IT Governance, Risk, and Compliance


December 1, 2012  12:09 AM

Network Infrastructure Security: Intrusion Detection Systems – Part IV

Robert Davis Robert Davis Profile: Robert Davis

As suggested in the aforementioned paragraph, depending on the developer, an entity deployed IDS can have a variety of components and features. However, IDS functionality commonly includes sensors for detecting data, analyzers for evaluating data, panels for monitoring activities as well as user-interfaces for manipulating configuration settings. Collected IDS items can be in the form of packets, system audit records, computed hash values as well as other data formats. Procedurally, analyzers receive input from sensors and determine intrusive activity.

The misuse detection model is based on the hypothesis that known exploits of vulnerabilities can be described by attack signatures or patterns, therefore IT attacks can be revealed through identifiable patterns. Malicious misuse encompasses reading, modification, and destruction of data. Misuse detection systems normally compare gathered information to large databases of attack signatures for internal perpetrator identification. There is typically a high-degree of certainty that signature-based intrusion detection models will recognize exact attack pattern replications; however slight variations in a data-based attack pattern may escape discovery.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.

November 29, 2012  1:41 AM

Network Infrastructure Security: Intrusion Detection Systems – Part III

Robert Davis Robert Davis Profile: Robert Davis

 

Deployed intrusion detection solutions are not a substitute for firewalls; although they usually complement the function of firewalls. Commonly, a deployed IDS inspects computer activity to identify suspicious patterns that may indicate an attack from hackers or crackers utilizing vulnerability assessment software. There are several categories for IDS inspection including misuse, anomaly, host-based, and network-based detection. Each IDS classification relies on analytical information to determine reportable conditions, such as signatures, protocols, profiles, and/or statistical patterns.

Generally, intrusion detection systems have passive and active components. Passive procedures normally encompass: inspection of system configuration files to expose inadvisable settings; inspection of password files to indicate imprudent pass-codes; and inspection of other system areas to detect policy violations. Whereas, active procedures usually accommodate: mechanisms to ascertain known methods of attack; mechanisms to log-off users; mechanisms to reprogram the firewall; and mechanisms to log system responses.

 

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.


November 24, 2012  12:12 AM

Network Infrastructure Security: Intrusion Detection Systems – Part II

Robert Davis Robert Davis Profile: Robert Davis

Intrusion detection aids in reacting to network infrastructure incursions. Derivatively, the main value of intrusion detection is early incident or event awareness and subsequent, timely intervention resulting in a loss experience that is less than what might otherwise ensue from a security breach. “After all of the access control rules are implemented and the software is updated and patched, an IDS should provide the ability to determine if and when security controls have been bypassed.” Consequently, the primary IDS purpose is to provide the ability to view IT activity in real time and to identify unauthorized IT activity.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.


November 21, 2012  6:28 PM

Network Infrastructure Security: Intrusion Detection Systems – Part I

Robert Davis Robert Davis Profile: Robert Davis

 

IT decentralization clearly has increased the need for effective network security. In response, entities typically deploy several layers of information security technologies. Furthermore, due to technological and operational diversity, it is critical to have standard processes to control access that will permit economies of scale.

Network monitoring of packets to identify malformed packets and known attacks should be an entity’s Threat Management control objective. “Unauthorized access incidents are often preceded by reconnaissance activity to map hosts and services and to identify vulnerabilities.” Precursor exploits may include port scans, host scans, vulnerability scans, pings, trace-routes, DNS zone transfers, Operating System fingerprinting, and banner grabbing. Such unethical, if not unlawful, activities are discovered primarily through Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) software and secondarily through log analysis.

Source:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.


November 17, 2012  1:58 AM

A Few Fundamental Features of IPv6 Internetworking – Part VI

Robert Davis Robert Davis Profile: Robert Davis

Why understanding IPv6 is important to end-users

Currently, the dominant internetworking protocol is Internet Protocol version 4 (IPv4). Yet, each IPv4 address is limited to a thirty-two bit field length, which corresponds to a maximum of approximately four billion unique internetworking addresses. IPv6 is the next generation of IP messaging that uses a one-hundred-twenty-eight bit field length, resulting in an enormous increase of supportable unique addresses. In fact, the new allotment will permit every person on this planet to have over four billion internetworking addresses!

Potential IPv6 conversion issues are internetworking device computational and/or bandwidth overhead, which in turn can impact communication performance. End-users who are planning migration to IPv6 as well as designers and implementers of IPv6, must understand the technology in order to assess the risks associated with this paradigm shift and prepare effective and efficient responses.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

 

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part VI” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”


November 15, 2012  2:54 AM

A Few Fundamental Features of IPv6 Internetworking – Part V

Robert Davis Robert Davis Profile: Robert Davis

The IPSec model is an architecture composed of standard rules for protecting IP traffic. IPSec is also a set of protocols utilized to secure IP packet exchanges that operate at the Internet Layer of the TCP/IP reference model. IPSec utilizes certificates and Public Keys to authenticate and validate the sender and receiver.

Tunnel and Transport are the two telecommunication modes supported by IPSec. IPSec standard rules can be incorporated into transport and tunnel mode encapsulation. As a distinctive feature, Tunnel mode provides two additional header records for sending messages, thus requiring more processing. In addition, Tunnel mode is usually implemented between two gateways or a gateway and server.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

 

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part V” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”


November 10, 2012  2:40 AM

A Few Fundamental Features of IPv6 Internetworking – Part IV

Robert Davis Robert Davis Profile: Robert Davis

Upon arrival at the destination, the original internetworking message is reassembled in the correct order, based on the imprinted packet sequence number. Thus a virtual connection is established with the end-station through a Transport Layer protocol; though, typically, intermediate network nodes only render connectionless Internet Layer service for packet-switched messages.

IPSec network security capabilities

Internetwork security is integrated into the design of the IPv6 architecture, and the IPv6 ITEF specification mandates support for IPSec as a fundamental interoperability requirement.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

 

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part IV” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”


November 8, 2012  1:20 AM

A Few Fundamental Features of IPv6 Internetworking – Part III

Robert Davis Robert Davis Profile: Robert Davis

With connectionless packet switching, each packet includes complete addressing or routing information. In passing through connectionless-enabled networks, each packet is imprinted with: a destination address, a source address, as well as a packet sequence number. Functionally, this precludes the need for a dedicated path to aid the packet in navigating the network to its intended destination.

Datagram transmission across multiple IP networks

Packet switching is commonly employed to optimize available channel capacity in digital networks, to minimize transmission latency in message delivery and to enhance processing reliability in addressing modes.

IPv6 packet-switched addressing encompasses three general categories for transport:

  • Unicast – protocol fields act as an identifier for a single interface (within the ambit of the unicast address type). An IPv6 packet sent to a Unicast address is delivered to the interface identified by that address.
  • Multicast – protocol fields act as an identifier for a set of interfaces that can belong to different nodes. An IPv6 packet delivered to a Multicast address is delivered to the interfaces specified by the ambit indicators.
  • Anycast – protocol fields act as identifiers for a set of interfaces that can belong to the different nodes. An IPv6 packet destined for an Anycast address is delivered to one of the interfaces identified by the protocol fields defined administratively.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

 

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part III” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”


November 2, 2012  11:13 PM

A Few Fundamental Features of IPv6 Internetworking – Part II

Robert Davis Robert Davis Profile: Robert Davis

Packet-switched networking model

As presented in the article A Few Fundamentals of Networking Electronically Encoded Data, data must be organized for transmission. Thus, the creation of usable telecommunication packets requires appending a unique header to the message destined to traverse the internetwork. Technically, in order to send messages utilizing IP addressing, a program must prepare IP datagrams through the encapsulation of received datum.

As a potential delivery option, packet switching is an electronically-based communications method for grouping all transmittable data into suitably-sized packets, without exceeding the Maximum Transmission Unit (MTU) allocation. To achieve this goal, packets are routed individually, sometimes resulting in different paths and out-of-order delivery; thus requiring accurate message reassembly.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part II” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”


November 1, 2012  3:28 AM

A Few Fundamental Features of IPv6 Internetworking – Part I

Robert Davis Robert Davis Profile: Robert Davis

The Internet is a worldwide system of computer networks in which users at any one computer can, if they have permission, get information from any other connected computer. Internet protocols are a support structure for networking computers.

Internet Protocol (IP) addressing can provide a connectionless service for end systems to communicate across one or more networks. Within this context, during the original development of this communication addressing scheme, the designers assumed that computer networks would be unreliable.

The current Internet Engineering Task Force (IETF) sponsored IP specification, IP version six ( IPv6), is an Internet Layer protocol — as defined by the four layer Transmission Control Protocol/Internet Protocol (TCP/IP) model — for packet-switched internetworking that provides end-to-end datagram transmission across multiple IP networks, and mandates IP Security (IPSec) protocol suite support as a foundational interoperability requirement.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

 

 

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part I” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: