Controlling

Networks

Presented by: Luisito V. Correa Jr., CPA, CAT, MBA

 Scope
CONTROLLING RISKS FROM SUBVERSIVE THREATS

CONTROLLING RISKS FROM EQUIPMENT FAILURE

ELECTRONIC DATA INTERCHANGE (EDI) CONTROLS

Network Communications Risks

Risks from Subversive Threats

1 Computer criminals, hacking, denial of service attacks
Risks from equipment failure
Equipment failures in the communications system.
Corrupt transmission, data and program loss on servers
2
CONTROLLING RISKS FROM
SUBVERSIVE THREATS
 Firewall

Insulates the organization’s network from external

network.

Insulate portions of the organization’s intranet from

internal access.

Can be used to authenticate an outside user of the

network, verify his or her level of access authority, and
then direct the user to the program, data, or service
requested.
 Types of Firewall

Network-level firewall

• Provides efficient but low security access control.

• Use screening router that examines the source and destination
addresses.
• Accepts or denies access requests based on filtering rules.
• Does not explicitly authenticate outside users.

Application-level firewall

• Provide a higher level of customizable network security.

• Add overhead to connectivity.
• Configured to run security applications called proxies that can
perform sophisticated functions such as user authentication.
• Provide comprehensive transmission logging and auditing
tools.
Dual-Homed System Firewall
Denial of Service Attacks

SYN Flood Attack

Smurf Attack

Distributed Denial of Service

(DDos) Attack
 Controlling Denial of Service Attacks
SYN Flood Attack
• When a user establishes a connection on the Internet a
three-way handshake takes place.

• The connecting server sends an initiation code called a

SYN (SYNchronize) packet to the receiving server. The
receiving server then acknowledges the request by
returning a SYNchronize–ACKnowledge (SYN-ACK)
packet. Finally, the initiating host machine responds
with an ACK packet code.

• The SYN flood attack is accomplished by not sending

the final acknowledgment to the server’s SYN-ACK
response, which causes the server to keep signaling for
acknowledgement until the server times out.
 Controlling Denial of Service Attacks

Prevention and Detection

 Programming the firewalls to block outbound message packets that
contain invalid internal IP addresses to prevent attackers from hiding their
locations from the targeted site
 Using Security software that is available for the targeted sites that
scan for half-open connections and looks for SYN packets that
have not been followed by an ACK packet.
 Controlling Denial of Service Attacks
• It is accomplished by exploiting an Internet maintenance
tool called a ping. Smurf Attack
• The ping works by sending an echo request message to
the host computer and listening for a response message.
A functioning and available host must return an echo
reply message that contains the exact data received in
the echo request message packet.
• The perpetrator of a smurf attack uses a program to
create a ping message packet that contains the forged IP
address of the victim’s computer (IP spoofing). The ping
message is then sent to the intermediary, which is
actually an entire subnetwork of computers.
Consequently, each intermediary node sends echo
responses to the ping message, which are returned to
the victim’s IP address
• The resulting flood echoes can overwhelm the victim’s
computer and cause network congestion that makes it
unusable for legitimate traffic.
 Controlling Denial of Service Attacks

Prevention and Detection

 The targeted organization can program their firewall to

ignore all communication from the attacking site until the
attacker’s IP address is determined
 Controlling Denial of Service Attacks
Distributed Denial of Service (DDos) attack

• May take the form of a SYN flood or smurf attack. The

distinguishing feature of the DDos is the sheer scope of
the event.
• The perpetrator of a DDos attack may employ a virtual
army of so-called zombie or bot (robot) computers to
launch the attack. Because vast numbers of
unsuspecting intermediaries are needed, the attack
often involves one or more Internet Relay Chat (IRC)
networks as a source of zombies.
• IRC is a popular interactive service on the Internet that
lets thousands of people from around the world engage
in real-time communications via their computers.
 Controlling Denial of Service Attacks

Prevention and Detection

 Investing in Intrusion Prevention Systems ( IPS ) that employ

deep packet inspection ( DPI ) to determine when an attack is in
progress.
 Encryption
Encryption is the conversion of data into a secret code for storage in databases and transmission over
networks.
 Encryption

PRIVATE KEY ENCRYPTION PUBLIC KEY ENCRYPTION

Two general approaches to encryption

 Private Key Encryption
Advance encryption standard (AES)
• A 128-bit encryption technique that has become a U.S. government standard for private key encryption.
• The AES algorithm uses a single key known to both the sender and the receiver of the message.
• The receiver decodes the message with a decryption program that uses the same key the sender
employs.
 Private Key Encryption
Triple-DES encryption
• An enhancement to an older encryption technique called the Data Encryption Standard (DES).
• Triple DES provides considerably improved security over most single encryption techniques.
• Two forms of triple-DES encryption are EEE3 and EDE3.
 Private Key Encryption

Hello Key 1 &q77> Key 2 G4??i Key 3 8*WW”

Sender

Hello Key 1 &q77> Key 2 G4??i Key 3 8*WW”

Receiver
 Private Key Encryption

Hey Key 1 W&u Key 2 yHe Key 3 uW&

Sender

Hey Key 1 W&u Key 2 yHe Key 3 uW&

Receiver
 Public Key Encryption
• Public key encryption uses two different keys: one for encoding messages and the other
for decoding them.
• Users never need to share their private keys to decrypt messages, thus reducing the
likelihood that they fall into the hands of a criminal.
 Public Key Encryption
• RSA (Rivest-Shamir-Adleman) This method is computationally intensive and much slower than
standard DES encryption.
• Sometimes, both DES and RSA are used together in what is called a digital envelope.
• The DES private key needed to decrypt the message is encrypted using RSA and transmitted along
with the message. The receiver first decodes the DES key, which is then used to decode the
message.
 Digital Message Security Feature

Digital Envelope Digital Signature Digital Certificate

 Digital Envelope
Digital envelope is an encryption method in which both DES and RSA are used together.
• A digital envelope is a secure electronic data container that is used to protect a message through encryption
and data authentication.
• It allows users to encrypt data with the speed of secret key encryption and the convenience and security of
public key encryption.
 Digital Signature
Digital signature is electronic authentication that cannot be forged. It ensures that the message
or document the sender transmitted was not tampered with after the signature was applied.
 Digital Certificate
Digital certificate is a sender’s public key that has been digitally signed by trusted third parties.
• Verifying the sender’s identity requires a digital certificate, which a trusted third party issues, called a
certification authority (CA).
• The digital certificate is transmitted with the encrypted message to authenticate the sender. The receiver
uses the CA’s public key, which is widely publicized, to decrypt the sender’s public key attached to the
message. The sender’s public key is then used to decrypt the message.
 Other Controls for Subversive Threats

Message Message Request-

Call-Back
Sequence Transaction Response
Devices
Numbering Log Technique

A sequence number All incoming and A control message Requires the dial-in
is inserted in each outgoing messages, as from the sender and a user to enter a
message, and any well as failed access, response from the password and be
such attempt to should be recorded in receiver are sent at identified. The system
delete, change a message transaction periodic, synchronized then breaks the
order or duplicate a log. intervals. connection to perform
message will user authentication.
become apparent at The log should record The message timing
the receiving end. the user ID, the time of should follow a random Call-back device dials
access, and the pattern that will be the caller’s number to
terminal location or difficult for the intruder establish a new
telephone number. to determine and connection when the
circumvent. caller is authorized.
 Audit Objectives Relating to Subversive Threats

The auditor’s objective is to verify the security and integrity of financial transactions by determining that
network controls:

a) can prevent and detect illegal access both internally and from the Internet.

b) will render useless any data that a perpetrator successfully captures.

c) are sufficient to preserve the integrity and physical security of data connected to the network.
 Audit Procedures Relating to Subversive Threats

1) Review the adequacy of the firewall in achieving the proper balance between control and convenience
based on the organization’s business objectives and potential risks. Criteria: flexibility, proxy services,
filtering, segregation of systems, audit tools, probe for weaknesses.
2) Verify that an Intrusion Prevention Systems (IPS) with deep packet inspection (DPI) is in place for
organizations that are vulnerable to DDos attacks, such as financial institutions.
3) Review security procedures governing the administration of data encryption keys.
4) Verify the encryption process by transmitting a test message and examining the contents at various points
along the channel between the sending and receiving locations.
5) Review the message transaction logs to verify that all messages were received in their proper sequence.
6) Test the operation of the call-back feature by placing an unauthorized call from outside the installation.
CONTROLLING RISKS FROM
EQUIPMENT FAILURE
 CONTROLLING RISKS FROM EQUIPMENT FAILURE

Line Errors
• The most common problem in data communications is data loss due to line error.

• The bit structure of the message can be corrupted through noise on the communications lines.

• Noise is made up of random signals that can interfere with the message signal when they reach a
certain level.

• Electric motors, atmospheric conditions, faulty wiring, defective components in equipment, or noise
spilling over from an adjacent communications channel may cause these random signals.
 CONTROLLING RISKS FROM EQUIPMENT FAILURE

ECHO CHECK
• The echo check involves the receiver of the message returning the message to the sender.

• The sender compares the returned message with a stored copy of the original.

• If there is a discrepancy between the returned message and the original, suggesting a transmission
error, the message is retransmitted
 CONTROLLING RISKS FROM EQUIPMENT FAILURE

PARITY CHECK.
• The parity check incorporates an extra bit (the parity bit) into the structure of a bit string when it is
created or transmitted.

• Parity can be both vertical and horizontal (longitudinal).

• If the number is even, the system assigns the parity bit a value of one.

• If the number of 1 bits is odd, a zero parity bit is added to the bit structure.
CONTROLLING RISKS FROM EQUIPMENT FAILURE
 Audit Objectives & Procedures Relating to Equipment Failure

Audit Objective:
 Verify the integrity of the electronic commerce transactions by determining that controls are in
place to detect and correct message loss due to equipment failure.

Audit Procedures:
 The auditor can select a sample of messages from the transaction log and examine them for
garbled contents that line noise causes.

 The auditor should verify that all corrupted messages were successfully retransmitted.
 ELECTRONIC DATA
INTERCHANGE CONTROLS
 Electronic Data Interchange

Electronic data interchange (EDI) is the intercompany exchange of computer-processible

business information in standard format.
• The transmission may be either a direct connection between the trading partners or an indirect connection
through a value-added network (VAN).
Electronic Data Interchange Controls
 Electronic Data Interchange Controls

TRANSACTION AUTHORIZATION AND VALIDATION

a) Some VANs have the capability of validating passwords and user ID codes for the vendor by matching
these against a valid customer file. The VAN rejects any unauthorized trading partner transactions before
they reach the vendor’s system.

b) Before being converted, the translation software can validate the trading partner’s ID and password against
a validation file in the firm’s database.

c) Before processing, the trading partner’s application software references the valid customer and vendor files
to validate the transaction.
 Electronic Data Interchange Controls
ACCESS CONTROL
• To function smoothly, EDI trading partners must permit a degree of access to
private data files that would be forbidden in a traditional environment.

• For example, it may permit the customer’s system to access the vendor’s
inventory files to determine if inventories are available. The customer may
periodically access the vendor’s price list file to keep pricing information
current. Alternatively, the vendor may need access to the customer’s price list
to update prices.

• To guard against unauthorized access:

a) Each company must establish valid vendor and customer files where
inquiries against databases can t be validated and unauthorized attempts
at access can be rejected.
b) User authority tables can also be established, which specify the degree of
access a trading partner is allowed.
 Electronic Data Interchange Controls

EDI AUDIT TRAIL

• The absence of source documents in EDI transactions eliminates the traditional audit
trail
• One technique for restoring the audit trail is to maintain a control log, which records the
transaction’s flow through each phase of the EDI system.
 Audit Objectives Relating to EDI

The auditor’s objectives are to determine that:

a) All EDI transactions are authorized, validated, and in compliance with the trading partner agreement

b) No unauthorized organizations gain access to database records

c) Authorized trading partners have access only to approved data

d) Adequate controls are in place to ensure a complete audit trail of all EDI transactions.
 Audit Procedures Relating to EDI

TESTS OF AUTHORIZATION AND VALIDATION CONTROLS:

a) Review agreements with the VAN facility to validate transactions and ensure that information
regarding valid trading partners is complete and correct
b) Examine the organization’s valid trading partner file for accuracy and completeness.

TESTS OF ACCESS CONTROLS:

a) The auditor should determine that access to the valid vendor or customer file is limited to
authorized employees only. The auditor should verify that passwords and authority tables
control access to this file and that the data are encrypted
b) The auditor should reconcile the terms of the trading agreement against the trading partner’s
access privileges stated in the database authority table.
c) The auditor should simulate access by a sample of trading partners and attempt to violate
access privileges.
 Audit Procedures Relating to EDI

TESTS OF AUDIT TRAIL CONTROLS

• The auditor should verify that the EDI system produces a transaction log that tracks transactions
through all stages of processing.

• By selecting a sample of transactions and tracing these through the process, the auditor can verify
that key data values were recorded correctly at each point.
Thank You and God Bless