Chapter 2- Network Security

Contents
 Introduction
 Network security concerns
 Security management
 Service and signal availability
 Wireless network controls
 Protective security mechanisms
 Computer security principles
 Network data & information theft
 Creating mobile backup
Introduction
IT
 security is a challenging job that requires attention to detail at
the same time as it demands a higher-level awareness. However,
like many tasks that seem complex at first glance, IT security can
be broken down in to basic steps that can simplify the process.
That’s not to say it makes things easy, but it does keep IT
professionals on their toes.
At Technopedia, we aim to provide insight and inspiration to IT

professionals, technology decision-makers and anyone else who
is proud to be called a geek. From defining complex tech jargon
in our dictionary, to exploring the latest trend in our articles or
providing in-depth coverage of a topic in our tutorials, our goal is
to help you better understand technology - and, we hope, make
better decisions as a result. 
…Cont.
 In the context of computer systems, authentication is a
process that ensures and confirms a user’s identity.
Authentication is one of the five pillars of information
assurance (IA). The other four are integrity, availability,
confidentiality and non-repudiation.
 The Public Key Infrastructure (PKI) authentication method
uses digital certificates to prove a user’s identity. There are
other authentication tools, too, such as key cards and USB
tokens. One of the greatest authentication threats occurs
with email, where authenticity is often difficult to verify.
For example, unsecured emails often appear legitimate.
…Cont.
 Authentication begins when a user tries to access
information. First, the user must prove his access rights
and identity. When logging into a computer, users
commonly enter usernames and passwords for
authentication purposes. This login combination, which
must be assigned to each user, authenticates access.
However, this type of authentication can be circumvented
by hackers.
 A better form of authentication, biometrics, depends on the
user’s presence and biological makeup (i.e., retina or
fingerprints). This technology makes it more difficult for
hackers to break into computer systems.
 Network security concerns
 Dealing with common network security issues
 security devices such as firewalls and anti-virus software.
 security settings in the router or the operating system.
 data encryption systems for sensitive data.
 data backup, including the use of off-site backup
Network security issues
 When businesses connect their systems and computers, one
user's problems may affect everyone on the network.
 Despite the many benefits of using networks, networking
raises a greater potential for security issues such as:
o data loss
o security breaches
o malicious attacks, such as hacking and viruses
 Common network security issues
 Typical preventive measures to help you avoid
network security threats include:
 security devices such as firewalls and anti-virus
software
 security settings in the router or the operating system
 data encryption systems for sensitive data
 data backup, including the use of off-site backup
 restricting access to the network infrastructure to
authorized personnel only
 training staff in the safe and secure use of the
equipment
Importance of regular network administration and housekeeping

 Regular maintenance of your computer network is an essential part of

keeping your systems running smoothly and securely. Redundant data,
disused software, forgotten mailboxes and remains of old updates can
slow down your network system, potentially causing efficiency and
productivity issues for business.
 It is important to ensure data security through regular housekeeping
such as:
 backing up files
 password routines
 system logs
 removing access from employees who leave
 Virtual private networks (VPN) security
 If your staff need to access the network while off-site,
consider a virtual private network. This creates a secure
link and protects information sent and received.
 Whichever technology solution you select, security should
be a priority. If you're unsure how to proceed, seek expert
advice from your internet service provider, system provider,
installer or an adviser.
Network data & information theft
Examples of Identity Theft
 Stolen Checks. If you have had checks stolen or
bank accounts set up fraudulently, report it to the
check verification companies.
ATM Cards.
Fraudulent Change of Address.
Social Security Number Misuse.
Passports.
Phone Service.
Driver License Number Misuse.
False Civil and Criminal Judgments.
IT security management process
…Cont.
 Take note of these eight types of identity theft and
protect yourself.
 Financial Identity Theft.
 Driver's License Identity Theft.
 Criminal Identity Theft.
 Social Security Identity Theft.
 Medical Identity Theft.
 Insurance Identity Theft.
 Child Identity Theft.
 Synthetic Identity Theft.
…Cont.
 The term identity theft was coined in 1964. Identity fraud
is often but not necessarily the consequence of identity
theft.
 Someone can steal or misappropriate personal information
without then committing identity theft using the information
about every person, such as when a major data breach
occurs.
…Cont.
 The three ways to avoid /Prevent /identity theft are:
Secure your Social Security number (SSN).
Don't respond to unsolicited requests for personal
information (your name, birth date, Social Security number,
or bank account number) by phone, mail, or online.
Contact the three credit reporting agencies to request a
freeze of your credit reports.
…Cont.
 Ten/10/Steps to Identity Recovery
Replace missing documents.
Create an Identity Theft Report.
Create an initial fraud alert and order your credit
reports.
Request an extended fraud alert.
Consider a credit freeze.
Act quickly if you suspect medical identity theft.
Clear compromised tax records.
Dispute fraudulent activity on financial accounts.
Wireless network controls
 Wireless security is the prevention of unauthorized access
or damage to computers using wireless networks. The most
common types of wireless security are Wired Equivalent
Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is
a notoriously weak security standard.
 WPA and WPA2 provide secure access control, strong data
encryption; and, they protect the network from passive and
active attacks.
 VPN provides effective security for users wirelessly
accessing the network while on the road or away from the
office.
Point Orange 3G : RTU outstation

A versatile, intelligent, 3G remote telemetry unit suitable

for many applications. Cost effective Compact Long term
secure data retention Intelligent alarm functionality
Operational downtime minimized Simple and quick to
install
 115E-2 Ethernet Networking I/O and
Gateway
 The ELPRO 115E-2 Ethernet Networking I/O and Gateway
offers various I/O types to be connected back to an Ethernet
interface for remote monitoring. The design of the unit
allows flexible configuration to connect back to a central
station via cabled or wireless networks. The change of state
protocol is ideal for congested wireless environments.
 Elpro 450U-E Ethernet Modem
 The Elpro 450U-E radio modem provides TCP, RS232 or
RS485 connections by radio. It is a wireless alternative for
linking PLC’s, data loggers, supervisory computers and
intelligent transducers.
 The 450U-E has been designed to be easy to use and simple
to install. It is available as a low power 400MHz radio
which does not require a radio licence in most European
countries or South Africa or on the licensed bands.
 Elpro 105U-G-PR1: Profibus DP
Slave
Wireless gateways provide connectivity between similar/dissimilar industrial
databuses and/or field device I/O (e.g. Ethernet/IP to Profibus, etc.)
 Connected via RS232/485 and Ethernet, register allocated data-bus values
are transmitted/received by radio to and from devices such as PLC’s, HMI’s,
etc.
Flexible by design, Elpro’s 105U-G series can multi-hop repeat five times,
support a variety of industrial protocols and when combined with Elpro’s
1115S and/or I/O products, can create simple to complex I/O products, can
create simple to complex I/O networks supporting differing protocols.
Elpro 105U-G-PR1
Profibus DP Slave; 416 I/O bytes
(Up to 1952 DI/1952 DO or up to 122 AI/122 AO)
RS-485 optically isolated with onboard DC/DC converter
Automatic baud rate detection: 9600bps – 12Mbps
Profibus DP to EN 50170 standard
 Elpro 615M-1: Cellular Modem, IP
Router
 The ELPRO 615M-1 is a powerful Multi-Service Provider
Cellular Broadband Router that delivers wireless data
connectivity for up to two LAN connections and one serial
port through public cellular networks at 3G network speeds
Computer security principles
 IT security best practice
The CIA principle. A simple but widely-applicable security model is
the CIA triad; standing for Confidentiality, Integrity and Availability;
three key principles which should be guaranteed in any kind of secure
system.
Principle 8: The Three Types of Security Controls Are Preventative,
Detective, and Responsive. Controls (such as documented processes) and
countermeasures (such as firewalls) must be implemented as one or
more of these previous types, or the controls are not there for the purposes
of security.
Principle 2: The Three Security Goals Are Confidentiality, Integrity,
and Availability. All information security measures try to address at least
one of three goals: Protect the confidentiality of data
…cont
 There are three main types of internal controls:
detective, preventative and corrective.
 Detective Internal Controls. Detective internal controls are
designed to find errors after they have occurred.
 Preventative Internal Controls.
 Corrective Internal Controls.
 Limitations.
 Basic security principles for information systems
development/deployment. Information security is
concerned with the confidentiality, integrity, and
availability of information.
…cont
 From these three 'pillars', the following principles must
be applied when implementing and maintaining an
information system:
Accountability
Trust
Data management
Isolation
Change
Compliance
 Compliance
 The University of Waterloo is subject to an increasing number of
compliance requirements. Some examples:
 The Freedom of Information and Protection of Privacy Act (FIPPA)
contains disclosure requirements in the event of a breach.
 The Payment Card Industry Data Security Standard (PCI DSS)
prescribes how credit card holder data is to be handled and secured.
 The Food and Drug Administration (FDA) in the USA has security
requirements with respect to the handling of contact lens research
data.
 The Federal Information Security Management Act (FISMA) in the
USA could impact the university when it comes to working with
health-related research data from that country.
 Compliance requirements must be identified early in the planning
stages of an information system development or deployment project.
Change
 When not managed properly, change can have a negative
impact on the confidentiality, integrity, and availability of
information.
 Untested or unplanned changes could introduce
vulnerabilities that, when exploited, lead to a breach. The
changes could also introduce bugs that may compromise the
integrity of information.
 The discovery of any of these kinds of issues after-the-fact
often requires unplanned outages to resolve, which has a
negative impact on availability.
 Isolation
 Highly sensitive information, such as information classified
as Highly Restricted, should be isolated from more public
systems. Isolation:
 Reduces the exposure to attack.
 Allows for greater security controls to be applied on a
smaller scale, helping with the control of costs.
 Helps with managing the flow of information between
independent systems.
 Can be used as an access control technique within an
information system.
 Data protection
 The appropriate level of physical and logical security
controls must be implemented to protect data when
transmitted, processed, and stored. Some examples:
 Use Transport Layer Security (TLS) to maintain the
confidentiality and integrity of information in transit
on the network.
 Use encryption to protect the confidentiality and
integrity of information stored on mobile devices.
 Use locked doors, surveillance cameras, and motion
detectors to maintain the physical security of data
centers.
 Data management
 Data classification
 Information may be classified in a number of different ways,
reflecting its importance to the university. Information must be
classified in terms of confidentiality records management and
importance to the institution for the purposes of Business
Continuity Planning.
 Data minimization
 The collection and use of information must be restricted to that
which is required to support the business processes
implemented by the information system. Data minimization
reduces the exposure in the event of a breach. For example, do
not collect personal information such as Social Insurance
Numbers or dates of birth unless absolutely required.
 Trust
 It must be assumed that any information system will be
under attack via a number of vectors.
 A variety of safeguards are required for all system
components to maintain system security and the security of
the information being processed and stored.
 Internal threats must also be considered. For example,
implementing least privilege in a business process, and
through authorization mechanisms, will lower the risk of a
successful exploitation of trust by a trusted system user.
 Accountability
 Regardless of who is implementing an information
system for the University of Waterloo, roles must be
assigned to appropriate permanent university staff.
 Defines the roles of information steward (e.g. the
business owner) and information custodian (e.g. the
technologist), along with their respective responsibilities.
 Within the information system itself, controls must be
implemented to maintain the appropriate level of
information security. In most cases, the system must
authenticate users, and record an appropriate level of
system activity for audit purposes.
Creating mobile backup
 Although there are many good backup programs you can
install to protect your files, Windows already has easy to
use, built-in tools to automatically save copies of your data
to an external hard drive or a shared network location
 We can backup & Restore android phone to computer via
USB.
 Similarly we can restore from iCloud backup” by
connecting to internet connection of your computer
…Cont
 In information technology, a backup, or data backup, or the process of
backing up, refers to the copying into an archive file of computer data so it
may be used to restore the original after a data loss event. The verb form is
"back up" (a phrasal verb), whereas the noun and adjective form is "backup".
 Backups have two distinct purposes. The primary purpose is to recover data
after its loss, be it by data deletion or corruption. Data loss can be a common
experience of computer users; a 2008 survey found that 66% of respondents
had lost files on their home PC.[2] The secondary purpose of backups is to
recover data from an earlier time, according to a user-defined data retention
policy, typically configured within a backup application for how long copies
of data are required.[3] Though backups represent a simple form of
disaster recovery and should be part of any disaster recovery plan, backups
by themselves should not be considered a complete disaster recovery plan.
One reason for this is that not all backup systems are able to reconstitute a
computer system or other complex configuration such as a computer cluster,
active directory server, or database server by simply restoring data from a
backup.
…Cont
Since a backup system contains at least one copy of all data considered
worth saving, the data storage requirements can be significant.
Organizing this storage space and managing the backup process can be a
complicated undertaking. A data repository model may be used to
provide structure to the storage. Nowadays, there are many different
types of data storage devices that are useful for making backups. There
are also many different ways in which these devices can be arranged to
provide geographic redundancy, data security, and portability.
Before data are sent to their storage locations, they are selected,
extracted, and manipulated. Many different techniques have been
developed to optimize the backup procedure. These include
optimizations for dealing with open files and live data sources as well as
compression, encryption, and de-duplication, among others. Every
backup scheme should include dry runs that validate the reliability of
the data being backed up. It is important to recognize the limitations and
human factors involved in any backup scheme.
Protective security mechanisms

 In computer science, protection mechanisms are built into

a computer architecture to support the enforcement of
security policies.
 The separation of protection and security is a special case
of the separation of mechanism and policy.
 Security mechanisms are technical tools and techniques
that are used to implement security services.
 A mechanism might operate by itself, or with others, to
provide a particular service.