FUNDAMENTALS OF INFORMATION SECURITY

Module-4

Understanding Infrastructure Security

Infrastructure security includes protecting different parts of a computer network. It involves:

1. Device-Based Security – Securing hardware devices.

2. Media-Based Security – Protecting data transmission.

3. Monitoring and Diagnosing – Detecting and fixing security issues.

1. Device-Based Security
A network is made up of many hardware components like firewalls, routers, switches, modems, servers,
workstations, and mobile devices. Each device has its own security concerns. If any device is weak in security, the
whole network can be at risk. So, all components must be properly secured.

[Link] in Network Security

A firewall is a device or software that protects a network by blocking unwanted traffic from outside sources. It
checks incoming data and allows or denies it based on security rules.

Types of Firewalls

There are three main types of firewalls:

• Packet-Filtering Firewall (Layer 3 - Network Layer):

o Filters data packets based on IP addresses, ports, or protocols.

o Often used in routers.

• Proxy Service Firewall (Layer 5 & 7 - Session & Application Layer):

o Acts as an intermediary between internal networks and the internet.

o Circuit-Level Gateway (Layer 5) – Ensures secure sessions between networks.

o Application-Level Gateway (Layer 7) – Controls which application protocols are allowed.

• Stateful-Inspection Firewall (Works at all OSI layers):

o Uses advanced algorithms to inspect data at the Application Layer.

o Monitors ongoing network connections for security.

o Example: Windows Firewall (Windows XP SP2, Windows Server 2003 SP1).

2. Using Firewalls in Business and Home Networks

• Businesses often use hardware firewalls to protect their entire network.

• Individuals and small offices can use software firewalls to secure their computers.

1
 • Example: ZoneAlarm – A software firewall for Windows 2000 Professional, suitable for home and small office
protection.

[Link]-Based Security
Media-based security involves protecting network communication devices like routers and switches to ensure safe
data transmission.

1. Routers and Network Security

Routers connect different parts of a network and work at the Network Layer (Layer 3) of the OSI model. They guide
data packets using routing tables and algorithms to find the best path to the destination. Routers form the
backbone of the internet and can be managed manually or automatically using protocols like:

• Routing Information Protocol (RIP)

• Interior Gateway Routing Protocol (IGRP)

• Enhanced Interior Gateway Routing Protocol (EIGRP)

• Open Shortest Path First (OSPF)

Security Features in Routers

Routers include built-in security features such as:

• Access Control Lists (ACLs) – Blocks unwanted packets based on rules.

• Stateful Inspection – Tracks ongoing connections for security.

• Packet Filtering – Examines data packets and filters unwanted ones.

Security Risks in Routers

• Remote Access Risks – Attackers may try to access router settings remotely.

• Prevention Measures:

o Use strong passwords for router access.

o Enable encrypted communication when accessing a router remotely.

2. Switches and Network Security

Switches operate mostly at the Data Link Layer (Layer 2) but newer models also work at the Network Layer (Layer
3). They are used in Ethernet-based networks and manage network traffic efficiently.

How Switches Work

Each port in a switch is a separate collision domain, meaning data is sent only to the intended [Link] makes
switches more efficient than hubs, which broadcast data to all [Link] use MAC addresses to route data.

Security in Switches

Like routers, switches must be secured against unauthorized access:

• Use strict passwords for administrative access.

2
 • Secure remote access with encrypted communication.

[Link] and Modem Security

Wireless networks and modems provide high-speed internet access but come with unique security risks. It is
important to secure these devices to prevent unauthorized access.

Wireless Security

Wireless networks started in homes but are now widely used in businesses, especially after the 802.11n Wi-Fi
standard was introduced. However, they bring special security risks because data is transmitted through airwaves
instead of physical cables.

Security Risks in Wireless Networks

Wireless signals can be intercepted by anyone within [Link] cannot protect against attacks on the wireless
network because they only block threats from the internet connection.

Wireless Security Measures

Several security techniques help protect wireless networks:

(a) Wired Equivalent Privacy (WEP) : Uses RC4 encryption with 40-bit or 128-bit keys to protect data. However,
WEP encryption can be broken, making it less secure. Still, WEP is better than no security at all.

(b) Wi-Fi Protected Access (WPA & WPA2) : More secure than WEP. Uses 128-bit RC4 encryption with dynamic keys
to improve security. Reduces the risk of data being intercepted.

(c) MAC Address Filtering : Allows only approved devices to connect to the network. However, hackers can fake MAC
addresses, making this method less effective.

Remote Administration Risks

• Wireless Access Points allow remote access, just like routers and switches.

• To secure access:

o Use strong passwords.

o Enable secure communication protocols.

2. DSL and Cable Modem Security

A modem is a device that connects a computer to the internet. The term modem comes from
"modulator/demodulator," referring to the conversion of digital signals to analog and vice versa.

Types of Modern Modems

Most modern modems are DSL or Cable modems, which work differently from traditional modems:

• They convert DSL or Cable signals into Ethernet signals that computers can understand.

• They provide continuous internet connectivity for faster speeds and convenience.

Security Risks of Modems

• Always-on internet connections increase security risks.

3
 • Most basic modems do not have firewalls, leaving networks vulnerable.

Protecting Modems and Networks

To improve security: Use a modem with a built-in firewall. Even better, place a router with a firewall between the
modem and the network.

Remote Access and Network Security

Remote Access Service (RAS) : Remote Access Service (RAS) is a Windows feature that allows a client to connect to a
server over a dial-up connection. Once connected, the remote client works like a direct network connection to the
server.

Security Features in RAS : Uses authentication and authorization protocols to verify access. Can be set up to call
back an approved number before allowing access for extra security.

Security Risks and Solutions

• RAS servers are vulnerable to attacks.

• To reduce risk, they should be placed in a DMZ (Demilitarized Zone) where an inner firewall can block
malicious activities.

Telecom/PBX Security

A Private Branch Exchange (PBX) is a system that connects company phones to the public telephone network. These
systems are now often linked to IT networks, increasing security risks.

Security Risks in PBX Systems

• Hackers target PBXs to access the company’s network.

• VoIP (Voice Over IP) systems have made PBXs more vulnerable.

Preventing PBX Attacks

• Install specialized firewalls to protect both data and phone networks.

• Phone hackers, called phreakers, may misuse PBXs to make expensive calls at the company’s cost.

• Firewalls can block long-distance calls at certain times or require users to enter access codes before making
international calls.

Virtual Private Networks (VPNs)

A VPN allows secure remote access between a client and a server over a public network (like the internet).

How VPNs Work

• VPNs use encryption to keep information safe from unauthorized access.

• Encryption can:

o Encrypt only the data inside IP packets.

o Encrypt the entire packet, wrap it inside another packet, and send it (called tunneling).

VPN Benefits

4
 • Protects sensitive data from hackers.

• Hides the identities of both the sender and receiver.

[Link] and Diagnosing Networks

Monitoring and diagnosing network issues is important for maintaining smooth and secure communication. Various
tools and protocols help identify and fix network problems.

1. Network Monitoring and Diagnosis Tools

Several tools help in checking network issues and finding their locations. These include:

• Ping – Checks if a device is reachable.

• Traceroute – Tracks the path data takes across the network.

• Nslookup – Finds domain name system (DNS) details.

• Netstat – Shows active network connections.

• Ifconfig/Ipconfig – Displays network interface details.

These tools help diagnose if a network problem exists and where it is occurring.

2. Simple Network Management Protocol (SNMP)

SNMP is a protocol that works at the Application layer of the OSI model. It is used to collect network statistics from
connected devices in a TCP/IP network.

2.1 Components of SNMP

SNMP has three key parts:

• SNMP Managed Node – The device being monitored.

• SNMP Agent – Runs on the device and gathers network data.

• SNMP Network Management Station – Collects and analyzes data from agents.

2.2 SNMP Security

• SNMP Version 1 was insecure.

• SNMP Version 2 introduced MD5 authentication for better security.

• SNMP Version 3 provided stronger authentication and encryption.

Monitoring Network – Firewall, Intrusion Detection System, Intrusion Prevention

System

5
Networks are always changing, and network administrators must add new users, technologies, and applications.
These changes can affect network performance. When problems arise, admins need to find and fix the issue quickly
before it impacts users and business operations.

Many IT organizations follow Service Level Agreements (SLAs) to maintain performance. Network Monitoring
Systems (NMS) help by performing five key functions:

1. Functions of Network Monitoring Systems (NMS)

• Discover – Find all devices in the network.

• Map – Show how devices are connected.

• Monitor – Track network activity.

• Alert – Notify admins about issues.

• Report – Provide data for analysis.

Different NMS tools offer different capabilities for each of these functions.

2. Device Discovery in Network Monitoring

Network monitoring starts with discovery. If admins don’t know what’s in the network, they cannot monitor it.
NMS tools detect network devices like:

• Routers

• Switches

• Firewalls

• Servers

• Printers

NMS tools also use monitoring templates to track different device types. For example, a Cisco router needs different
monitoring than a Dell server.

3. Firewall – Network Security Protection

Hackers constantly try to break into networks. The best defense is a firewall, which is a hardware or software
system that controls network traffic.

How Firewalls Work

A firewall sits between a computer and the internet. It allows or blocks data based on configured rules. It blocks
unauthorized access to protect data. Some firewalls filter both inbound and outbound traffic.

Filtering in Firewalls

Firewalls analyze network traffic and decide whether to allow or block data based on rules.

• Inbound Filtering – Blocks harmful data from entering the system.

• Outbound Filtering – Stops unauthorized data from leaving the system.

Importance of Firewall Monitoring

6
Firewalls must be regularly checked to ensure rules and filters are up-to-date. Hackers often probe firewalls for
weaknesses, so logs should be reviewed. Firewall logs help detect suspicious activity, such as unauthorized access
attempts. If a hack occurs, firewall logs can help law enforcement track the attackers.

Intrusion Detection System (IDS)

An Intrusion Detection System (IDS) monitors network traffic for suspicious activity and alerts administrators when
threats are detected. It is a software application that scans a network or system for harmful activities or policy
violations.

1. How IDS Works

When IDS detects malicious activity, it sends alerts to an administrator or a Security Information and Event
Management (SIEM) system. SIEM integrates multiple data sources and uses alarm filtering to separate real
threats from false alarms. IDS must be fine-tuned after installation to distinguish normal network traffic from
malicious activity. Intrusion Prevention Systems (IPS) also monitor incoming network traffic and immediately send
warning notifications about threats.

2. Types of Intrusion Detection Systems (IDS)

IDS is mainly classified into two types:

Network Intrusion Detection System (NIDS)

• Monitors entire network traffic from multiple devices.

• Scans and compares traffic with a database of known attack patterns.

• If an attack is detected, alerts are sent to the administrator.

• Example: NIDS is installed on a subnet with firewalls to detect hacking attempts on the firewall.

Host Intrusion Detection System (HIDS)

• Runs on individual devices instead of the whole network.

• Monitors incoming and outgoing packets of a single device.

• Takes snapshots of system files and compares them to detect unauthorized changes.

• Example: Used on critical machines where system settings should not change.

3. Methods of IDS Detection

IDS uses two main methods to detect intrusions:

Signature-Based IDS

• Detects attacks by identifying specific patterns in network traffic, such as:

o Number of bytes

o Specific sequences of 1s and 0s

7
 • Uses a database of known attack signatures to identify threats.

• Limitation: Cannot detect new malware if its signature is not already stored in the database.

Anomaly-Based IDS

• Uses machine learning to detect unknown malware attacks.

• Compares network activity with a trusted behavior model.

• Flags any suspicious activity that does not match the model.

• Advantage: Can be trained for different applications and hardware configurations.

Intrusion Prevention System (IPS)

An Intrusion Prevention System (IPS), also called Intrusion Detection and Prevention System (IDPS), is a network
security tool that monitors network or system activity for malicious threats.

1. Functions of Intrusion Prevention System (IPS)

IPS performs four main tasks:

1. Identify malicious activity in the network.

2. Collect and analyze information about suspicious activity.

3. Report security threats to administrators.

4. Block or stop the attack to prevent harm.

IPS is an advanced version of Intrusion Detection System (IDS) because both monitor network traffic, but IPS
actively prevents attacks, while IDS only detects them.

How IPS Responds to Threats:

• Records information about security events.

• Alerts security administrators about detected threats.

• Stops attacks using response techniques like:

o Blocking the attack.

o Modifying security settings.

o Altering the attack’s content.

2. Types of Intrusion Prevention Systems (IPS)

IPS is categorized into four types:

Network-Based Intrusion Prevention System (NIPS)

8
 • Monitors the entire network for suspicious traffic.

• Analyzes network protocol activity to detect security threats.

Wireless Intrusion Prevention System (WIPS)

• Monitors wireless networks for malicious traffic.

• Detects threats by analyzing wireless networking protocols.

Network Behavior Analysis (NBA)

• Examines network traffic to detect unusual patterns.

• Identifies threats like DDoS attacks, malware, and policy violations.

Host-Based Intrusion Prevention System (HIPS)

• Runs on individual hosts (devices) to detect threats.

• Scans events occurring within the device for suspicious activity.

3. Detection Methods of Intrusion Prevention System (IPS)

IPS uses three main detection techniques:

Signature-Based Detection

• Compares network packets with a predefined list of known attack signatures.

• Works well for detecting known threats but cannot detect new attacks.

Statistical Anomaly-Based Detection

• Monitors network traffic and compares it to a baseline of normal behavior.

• Detects unusual patterns but may generate false alarms if not properly configured.

Stateful Protocol Analysis Detection

• Compares network activity with predefined safe behavior profiles.

• Identifies protocol deviations that may indicate attacks.

OS and Network Hardening, Application Hardening

OS Hardening
OS hardening is the process of making an operating system (OS) more secure by reducing its vulnerability. A system
with fewer functions is more secure than one with many. Hardening includes:

• Changing default passwords

• Removing unnecessary software, usernames, and logins

• Disabling or removing unnecessary services

9
To secure an OS, it must be configured properly, updated regularly, and follow security rules and policies. This
reduces exposure to threats and minimizes risks.

Network Hardening
Network hardening helps reduce vulnerabilities and strengthens security. Though no network is 100% safe,
hardening can significantly lower successful cyber-attacks. It involves three key phases:

1. Document Existing Network Design and Configuration

• The first step is understanding the current network setup.

• Many organizations struggle with outdated network diagrams.

• Using tools like Dynamic Network Maps helps automate network documentation.

• Engineers can check firewall policies and traffic flow to ensure security.

2. Identify and Fix Security Vulnerabilities

• Network teams need to review every configuration for security risks.

• This can be done manually (slow and difficult) or with automation tools.

• Automated tools check if device passwords are encrypted, timeouts are set, and other security rules are
followed.

• Any non-compliant device is flagged for correction.

3. Prevent Future Security Issues

• Network teams should follow security best practices.

• Security policies can be converted into executable Runbooks.

• Before making changes, engineers should run security checks.

• Automated systems can trigger security assessments whenever a change is made.

For this process to work, teamwork between security and network teams is essential. Collaboration ensures effective
threat prevention and a secure network.

Application Hardening
Application hardening is the process of making an app more secure by preventing reverse engineering and
tampering. It works alongside secure coding to protect an app’s intellectual property (IP) and prevent misuse,
cheating, or repackaging by bad users.

Application hardening strengthens a completed application by modifying and adding code to guard against both
static and dynamic attacks. It goes beyond basic security measures like verifying senders or message formats.

Key Techniques in Application Hardening

1. Code Obfuscation

o Hides the app’s code at the binary level so attackers cannot easily understand how it works.

2. Application Integrity Checks

o Ensures the app’s code remains unchanged and has not been altered.

10
 3. Root/Jailbreak Detection

o Identifies if the app is running on a rooted (Android) or jailbroken (iOS) device, which could make it
vulnerable.

4. Randomized Protection in Each Build

o Changes security methods in every version to prevent attackers from learning patterns.

5. Attack Detection and Response

o Decides how the app should react when it detects an attack or a compromised device.

6. White-Box Cryptographic Protection

o Encrypts critical keys and sensitive data to prevent theft.

By using these techniques, application hardening enhances security, making apps more resistant to hacking and
tampering.

4.5 Physical and Network Security – Policies, Standards, and Guidelines

What is a Security Policy?

A security policy is a set of rules and objectives that protect an organization's network and computer systems. It
serves as a "living document", meaning it must be updated regularly as technology and business needs change.

A security policy acts as a bridge between management objectives and specific security requirements by:

1. Informing users, staff, and managers about security responsibilities.

2. Defining security mechanisms to protect systems.

3. Providing a baseline for security audits and compliance.

Key Component: Acceptable Use Policy (AUP)

One important part of a security policy is the Acceptable Use Policy (AUP), which defines what users can and cannot
do on company systems and networks.

• It should be clear and specific to avoid confusion.

• It may include rules about allowed and restricted website access or network usage.

Who is the Audience for a Security Policy?

A security policy applies to anyone with access to the network, but different groups require different levels of detail:

Internal Audience

• Managers and Executives – Need a high-level overview of security principles.

• Departments and Business Units – Need policies relevant to their operations.

• Technical Staff – Require detailed security requirements and procedures.

• End Users – Must understand their responsibilities to comply with security rules.

External Audience

11
 • Partners, Customers, and Suppliers – Need security guidelines to ensure safe collaboration.

• Consultants and Contractors – Must follow security policies when working with company systems.

A single document may not be suitable for everyone, so security policies should be tailored to different audiences to
ensure clarity and compliance.

Security Policy Components

A corporate security policy structure consists of different documents that address the needs of various audiences.
Most organizations use a set of policies to cover all security aspects effectively.

Types of Security Policies

1. Governing Policy

This is a high-level security policy that defines key security concepts for the company. It is intended for managers
and technical staff and controls all security-related interactions between departments.

• Answers the "what" security policy questions.

• Aligns with existing company policies (e.g., HR, IT, and email usage policies).

• Supports technical and end-user policies.

Key Components of a Governing Policy

• Defines the security issue being addressed.

• Specifies the IT manager’s position on the issue.

• Explains how the policy applies in the workplace.

• Outlines roles and responsibilities of employees.

• Sets compliance requirements and consequences of violations.

• Lists allowed and prohibited actions.

2. End-User Policies

This document compiles all security rules for employees in one place, making it easy to follow. It answers "what,
who, when, and where" security questions at a user level.

• Covers security topics employees must know and follow.

• Ensures all end-users understand their security responsibilities.

• May overlap with technical policies but remains user-focused.

3. Technical Policies

These policies provide detailed security guidelines for IT and security staff responsible for system security.

• Addresses specific security areas (e.g., access control, physical security).

• Answers "what, who, when, and where" security questions for technical staff.

• Leaves the "why" to the owner of the information.

12
By organizing policies into these categories, companies ensure that each group (managers, employees, and IT staff)
understands and follows the security rules relevant to them.

Technical Policies
Technical policies provide detailed security guidelines for IT and security staff. These policies focus on specific
security areas, such as network security, remote access, applications, and personal devices. They serve as security
handbooks but do not specify how security tasks should be performed.

Categories of Technical Policies

1. General Policies

• Acceptable Use Policy (AUP): Defines how employees can use company equipment and computing services
securely.

• Account Access Request Policy: Ensures proper account and access request processes to avoid security risks.

• Acquisition Assessment Policy: Outlines security requirements for corporate acquisitions.

• Audit Policy: Guides audits and risk assessments to maintain data integrity.

• Information Sensitivity Policy: Specifies how to classify and secure data based on sensitivity.

• Password Policy: Sets standards for creating and managing strong passwords.

• Risk-Assessment Policy: Provides guidelines for identifying and mitigating security risks.

• Global Web Server Policy: Defines security standards for all web hosts.

2. Email Policies

• Automatically Forwarded Email Policy: Restricts auto-forwarding of emails to external destinations.

• Email Policy: Prevents misuse of emails that could harm the organization’s image.

• Spam Policy: Defines rules to prevent spam messages.

3. Remote Access Policies

• Dial-in Access Policy: Regulates dial-in access for authorized personnel.

• Remote Access Policy: Establishes standards for external connections to the organization’s network.

• VPN Security Policy: Defines security requirements for VPN access.

4. Personal Device & Phone Policies

• Analog & ISDN Line Policy: Controls the use of analog and ISDN lines for business purposes.

• Personal Communication Device Policy: Outlines security measures for smartphones, tablets, and voicemail.

5. Application Policies

• Acceptable Encryption Policy: Specifies encryption standards for data security.

• Application Service Provider (ASP) Policy: Sets minimum security requirements for external service providers.

13
 • Database Credentials Coding Policy: Defines secure methods for storing and retrieving database credentials.

• Interprocess Communications Policy: Establishes security rules for process-to-process communications.

• Project Security Policy: Ensures security review for all projects.

• Source Code Protection Policy: Defines security standards for handling product source code.

6. Network Policies

• Extranet Policy: Requires third-party organizations to sign agreements before accessing company networks.

• Minimum Requirements for Network Access: Sets security standards for devices connecting to the internal
network.

• Network Access Standards: Ensures physical security of wired and wireless network ports.

• Router & Switch Security Policy: Defines security configurations for routers and switches.

• Server Security Policy: Establishes minimum security settings for servers.

• Wireless Communication Policy: Specifies security measures for wireless network connections.

7. Document Retention Policies

• Electronic Communication Retention Policy: Defines how long emails and instant messages should be kept.

• Financial Retention Policy: Outlines standards for storing financial records.

• Employee Records Retention Policy: Specifies guidelines for storing employee personal records.

• Operation Records Retention Policy: Covers retention of training manuals, supplier lists, and past inventory
data.

Standards, Guidelines, and Procedures

Security policies provide a broad framework, but they need standards, guidelines, and procedures to ensure proper
implementation and enforcement. These three components help organizations maintain security, consistency, and
efficiency in their IT and business operations.

1. Standards

Standards define the specific technologies, methods, and security measures that an organization must follow. They
ensure uniformity and consistency across all systems, reducing security risks and operational inefficiencies.

Key Features:

• Specify mandatory security configurations and practices.

• Ensure that all systems and processes follow a consistent approach.

• Help IT teams focus on limited technologies rather than managing multiple options.

• Make security management easier and more efficient.

14
 Examples of Standards:

• Password policy: Minimum 12-character passwords with uppercase, lowercase, numbers, and symbols.

• Encryption standards: Use of AES-256 encryption for sensitive data storage and transmission.

• Access control: Multi-factor authentication (MFA) for all admin accounts.

2. Guidelines

Guidelines provide recommendations and best practices for improving security, but they are not mandatory. They
help organizations develop better security measures while allowing flexibility in implementation.

Key Features:

• Offer suggestions for improving security practices.

• Help organizations customize security measures based on their needs.

• Can be adapted to changing security threats over time.

Examples of Guidelines:

• NIST security guidelines: Recommends steps to improve cybersecurity but allows organizations to modify
them.

• Secure software development guidelines: Encourage best practices for writing secure code to prevent
vulnerabilities.

• Network security guidelines: Suggest firewall configurations to enhance security but do not enforce a single
rule.

3. Procedures

Procedures provide detailed step-by-step instructions on how to implement security measures. They are mandatory
and help ensure that standards and guidelines are followed properly.

Key Features:

• Explain how to implement security policies and standards.

• Provide step-by-step instructions for IT and security teams.

• Ensure consistency in security operations and system configurations.

• Help in training employees on security best practices.

Examples of Procedures:

• Firewall configuration procedure: Steps to properly configure firewalls to block unauthorized access.

• Incident response procedure: Steps to follow when a cyberattack occurs, including reporting, containment,
and recovery.

• User access management procedure: Process for granting, modifying, and revoking access permissions.

15
 Comparison of Standards, Guidelines, and Procedures

Feature Standards Guidelines Procedures

Specify the use of specific

Provide recommendations for Provide step-by-step instructions
Definition technologies for uniform
improving security practices. for implementing security policies.
security.

Ensure consistency and Offer flexible security best Help in the correct execution of
Purpose
efficiency in IT security. practices. security measures.

Flexibility Strict and fixed. Flexible and adaptable. Strict and detailed.

Mandatory? Yes, must be followed. No, optional but recommended. Yes, must be followed.

Covers specific technologies Covers best practices and security Covers detailed implementation
Scope
and processes. improvements. steps.

Level of Medium – defines what must Low – provides general High – includes exact steps, often
Detail be done but not how. recommendations. with illustrations.

Standardizing router security NIST security guidelines, NSA Instructions for configuring
Examples
settings, password policies. security recommendations. firewalls, setting up secure access.

IT security teams, administrators, IT security staff, system

Users IT staff, security teams.
general users. administrators.

Provides flexible
Helps maintain consistency in Ensures security policies are
Importance recommendations to improve
security across systems. applied correctly.
security.

Supports and enforces security Helps in developing security Implements security policies,
Dependency
policies. standards. standards, and guidelines.

16