to the server. The server decrypts the received transmission using the private key and creates its own hash from the password. If the two hashes are the same, it confirms that the password is authentic, and the user is granted access. Combining public/private encryption with hashing is also known as ‘hash-based message authentication code (HMAC)’.
In order to be granted login access by the server, the server needs to have the password stored so that it can be matched with login requests. When a user sets his/her password, the hash is created for the first time, encrypted, and sent to the server similarly to the previously mentioned method. When the data packet arrives, the now unencrypted hash is stored on the server. When a future login request is received from the same user, that stored hash is compared with the hash of the password entered in the request, allowing entry to the user if the hashes match. The password’s hash is stored rather than the password itself because it is an encrypted version of the password that cannot be read in the event of a server data breach.
There are different kinds of hashing algorithms available, such as MD5 and SHA.
Biometrics is the scanning of a person’s physical features as a means to authenticate them and grant them access to a system. Similar to a hashes, a person’s features are recorded and stored for future entry. When the user attempts to enter, they are scanned and the results are compared with the data stored. If the results match, the user is authenticated. Kinds of biometrics include fingerprint, retina, iris, facial, geometric and auditory recognition.
Biometrics are a growing feature in security. They have the security advantage of accounts only being accessible by the person who has been scanned. However, accurate biometric scanners are expensive, and cheap scanners like low-end fingerprint scanners can sometimes fail to scan, locking the user out of the system unfairly.
ID Card Authentication
In many organisations, it is common for people to have ID cards to prove that they are authorised to be on the premise. “Smart cards” are a kind of ID card that have an electronic chip built into them that allow them to serve a dual purpose both as visible identification as well as a type of system access authentication. Certain doors in the organisation and even some devices will have restricted access. The holder can insert their smart card into a slot where the chip sends a specific signal into the system, where access is granted if a match is found, thus authenticating the user.
Smart cards are quick to use and are a convenient item to wear at all times, but are susceptible to theft.
Task 2 Source(s): http://www.webopedia.com/TERM/H/hashing.html, http://unit32.2plus2isfive.co.uk/paddv/week-11-cryptography/, http://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard, http://searchsecurity.techtarget.com/definition/Hash-based-Message-Authentication-Code-HMAC, http://unit32.2plus2isfive.co.uk/paddv/week-10-authentication/
Comparing the security benefits of different cryptography techniques
What is an Algorithm and what is AES & DES?
Computers follow steps, they aren’t able to improvise, they need to be told what to do in order to achieve any objective. An algorithm is a set of commands given to a computer that are followed in order to accomplish a goal. In cryptography, algorithms are created as processes for which data is encrypted.
Encryption algorithms (also known as cryptographic algorithms) generate random keys that are used by computers to encrypt or decrypt data. These keys can be cracked with a brute force attack, so, in the same way that longer passwords are a countermeasure to brute force, a key’s length is extended to dramatically increase the time taken for a brute force attack to correctly guess it.
Two examples of cryptographic algorithms are AES and DES.
DES (Data Encryption Standard) was developed by IBM in collaboration with the US government in 1977. The algorithm was revolutionary at the time and influenced the future of cryptography. DES generates 56-bit keys that are now considered insecure because they can be broken by a modern brute force attack in very little time. There is also 3DES (Triple DES) which effectively triples the effectiveness of DES, but it is still not significant enough to keep up with modern standards.
AES (Advanced Encryption Standard) was an algorithm developed in 2000. It supports key lengths of 128 bits, 192 bits and 256 bits. This makes it far more secure against brute force attacks than DES
Secure Sockets Layer (SSL)
SSL is the protocol utilised by many popular browsers that specifies the method of transportation for data between devices.
When connecting to a website, a browser sends a request to the web server, asking for a copy of its SSL certificate. This confirms if the site conforms to SSL protocol and can support a secure connection. If the certificate checks out, the browser sends a second request to the server, this time asking to begin an SSL encrypted connection. The web server accepts, and the user is then able to use the website under a secure connection. This verification of SSL support is called the “handshake protocol” or “initial handshake process”.
SSL uses a combination of symmetric and asymmetric encryption for secure communication.
Also known as “shared key encryption”, symmetric encryption uses the same key to encrypt and decrypt data. This is a high-performance method of encryption that allows data to be quickly transferred. But, the key can be intercepted. if the key is obtained by someone with malicious intent, they will have the freedom to unencrypt all data encrypted with that same key.
Also known as “private/public key encryption”, asymmetric encryption works using two different keys. A key is a value applied to a message using an algorithm. A public key is usable by anyone, but a private key is confidential and only accessible to its owner. Anything that is encrypted with a public key can only be unencrypted by its corresponding private key and vice versa. So, if you want to send a message to someone, it will be encrypted with their public key, and only the recipient will have the corresponding private key to unencrypt it. The private key cannot be intercepted because it is never transferred to another device. While not as fast as symmetric encryption, asymmetric encryption is more secure.
Source(s): http://www.webopedia.com/TERM/S/SSL.html, http://searchsecurity.techtarget.com/definition/Secure-Sockets-Layer-SSL, my own Unit 7 and Unit 32 work, http://searchsecurity.techtarget.com/definition/encryption, https://www.youtube.com/watch?v=EJd8zqN3zTw, https://en.wikipedia.org/wiki/Key_size, http://info.townsendsecurity.com/bid/72450/what-are-the-differences-between-des-and-aes-encryption