Monday, 16 April 2012

Principles of ICT Systems & Data Security

Common Types of Physical Threats to ICT Systems and Data (hardware damage, loss and theft)

Over the years keeping your computer safe has become increasingly important as now more than ever people are trying to steal or damage your data. Of course a standalone pc is invulnerable to attack, unless of course it is physically damaged, or stolen. Physical damage to a computer can be broken down into deliberate or accidental. Misuse of equipment can also lead to damage. An example of accidental damage can be if you are working on a computer without using an antistatic wristband, otherwise electrostatic discharge can damage hardware. If you have a PC Laptop then it is also venerable to being lost. Our advice is always keep your pc in a secure place and keep an eye on it if you take your companion travelling.


Common types of electronic threats to ICT systems and data (hardware damage, loss and theft)

Electronic threats include: Unauthorised access to a system, by social engineering (which is misleading someone into thinking they are giving their details to a legitimate source), poorly protected passwords (your dog’s name for example) or people trying to crack into the system. Ways to combat this are using a password which contains a mix of uppercase and lowercase characters, as well as numbers and special characters and keeping your password and other information secure. For example your bank will never ring you up and ask for your bank details. Always install new updates on your system or router. Updates are brought out to seal up security holes in a system and to protect you! Remember, always test updates on a server before you roll them out to all the client pcs. Another thing to ensure is that your network security is strong and all working; this includes firewalls, web and mail servers and any wireless access points. Denial of service attacks are used by people trying to take down a system, and example of people with these motives can be disgruntled ex employees. There are many different types of these and it is hard to defend against, but ensuring your security is up to date and a firewalled router is in use is a good deterrent.


Security vulnerabilities associated with remote access technologies (including wireless)

When wireless technologies are added to a system it opens up a whole new window for security vulnerabilities. Wireless technologies mean that it is easier for remote users to get access into systems.
For example, many people have wireless routers installed in their house, and a large number of people also use WEP security on their router. WEP is a means of encryption and stands for Wired Equivalent Privacy. The first type of encryption to come out for wireless, and is now very insecure; anyone can download a program off the internet that monitors packets and crack the encryption to a wireless router using the WEP algorithm. WEP has been replaced with WPA which is more secure.

Physical Access Control
There are an endless number of possibilities to securing your network. For instance take a server and the data on it, for example. The only way to properly secure it is to drop it in a hole in the ground and fill it with concrete, and even then it’s not secure. In reality there is no given way to make the physical access to your computer easy for some users and impossible for others. There are many technologies out though that can be used to make it very difficult for thieves and catch them in the process.
The simplest of physical access control is to use a lock. A server in a locked server room is harder to get to than a server in a room with an open door.
CCTV (closed circuit television) for example is used to monitor systems, and record motion images of the system. These are then stored and can be reviewed if there is a problem to see what was happening. All networks should be covered by CCTV it is a cost effective way of deterring thieves and also catching them if a break in were to happen.
On the other end of the scale we have biometrics, which is a relatively new technology which analyses people trying to gain access based on unique properties, such as fingerprints and retina. This is very expensive to implement and will only be used by larger organisations where data control is vital. Of course this isn’t a full proof way, fingerprints can be faked and contact lenses exist. Biometrics are the best way of securing a system at the current time.
We have talked about protecting physical equipment from an attacker of thief, but accidents can occur too. In the event of a fire, controls should be in place to protect equipment. Data which is of vital importance should be kept in a fire proof cabinet, just as you would an important document.

Electronic access control
This is the harder of the two to defend against and attacks occur the most often.  A standalone computer is much more secure, as physical access control is the only thing that needs to be addressed, connect the computer to a network - there are multiple points where data can be accessed, connect to the cloud and its possible for the whole world to access your data.
The most popular way of controlling electronic access is by using a firewall. Firewalls filter traffic based on whether they are allowed to access data or not. For example a corporate firewall may have a rule in place to allow computers from the company network to access some data, but not computers external to the company. By having a firewall it makes it harder for a remote attacker to access your data.
Secure transfer protocols should be used when transferring data; SFTP (secure file transfer protocol) can be used in conjunctions to SSH (secure shell) to transfer data using public key cryptography. These sit at the application layer of the OSI model.

Types of access control:
Mandatory-
This is the strictest type of access control and is commonly used by big organisations and public sector where data security is paramount. It works on a hierarchical basis, where all rules are predetermined by the network administrator. This is very costly and takes time to plan but the results mean the network is very secure. The operating system enforces what users can or cannot do

Discretionary-
Contrary to mandatory access control, discretionary allows users to keep their data to themselves and also set the access on their own data. This is commonly how desktop operating systems default. The risk is that access can be given to a user who does not necessarily require access.

Role based-
This is a real world type of access control. Resources are distributed departmentally. For example someone on the marketing team would be given access to marketing tools, whereas someone on the operations team would not have access to these tools. Each sector has their own resources and cannot access another department's data.


Malicious code:

Virus-
Code that is capable of reproducing itself and causing harm to the computer system, for example deleteing important user files.

Trojan-
Malware that appears to perform a task benefitial to the user but instead allows a remote attacker remote access to the computer

Logic Bomb-
Code that is placed on a computer and is run when certain criteria is met, for example an exmployee may plant a logic bomb before they leave the company and when a certain record is called the code will run causing undesirable affects.

Worm-
Self replicating code which copies itself across a network. It will always cause harm even if this is only bandwidth consumption. Unlike a virus is does not need to attach itself to a program.

Spyware-
Code that self installs on a computer and gathers information about a persons use of the system which is then sent back to the attacker.


Passwords
The strongest passwords include a combination of numbers, letters (upper and lowercase) and symbols. The longer the password is the stronger it is so long as a variety of characters are used. Words found in the dictionary are the weakest passwords as an attacker can perform an attack whereby words in the dictionary are entered until the correct password is found. Many programs and websites now include an indicator telling the user how strong their password is, the stronger the password the less vulenarable to attack the account is.

Methods used to crack passwords
As mentioned before a dictionary attack can be used which attempts to crack the password by entering words in the dictionary until the password has been broken.
Bruteforce attacking is similar, but allows the attacker to use characters outside of the dictionary and combinations of characters, such as abcd123 to wxyz321.
There are also other ways to obtain a users password such as phishing whereby the user is tricked into giving their information. An example of this could be an email which appears to be from their bank asking to confirm their details, but instead is the attacker pretending to be an official trusted source.

 

No comments:

Post a Comment

Post a Comment