network security (21 sep 2010)

NETWORK SECURITY NETWORK SECURITY NETWORK SECURITY NETWORK SECURITY

Persidangan Keselamatan ICT SektorAwam

Tahun 2010

PICC, 21 September 2010PICC, 21 September 2010PICC, 21 September 2010PICC, 21 September 2010

Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia 2

RANGKAKERJA

KESELAMATAN MAKLUMAT

TADBIR URUS

Polisi

Strategi

Peranan &

Tanggungjawab

Pengukuran

Prestasi

Pengurusan Risiko

Perundangan & Peraturan

Pendidikan dan

Latihan

PERKHIDMATAN KESELAMATAN ICT (UMUM)

PengurusanService Level Agreemement

PerancanganPerkhidmatan

System Development Life Cycle

Pembangunansecaraoutsourced

Pengurusan Pembangunan

PengurusanPerubahan

Rekabina N-tier bagi Pusat Data

Email PertukaranDokumen

Operasi

Komunikasi

Identification & Authentication

Authorization Identity & Key Management

Audit Trails & Monitoring

Backup,

Redundancy & Recovery

PERKHIDMATAN KESELAMATAN ICT (TEKNIKAL)

Pembudayaan dan

Pematuhan

INFRASTRUKTUR ICT

Wireless PejabatCawangan/ AgensiLain

Portal Aplikasi Khusus:

Kawal Selia

Pemudah Cara

TadbirUrus

Rangkaian + Komunikasi Landasan Aplikasi

Perimeter Protection

Guest Access

Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia 3

Perkhidmatan

Pengurusan

Perkhidmatan

Pembangunan

Perkhidmatan

Operasi

3 3 3 3

ASPEK ASPEK ASPEK ASPEK

UTAMAUTAMAUTAMAUTAMA

PERKHIDMATAN KESELAMATAN ICT

(UMUM)

�Pengurusan Service Level Agreement

�Perancangan

Perkhidmatan

�Pengurusan Service Level Agreement

�Perancangan

Perkhidmatan

�System Development Life Cycle

�Pembangunan

secara outsourced

�System Development Life Cycle

�Pembangunan

secara outsourced

�Pengurusan

Perubahan

�Rekabina N-tier bagi

Pusat Data

�Email

�Pertukaran Dokumen

�Komunikasi

�Pengurusan

Perubahan

�Rekabina N-tier bagi

Pusat Data

�Email

�Pertukaran Dokumen

�Komunikasi

Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia 4

Identification

&

Authentication

PERKHIDMATAN KESELAMATAN ICT

(TEKNIKAL)

� Elemen Perkhidmatan Keselamatan ICT (Teknikal)

merangkumi pelaksanaan penyelesaian teknikal yang

bertujuan menekankan aspek perlindungan dan

pemantauan aset Jabatan / Agensi.

AuthorizationIdentity & key

Management

Audit Trails

& Monitoring

Backup,

redundancy

& recovery

5 5 5 5 AspekAspekAspekAspek UtamaUtamaUtamaUtama

Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia 5

Rangkaian

&

Komunikasi

INFRASTRUKTUR ICT

� Sebarang Sistem ICT adalah disokong oleh Infrastruktur

ICT yang terdiri dari rangkaian, komunikasi dan sistem

landasan yang menjadi nadi penggerak sistem-sistem

aplikasi Jabatan / Agensi.

Landasan

Aplikasi

INFRAINFRAINFRAINFRA----

STRUKTUR STRUKTUR STRUKTUR STRUKTUR

ICTICTICTICT

�Wireless

�Perimeter Protection

�Pejabat Cawangan /

Agensi Lain

�Guest Access

�Wireless

�Perimeter Protection

�Pejabat Cawangan /

Agensi Lain

�Guest Access

�Portal

�Aplikasi-aplikasi

Khusus

�Portal

�Aplikasi-aplikasi

Khusus

Network Security

KESELAMATAN RANGKAIAN

What is a Network?

� Two or more devices connected across some medium by hardware and software that enable the communication.

� Environment of Use : LAN, WAN, MAN.

� Mode of Communications : Media, Cable, Type of Communication.

� Protocol : TCP/IP, OSI

Network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources.

Network Security

How does it work?

� Network security starts from authenticating the user, commonly with a username and a password. Since this requires just one thing besides the user name, i.e. the password which is something you 'know', this is sometimes termed one factor authentication. With two factor authentication something you 'have' is also used (e.g. a security token or 'dongle', an ATM card, or your mobile phone), or with three factor authentication something you 'are' is also used (e.g. a fingerprint or retinal scan).

� Once authenticated, a firewall enforces access

policies such as what services are allowed to be

accessed by the network users.[2] Though

effective to prevent unauthorized access, this

component may fail to check potentially harmful

content such as computer worms or Trojans

being transmitted over the network. Anti-virus

software or an intrusion prevention system

(IPS)[3] help detect and inhibit the action of such

malware.

How does it work?

� An anomaly-based intrusion detection systemmay also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high level analysis.

� Communication between two hosts using a network could be encrypted to maintain privacy.

How does it work?

Threats In Network Security

� Precursors to attack� Port scan

� Social engineering

� Reconnaissance

� OS and application fingerprinting

� Authentication failures� Impersonation

� Guessing

� Eavesdropping

� Spoofing

� Session hijacking

� Man-in-the-middle attack

� Programming flaws

� Buffer overflow

� Addressing errors

� Parameter modification, time-of-check to time-

of-use errors

� Server-side include

� Cookie

� Malicious active code: Java, ActiveX

� Malicious code: virus, worm, Trojan horse

� Malicious typed code

Threats In Network Security

Compromise of CIA

� Confidentiality

� Protocol flaw

� Eavesdropping

� Passive wiretap

� Misdelivery

� Exposure within the network

� Traffic flow analysis

� Cookie

Compromise of CIA

� Integrity

� Protocol flaw

� Active wiretap

� Impersonation

� Falsification of message

� Noise

� Web site defacement

� DNS attack

Compromise of CIA

� Availability

� Protocol flaw

� Transmission or component failure

� Connection flooding, e.g., echo-chargen, ping

of death, smurf, syn flood

� DNS attack

� Traffic redirection

� Distributed denial of service

Basic Security in Network

� Authentication, Authorization, and Access Control

� Cryptography.

� Remote Access and Wireless Security

� Virtual Private Network

� Firewall

� Intrusion Detection and Prevention System

� Honeypots

� Infrastructure Security

Network Vulnerabilities and Controls.

Network Vulnerabilities and Controls.

Network Vulnerabilities and Controls.

Network Vulnerabilities and Controls.

Network Vulnerabilities and Controls

Network Vulnerabilities and Controls

Firewall Types

Example of a Network Design

Continuous Effort

� monitor in real-time, backbone network traffic, as

necessary and appropriate, for the detection of

unauthorized activity, intrusion attempts and

compromised equipment.

� carry out and review the results of automated

network-based vulnerability, compromise

assessment and guideline compliance scans of

the systems and devices

SEKIANSEKIANSEKIANSEKIAN

TERIMA KASIHTERIMA KASIHTERIMA KASIHTERIMA KASIH