Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
NETWORK SECURITY NETWORK SECURITY NETWORK SECURITY NETWORK SECURITY
Persidangan Keselamatan ICT SektorAwam
Tahun 2010
PICC, 21 September 2010PICC, 21 September 2010PICC, 21 September 2010PICC, 21 September 2010
Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia 2
RANGKAKERJA
KESELAMATAN MAKLUMAT
TADBIR URUS
Polisi
Strategi
Peranan &
Tanggungjawab
Pengukuran
Prestasi
Pengurusan Risiko
Perundangan & Peraturan
Pendidikan dan
Latihan
PERKHIDMATAN KESELAMATAN ICT (UMUM)
PengurusanService Level Agreemement
PerancanganPerkhidmatan
System Development Life Cycle
Pembangunansecaraoutsourced
Pengurusan Pembangunan
PengurusanPerubahan
Rekabina N-tier bagi Pusat Data
Email PertukaranDokumen
Operasi
Komunikasi
Identification & Authentication
Authorization Identity & Key Management
Audit Trails & Monitoring
Backup,
Redundancy & Recovery
PERKHIDMATAN KESELAMATAN ICT (TEKNIKAL)
Pembudayaan dan
Pematuhan
INFRASTRUKTUR ICT
Wireless PejabatCawangan/ AgensiLain
Portal Aplikasi Khusus:
Kawal Selia
Pemudah Cara
TadbirUrus
Rangkaian + Komunikasi Landasan Aplikasi
Perimeter Protection
Guest Access
Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia 3
Perkhidmatan
Pengurusan
Perkhidmatan
Pembangunan
Perkhidmatan
Operasi
3 3 3 3
ASPEK ASPEK ASPEK ASPEK
UTAMAUTAMAUTAMAUTAMA
PERKHIDMATAN KESELAMATAN ICT
(UMUM)
�Pengurusan Service Level Agreement
�Perancangan
Perkhidmatan
�Pengurusan Service Level Agreement
�Perancangan
Perkhidmatan
�System Development Life Cycle
�Pembangunan
secara outsourced
�System Development Life Cycle
�Pembangunan
secara outsourced
�Pengurusan
Perubahan
�Rekabina N-tier bagi
Pusat Data
�Pertukaran Dokumen
�Komunikasi
�Pengurusan
Perubahan
�Rekabina N-tier bagi
Pusat Data
�Pertukaran Dokumen
�Komunikasi
Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia 4
Identification
&
Authentication
PERKHIDMATAN KESELAMATAN ICT
(TEKNIKAL)
� Elemen Perkhidmatan Keselamatan ICT (Teknikal)
merangkumi pelaksanaan penyelesaian teknikal yang
bertujuan menekankan aspek perlindungan dan
pemantauan aset Jabatan / Agensi.
AuthorizationIdentity & key
Management
Audit Trails
& Monitoring
Backup,
redundancy
& recovery
5 5 5 5 AspekAspekAspekAspek UtamaUtamaUtamaUtama
Unit Pemodenan Tadbiran dan Perancangan Pengurusan Malaysia 5
Rangkaian
&
Komunikasi
INFRASTRUKTUR ICT
� Sebarang Sistem ICT adalah disokong oleh Infrastruktur
ICT yang terdiri dari rangkaian, komunikasi dan sistem
landasan yang menjadi nadi penggerak sistem-sistem
aplikasi Jabatan / Agensi.
Landasan
Aplikasi
INFRAINFRAINFRAINFRA----
STRUKTUR STRUKTUR STRUKTUR STRUKTUR
ICTICTICTICT
�Wireless
�Perimeter Protection
�Pejabat Cawangan /
Agensi Lain
�Guest Access
�Wireless
�Perimeter Protection
�Pejabat Cawangan /
Agensi Lain
�Guest Access
�Portal
�Aplikasi-aplikasi
Khusus
�Portal
�Aplikasi-aplikasi
Khusus
Network Security
KESELAMATAN RANGKAIAN
What is a Network?
� Two or more devices connected across some medium by hardware and software that enable the communication.
� Environment of Use : LAN, WAN, MAN.
� Mode of Communications : Media, Cable, Type of Communication.
� Protocol : TCP/IP, OSI
Network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources.
Network Security
How does it work?
� Network security starts from authenticating the user, commonly with a username and a password. Since this requires just one thing besides the user name, i.e. the password which is something you 'know', this is sometimes termed one factor authentication. With two factor authentication something you 'have' is also used (e.g. a security token or 'dongle', an ATM card, or your mobile phone), or with three factor authentication something you 'are' is also used (e.g. a fingerprint or retinal scan).
� Once authenticated, a firewall enforces access
policies such as what services are allowed to be
accessed by the network users.[2] Though
effective to prevent unauthorized access, this
component may fail to check potentially harmful
content such as computer worms or Trojans
being transmitted over the network. Anti-virus
software or an intrusion prevention system
(IPS)[3] help detect and inhibit the action of such
malware.
How does it work?
� An anomaly-based intrusion detection systemmay also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high level analysis.
� Communication between two hosts using a network could be encrypted to maintain privacy.
How does it work?
Threats In Network Security
� Precursors to attack� Port scan
� Social engineering
� Reconnaissance
� OS and application fingerprinting
� Authentication failures� Impersonation
� Guessing
� Eavesdropping
� Spoofing
� Session hijacking
� Man-in-the-middle attack
� Programming flaws
� Buffer overflow
� Addressing errors
� Parameter modification, time-of-check to time-
of-use errors
� Server-side include
� Cookie
� Malicious active code: Java, ActiveX
� Malicious code: virus, worm, Trojan horse
� Malicious typed code
Threats In Network Security
Compromise of CIA
� Confidentiality
� Protocol flaw
� Eavesdropping
� Passive wiretap
� Misdelivery
� Exposure within the network
� Traffic flow analysis
� Cookie
Compromise of CIA
� Integrity
� Protocol flaw
� Active wiretap
� Impersonation
� Falsification of message
� Noise
� Web site defacement
� DNS attack
Compromise of CIA
� Availability
� Protocol flaw
� Transmission or component failure
� Connection flooding, e.g., echo-chargen, ping
of death, smurf, syn flood
� DNS attack
� Traffic redirection
� Distributed denial of service
Basic Security in Network
� Authentication, Authorization, and Access Control
� Cryptography.
� Remote Access and Wireless Security
� Virtual Private Network
� Firewall
� Intrusion Detection and Prevention System
� Honeypots
� Infrastructure Security
Network Vulnerabilities and Controls.
Network Vulnerabilities and Controls.
Network Vulnerabilities and Controls.
Network Vulnerabilities and Controls.
Network Vulnerabilities and Controls
Network Vulnerabilities and Controls
Firewall Types
Example of a Network Design
Continuous Effort
� monitor in real-time, backbone network traffic, as
necessary and appropriate, for the detection of
unauthorized activity, intrusion attempts and
compromised equipment.
� carry out and review the results of automated
network-based vulnerability, compromise
assessment and guideline compliance scans of
the systems and devices
SEKIANSEKIANSEKIANSEKIAN
TERIMA KASIHTERIMA KASIHTERIMA KASIHTERIMA KASIH