Sunday, 29 April 2012

Security Policy


The purpose of security policies is to secure an organization system by imposing constraints to the secured areas such as the server rooms and information in the system. Security policies of an organization could be enforced using the defense-in-depth security model.

The defense-in-depth securitymodel uses multiple computer security techniques to mitigate the risk of a single component of defense being compromised. The security model includes data, application, host, internal network, perimeter network, physical security and procedures.

Data – Securing information (or sensitive data) with encryption and configure access permission to the files using NTFS file system. Policy on how or who the data can be access.

Application – Vulnerabilities of applications running of the servers are potentially at risk from attacker executing malicious code to it. Therefore all application running on the servers should be tested before installed and only authorized personnel should be allow to install/update any application on the servers. Application should also be configure to be allowed access to only authorized users.

Host –There are risks of attackers accessing the host machine through vulnerabilities found in the operating system’s listening services. The operating system of any device connecting to the server (including the server itself) should be updated.

Internal Network – Data are being transmitted within the internal network can be intercept by an attacker connecting to the network, using a sniffing tool. Private security certificates can be configured of sensitive data within the internal network.

Perimeter Network – The perimeter network are often the demilitarize zones (DMZ) where external users will be able to gain access to certain data or application of the organization. This is where servers should as the web server, mail servers and FTP servers could be placed in. The perimeter should be carefully configured and security policy should be enforced to allow the public to access a minimal level of information. As such, the access policy on firewalls between the internal network and the DMZ should be carefully planned.

Physical security – Physical security should be seen as the highest priority of all the layers in the defense-in-depth security model and non-authorized access should be deny. Any security breach to this layer could be as severe losing the whole IT system or information in the system. The doors, gates, wall are basic physical security systems.

Procedures – Any organization should have a list of procedures list or guide people what to do during any disasters. The administrators should follow this as a security policy to complete any recovery. Trainings for staffs are also important, as this could promote the awareness on security measures in the organization’s network.


References:
http://www.techrepublic.com/blog/security/understanding-layered-security-and-defense-in-depth/703
http://www.tisn.gov.au/Documents/SIFT-Defence-in-Depth-CIO+-+15+Oct+2008.pdf
http://en.wikipedia.org/wiki/Defense_in_Depth_(computing)
http://academy.delmar.edu/Courses/ITNW1454/Handouts/AntivirusDefenseInDepth-Chapter3_AntivirusDefense-in-Depth.htm

Posted by at 2 comments:

Common Networking Attacks Threats and Solution


Computer Networks are system where a collection of computers and servers to be connected together to communicate or share information through various communication channels. Communication channels include the Internet, local area network, or wireless local are nework. Various threats or vulnerabilities can be potentially presented in any of these communication channels. There are basically no computers that are totally safe from any threats or vulnerabilities, except a powered-off computer.

Due to the technology and ease of communication, the Internet has become so popular that it has been incorporate virtually into every aspect of a modern human’s life. As such, connection to this big network made it even more susceptible to threats and vulnerabilities. Let’s discuss on two of the well-known network attacks, the TCP SYN flood attack and SQL injection.

1) TCP SYN flood attack – Any service that binds to or listens on a TCP port is potentially at risk with the    TCP SYN flood attacks. TCP SYN flood attacks in turn would lead to a clear potential of the denial-of-service attack (which will be discuss later). Attackers made use of the TCP 3-way handshake to perform the TCP SYN flood attack. In a normal connection, the TCP protocol establishes the connection using a 3-way handshake with these three steps:

I.        The client requests a connection by sending a SYN (synchronize) message to the server
II.      The server acknowledges this request by sending SYN-ACK back to the client
III.     The client responds with an ACK, and the connection is established



The attack works by leaving the connection half-open by not responding with the expected ACK. As a result, the server be waiting for the ACK till the server’s resources are being used up and refused accept any new connection.






The solution to the TCP SYN flood attack is to patch the server's operating system, where the TCP protocol stack are being update with the bug fixed. After the fixed the length of each three-way handshake queues were increased and the timeout value was also reduced.

2) SQL injection aims to attack the database through the website using the code injection technique to exploits the vulnerability of the website's software (often due to misconfiguration). The attacker insert a string of SQL commands through the web forms, it will change the content of the database when the SQL server execution these malicious codes. Watch the below below to see how this exploitation works.


To prevent SQL injection attacks, web administrators should always validate through the user input by testing the type, length, format, and range of the web page. The web administrator should also take precautions against malicious input, by testing out the web page with commons malicious codes.

Reference:

http://en.wikipedia.org/wiki/Computer_network
http://icapeople.epfl.ch/thiran/CoursED/Ch1_Intro.pdf
http://www.networkcomputing.com/unixworld/security/004/004.txt.html
http://en.wikipedia.org/wiki/SYN_flood
http://en.wikipedia.org/wiki/SQL_injection
http://msdn.microsoft.com/en-us/library/ms161953.aspx
Posted by at No comments:
Subscribe to: Comments (Atom)