benoorblog-blog - Tumblr blog

benoorblog-blog · 6 years

Text

What Are Biometrics?

Biometric identification is a technology that identifies and authenticates individuals based on physical characteristics. A biometric identification system includes fingerprint identification, iris and retina, facial recognition, gait, or voice. The biometrics market is growing as the technology is being hailed as the new generation of defense for law enforcement against hackers. The biometric market is expected to be worth $32.7 billion by 2022.

Consumer acceptance is helping drive growth. According to a poll by Veridium, 52 percent of consumers want biometrics to replace passwords, and 80 percent believe it’s more secure than passwords. About 40 percent are already using fingerprint reader technology.Biometrics is a technological and scientific authentication method based on biology and used in information assurance (IA). Biometric identification authenticates secure entry, data or access via human biological information such as DNA or fingerprints. Biometric systems include several linked components for effective functionality.The biometric system connects an event to a single person, whereas other ID forms, such as a personal identification number (PIN), may be used by anyone

Problems

Fingerprints are the biometrics we’re getting used to, but there are other forms of biometrics, like iris scans, voiceprints, heartbeats, and even gait detection (how you walk).Biometrics are incredibly convenient and they can also be very secure. But they also have two really big issues that can bite users if they are not careful. I’ll tell you how to watch out for this in a second.You can hack a fingerprint scannerHackers have discovered numerous ways to crack fingerprint-based security. Some have been able to gather fingerprints from high-resolution photographs, print them with special ink, and use the resulting printout to trick a fingerprint scanner. A professor at Michigan State University has tried to do something similar by 3D-printing a dead man’s fingers so police could gain access to the deceased’s smartphone.

Anyone who’s been arrested, applied for security clearance, or otherwise had their fingerprints logged could have that information stolen and used against them. Michener explains that dedicated criminals wouldn’t even have to go so high-tech: Many scanners let prints work even if they don’t match, he said, because otherwise they might lock out people with wet, dirty, or scratched fingertips.Hackers can also work around iris scanners or facial-recognition tools. Remember the movie trope about using a printed image to trick these systems? Turns out that it actually works, both for iris scanners and facial recognition tools. All it takes is a high-resolution photograph and some technical know-how to get past most systems with which the average person is likely to interact on any given day.Voice recognition software isn’t safe either. Michener said he could “dynamically change one person’s voice to essentially any other person’s voice” in the ‘80s. “Computers are 10,000 times faster now,” he said, which means someone will be able to modify their own voice to sound like their target’s with relative ease.

Strengths

Benefits of the technology include:

It’s faster and more convenient for users (no need to remember passwords)

Strong authentication since biological characteristics are distinct

Eliminates friction associated with traditional security measures

Biometric servers usually require less database memory

Despite the benefits, some flaws still must be addressed.

weaknesses.

Here are three major issues facing biometric security.

1. Biometrics aren’t private

Biometrics seem secure on the surface. After all, you’re the only one with your ears, eyes, and fingerprint. But that doesn’t necessarily make it more secure than passwords. A password is inherently private because you are the only one who knows it. Of course hackers can acquire it by brute force attacks or phishing, but generally, people can’t access it. On the other hand, biometrics are inherently public.Think about it: your ears, eyes, and face are exposed. You reveal your eyes whenever you look at things. With fingerprint recognition you leave fingerprints everywhere you go. With voice recognition, someone is recording your voice. Essentially, there’s easy access to all these identifiers.

Related: 4 Important Factors Of Biometrics In Banking

Your image is stored in more places than you realize. Not only does Facebook recognize your face, but every store you visit records and saves your image in its database to identify you and analyze your buying habits. In fact, it’s legal in 48 states to use software to identify you using images taken without your consent for commercial purposes. And law enforcement agencies nationwide can store your image without consent.The problem is identity management and security. Personal identifiable information (PII) needs to have access control in place to protect from identity theft. All it takes is for a hacker to breach any of those databases to leak and steal your biometric identification.

2. Biometrics Are Hackable

Once a hacker has a picture of someone’s ear, eye, or finger, they can easily gain access to their accounts. While Apple’s TouchID was widely accepted as a biometric advancement, famous hacker Jan Krissler was able to beat the technology just a day after the iPhone was released. Likewise, researchers from the Chaos Computer Club created fake fingers to unlock iPhones. Krissler showed how easy it is to steal a public figure’s identification when he recreated German Minister of Defense Ursula von der Leyen’s fingerprint. The hacker obtained high-resolution photos of the politician’s thumb from press conferences and reconstructed the thumbprint using VeriFinger software. If you think an eye scan may be more secure, think again. Hackers fooled the Samsung S8 iris recognition system by placing a contact lens over a photo of a user’s eye. And it wasn’t a high-priced hack either. The S8 phone was the most expensive purchase of the hack project.

3. Biometrics Hacks May Have Greater Consequences

Since a biometric reveals part of a user’s identity, if stolen, it can be used to falsify legal documents, passports, or criminal records, which can do more damage than a stolen credit card number.The Office of Personnel Management breach in 2015 compromised 5.6 million people’s fingerprints. And unlike passwords, credit cards, or other records, you can’t replace physical identifiers. If someone has photos of your iris, you can’t get another eye.Biometric companies are aware of these flaws in the technology and should aim to improve identification. There are some ways to deter inherent downfalls of biometrics like requiring more than one fingerprint scan to improve accuracy. Bank of America said its iris scan will be a part of multi-factor authentication instead of the sole way to access accounts.Biometrics may be the security measure of the future, but it isn’t time to discard your passwords yet. Biometrics provide another level of security, but it’s not foolproof. Encryption

Encryption is the process of scrambling or enciphering data so it can be read only by someone with the means to return it to its original state. Encryption keeps criminals and spies from stealing information. Although you might not realize it, you rely on encryption every day. It protects you while you browse the web, shop online, use mobile banking, or use secure messaging apps.In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor.

Strengths and Weaknesses of Encryption

Encryption is not an impenetrable safeguard. With some effort, you can access data that has been encrypted. Encryption is far from worthless, though. As a computer investigator, you will be called on to access information that a suspect has encrypted. You will have to break the encryption.

Before you are ready to defeat file encryption, you need to have a better understanding of the strengths and weaknesses of encryption. This knowledge will provide a better awareness of where to start and what steps to take for each unique situation.

Key Length

The length of the encryption key is directly related to the security of the encryption algorithm. Although there are differences in the relative strength of each algorithm, the key length choice has the greatest impact on how secure an encrypted object will be. Simply put, longer keys provide a larger number of possible combinations used to encrypt an object.

A key that is 4 bits in length can represent 16 different key values, because 2 4 = 16. A key length of 5 bits allows 32 key values, and so on. Although it may be easy to try to decrypt a file or message with 32 different key values, larger keys mean more possible key values.

Some older algorithms that were approved for export by the U.S. government used 40-bit keys. These algorithms are considered to be unsecure by today's standards because of the small key length. A 40-bit key can hold one of 2 40 values, or 1,099,511,627,776 (1 trillion). Assuming that you have a computer that can make 1.8 million comparisons per second, it would take about a week to evaluate all possible key values.

The DES algorithm uses 56-bit keys. Although DES is considered to be too weak for most security uses, it is far stronger than a 40-bit key algorithm. A DES key can store one of 2 56 , or 72,057,594,037,927,936 (that's 72 quadrillion) values. Using the same computer as before, it would take about 1,260 years to evaluate all possible key values.

As key values increase in size , the computing power required to crack encryption algorithms becomes exponentially large. At first glance, it looks like an algorithm with a key length that requires over 1,000 years to crack is sufficient. Unfortunately, that's not the case. Today's supercomputers can evaluate far more than 1.8 million comparisons per second. When you introduce parallel- processing capability, you can realistically create a unit that can crack DES in a matter of minutes (or even seconds). That is the reason key lengths have grown to routinely be over 100 bits. Longer keys provide more security by reducing the possibility of using a brute force attack to discover the encryption key.

Key Management

Because the encryption key is crucial to the encryption process, it must be protected at all costs. After the key is disclosed, the encrypted data is no longer secure. Symmetric algorithms use a single key. The sender and receiver must both posses the key to encrypt and decrypt the data. For local file encryption, the same person is likely to encrypt and decrypt the data. The purpose of encryption in such a case is to protect file contents from any unauthorized access.

You may find encrypted files both on hard disks and removable media. In fact, suspects with a basic knowledge of security will often encrypt files before archiving them to removable media. In many such cases, you will find the encryption utility on the main computer. Look for a stored copy of the key. Many people keep copies of important information in ordinary text files. Look for a file with an obvious name (such as key.txt or enc.txt) or one that contains a single large number and little else. You can also look in personal notes or other personal information manager files for an unusually large number that seems to have no other meaning. Your task in such a situation is similar to finding passwords

Access control software

In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. ... Locks and login credentials are two analogous mechanisms of access control

Many software applications are offering cloud based, subscription software rather than on site (or on-premise) license software. For example, Microsoft 365 and Adobe provide cloud based, subscription plans. Recently Door Access Control software has become available in the cloud. What exactly does this mean and what is better for you? The article compares the two methods, and provides pros and cons that can help you decide what is best.What is the difference between cloud and on premise software? On site software is the classic model of providing a perpetual license that allows you to run the software on your own computer. Cloud software runs on a remote server and is provided under a monthly or yearly subscription plan. For example, there is on premises door access software called Pure Access Manager. The cloud application is called Pure Access Cloud.

Implement access control systems

Problems with Access Control Systems

September 7, 2017 By Mid-Atlantic Controls

The majority of access control problems stem from outdated equipment, keycards falling into the wrong hands, and a lack of integration with other building systems. To some degree, all three issues might be causing problems.

In this article, we’ll discuss how to integrate access control with other building systems, how to identify when it’s time to upgrade access control equipment, and some strategies to help mitigate risks associated with keycards falling into the wrong hands.

strengths and weaknesses of acces control system

Choosing a system

-error rate

-environment

-cost

-physical vulnerability

-additional constraints

ERRROR RATE

- FALSE REJECT RATE ( TYPE I ERROR)

- FALSE ACCEPT RATE ( TYPE II ERROR)

- EQUAL ERROR RATE

ENVIRONMENT

- DOES IT HAVE TO HANDLE INCLEMENT WEATHER

- VANDALS

- EXTREME TEMPERATURE

COST

- YOU’RE ON A BUDGET

PHYSICAL VULNERABILITY

-DECREASED RESISTANCE TO FORCED AND COVERT ENTRY

- ELECTROMAGNETS CAN DISABLE ANTI-LOIDING FEATURES ON LOCKSETS

- “ LOAIDING “: FROM THE CELLULOID STRIPS ORIGINALY USED TO SLIPS LATCHES .

CREDIT CARDS CAN ALSO BE USED.

- REQUEST TO EXIT SENSORS CAN BE DEFEATED WITH BALOONS , LONG PIECES OF PLASTICS,ETC.

ADDITIONAL CONSTRAINTS

- WHAT LOAD DOES THE SYSTEMS NEEDS TO HANDLE?

- WILL IT DETECT OR RESIST PHYSICAL ATTACKS?

Firewall

Definition of Firewall

A firewall denotes the set of related programs which are situated between a private network and external networks. It is normally located at the network’s gateway server and helps protect the resources of a private network. The term can also denote security policy. It can take on different forms while doing its job of blocking unauthorized and unwanted traffic from entry into a protected system. A firewall can be a specialized software program or a specialized hardware or physical device. It could also be a combination of both. Examples of these are Zone Alarm which is a software only firewall and Linksys, hardware firewall.

Firewall technology came to the fore in the late 1980s. The first generation of technology consisted of packet filters. The second generation started with application layers and the third generation had “stateful” filters. So important is the technology that is study is compulsory for the CCNA Security exam.

Cisco IOS Firewall Overview

The Cisco IOS Firewall set provides network security with integrated, inline security solutions. The Cisco IOS Firewall set is comprised of a suite of services that allow administrators to provision a single point of protection at the network perimeter. The Cisco IOS Firewall set is a Stateful inspection firewall engine with application-level inspection. This provides dynamic control to allow or deny traffic flows, thereby providing enhanced security. Stateful inspection will be described in detail later in this chapter.

In its most basic form, the principal function of any firewall is to filter and monitor traffic. Cisco IOS routers can be configured with the IOS Firewall feature set in the following scenarios:

As a firewall router facing the Internet

As a firewall router to protect the internal network from external networks, e.g. partners

As a firewall router between groups of networks in the internal network

As a firewall router that provides secure connection to remote offices or branches

The Cisco IOS Firewall provides an extensive set of security features that allow administrators to design customized security solutions to tailor to the specific needs of their organization. The Cisco IOS Firewall is comprised of the following functions and technologies:

Cisco IOS Stateful Packet Inspection

Context-Based Access Control

Intrusion Prevention System

Authentication Proxy

Port-to-Application Mapping

Network Address Translation

Zone-Based Policy Firewall

Cisco IOS Stateful Packet Inspection

Cisco IOS Stateful Packet Inspection, or SPI, provides firewall capabilities designed to protect networks against unauthorized traffic and to control legitimate business-critical data. Cisco IOS SPI maintains state information and counters of connections, as well as the total connection rate through the firewall and intrusion prevention software. Stateful Packet Inspection will be described in detail later in this chapter.

Context-Based Access Control

Context-Based Access Control, or CBAC, is a Stateful inspection firewall engine that provides dynamic traffic filtering capabilities. CBAC, which is also known as the Classic Firewall, will be described in detail later in this chapter.

Intrusion Prevention System

The Cisco IOS Intrusion Prevention System, or IPS, is an inline intrusion detection and prevention sensor that scans packets and sessions flowing through the router to identify any of the Cisco IPS signatures that protect the network from internal and external threats. Cisco IPS solutions will be described in detail in the following chapter.

Authentication Proxy

The Authentication Proxy feature, also known as Proxy Authentication, allows administrators to enforce security policy on a per-user basis. With this feature, administrators can authenticate and authorize users on a per-user policy with access control customized to an individual level. Authentication Proxy configuration and detailed knowledge is beyond the scope of the IINS course requirements and will not be described in detail in this guide.

Port-to-Application Mapping

Port-to-Application Mapping, or PAM, allows administrators to customize TCP or UDP ports numbers for network services or applications to non-standard ports. For example, administrators could use PAM to configure standard HTTP traffic, which uses TCP port 80 by default, to use TCP port 8080. PAM is also used by CBAC, which uses this information to examine non-standard Application Layer protocols. PAM configuration and detailed knowledge is beyond the scope of the IINS course requirements and will not be described in detail in this guide.

Network Address Translation

Network Address Translation, or NAT, is used to hide internal addresses, which are typically private address (i.e. RFC 1918 addresses) from networks that are external to the firewall. The primary purpose of NAT is address conservation for networks that use RFC 1918 addressing due to the shortage of globally routable IP (i.e. public) address space. NAT provides a lower level of security by hiding the internal network from the outside world. NAT configuration and detailed knowledge is beyond the scope of the IINS course requirements and will not be described in detail in this guide.

Zone-Based Policy Firewall

Zone-Based Policy Firewall, or ZPF, is a new Cisco IOS Firewall feature designed to replace and address some of the limitations of CBAC, the Classic Firewall. ZPF allows Stateful inspection to be applied on a zone-based model, which provides greater granularity, flexibility, scalability, and ease-of-use over the Classic Firewall. ZPF is described in detail later in this chapter.

Uses of Firewalls

The term firewall comes from the construction industry and can be applied in many ways. To name a few scenarios for firewall use.

Can automatically encrypt data sent over an organization’s network when it is spread over multiple physical locations. This results in the internet being used a private wide area network by the process of creating a VPN or Virtual Private Network.

Can monitor, listen in and store all communications that flow to and from an external and an internal network. Endpoints and amounts of data received and sent, network penetrations and even internal subversion can be checked.

Can aid in access control. A firewall can be used for blocking or controlling access to particular sites. It could also be used to bar users or machines from gaining ingress into other servers or services.

Can be a good defense strategy to protect internal data and networks

There’s an evolution underway in firewalls that’s different from any previous generation.

Shifts in the threat landscape, a dramatic increase in the number and complexity of technologies that sysadmins have to deal with, and a flow of data that’s drowning the signal in the noise have created a perilous situation that’s putting security at risk:

“When I came into this role, I quickly noticed there was lack of visibility into our endpoints and network. If someone got infected, we had no clue…” – Director of IT at a healthcare technology company, MA

He’s not alone. A recent survey of IT administrators identified that most firewalls in use today:

• Force admins to spend too much time digging for the information they need. • Don’t provide adequate visibility into threats and risks on the network. • Make it too difficult to figure out how to use all their features.

Dealing with this situation means taking a radical new approach to network security: one that can enable security systems to work together; that simplifies and streamlines workflows; that cuts through the enormous volumes of data to identify what’s important.

So how did we get here?

How firewalls got worse as they got better

Originally firewalls provided basic network packet filtering and routing based on hosts, ports and protocols. They enforced the boundary between a network and the rest of the world, and patrolled the boundaries within that network.

These firewalls were effective at limiting the exposure of services to just the computers and networks that needed access to them, reducing the attack surface available to hackers and malware on the outside.

Of course attackers don’t stand still so attacks evolved to exploit the services that firewalls left exposed: attacking vulnerabilities in applications and servers, or using social engineering to gain a foothold inside a network through email or compromised websites.

Firewall technology evolved too, moving up the OSI stack to Layer 7 where it could identify and control traffic based on the originating user or application, and where deep inspection technologies could look for threats inside the content of application traffic.

This shift from ports and protocols to applications and users has spawned a new category of network protection, so-called “next-generation” firewalls that include deep packet inspection of encrypted and unencrypted traffic, intrusion prevention, application awareness and user-based policies, alongside traditional stateful inspection techniques.

As a result, modern firewall products have become increasingly difficult to operate and manage, often leveraging separate and loosely integrated solutions to tackle different threats and compliance requirements.

Poor integration can leave sysadmins with blindspots:

“…we kinda piecemealed our different programs. We had one program for antivirus. We had a different provider for the firewall … you don’t know exactly how everything dovetails together.” – School District Technology Coordinator, WY

The volume of data these systems produce can be enormous and the burden for the average network administrator has reached unsustainable levels.

How firewalls must improve

Network security demands a more thorough approach to the integration of complex technologies and a new breed of firewall is required: one that has been developed from the start to address the problems of existing firewalls and provides a platform designed specifically to tackle the evolving threat and network landscape.

This new type of firewall must deal with modern threats that are more advanced, evasive, and targeted than ever before. These advanced persistent threats (APTs) use techniques that create a new zero-day threat with every instance, presenting a serious challenge for signature-based malware detection.

Modern firewalls must:

Identify malicious behavior and give you unprecedented visibility into risky users and risky behavior, unwanted applications, suspicious payloads and persistent threats.

Work with other security systems, such as endpoint solutions, operating as one to detect, identify, and respond to advanced threats quickly and efficiently.

Use dynamic application control technologies that can correctly identify and manage unknown applications, which signature-based engines miss.

Integrate a full suite of threat protection technologies so that network administrators can set and maintain their security posture at a glance.

Firewalls must regain their place as your network’s trusted enforcer, blocking and containing threats and stopping the unauthorized exfiltration of data.

Download our Firewall Buyer’s Guide for valuable information to help you make an informed decision about your next firewall.

Strengths and weaknesses of a Firewall

While a firewall is an integral part of an organization’s security architecture and plays a vital role in protection of assets, it has strengths and weaknesses too. The strengths and drawbacks of a firewall are a must to know for anyone learning for CCNA 640-553 exam topic.

The strengths of a firewall:

Helping to enforce security and safety policies of an organization.

Restricting access to specified services. Access can even be granted selectively based on authentication functionality.

Their singularity of purpose which means that companies need not make any compromises between usability and security.

Its appraisal capacity which results in an organization getting to know and monitor all the traffic that sifts through their networks.

Being a notification system which can alert people concerned about specific events.

The weaknesses of a firewall:

An inability to fend off attacks from within the system that it is meant to protect. This could take the form of people granting unauthorized access to other users within the network or social engineering assaults or even an authorized user intent on malafide use of the network.

It can only stop the intrusions from the traffic that actually passes through them.

It cannot circumvent poorly structured security policies or bad administrative practices. For instance, if a company has a very loosely knit policy on security and over-permissive rules, then a firewall cannot protect data or the network.

As long as a communication or transaction has been permitted, a firewall has no ability to protect the system against it. For instance, if a firewall has been built to allow emails to come through, it cannot detect a virus or a Trojan within that email.

Different Technologies of a Firewall and their strengths and weaknesses:

We can look at two main technologies of a firewall pertaining to CCNA 640-553 exam exam.

Firewall Technologies based on Software

Firewall Technologies based on Hardware

Software Firewall

These are very popular among individual home users. Like any other software, a firewall here is installed on the computer and can be customized according to the user’s needs. Most often, such a firewall is used for protecting one’s computer from outside attempts to access or use its data, can also provide protection against common Trojans or email worms. Many such firewalls also allow the user to define and set controls for establishing file sharing and printer sharing protocol. It could also keep out unsafe applications from running on your computer. There are two types of software based firewalls – rule based and non rule based. Examples of software firewalls are Zone Alarm, Kerio and Norton Personal Firewall. To put it simply, an effective way to choose and use a software firewall is to opt for a system that uses a small amount of resources on the computer and keep it updated with regular updates.

Strengths of a software firewall:

Ideal for home or personal use.

Very easy to configure and reconfigure with no requirement of specialised skills.

Less expensive to buy.

Easier to install and upgrade especially in comparison with hardware routers. The levels of security can be set with a few simple clicks of the mouse during installation.

Flexibility – they allow the specification of applications that will be allowed to connect with the internet.

Mobility – a software firewall moves with the computer regardless of the location it is on.

Weaknesses of a software firewall:

May slow down system applications since it is installed on the system itself and requires more memory and disk space.

May also prove costly because such a firewall has to be purchased separately for each computer on the network.

It maybe unwieldy to remove from the system.

Such firewalls cannot be configured to mask IP addresses. They only close unused ports and monitor traffic to and from open ports.

May not be capable of fast reaction.

Hardware Firewall

A hardware firewall is amalgamated with the router that operates between a computer and an internet modem. While they can be purchased as a standalone product also, typically they are found in broadband routers. Normally they use packet filtering to check out where the incoming information is coming from, their destination addresses and if such traffic is related to an outgoing connection for eg, a request for a website. For effective use of such a firewall it is necessary to learn about their specific features, enabling them and testing for their efficacy from time to time. Some examples of such firewall are Cisco PIX, SonicWall, NetScreen and Symantec’s 5400 series applications.

Strengths of a hardware firewall:

A single such firewall can provide protection for an entire network regardless of multiple computers.

They work independent of system performance and speed since they are not situated on computers.

They are more effective when companies use broadband internet connections like DSL or cable modem.

It is less prone to malicious software.

They are tailored for swift response and can handle more traffic load.

Since it has its own operating system, it is less prone to attacks. They also have enhanced security controls.

Ease of maintenance since a hardware firewall is typically situated in a standalone box, it is easier to disconnect or shutdown the box and minimize interference or downtime to the rest of the system.

Weaknesses of a hardware firewall:

They treat outgoing traffic as safe and may fail if a malware is attempting to connect to the internet from within.

They may be more complex to configure.

They are more expensive.

Takes up more physical space with its added wiring.

Best Practices for Firewall Implementation

In context of the Cisco certification for CCNA Security 640-553 exam, the best practices which need to be followed to have a maximum possible secure network is as follows:

The network security policy should be build keeping in mind that no-one is fully trustworthy including any insiders or outsiders. This may not seem to be a very good idea from the humane perspective but needs to be adopted and implemented in security policy.

Only the minimum number of personnel should be actually interacting with the firewall software and hardware, who are absolutely necessary to run the applications and maintain the physical appliances.

Even their access should be strictly controlled and monitored. Every other activity should also be logged and monitored continuously. All alerts should be examined.

Firewall stations should never be used for other routine applications such as servers or user work stations.

All hardware and software in the firewalls should be up to date without leaving any room for a potential threat to sneak in.

Implementing a Firewall

It is all very well to study about the theory of the firewalls but it is time now to take a look at the internal nitty-gritty of the actual implementation of the firewall which will be helpful in your Cisco security certification, specifically the CCNA 640-554 exam topic.

Basically the firewall can be implemented using one of the four methodologies namely:

IOS using CCP

PIX technology

Cisco Firewall Services Module

Cisco Adaptive Security Appliance

It is the first method that we will consider in this tutorial and the main advantage of this method is that it does not require the use of any specialized firewall appliance but the normal Cisco router platform can be used to configure the same as a firewall using the Internetwork Operating System of Cisco.

Basically this method uses the inbuilt packet filtering technology of the Cisco IOS which is present in almost all routers, to act as a firewall. The main features which are implemented in Cisco IOS firewalls are stateful inspection, URL inspection, Intrusion detection and appliance awareness. We will study some useful commands related to these feature setups.

The above is a simple example which shows the utility of inherent characteristics of the IOS to act as a packet filtering firewall. This type of features can be implemented using a wide range of Cisco router product families including but not limited to 800, 1700, 1800, 3600 and 7300 families. This gives a wide range of options to the users since these devices are widely used in all sorts of networks for core routing purposes.

In order to use the configuration wizard the following steps must be followed.

Make sure that the network configurations are complete and the IOS of the router being used is compatible for configuration of the firewall.

When the configuration wizard is launched, you can select the options amongst the BASIC & ADVANCED firewall configurations.

If the BASIC option is selected, the wizard uses the default access and inspection rules to create the firewall. This option is useful when there is only one outside interface and moreover the user is not interested to configure the DMZ network.

If the ADVANCED option is selected then the wizard asks the user to select amongst a variety of options relating to inspection and access rules and setup the firewall in a more customized manner. This helps the user to configure the DMZ network as well and is more suitable for situations where there is more than one internal and external interface.

It is worthwhile to note here that internal interfaces refer to those which are connected to the Local Area Network whilst the external interfaces refer to those connected to the Wide Area Network of the organisation under consideration. Moreover the DMZ refers to a demilitarized zone or is a buffer zone which is used to segregate traffic coming from outside sources which may not be trustworthy.

To configure the DMZ you need to specify the IP addresses for start and end, and the name and type of service to be configured such as say for example TCP, UDP etc.

The security policies which can configured for the CCNA 640-554 exam consist of a number of levels of Cisco security and each level as pre-defined settings. These levels could be either of these

SDM_HIGH

SDM_MEDIUM

SDM_LOW

Furthermore the configurations of domain name and URL need to be set at the required parameters. The following is an set of example commands which are used to set the parameters for a trusted inside interface and the security policy to SDM_HIGH level.

0 notes

benoorblog-blog · 6 years

Text

What are the likely crimes to be committed?

--Crimes People Would Most Likely Commit For Money and Security Threats.

Who, and where, are the threats coming from, both internally and externally?

The word 'threat' in information security means anyone or anything that poses danger to the information, the computing resources, users, or data. The threat can be from 'insiders' who are within the organization, or from outsiders who are outside the organization. Studies show that 80% of security incidents are coming from insiders.

Security threats can be categorized in many ways. One of the important ways they are categorized is on the basis of the “origin of threat,” namely external threats and internal threats. The same threats can be categorized based on the layers described above.

External and Internal Threats

External threats originate from outside the organization, primarily from the environment in which

the organization operates. These threats may be primarily physical threats, socio-economic threats specific to the country like a country's current social and economic situation, network security threats, communication threats, human threats like threats from hackers, software threats, and legal threats. Social engineering threats like using social engineering sites to gather data and impersonate people for the purpose of defrauding them and obtaining their credentials for unauthorized access is increasing. Theft of personal identifiable information, confidential strategies, and intellectual properties of the organization are other important threats. Some of these physical threats or legal threats may endanger an entire organization completely. Comparatively, other threats may affect an organization partially or for a limited period of time and may be overcome relatively easily. Cybercrimes are exposing the organizations to legal risks too.

Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information. Many internal threats primarily originate for the following reasons:

• Weak Security Policies, including:

• Unclassified or improperly classified information, leading to the divulgence or unintended sharing of confidential information with others, particularly outsiders.

• Inappropriately defined or implemented authentication or authorization, leading to unauthorized or inappropriate access.

• Undefined or inappropriate access to customer resources or contractors/suppliers, leading to fraud, misuse of information, or theft.

• Unclearly defined roles and responsibilities, leading to no lack of ownership and misuse of such situations.

What technical security measures would be most appropriate, and why?

10 Ways to Keep IT Systems Secure

Use these tips to protect your business from hackers, crooks and identity thieves.

Technology continues to be a boon for entrepreneurs, offering increased mobility, productivity and ROI at shrinking expense. But as useful as modern innovations such as smartphones, tablet PCs and cloud computing are to small businesses, they also present growing security concerns. Following are 10 safety tips to help you guard against high-tech failure:

1. Protect with passwords. This may seem like a no-brainer, but many cyber attacks succeed precisely because of weak password protocols. Access to all equipment, wireless networks and sensitive data should be guarded with unique user names and passwords keyed to specific individuals. The strongest passwords contain numbers, letters and symbols, and aren’t based on commonplace words, standard dictionary terms or easy-to-guess dates such as birthdays. Each user should further have a unique password wherever it appears on a device or network. If you create a master document containing all user passcodes, be sure to encrypt it with its own passcode and store it in a secure place.

2. Design safe systems. Reduce exposure to hackers and thieves by limiting access to your technology infrastructure. Minimize points of failure by eliminating unnecessary access to hardware and software, and restricting individual users’ and systems’ privileges only to needed equipment and programs. Whenever possible, minimize the scope of potential damage to your networks by using a unique set of email addresses, logins, servers and domain names for each user, work group or department as well.

Related: How Small-Business Owners Can Award Against Online Security Threats

3. Conduct screening and background checks.While rogue hackers get most of the press, the majority of unauthorized intrusions occur from inside network firewalls. Screen all prospective employees from the mailroom to the executive suite. Beyond simply calling references, be certain to research their credibility as well. An initial trial period, during which access to sensitive data is either prohibited or limited, is also recommended. And it wouldn’t hurt to monitor new employees for suspicious network activity.

4. Provide basic training. Countless security breaches occur as a result of human error or carelessness. You can help build a corporate culture that emphasizes computer security through training programs that warn of the risks of sloppy password practices and the careless use of networks, programs and devices. All security measures, from basic document-disposal procedures to protocols for handling lost passwords, should be second-nature to members of your organization.

5. Avoid unknown email attachments. Never, ever click on unsolicited email attachments, which can contain viruses, Trojan programs or computer worms. Before opening them, always contact the sender to confirm message contents. If you’re unfamiliar with the source, it’s always best to err on the side of caution by deleting the message, then potentially blocking the sender’s account and warning others to do the same.

6. Hang up and call back. So-called "social engineers," or cons with a gift for gab, often prey on unsuspecting victims by pretending to be someone they’re not. If a purported representative from the bank or strategic partner seeking sensitive data calls, always end the call and hang up. Then dial your direct contact at that organization, or one of its public numbers to confirm the call was legitimate. Never try to verify suspicious calls with a number provided by the caller.

7. Think before clicking. Phishing scams operate by sending innocent-looking emails from apparently trusted sources asking for usernames, passwords or personal information. Some scam artists even create fake Web sites that encourage potential victims from inputting the data themselves. Always go directly to a company’s known Internet address or pick up the phone before providing such info or clicking on suspicious links.

Related: Seven Steps to Get Your Business Ready for the Big One

8. Use a virus scanner, and keep all software up-to-date. Whether working at home or on an office network, it pays to install basic virus scanning capability on your PC. Many network providers now offer such applications for free. Keeping software of all types up to date is also imperative, including scheduling regular downloads of security updates, which help guard against new viruses and variations of old threats.

9. Keep sensitive data out of the cloud. Cloud computing offers businesses many benefits and cost savings. But such services also could pose additional threats as data are housed on remote servers operated by third parties who may have their own security issues. With many cloud-based services still in their infancy, it’s prudent to keep your most confidential data on your own networks.

10. Stay paranoid. Shred everything, including documents with corporate names, addresses and other information, including the logos of vendors and banks you deal with. Never leave sensitive reports out on your desk or otherwise accessible for any sustained period of time, let alone overnight. Change passwords regularly and often, especially if you’ve shared them with an associate. It may seem obsessive, but a healthy dose of paranoia could prevent a major data breach.

The average cost to an organization to recover from such a breach is $6.75 million, according to Javelin Strategy & Research. And that doesn’t count damage to your reputation or relationships. So be proactive and diligent about prevention. An ounce far outweighs a pound of cure.

0 notes