Controlling Networks
Controlling Networks
filtering rules
NETWORK ● Does not explicitly authenticate outside users.
Firewall
Types of Firewall
a. Network-level firewall
b. Smurf Attack
● widespread attack
● May take the form of a SYNflood or smurf
attack. The distinguishing feature of the DDos
is the sheer scope of the event.
● The perpetrator of a DDos attack may employ a
virtual army of so-called zombie or bot (robot)
computers to launch the attack. Because vast
numbers of unsuspecting intermediaries are
● It is accomplished by exploiting an Internet needed,the attack often involves one or more
maintenance tool called a ping. Internet Relay Chat (IRC) networks as a source
● The ping works by sending an echo request of zombies.
message to the host computer and listening for ● Internet Relay Chat is a popular interactive
a response message. A functioning and service on the Internet that lets thousands of
available host must return an echo reply people from around the world engage in
message that contains the exact data received real-time communications via their computers.
in the echo request message packet.
● The perpetrator of a smurf attack uses a
program to create a ping message packet that
contains the forged IP address of the victim’s
Prevention and Detection security over most single encryption
techniques.
● Investing in IPS (Intrusion Prevention ● Two forms of triple-DES encryption are EEE3
Systems) that employ DPI (deep packet and EDE3.
inspection) to determine when an attack is in
progress. Public Key Encryption
RSA (Rivest-Shamir-Adleman)
● This method is computationally intensive and
much slower than standard DES encryption.
● Sometimes, both DES and RSA are used
together in what is called a digital envelope.
● The DES private key needed to decrypt the
message is encrypted using RSA and
transmitted along with the message. The
a. Private Key Encryption receiver first decodes the DES key, which is
then used to decode the message.
Advance encryption standard (AES)
● A 128-bit encryption technique that has
become a U.S. government standard for private
key encryption.
● The AES algorithm uses a single key known to
both the sender and the receiver of the
message.
● The receiver decodes the message with a
decryption program that uses the same key the
sender employs. Digital Message Security Feature
Triple-DES encryption
Digital signature is electronic authentication that ● All incoming and outgoing messages, as well
cannot be forged. It ensures that the message or as failed access, should be recorded in a
document the sender transmitted was not tampered with message transaction log.
after the signature was applied ● The log should record the user ID, the time of
access, and the terminal location or telephone
number.
Digital certificate is a sender’s public key that has been Call-Back Devices
digitally signed by trusted third parties.
● Verifying the sender’s identity requires a digital ● Requires the dial-in user to enter a password
certificate, which a trusted third party issues, and be identified. The system then breaks the
called a certification authority (CA). connection to perform user authentication.
● The digital certificate is transmitted with the ● Call-back device dials the caller's number to
encrypted message to authenticate the sender. establish a new connection when the caller is
The receiver uses the CA’s public key, which is authorized.
widely publicized, to decrypt the sender’s
public key attached to the message. The
Audit Objectives Relating to Subversive Threats interfere with the message signal when they
reach a certain level.
The auditor’s objective is to verify the security and ● Electric motors, atmospheric conditions, faulty
integrity of financial transactions by determining that wiring, defective components in equipment, or
network controls: noise spilling over from an adjacent
a. can prevent and detect illegal access both communications channel may cause these
internally and from the Internet. random signals.
b. will render useless any data that a perpetrator
successfully captures. ECHO CHECK
c. are sufficient to preserve the integrity and
physical security of data connected to the ● The echo check involves the receiver of the
network. message returning the message to the sender.
● The sender compares the returned message
Audit Procedures Relating to Subversive Threat with a stored copy of the original.
● If there is a discrepancy between the returned
1. Review the adequacy of the firewall in message and the original, suggesting a
achieving the proper balance between control transmission error, the message is retransmitted
and convenience based on the organization’s
business objectives and potential risks.
Criteria: flexibility, proxy services, filtering,
segregation of systems, audit tools, probe for
weaknesses.
2. Verify that an Intrusion Prevention Systems
(IPS) with deep packet inspection (DPI) is in
place for organizations that are vulnerable to
DDos attacks, such as financial institutions. PARITY CHECK
3. Review security procedures governing the
administration of data encryption keys. ● The parity check incorporates an extra bit (the
4. Verify the encryption process by transmitting a parity bit) into the structure of a bit string when
test message and examining the contents at it is created or transmitted.
various points along the channel between the ● Parity can be both vertical and horizontal
sending and receiving locations. (longitudinal).
5. Review the message transaction logs to verify ● If the number is even, the system assigns the
that all messages were received in their proper parity bit a value of one.
sequence. ● If the number of 1 bits is odd, a zero parity bit
6. Test the operation of the call-back feature by is added to the bit structure.
placing an unauthorized call from outside the
installation.
LINE ERRORS
● The most common problem in data
communications is data loss due to line error.
● The bit structure of the message can be
corrupted through noise on the
communications lines.
● Noise is made up of random signals that can
Audit Objectives & Procedures Relating to software can validate the trading partner’s ID
Equipment Failure and password against a validation file in the
firm’s database.
Audit Objective: c. Before processing, the trading partner’s
application software references the valid
Verify the integrity of the electronic commerce customer and vendor files to validate the
transactions by determining that controls are in place to transaction
detect and correct message loss due to equipment
failure. ACCESS CONTROL