1. Home
  2. Data & Analitik

An Introduction to Security Free ebook download for u

INFORMATION RESOURCE GUIDE

  Computer, Internet and Network Systems Security An Introduction to Security ii

  

Security Manual

  Compiled By: S.K.PARMAR, Cst

  N.Cowichan Duncan RCMP Det 6060 Canada Ave., Duncan, BC 250-748-5522

  

[email protected]

  This publication is for informational purposes only. In no way should this publication by interpreted as offering legal or accounting advice. If legal or other professional advice is needed it is encouraged that you seek it from the appropriate source. All product & company names mentioned in this manual are the [registered] trademarks of their respective owners. The mention of a product or company does not in itself constitute an endorsement.

  The articles, documents, publications, presentations, and white papers referenced and used to compile this manual are copyright protected by the original authors. Please give credit where it is due and obtain permission to use these. All material contained has been used with permission from the original author(s) or representing agent/organization.

  

ii ii

  Table of Content

  

1.0 INTRODUCTION........................................................................................................................................................... 2

  1.1 B ASIC

  I NTERNET T ECHNICAL D ETAILS ........................................................................................................................ 2

  1.1.1 TCP/IP : Transmission Control Protocol/Internet Protocol ............................................................................ 2

  1.1.2 UDP:User Datagram Protocol............................................................................................................................ 2

  1.1.3 Internet Addressing ............................................................................................................................................. 3

  1.1.4 Types of Connections and Connectors ............................................................................................................ 3

  1.1.5 Routing .................................................................................................................................................................. 6

  1.2 Internet Applications and Protocols...................................................................................................................... 6

  1.2.1 ARCHIE..................................................................................................................................................................................6

  1.2.2 DNS — Domain Name System...........................................................................................................................................7

  1.2.3 E-mail — Electronic Mail......................................................................................................................................................7

  1.2.4 SMTP — Simple Mail Transport Protocol..........................................................................................................................7

  1.2.5 PEM — Privacy Enhanced Mail..........................................................................................................................................8

  1.2.6 Entrust and Entrust-Lite .......................................................................................................................................................8

  1.2.7 PGP — Pretty Good Privacy ...............................................................................................................................................8

  1.2.8 RIPEM — Riordan's Internet Privacy-Enhanced Mail......................................................................................................9

  1.2.9 MIME — Multipurpose Internet Mail Extensions ..............................................................................................................9

  1.3 File Systems ............................................................................................................................................................ 9

  1.3.1 AFS — Andrew File system ................................................................................................................................................9

  1.3.2 NFS — Network File System ..............................................................................................................................................9

  1.3.3 FTP — File Transfer Protocol ...........................................................................................................................................10

  1.3.4 GOPHER..............................................................................................................................................................................10

  1.3.5 ICMP — Internet Control Message Protocol...................................................................................................................10

  1.3.6 LPD — Line Printer Daemon.............................................................................................................................................11

  1.3.7 NNTP — Network News Transfer Protocol .....................................................................................................................11

  1.3.8 News Readers.....................................................................................................................................................................11

  1.3.9 NIS — Network Information Services ..............................................................................................................................11

  1.3.10 RPC — Remote Procedure Call .....................................................................................................................................12

  1.3.11 R-utils (rlogin, rcp, rsh).....................................................................................................................................................12

  1.3.12 SNMP — Simple Network Management Protocol........................................................................................................12

  1.3.13 TELNET .............................................................................................................................................................................12

  1.3.14 TFTP ? Trivial File Transfer Protocol.............................................................................................................................12

  1.3.15 Motif...................................................................................................................................................................................13

  1.3.16 Openwindows....................................................................................................................................................................13

  1.3.17 Winsock..............................................................................................................................................................................13

  1.3.18 Windows — X11 ...............................................................................................................................................................13

  1.3.19 WAIS — Wide Area Information Servers ......................................................................................................................13

  1.3.20 WWW — World Wide Web .............................................................................................................................................13

  1.3.21 HTTP — HyperText Transfer Protocol ..........................................................................................................................13

  

2.0 SECURITY ................................................................................................................................................................... 16

ECURITY OLICY ...................................................................................................................................................... 16

  2.1 S P

  2.1.0 What is a Security Policy and Why Have One? ............................................................................................ 16

  2.1.1 Definition of a Security Policy .......................................................................................................................... 17

  2.1.2 Purposes of a Security Policy .......................................................................................................................... 17

  2.1.3 Who Should be Involved When Forming Policy?.......................................................................................... 17

  2.1.4 What Makes a Good Security Policy? ............................................................................................................ 18

  2.1.5 Keeping the Policy Flexible .............................................................................................................................. 19 HREATS ..................................................................................................................................................................... 19

  2.2 T

  2.2.0 Unauthorized LAN Access ............................................................................................................................... 21

  2.2.1 Inappropriate Access to LAN Resources ....................................................................................................... 21

  2.2.2 Spoofing of LAN Traffic..................................................................................................................................... 23

  2.2.3 Disruption of LAN Functions ............................................................................................................................ 24

iii iii

  

2.2.4 Common Threats ............................................................................................................................................... 24

  2.2.4.0 Errors and Omissions .....................................................................................................................................................24

  2.2.4.1 Fraud and Theft ...............................................................................................................................................................25

  2.2.4.2 Disgruntled Employees...................................................................................................................................................25

  2.2.4.3 Physical and Infrastructure.............................................................................................................................................25

  2.2.4.4 Malicious Hackers ...........................................................................................................................................................26

  2.2.4.5 Industrial Espionage........................................................................................................................................................26

  2.2.4.6 Malicious Code ................................................................................................................................................................27

  2.2.4.7 Malicious Software: Terms.............................................................................................................................................27

  2.2.4.8 Foreign Government Espionage ...................................................................................................................................27

  ECURITY ERVICES AND ECHANISMS NTRODUCTION .......................................................................................... 27

  2.3 S S M

  I

  

2.3.0 Identification and Authentication ..................................................................................................................... 28

  

2.3.1 Access Control ................................................................................................................................................... 30

  

2.3.2 Data and Message Confidentiality .................................................................................................................. 31

  

2.3.3 Data and Message Integrity ............................................................................................................................. 33

  

2.3.4 Non-repudiation ................................................................................................................................................. 34

  

2.3.5 Logging and Monitoring .................................................................................................................................... 34

RCHITECTURE BJECTIVES ..................................................................................................................................... 35

  2.4 A O

  

2.4.0 Separation of Services...................................................................................................................................... 35

  2.4.0.1 Deny all/ Allow all ............................................................................................................................................................35

  

2.4.1 Protecting Services ........................................................................................................................................... 36

  2.4.1.0 Name Servers (DNS and NIS(+))..................................................................................................................................36

  2.4.1.1 Password/Key Servers (NIS(+) and KDC) ...................................................................................................................36

  2.4.1.2 Authentication/Proxy Servers (SOCKS, FWTK)..........................................................................................................36

  2.4.1.3 Electronic Mail..................................................................................................................................................................37

  2.4.1.4 World Wide Web (WWW)...............................................................................................................................................37

  2.4.1.5 File Transfer (FTP, TFTP) ..............................................................................................................................................37

  2.4.1.6 NFS ...................................................................................................................................................................................38

  

2.4.2 Protecting the Protection .................................................................................................................................. 38

UDITING .................................................................................................................................................................... 38

  2.5 A

  

2.5.1 What to Collect................................................................................................................................................... 38

  

2.5.2 Collection Process............................................................................................................................................. 38

  

2.5.3 Collection Load .................................................................................................................................................. 39

  

2.5.4 Handling and Preserving Audit Data............................................................................................................... 39

  

2.5.5 Legal Considerations ........................................................................................................................................ 40

  

2.5.6 Securing Backups.............................................................................................................................................. 40

NCIDENTS ................................................................................................................................................................... 40

  2.6 I

  

2.6.0 Preparing and Planning for Incident Handling............................................................................................... 40

  

2.6.1 Notification and Points of Contact ................................................................................................................... 42

  

2.6.2 Law Enforcement and Investigative Agencies .............................................................................................. 42

  

2.6.3 Internal Communications.................................................................................................................................. 44

  

2.6.4 Public Relations - Press Releases.................................................................................................................. 44

  

2.6.5 Identifying an Incident ....................................................................................................................................... 45

  2.6.5.1 Is it real? ...........................................................................................................................................................................45

  

2.6.6 Types and Scope of Incidents ......................................................................................................................... 46

  

2.6.7 Assessing the Damage and Extent................................................................................................................. 47

  

2.6.8 Handling an Incident ......................................................................................................................................... 47

  

2.6.9 Protecting Evidence and Activity Logs ........................................................................................................... 47

  

2.6.10 Containment ..................................................................................................................................................... 48

  

2.6.11 Eradication........................................................................................................................................................ 49

  

2.6.12 Recovery........................................................................................................................................................... 49

  

2.6.13 Follow-Up.......................................................................................................................................................... 49

  

2.6.14 Aftermath of an Incident ................................................................................................................................. 50

NTRUSION ANAGEMENT UMMARY ........................................................................................................................ 50

  2.7 I M S

  

2.7.0 Avoidance ........................................................................................................................................................... 51

  

2.7.1 Assurance ........................................................................................................................................................... 51

  

2.7.2 Detection............................................................................................................................................................. 52

iv iv

  

2.7.3 Investigation ....................................................................................................................................................... 52

  

2.8 M ODEMS ..................................................................................................................................................................... 52

  

2.8.0 Modem Lines Must Be Managed..................................................................................................................... 52

  

2.8.1 Dial-in Users Must Be Authenticated .............................................................................................................. 53

  

2.8.2 Call-back Capability........................................................................................................................................... 53

  

2.8.3 All Logins Should Be Logged........................................................................................................................... 54

  

2.8.4 Choose Your Opening Banner Carefully........................................................................................................ 54

  

2.8.5 Dial-out Authentication...................................................................................................................................... 54

  

2.8.6 Make Your Modem Programming as "Bullet-proof" as Possible ................................................................ 54

  IAL P ECURITY SSUES ........................................................................................................................................ 55

  2.9 D U S

  I

  

2.9.0 Classes of Security Access Packaged for MODEM Access ....................................................................... 55

  

2.9.1 Tactical and Strategic Issues in Selecting a MODEM Connection Solution ............................................. 56

  

2.9.2 Background on User Access Methods and Security .................................................................................... 57

  

2.9.3 Session Tracking and User Accounting Issues............................................................................................. 60

  

2.9.4 Description of Proposed Solution to Dial-Up Problem ................................................................................. 61

  

2.9.5 Dissimilar Connection Protocols Support....................................................................................................... 63

  

2.9.6 Encryption/Decryption Facilities ...................................................................................................................... 63

  

2.9.7 Asynchronous Protocol Facilities .................................................................................................................... 63

  

2.9.8 Report Item Prioritization .................................................................................................................................. 64

  

2.9.9 User Profile “Learning” Facility ........................................................................................................................ 64

ETWORK ECURITY ............................................................................................................................................... 64

  2.10 N S

  

2.10.0 NIST Check List............................................................................................................................................... 65

  2.10.0.0 Basic levels of network access:...................................................................................................................................65

  

2.10.1 Auditing the Process ....................................................................................................................................... 65

  

2.10.2 Evaluating your security policy ...................................................................................................................... 66

  

2.11 PC S ECURITY ........................................................................................................................................................... 66

CCESS .................................................................................................................................................................... 67

  2.12 A

  

2.12.0 Physical Access............................................................................................................................................... 67

  

2.12.1 Walk-up Network Connections ...................................................................................................................... 68

  2.13 RCMP G UIDE TO M

  INIMIZING C OMPUTER T HEFT ................................................................................................... 68

  

2.13.0 Introduction....................................................................................................................................................... 68

  

2.13.1 Areas of Vulnerability and Safeguards......................................................................................................... 69

  2.13.1.0 PERIMETER SECURITY .............................................................................................................................................69

  2.13.1.1 SECURITY INSIDE THE FACILITY............................................................................................................................69

  

2.13.2 Physical Security Devices .............................................................................................................................. 70

  2.13.2.0 Examples of Safeguards ..............................................................................................................................................70

  

2.13.3 Strategies to Minimize Computer Theft........................................................................................................ 73

  2.13.3.0 APPOINTMENT OF SECURITY PERSONNEL........................................................................................................73

  2.13.3.1 MASTER KEY SYSTEM...............................................................................................................................................73

  2.13.3.2 TARGET HARDENING ................................................................................................................................................74

  

2.13.4 PERSONNEL RECOGNITION SYSTEM .................................................................................................... 74

  2.13.4.0 Minimizing Vulnerabilities Through Personnel Recognition ....................................................................................74

  

2.13.5 SECURITY AWARENESS PROGRAM ....................................................................................................... 75

  2.13.5.0 Policy Requirements .....................................................................................................................................................75

  2.13.5.1 Security Awareness Safeguards .................................................................................................................................76

  

2.13.6 Conclusion........................................................................................................................................................ 76

  

2.14 P HYSICAL AND E NVIRONMENTAL S ECURITY ........................................................................................................... 76

  

2.14.0 Physical Access Controls............................................................................................................................... 78

  

2.14.1 Fire Safety Factors .......................................................................................................................................... 79

  

2.14.2 Failure of Supporting Utilities......................................................................................................................... 80

  

2.14.3 Structural Collapse .......................................................................................................................................... 81

  

2.14.4 Plumbing Leaks ............................................................................................................................................... 81

  

2.14.5 Interception of Data......................................................................................................................................... 81

  

2.14.6 Mobile and Portable Systems........................................................................................................................ 82

  

2.14.7 Approach to Implementation.......................................................................................................................... 82

  

2.14.8 Interdependencies........................................................................................................................................... 83

v v

  

vi vi

  4.2.2 Process ............................................................................................................................................................. 114

  ................................................................................................................................................... 108

  4.1.0 Process 1 - Define the Scope and Boundary, and Methodology.............................................................. 108

  4.1.0.1 Process 2 - Identify and Value Assets ...................................................................................................... 108

  4.1.0.2 Process 3 - Identify Threats and Determine Likelihood.......................................................................... 110

  4.1.0.3 Process 4 - Measure Risk........................................................................................................................... 111

  4.1.0.4 Process 5 - Select Appropriate Safeguards ............................................................................................. 112

  4.1.0.5 Process 6 - Implement And Test Safeguards .......................................................................................... 113

  4.1.0.6 Process 7 - Accept Residual Risk.............................................................................................................. 114

  4.2 RCMP G UIDE TO T HREAT AND R

  ISK A SSESSMENT F OR

  I NFORMATION T ECHNOLOGY ........................................ 114

  4.2.1 Introduction ....................................................................................................................................................... 114

  4.2.2.0 Preparation .....................................................................................................................................................................115

  4.1 T HE

  4.2.2.1 Threat Assessment .......................................................................................................................................................118

  4.2.2.2 Risk Assessment ...........................................................................................................................................................122

  4.2.2.3 Recommendations ........................................................................................................................................................124

  4.2.3 Updates ............................................................................................................................................................ 125

  4.2.4 Advice and Guidance ...................................................................................................................................... 126

  4.2.5 Glossary of Terms ........................................................................................................................................... 127

  

5.0 FIREWALLS .............................................................................................................................................................. 130

  5.1 I NTRODUCTION .......................................................................................................................................................... 130

  5.2 F

  IREWALL S ECURITY AND C ONCEPTS ..................................................................................................................... 131

  5.2.0 Firewall Components ...................................................................................................................................... 131

  5.2.0.0 Network Policy ...............................................................................................................................................................131

  5.2.0.1 Service Access Policy...................................................................................................................................................131

  7 P ROCESSES

  

4.0 RISK ANALYSIS....................................................................................................................................................... 108

  2.14.9 Cost Considerations..................................................................................................................................... 84

  3.1.1.1 Smart Tokens...................................................................................................................................................................95

  2.15 C LASS C2: C ONTROLLED A CCESS P ROTECTION –A N

  I NTRODUCTION ................................................................. 84

  2.15.0 C2 Criteria Simplified ...................................................................................................................................... 84

  2.15.1 The Red Book .................................................................................................................................................. 85

  2.15.2 Summary .......................................................................................................................................................... 87

  

3.0 IDENTIFICATION AND AUTHENTICATION ......................................................................................................... 92

  3.1 I NTRODUCTION

  ............................................................................................................................................................ 92

  3.1.0 I&A Based on Something the User Knows ............................................................................................... 93

  3.1.0.1 Passwords ........................................................................................................................................................................93

  3.1.0.2 Cryptographic Keys.........................................................................................................................................................94

  3.1.1 I&A Based on Something the User Possesses........................................................................................ 94

  3.1.1.0 Memory Tokens ...............................................................................................................................................................94

  3.1.2 I&A Based on Something the User Is......................................................................................................... 97

  3.1.4.6 Authorization ..................................................................................................................................................................105

  3.1.3 Implementing I&A Systems .............................................................................................................................. 98

  3.1.3.0 Administration ..................................................................................................................................................................98

  3.1.3.1 Maintaining Authentication .............................................................................................................................................98

  3.1.3.2 Single Log-in ....................................................................................................................................................................99

  3.1.3.3 Interdependencies...........................................................................................................................................................99

  3.1.3.4 Cost Considerations........................................................................................................................................................99

  3.1.4 Authentication .................................................................................................................................................. 100

  3.1.4.0 One-Time passwords....................................................................................................................................................102

  3.1.4.1 Kerberos .........................................................................................................................................................................102

  3.1.4.2 Choosing and Protecting Secret Tokens and PINs ..................................................................................................102

  3.1.4.3 Password Assurance ....................................................................................................................................................103

  3.1.4.4 Confidentiality.................................................................................................................................................................104

  3.1.4.5 Integrity ...........................................................................................................................................................................105

  5.2.0.2 Firewall Design Policy...................................................................................................................................................132

  

5.2.1 Advanced Authentication................................................................................................................................ 133

  5.3 P ACKET F

  ILTERING .................................................................................................................................................. 133

  

5.3.0 Which Protocols to Filter................................................................................................................................. 134

  

5.3.1 Problems with Packet Filtering Routers ....................................................................................................... 135

  5.3.1.0 Application Gateways ...................................................................................................................................................136

  5.3.1.1 Circuit-Level Gateways.................................................................................................................................................138

  IREWALL RCHITECTURES ..................................................................................................................................... 138

  5.4 F A

  

5.4.1 Multi-homed host ............................................................................................................................................. 138

  

5.4.2 Screened host .................................................................................................................................................. 139

  

5.4.3 Screened subnet.............................................................................................................................................. 139

YPES OF

  IREWALLS .............................................................................................................................................. 139

  5.5 T F

  

5.5.0 Packet Filtering Gateways.............................................................................................................................. 139

  

5.5.1 Application Gateways ..................................................................................................................................... 139

  

5.5.2 Hybrid or Complex Gateways ........................................................................................................................ 140

Dokumen yang terkait

Pathfinder Free download ebook for u

0 1 452

Annihilation Free download ebook for u

0 0 373

Beautiful Security Free ebook download for u

0 0 302

Beginning AJAX Free ebook download for u

0 2 530

Transitioning to Swift Free ebook download for u

0 0 228

KNIME Essentials Free ebook download for u

0 0 148

CoffeeScript Free ebook download for u

0 0 154

Introduction to Search with Sphinx Free ebook download for u

0 0 146

Firebug Starter Free ebook download for u

0 0 65

Pragmatic Guide to Sass Free ebook download for u

0 0 126