Security Threats and Controls in Business Communications Networks

Infected Cyber Networks

• International networks face threats from cyber activities.

• Spam and malware are identified as major issues.

• Cybercrime is a significant threat, including acts of computer hacking.

• Various network groups are involved in malicious activities.

Threats to Network Security (Chapter 11, ADM4378)

Key Topics:

• Security Threats

• Risk Assessment

• Business Continuity

• Security Controls

• Disaster Recovery Plan

• Intrusion Prevention

• Encryption

Security Concerns in Business

• Security has become a major concern for organizations due to the rise of the Internet, which has redefined information security.

• Companies face global threats to their networks and critical data.

• Many organizations, both public and private, have fallen victim to cyberattacks.

• An increase in cyber security incidents has been noted year over year, including:

  • Malware (e.g., viruses)

  • Identity theft (specifically targeting financial information)

  • Ransomware attacks

Reasons for Increased Security Breaches

• Hacking has transitioned from a hobby to a profession, driven by:

  • Financial gains

  • Political motivations

• Hacktivism:

  • Use of hacking techniques to promote a political or societal agenda.

  • Combines hacking with digital activism, often targeting large organizations and governments.

• The proliferation of mobile devices has created vulnerabilities that can be exploited easily.

Financial Implications of Security Breaches

• Compliance costs associated with unauthorized disclosures can be substantial:

  • Example: California law fines can reach up to $250,000 for each unauthorized customer information disclosure.

  • A breach of 100 customer records could lead to fines totaling $25 million.

• An average data breach costs organizations approximately $3.5 million.

• System downtime can incur significant loss of income:

  • Example: Bank of America could lose $50 million if its networks were down for 24 hours.

• Breaches can lead to:

  • Reduced consumer confidence

  • Damaged reputations

CIA Principles of Network Security

• Confidentiality:

  • Protection of data from unauthorized disclosures.

• Integrity:

  • Ensuring that data are not altered or destroyed in an unauthorized manner.

• Availability:

  • Ensuring continuous operation of hardware and software for uninterrupted service.

Types of Computer Threats

Viruses and Worms

• Viruses:

  • Can spread when infected files are accessed.

  • Macro viruses attach to programs/documents and spread during execution.

• Worms:

  • Distinct from viruses, worms can spread without human intervention.

  • Typically, they self-propagate by sending copies of themselves from one computer to another.

  • Incoming email messages are the most common source of virus infiltration. It's advised to:

  • Check email attachments

  • Use filtering programs for incoming emails.

Trojan Horses

• Trojan horses act as remote access management consoles (rootkits).

• Often hidden within downloaded software, especially music and video files shared online.

Common Security Threats

• Unauthorized Access:

  • Can come from internal (employee) or external sources.

  • Internal unauthorized access is particularly concerning.

• Hacker:

  • Defined as an individual who gains unauthorized access to a computer system.

  • Device Theft:

  • Many organizations face the risk of theft of digital assets.

Social Engineering and Phishing

• Social Engineering:

  • Attackers impersonate individuals to extract information (personal or workplace).

  • These attackers are often skilled manipulators.

• Phishing:

  • Involves sending mass emails directing victims to fake websites to harvest login credentials.

Denial of Service (DoS) Attacks

• DoS Attacks:

  • Flood target servers with useless requests to prevent legitimate message receipt.

  • Examples include Distributed Denial of Service (DDoS) attacks.

  • DDoS is harder to detect and involves a network of hacked computers contributing to the attack (master-slave configuration).

  • Major websites like Amazon, eBay, Yahoo, and FBI have suffered service degradation or shutdowns from DDoS attacks.

Security Holes

• Security Holes:

  • Flaws in network software that allow unintended access; bugs can create vulnerabilities.

• Once discovered, knowledge of such holes can circulate quickly, leading to potential exploit attempts by hackers ahead of security teams patching the hole.

Risks Associated with B2B and B2C Transactions

• Risks include:

  • Data Interception: Unauthorized parties access sensitive information during transmission.

  • Lack of Message Origin Authentication: Questions surrounding if a message truly originates from the specified sender.

  • Lack of Proof of Delivery: Uncertainty if messages reach intended recipients.

  • Unauthorized Viewing: Ensuring messages are read only by the intended recipient.

  • Untimely Delivery: Important for electronic bids or contracts; solutions like digital time-stamp signatures are suggested.

Risk Assessment and Management Process

• A crucial activity for developing a secure network involves assigning risk levels to various threats.

Steps in Risk Assessment/Management:

1. Develop risk measurement criteria:

   • Evaluate how threats impact the organization and prioritize each measure, e.g., financial impact (sales drop).

2. Inventory IT assets:

   • Determine mission-critical applications and data, evaluate their significance.

3. Identify threats:

   • Recognize potential events that could cause harm, including:

     • Malware

     • Denial of Service

     • Information Theft

     • Equipment Theft

     • Device Failure

     • Natural or man-made disasters.

4. Document existing controls:

   • Identify risk acceptance, mitigation, sharing, or deferral strategies based on potential impacts.

5. Identify improvements:

   • Prioritize addressing threats according to risk levels.

Sample Threat Scenario

• Example 1: Threat to Client Database

  • Threat: Natural disaster (e.g., tornado).

  • Likelihood: Low (1).

  • Impact on various aspects:

    • Financial: High (3).

    • Reputation: High (3).

    • Risk Score calculated (Likelihood x Impact Score) = 14.

  • Mitigation Controls: Include regular backups and a disaster recovery plan.

• Example 2: Theft of Customer Information

  • Threat: Unauthorized access from a hacker or disgruntled employee.

  • Likelihood: Medium (2).

  • Financial Impact Score: High (3).

  • Risk Mitigation Controls: Use of encryption, firewalls, and personnel policies to restrict access.

Business Continuity Planning

• Ensure operational continuity of data and applications during disruptions.

• The Continuity Plan comprises:

  • Security controls to minimize impacts.

  • Disaster recovery plans for post-disaster recovery.

Security Controls

• Mechanisms designed to minimize threats to network security; types include:

  • Preventative Controls:

  • Stops unwanted actions or events before they occur (e.g., locks, passwords).

  • Detective Controls:

  • Identifies unwanted events after they happen (e.g., auditing).

  • Corrective Controls:

  • Fixes the consequences of unwanted events (e.g., reinitiating a network circuit).

Major Threats to Business Continuity

• Threats include:

  • Viruses

  • Theft

  • Denial of Service

  • Device Failure

  • Natural or man-made disasters.

Virus Protection and Threat Mitigation

• Regularly update antivirus software, be wary of free versions.

• Employ behavioral protection tools and exercise caution with executable files.

Theft Prevention in Organizations

• Establish a security plan to minimize equipment theft, which results in significant financial losses every year. Physical security is crucial.

Physical Security Measures

• Secure access to physical server rooms and equipment.

• Implement access controls to restrict who can enter facilities where network equipment is stored.

Securing Network Cables

• Protect long-distance network cables to prevent eavesdropping.

• Employ controlled access to cables and connectors; use harder-to-tap cable types like fiber optics.

Securing Network Devices

• Network devices should be housed in secure, locked closets. Use security measures like secure switches that require special codes to connect new devices.

Preventing Denial of Service Attacks

1. Traffic Filtering: Configure routers/firewalls to verify source addresses.

2. Traffic Limiting: Limit number of permissible incoming packets.

3. Traffic Anomaly Detection: Use dedicated security devices to monitor and quarantine abnormal traffic patterns.

Device Failure Protection

• Essential to maintain redundant systems:

  • Use uninterruptible power supplies (UPS) and fault-tolerant servers.

  • Implement disk mirroring and RAID configurations for data safety.

Disaster Recovery Plans (DRPs)

General Elements Include:

• Clear responses to potential disasters.

• Backup controls for all data and software.

• Detailed recovery procedures and listing of responsibilities for personnel.

DRP Levels

• Level 1 (In-House): Build enough capacity for minor disasters.

• Level 2 (Outsourcing): Work with external firms for larger disasters.

Features of DRPs

• Include fault-tolerant systems, incremental backups, and clear testing protocols.

Types of Intruders

• Casual Intruders:

  • Minimal knowledge of network access.

• Script Kiddies:

  • Amateur hackers using pre-made tools.

• Professional Hackers:

  • Attack for gain, espionage, or fraud.

• Network Employees:

  • Authorized but access unauthorized information.

Intrusion Prevention

• Focuses on proactive measures including testing security systems and maintaining updated protocols.

Firewall Measures

• Control access to internal networks from external connections. Firewalls can be:

  • Packet-Level Firewalls:

  • Inspect incoming and outgoing packets based on header information.

  • Application-Level Firewalls:

  • Apply rules to packets based on application-specific protocols.

Network Address Translation (NAT)

• Shields private networks from external threats by translating private addresses.

Encryption

General Information

• Transforms readable messages (plaintext) into unreadable formats (ciphertext).

• Key concepts include:

  • Cryptanalysis: Attempting to recover plaintext without prior knowledge of the encryption key.

  • Brute Force Attacks: Testing every possible key until the correct one is found.

Encryption Methods

1. Secret-key Encryption (Symmetric):

   • Same key is used to encrypt and decrypt messages.

2. Public-key Encryption (Asymmetric):

   • Different keys are used for encryption (public key) and decryption (private key).

Digital Signatures

• Provide proof of identity and secure message transmission.

• Apply public-key encryption to authenticate messages, ensuring integrity and non-repudiation.

Public Key Certificates

• Used to validate the authenticity of public keys.

• Managed by Trusted Third Party (TTP) organizations.

Recommendations for Security Policies

• Develop and maintain clear disaster recovery plans.

• Regular training on data recovery and social engineering for employees.

• Implement standard security measures like firewalls and encryption across systems.

Implications for Management

• Cybersecurity is becoming crucial in information systems.

• Expect increased costs related to security procurement.

• Networks' reliability is critical; future software and hardware decisions must prioritize security maintenance.