# Function of IDS - Obtaining evidence on intrusive activity.
# Function of FireWall:
- Control the access on the basis of defined rule
- Blocking access to websites for unauthorised users
- Preventing access to servers for unauthorised users
# Main problem in operating IDSs is the recognition (detection) of events that are not really security incidents—false positives (i.e. false alarm).
# Concerns of biometric implementation:
- instances of false rejection rate.
- instances of false acceptance rate.
# Denial of service is a type of attack and is not a problem in the operation of IDSs.
# BEST method to detect the intrusion is to actively monitor the unsuccessful logins.
- Deactivating the user ID is preventive method and not detective.
# IDS cannot detect attacks which are in form of encrypted traffic. So if organisation has misunderstood that IDS can detect encrypted traffic also and accordingly designed its control strategy, then it is major concern.
# ‘War Driving’ - Used by hacker for unauthorised access to wireless infrastructure. War driving is a technique in which wireless equipped computer is used to locate and gain access to wireless networks. Same is done by driving or walking in and around building. ‘War Driving’ is also used by auditors to test wireless.
- WPA-2 is an encryption standard and not a technique to test the security.
- War dialling is a technique for gaining access to a computer or a network through the dialling of defined blocks of telephone numbers.
# Following are the best practises for wireless (wi-fi) security :
- Enable MAC (Media Access Control) address filtering.
- Enable Encryption to protect data in transit.
- Disable SSID (service set identifier) broadcasting.
- Disable DHCP (Dynamic Host Configuration Protocol).
# A randomly generated PSK is stronger than a MAC-based PSK.
- WEP (Wired equivalent privacy) has been shown to be a very weak encryption technique and can be cracked within minutes.
# The risk management process is about making specific, security-related decisions, such as the level of acceptable risk.
# Out of all types of firewall, Application-Level Firewall provides greatest security environment (as it works on application layer of OSI model).
- Application gateway works on application layer of OSI model and Circuit gateway works on session layer.
- Application gateway has different proxies for each service whereas Circuit gateway has single proxy for all services.
Therefore, application gateway works in a more detailed (granularity) way than the others.
# Out of all types of firewall implementation structures, Screened Subnet Firewall provides greatest security environment (as it implements 2 packet filtering router and 1 bastion host). It acts as proxy and direct connection between internal network and external network is not allowed. A screened-subnet firewall is also used as a demilitarized zone (DMZ).
Difference between screened-subnet firewall and screened host firewall is that, screened-subnet firewall uses two packet filtering router whereas screened-host firewall uses only one packet-filtering firewall. Both works on the concept of bastion host and proxy.
# Application gateway works on application layer of OSI model and effective in preventing applications, such as FTPs and https. A circuit gateway firewall is able to prevent paths or circuits, not applications, from entering the organization's network.
# Application-level gateway
Out of all types of firewall, Application-Level Firewall provides greatest security environment (as it works on application layer of OSI model).An application-level gateway is the best way to protect against hacking because it can define with detail rules that describe the type of user or connection that is or is not permitted. It analyze each package in detail at application level of OSI which means that it reviews the commands of each higher-level protocol such as HTTP, FTP etc.
# Firewall Security can be compromised when all the installation options are kept open.
# Audit Charter outlines the overall authority, scope and responsibilities of the Internal Audit Function. Functions of External Audit are governed by Engagement letters.
# Kerberos is a network authentication protocol for client-server applications that can be used to restrict access to the database to authorized users.
- Vitality detection and multimodal biometrics are controls against spoofing and mimicry attacks.
- Before-image/after-image logging of database transactions is a detective control
- Kerberos is a preventative control.
# Kerberos
1. Kerberos is a Single Sign-on tool which is used to protect networks and related resources.
2. Kerberos work in Open Network Environment (ONE) which is sometimes also known as Distributed Computing Environment(DCE) and manages authentication in diverse environment.
3.In kerberos both client and server are authenticated.
4.Purpose of kerberos is to avoid spoofed attacks
5.Important components/ parts of kerberos system includes:
Authenticator
Credential
Kerberos Authentication Server(KAS)
Kerberos Database
Session Key
Ticket
Ticket Granting Server (TGS)
Timestamp
User or Client
6. Client identity is stored in kerberos database.
7. Ticket contains user identity,a session key, a timestamp etc.
8. Every ticket will have unique session key.
9. Tickets can be reused.
10. Kerberos server maintains history of previous user requests & sessions.
# Function of FireWall:
- Control the access on the basis of defined rule
- Blocking access to websites for unauthorised users
- Preventing access to servers for unauthorised users
# Main problem in operating IDSs is the recognition (detection) of events that are not really security incidents—false positives (i.e. false alarm).
# Concerns of biometric implementation:
- instances of false rejection rate.
- instances of false acceptance rate.
# Denial of service is a type of attack and is not a problem in the operation of IDSs.
# BEST method to detect the intrusion is to actively monitor the unsuccessful logins.
- Deactivating the user ID is preventive method and not detective.
# IDS cannot detect attacks which are in form of encrypted traffic. So if organisation has misunderstood that IDS can detect encrypted traffic also and accordingly designed its control strategy, then it is major concern.
# ‘War Driving’ - Used by hacker for unauthorised access to wireless infrastructure. War driving is a technique in which wireless equipped computer is used to locate and gain access to wireless networks. Same is done by driving or walking in and around building. ‘War Driving’ is also used by auditors to test wireless.
- WPA-2 is an encryption standard and not a technique to test the security.
- War dialling is a technique for gaining access to a computer or a network through the dialling of defined blocks of telephone numbers.
# Following are the best practises for wireless (wi-fi) security :
- Enable MAC (Media Access Control) address filtering.
- Enable Encryption to protect data in transit.
- Disable SSID (service set identifier) broadcasting.
- Disable DHCP (Dynamic Host Configuration Protocol).
# A randomly generated PSK is stronger than a MAC-based PSK.
- WEP (Wired equivalent privacy) has been shown to be a very weak encryption technique and can be cracked within minutes.
# The risk management process is about making specific, security-related decisions, such as the level of acceptable risk.
# Out of all types of firewall, Application-Level Firewall provides greatest security environment (as it works on application layer of OSI model).
- Application gateway works on application layer of OSI model and Circuit gateway works on session layer.
- Application gateway has different proxies for each service whereas Circuit gateway has single proxy for all services.
Therefore, application gateway works in a more detailed (granularity) way than the others.
# Out of all types of firewall implementation structures, Screened Subnet Firewall provides greatest security environment (as it implements 2 packet filtering router and 1 bastion host). It acts as proxy and direct connection between internal network and external network is not allowed. A screened-subnet firewall is also used as a demilitarized zone (DMZ).
Difference between screened-subnet firewall and screened host firewall is that, screened-subnet firewall uses two packet filtering router whereas screened-host firewall uses only one packet-filtering firewall. Both works on the concept of bastion host and proxy.
# Application gateway works on application layer of OSI model and effective in preventing applications, such as FTPs and https. A circuit gateway firewall is able to prevent paths or circuits, not applications, from entering the organization's network.
# Application-level gateway
Out of all types of firewall, Application-Level Firewall provides greatest security environment (as it works on application layer of OSI model).An application-level gateway is the best way to protect against hacking because it can define with detail rules that describe the type of user or connection that is or is not permitted. It analyze each package in detail at application level of OSI which means that it reviews the commands of each higher-level protocol such as HTTP, FTP etc.
# Firewall Security can be compromised when all the installation options are kept open.
# Audit Charter outlines the overall authority, scope and responsibilities of the Internal Audit Function. Functions of External Audit are governed by Engagement letters.
# Kerberos is a network authentication protocol for client-server applications that can be used to restrict access to the database to authorized users.
- Vitality detection and multimodal biometrics are controls against spoofing and mimicry attacks.
- Before-image/after-image logging of database transactions is a detective control
- Kerberos is a preventative control.
# Kerberos
1. Kerberos is a Single Sign-on tool which is used to protect networks and related resources.
2. Kerberos work in Open Network Environment (ONE) which is sometimes also known as Distributed Computing Environment(DCE) and manages authentication in diverse environment.
3.In kerberos both client and server are authenticated.
4.Purpose of kerberos is to avoid spoofed attacks
5.Important components/ parts of kerberos system includes:
Authenticator
Credential
Kerberos Authentication Server(KAS)
Kerberos Database
Session Key
Ticket
Ticket Granting Server (TGS)
Timestamp
User or Client
6. Client identity is stored in kerberos database.
7. Ticket contains user identity,a session key, a timestamp etc.
8. Every ticket will have unique session key.
9. Tickets can be reused.
10. Kerberos server maintains history of previous user requests & sessions.
No comments :
Post a Comment