Hackers use virus and trojan software to attack workstations as a stepping stone to attack servers and systems. Attackers can receive useful information from the victim's computer through network services.
3.2.7 Attacks on the human element:
Hackers can exploit vulnerabilities caused by system administrator errors or contact a fake system administrator to change the username and password.
3.3 Security levels:
Firewall Physical Protect
Data Encryption
When analyzing network security systems, people divide them into the following levels of security:
Login/ Password
Access Right Information |
Maybe you are interested!
-
Strengthening Information Security Measures and Ensuring Network Security -
Organizational System of Vietnam Social Security: -
Strengthening Financial Support From the State Budget to Help Farmers Participate in a Stronger Social Security System -
Current Status of Factors Affecting Learning Skills of Students Under the Credit System at People's Public Security Academies and Universities -
Political System, Social Order and Security
Figure 3.3 Network security levels.
Figure 3.3 Security levels.
3.3.1Access rights:
This is the deepest layer of protection to control network resources at the file level and determine user permissions decided by the administrator such as: only read, only write, execute.
3.3.2 Login/Password:
This is the layer of protection that protects information access at the system level. This is the most commonly used level of protection because it is simple and inexpensive. The administrator provides each user with a username and password and controls all network activities through that form. Each time the user accesses the network, he must log in, enter the username and password, and the system will check if they are valid before allowing the login.
3.3.3 Data encryption:
It is to use data encryption methods at the transmitter side and perform decryption at the receiver side.
The receiver can only encrypt correctly if it has the encryption key provided by the sender.
3.3.4 Physical protect:
This is a form of preventing the risk of illegal physical access to the system, such as absolutely prohibiting unauthorized people from entering the room where the network is located, using a computer lock, or installing an alarm mechanism when there is access to the system...
3.3.5 Firewall:
This is a form of preventing illegal intrusion into the internal network through a firewall. The function of a firewall is to prevent unauthorized access (according to a pre-defined access list) and can even filter packets that we do not want to send or receive for some reason. This protection method is widely used in the Internet environment.
3.4 System security measures:
For each network system, it is not advisable to install and use only one security mode, no matter how strong it may be, but to install many different security mechanisms so that they can support each other and can ensure a high level of security.
3.4.1 Least Privilege:
One of the most basic principles of security in general is the principle of least privilege. That is: Any object on the network should have only the certain permissions that the object needs to have to perform its tasks and only those permissions. Thus, every user does not necessarily have the right to access all Internet services, read and modify all files in the system… The system administrator does not necessarily have to know the root password or the passwords of every user…
Many security issues on the Internet are considered failures of the Principle of Least Privilege. Therefore, privileged programs should be kept as simple as possible, and if a program is complex, we should find ways to break it down and isolate each part that requires permission.
3.4.2 Defense in Depth:
For each system, it is not advisable to install and use only one security mode, no matter how strong it may be, but to install multiple security mechanisms so that they can support each other.
3.4.3 Choke point:
A bottleneck forces intruders to go through a narrow path that we can control and monitor. In the network security mechanism, the Firewall is located between our network system and the Internet, it is a bottleneck. At that time, anyone who wants to access the system must go through it, so we can monitor and manage it.
But a bottleneck would also be useless if there were another way into the system that did not go through it (in a network environment, there are also other unprotected Dial–up lines that can access the system).
3.4.4 Weakest point:
Another basic principle of security is: “A chain is only as strong as its weakest link”. When trying to penetrate our system, intruders often look for the weakest point to attack. Therefore, for each system, it is necessary to know the weakest point to have a protection plan.
3.4.5 Fail–Safe Stance:
If a system is accidentally broken, it must be broken in some way to prevent attackers from attacking the broken system. Of course, a failure in security also removes legitimate user access until the system is restored.
This principle is also applied in many areas. For example, automatic doors are designed to be able to switch to manual opening when the power supply is interrupted to avoid trapping people inside.
Based on this principle, two rules are proposed to apply to the security system.
total:
- Default deny Stance: Focus on what is allowed and block everything else.
the rest
- Default permit Stance: Focus on what is forbidden and allow everything else
the rest. What is not prohibited is permitted.
From the above safety point of view, the first rule should be used, and from the
The managers' point is the second rule.
3.4.6 Global participation:
To achieve high security efficiency, all systems on the global network must participate.
participate in the security solution. If a system has poor security mechanisms, the user
An unauthorized person can gain access to this system and then use this system to gain access to other systems.
3.4.7 Combining multiple protection measures:
On the Internet, there are many different types of systems in use, so there must be multiple defenses to ensure a defense-in-depth strategy. If all our systems are the same and someone knows how to penetrate one system, they can also penetrate the others.
3.4.8 Simplify:
If we don't understand something, we can't know if it's safe or not. That's why we need to simplify the system so that we can apply safety measures more effectively.
3.5 Privacy policies:
The information security plan must take into account external and internal risks and must incorporate both technical and management measures. The following steps should be taken:
• Identify information security requirements and policies: The first step in an information security plan is to identify access requirements and a set of services provided to internal and external users, and to develop corresponding policies.
• Perimeter security design: The design is based on predefined security policies. The result of this step is the network architecture along with the hardware and software components to be used. Special attention should be paid to the remote access system and user authentication mechanism.
• Security measures for servers and workstations: External security measures, no matter how complete, may not be enough to protect against attacks, especially attacks from within. Servers and workstations need to be checked for security loopholes. Filewalls and external servers need to be checked for denial of service attacks.
• Regular inspection: There should be a plan to periodically inspect the entire information security system, and it should also be re-inspected whenever there is a change in configuration.
3.5.1 Network security plan:
Having a proper and effective network security policy to protect the information and resources of a company, organization in particular, or of a ministry, industry, or of a country in general is a very important issue. If the resources and information that the company has on the network are worth protecting, then a network security policy is worth implementing. Most agencies have sensitive information and competitive secrets on their computer networks, so we will need a network security policy to protect the company's resources and information.
To have an effective network security policy, we must answer the question: what types of services and resources are users allowed to access and what types are prohibited?
3.5.2 Internal security policy:
An organization may have multiple departments in multiple locations, each with its own network. If the organization is large, each network must have at least one network administrator. If the locations are not connected to each other in an intranet, the security policies may also differ.
Typically, network resources at each location include:
• Work stations
• Connection devices: Gateway, Router, Bridge, Repeater
• Servers
• Network software and application software
• Network cable
• Information in files and databases
The security policy in place must consider the protection of these resources. It must also balance security requirements with network connectivity requirements because a policy that is good for one network may be bad for another.
3.5.3 Design method:
Creating a cyber policy means establishing procedures and plans to protect our resources from loss and damage. One possible approach is to respond to
the following question:
• What resources do we want to protect?
• Who do we need to protect these resources from?
• What are the threats?
• How important are resources?
• How will we protect resources in an economical and reasonable way?
best
• Review policies periodically to reflect changes in purpose
as well as the status of the network?
3.5.4 Designing network security policy:
3.5.4.1 Security risk analysis:
Before setting up a policy, we need to know which resources need to be protected, that is, which resources are more important to come up with a reasonable economic solution. At the same time, we must also determine which leaks are the source of threats to the system. Many studies show that the damage caused by "outsiders" is still much smaller than the damage caused by "insiders". Risk analysis includes the following:
• What do we need to protect?
• What do we need to protect resources from?
• How to protect?
3.5.4.2 Identify resources to be protected:
When performing an analysis, we also need to determine which resources are at risk of being compromised. It is important to list all network resources that may be affected by security issues.
- Hardware: Microprocessor, motherboard, keyboard, terminal, workstation, personal computer, printer, disk drive, communication line, server, router
- Software: Source programs, object programs, utilities, survey programs, operating systems, communication programs.
- Data: During execution, online storage, off–line storage, backup, audit logs, database transmitted over communication media.
- Human: User, the person needed to start the system.
- Documents: About programs, hardware, systems, local administration procedures.
- Supplies: printing paper, tables, ink ribbons, magnetic devices.
3.5.4.3 Identify network security threats:
Once we have identified what resources need to be protected, we also need to identify what threats exist against those resources. These threats might include:
Illegal access:
Only authorized users have access to network resources, which is called authorized access. There are many types of access that are considered illegal, such as using someone else's account without permission. The severity of illegal access depends on the nature and extent of damage caused by the access.
To disclose information:
Accidental or intentional disclosure of information is another threat. We should set values to reflect the importance of the information. For example, for software manufacturers, these include: source code, design details, diagrams, competitive information about the product, etc. If important information is disclosed, our organization may suffer damage in terms of reputation, competitiveness, customer benefits, etc.
Refusal to provide service:
Networks often contain valuable resources such as computers, databases, etc. and provide services to the entire organization. Most users on the network depend on these services to perform their work effectively.
It is very difficult to predict the types of denial of service. We can temporarily list some network errors that are denied: due to an erroneous packet, due to overloaded transmission lines, disabled routers, due to viruses...
3.5.4.4 Identify network user responsibilities:
Who is authorized to use network resources:
We must list all users who need access to the network resource. It is not necessary to list all users. If we group users, the list will be simpler. At the same time, we must list a special group called external users, which are those who access from a single station or from another network.
How to use resources properly:
After defining the users who are allowed to access network resources, we must continue to define how those resources will be used. Thus, we must set out guidelines for each class of users such as: Software developers, students, external users.
Who has the right to grant access:
The network security policy must identify who has the authority to grant services to users. It must also identify the types of access that users can grant. If we know who has the authority to grant access, we can know what type of access is granted, and whether users are granted beyond their authority. We must consider the following two things:
- Is service access provided from a central point?
- What method is used to create a new account and terminate access?
If a large organization is not centralized, there are of course many central points for granting access, each central point being responsible for all the parts to which it grants access.
What are the user's rights and responsibilities:
It is necessary to clearly define the rights and obligations of users to ensure the normal management and operation of the network. Ensure transparency and privacy for users, as well as users must be responsible for protecting their accounts.
What are the powers and responsibilities of a system administrator:
System administrators regularly have to collect information about files in
user's private directory to investigate system issues. Conversely, user