General Controls: Controlling Networks ● Accepts or denies access requests based on

filtering rules
NETWORK ● Does not explicitly authenticate outside users.

Network topologies consists of various configurations b. Application-level firewall

of:
1. Communication Lines (twisted-pairwires,
coaxial cable, microwaves, and fiberoptics)
2. Hardware components (modems, multiplexers,
servers, and front-end processors)
3. Software (Protocols and network control
systems)
Network Communications Risks
1. Risks from Subversive Threats - Computer
criminals, hacking, denial of service attacks
2. Risks from equipment failure - Equipment
failures in the communications system. Corrupt
transmission, data and program loss on servers
● Provide a higher level of customizable network
security.
● Add overhead to connectivity.
● Configured to run security applications called
proxies that can perform sophisticated functions
such as user authentication.
● Provide comprehensive transmission logging
and auditing tools.
c. Dual-Homed System Firewall

I. Controlling Risks from Subversive Threats

Firewall

● Insulates the organization’s network from

Denial of Service Attacks
external networks.
● Insulate portions of the organization’s intranet
● SYN Flood Attack
from internal access.
● Smurf Attack
● Can be used to authenticate an outside user of
● Distributed Denial of Service (DDos) Attack
the network, verify his or her level of access
authority, and then direct the user to the
Controlling Denial of Service Attack
program, data, or service requested.

a. SYN Flood Attack

Types of Firewall

a. Network-level firewall

● Provides efficient but low security access

control.
● Use a screening router that examines the source
and destination addresses.
● When a user establishes a connection on the
Internet a three-way handshake takes place.
● The connecting server sends an initiation code
called a SYN (SYNchronize) packet to the
receiving server. The receiving server then
acknowledges the request by returning a
SYNchronize–ACKnowledge (SYN-ACK) packet.
Finally, the initiating host machine responds with
an ACK packet code.
● The SYN flood attack is accomplished by not
sending the final acknowledgment to the server’s
SYN-ACK response, which causes the server to
keep signaling for acknowledgement until the
server times out.
Prevention and Detection
● Programming the firewalls to block outbound
message packets that contain invalid internal IP
addresses to prevent attackers from hiding their
locations from the targeted site Prevention and
Detection
● Using Security software that is available for the
targeted sites that scan for half-open connections
and look for SYN packets that have not been
followed by an ACK packet.
b. Smurf Attack
● It is accomplished by exploiting an Internet
maintenance tool called a ping.
● The ping works by sending an echo request
message to the host computer and listening for
a response message. A functioning and
available host must return an echo reply
message that contains the exact data received
in the echo request message packet.
● The perpetrator of a smurf attack uses a
program to create a ping message packet that
contains the forged IP address of the victim’s
computer (IP spoofing). The ping message is
then sent to the intermediary, which is actually
an entire subnetwork of computers.
Consequently, each intermediary node sends
echo responses to the ping message, which are
returned to the victim’s IP address
● The resulting flood echoes can overwhelm the
victim’s computer and cause network
congestion that makes it unusable for
legitimate traffic
Prevention and Detection
● The targeted organization can program their
firewall to ignore all communication from the
attacking site until the attacker’s IP address is
determined.
c. Distributed Denial of Service (DDos) Attack
● widespread attack
● May take the form of a SYNflood or smurf
attack. The distinguishing feature of the DDos
is the sheer scope of the event.
● The perpetrator of a DDos attack may employ a
virtual army of so-called zombie or bot (robot)
computers to launch the attack. Because vast
numbers of unsuspecting intermediaries are
needed,the attack often involves one or more
Internet Relay Chat (IRC) networks as a source
of zombies.
● Internet Relay Chat is a popular interactive
service on the Internet that lets thousands of
people from around the world engage in
real-time communications via their computers.
Prevention and Detection security over most single encryption
techniques.
● Investing in IPS (Intrusion Prevention ● Two forms of triple-DES encryption are EEE3
Systems) that employ DPI (deep packet and EDE3.
inspection) to determine when an attack is in
progress. Public Key Encryption

Encryption ● Public key encryption uses two different keys:

● Encryption is the conversion of data into a secret
code for storage in databases and transmission
over networks.
one for encoding messages and the other for
decoding them.
● Users never need to share their private keys to
decrypt messages, thus reducing the likelihood
that they fall into the hands of a criminal

Two general approaches to encryption

RSA (Rivest-Shamir-Adleman)
● This method is computationally intensive and
much slower than standard DES encryption.
● Sometimes, both DES and RSA are used
together in what is called a digital envelope.
● The DES private key needed to decrypt the
message is encrypted using RSA and
transmitted along with the message. The
a. Private Key Encryption receiver first decodes the DES key, which is
then used to decode the message.
Advance encryption standard (AES)
● A 128-bit encryption technique that has
become a U.S. government standard for private
key encryption.
● The AES algorithm uses a single key known to
both the sender and the receiver of the
message.
● The receiver decodes the message with a
decryption program that uses the same key the
sender employs. Digital Message Security Feature

Triple-DES encryption

● An enhancement to an older encryption

technique called the Data Encryption Standard
(DES).
● Triple DES provides considerably improved

Digital Envelope
Digital envelope is an encryption method in which both
DES and RSA are used together.
● A digital envelope is a secure electronic data
container that is used to protect a message
through encryption and data authentication.
● It allows users to encrypt data with the speed of
secret key encryption and the convenience and
security of public key encryption.
Digital Signature
Digital signature is electronic authentication that
cannot be forged. It ensures that the message or
document the sender transmitted was not tampered with
after the signature was applied
Digital Certificate
Digital certificate is a sender’s public key that has been
digitally signed by trusted third parties.
● Verifying the sender’s identity requires a digital
certificate, which a trusted third party issues,
called a certification authority (CA).
● The digital certificate is transmitted with the
encrypted message to authenticate the sender.
The receiver uses the CA’s public key, which is
widely publicized, to decrypt the sender’s
public key attached to the message. The
sender’s public key is then used to decrypt the
message.
Other Controls for Subversive Threats
Message Sequence Numbering
● A sequence number is inserted in each
message, and any such attempt to delete,
change order or duplicate a message will
become apparent at the receiving end.
Message Transaction Log
● All incoming and outgoing messages, as well
as failed access, should be recorded in a
message transaction log.
● The log should record the user ID, the time of
access, and the terminal location or telephone
number.
Request- Response Technique
● A control message from the sender and a
response from the receiver are sent at periodic,
synchronized intervals.
● The message timing should follow a random
pattern that will be difficult for the intruder to
determine and circumvent.
Call-Back Devices
● Requires the dial-in user to enter a password
and be identified. The system then breaks the
connection to perform user authentication.
● Call-back device dials the caller's number to
establish a new connection when the caller is
authorized.
Audit Objectives Relating to Subversive Threats
The auditor’s objective is to verify the security and
integrity of financial transactions by determining that
network controls:
a. can prevent and detect illegal access both
internally and from the Internet.
b. will render useless any data that a perpetrator
successfully captures.
c. are sufficient to preserve the integrity and
physical security of data connected to the
network.
Audit Procedures Relating to Subversive Threat
1. Review the adequacy of the firewall in
achieving the proper balance between control
and convenience based on the organization’s
business objectives and potential risks.
Criteria: flexibility, proxy services, filtering,
segregation of systems, audit tools, probe for
weaknesses.
2. Verify that an Intrusion Prevention Systems
(IPS) with deep packet inspection (DPI) is in
place for organizations that are vulnerable to
DDos attacks, such as financial institutions.
3. Review security procedures governing the
administration of data encryption keys.
4. Verify the encryption process by transmitting a
test message and examining the contents at
various points along the channel between the
sending and receiving locations.
5. Review the message transaction logs to verify
that all messages were received in their proper
sequence.
6. Test the operation of the call-back feature by
placing an unauthorized call from outside the
installation.
interfere with the message signal when they
reach a certain level.
● Electric motors, atmospheric conditions, faulty
wiring, defective components in equipment, or
noise spilling over from an adjacent
communications channel may cause these
random signals.
ECHO CHECK
● The echo check involves the receiver of the
message returning the message to the sender.
● The sender compares the returned message
with a stored copy of the original.
● If there is a discrepancy between the returned
message and the original, suggesting a
transmission error, the message is retransmitted
PARITY CHECK
● The parity check incorporates an extra bit (the
parity bit) into the structure of a bit string when
it is created or transmitted.
● Parity can be both vertical and horizontal
(longitudinal).
● If the number is even, the system assigns the
parity bit a value of one.
● If the number of 1 bits is odd, a zero parity bit
is added to the bit structure.

II. CONTROLLING RISKS FROM EQUIPMENT

FAILURE

LINE ERRORS
● The most common problem in data
communications is data loss due to line error.
● The bit structure of the message can be
corrupted through noise on the
communications lines.
● Noise is made up of random signals that can
Audit Objectives & Procedures Relating to
Equipment Failure
Audit Objective:
Verify the integrity of the electronic commerce
transactions by determining that controls are in place to
detect and correct message loss due to equipment
failure.
Audit Procedures:
1. The auditor can select a sample of messages
from the transaction log and examine them for
garbled contents that line noise causes.
2. The auditor should verify that all corrupted
messages were successfully retransmitted.
III. ELECTRONIC DATA INTERCHANGE
CONTROLS
Electronic data interchange (EDI) is the intercompany
exchange of computer-processible business information
in standard format.
● The transmission may be either a direct
connection between the trading partners or an
indirect connection through a value-added
network (VAN)
TRANSACTION AUTHORIZATION AND
VALIDATION
a. Some VANs have the capability of validating
passwords and user ID codes for the vendor by
matching these against a valid customer file.
The VAN rejects any unauthorized trading
partner transactions before they reach the
vendor’s system.
b. Before being converted, the translation
software can validate the trading partner’s ID
and password against a validation file in the
firm’s database.
c. Before processing, the trading partner’s
application software references the valid
customer and vendor files to validate the
transaction
ACCESS CONTROL
● To function smoothly, EDI trading partners
must permit a degree of access to private data
files that would be forbidden in a traditional
environment.
● For example, it may permit the customer’s
system to access the vendor’s inventory files to
determine if inventories are available. The
customer may periodically access the vendor’s
price list file to keep pricing information
current. Alternatively, the vendor may need
access to the customer’s price list to update
prices.
● To guard against unauthorized access:
a. Each company must establish valid
vendor and customer files where
inquiries against databases can’t be
validated and unauthorized attempts at
access can be rejected.
b. User authority tables can also be
established, which specify the degree
of access a trading partner is allowed.
EDI AUDIT TRAIL
● The absence of source documents in EDI
transactions eliminates the traditional audit trail
● One technique for restoring the audit trail is to
maintain a control log, which records the
transaction’s flow through each phase of the
EDI system.
Audit Objectives Relating to EDI
The auditor’s objectives are to determine that:
a. All EDI transactions are authorized, validated,
and in compliance with the trading partner
agreement.
b. No unauthorized organizations gain access to
database records.
 c. Authorized trading partners have access only to
approved data.
d. Adequate controls are in place to ensure a
complete audit trail of all EDI transactions.

TESTS OF AUTHORIZATION AND

VALIDATION CONTROLS:

a. Review agreements with the VAN

facility to validate transactions and
ensure that information regarding valid
trading partners is complete and
correct.
b. Examine the organization’s valid
trading partner file for accuracy and
completeness.

TESTS OF ACCESS CONTROLS:

a. The auditor should determine that access to the

valid vendor or customer file is limited to
authorized employees only. The auditor should
verify that passwords and authority tables
control access to this file and that the data are
encrypted.
b. The auditor should reconcile the terms of the
trading agreement against the trading partner’s
access privileges stated in the database
authority table.
c. The auditor should simulate access by a sample
of trading partners and attempt to violate
access privileges.

TESTS OF AUDIT TRAIL CONTROLS:

● The auditor should verify that the EDI system

produces a transaction log that tracks
transactions through all stages of processing.
● By selecting a sample of transactions and
tracing these through the process, the auditor
can verify that key data values were recorded
correctly at each point