Protecting from Internal Threats

Passwords
Passwords rsm;onf uGef,ufrsm;\vkHNcKHa&;twGuf umuG,fEdkifonfhtjrifhrm;qkH;aom
aomhcsufjzpfygonf/ rnfonfhpepfwGifrqdk pnf;urf;enf;vrf;twdkif;nDñTwfaom Password
ESifh User Account &,lxm;Edkifygonf/ User Account rsm;onf uefUowf^owfrSwfxm;aom
cGifhjyKcsufrsm;jzifh wnfaqmufxm;aomfvnf; vkHNcKHa&;t&usKd;aygufrIrsm; &SdaeqJjzpfygonf/
Hacker rsm;onf Network rsm;twGif;0ifa&muf&ef wpfpdwfwpfydkif;BudK;yrf;rIrSm tpOf&Sdae
aMumif; owd&Sdae&rnfjzpfygonf/
xdkaMumifhrdrdwdkUokH;pGJaom Passwords rsm;udkroufqdkifolrsm;rod&Sdap&ef umuG,fxm;
&rnfjzpfygonf/ Passwords rsm;udk Administrator rS a0iS&mwGifvnf; w,fvDzkef;ay:rS
rnfonfhtcgwGifrSray;&ay/ User rS Password aysmufqkH;vsifaomfvnf;aumif;? arhavsmhcJh
vsifvnf;aumif; Administrator rS Letters ESifh Numbers rsm; ½IwfaxG;a&maESmyg0ifonfh
Password topfudkjyefvnfowfrSwfay;&rnfjzpfNyD; User rS ajymif;vJay;aom Password
topfjzifh 0ifa&muf&onf/ Stronger Network Operating System rsm;wGif ,if;uJhodkUaom
pGrf;aqmif&nfrsm;yg0ifygonf/ Oyrmtm;jzifh Windows 2000 server ü User wnfaqmuf&m
wGif½Sdaom User must change password at next logon Setting jzpfygonf/
oHk;pGJolrsm;wnfaqmuf&mwGif aumif;rGefaom Password rsm;udka½G;cs,fay;&rnf/ ZeD;?
vifa,muFsm; ESifh rdrd\tdrfarG;wd&pmääeftrnfrsm;? arG;aeY&ufpGJrsm; ponfwdkYudk toHk;rjyK
oifhay/ Password rsm;tm; tenf;qHk; Characters 6 vHk;ESifhtxuf? Letters ? Numbers ESifh
Punctuation Symbols rsm; ½IwfaxG;a&maESmyg0ifaom String Passwords rsm;udk oHk;pGJ&rnf
jzpfonf/ ,if;odkY Password oHk;pGJjcif;aMumifh pDrHcefYcGJrIqdkif&m tcuftcJrsm;vnf; tNrJwap
&ifqdkifae&rnfjzpfonf/ yxrwpfcsufrSm oHk;pGJolrSm rdrd Password tm;arhavsmhjcif;? rdrd
User Name Password jzifh tjcm;olrS0ifa&mufjcif;aMumifh olwdkY\ Password rsm;tm;
rMumcP jyifqifay;ae&jcif;ESifh 'kwd,wpfcsufrSm Password tm; raysmufqHk;&atmif Write
Down vkyfxm;jcif;jzihf tvG,fwul&½SdNyD; Network usdK;aygufjcif;rsm; jzpfygonf/
Device rsm;oHk;pGJNyD; Password umuG,f&ef (2) enf; ½Sdygonf/ Smart Device ESifh
Biometrics jzpfygonf/ Smart Device rSm Credit Card yifjzpfNyD; PC ESifh USB odkYr[kwf
tjcm; Small Device rsm; csdwfqufNyD; Password xnfhoGif;jcif;tpm; oHk;pGJjcif;jzpfygonf/
Biometrics rSm Finger Print ? Retinas ? User’s Voice rsm;udk Scan vkyfjcif;jzpfonf/ ,if;uJhodkY
aqmif½Gufygu tvGeftrif;vHkjcHKrIaumif;rGefvmaomfvnf; ukefusp&dwfrSmrsm;pGm jrifhwufvm
rnfjzpfygonf/

User Account Control

Accessvkyf&ef Account tm; wpfOD;csif;owfrSwfcsufrsm;jzifh uefYowfxm;Edkifygonf/

xdkodkYwnfaqmuf&mwGif ¤if;wdkYvdktyfaom Data t&if;tjrpfxufrydkaom cGifhjyKcsufjzifhom
aqmif½Guf&rnf/ wif;MuyfpGmaqmif½GufEdkif&efrSm Unauthorized Access rsm; 0ifa&mufoHk;pGJjcif;
rSumuG,f&efjzpfygonf/ xdkodkYaqmif½GufEdkif&efrSm User Account rsm;tm; xdef;csKyfEdkif&efrSm
Group wnfaqmufxm;&efjzpfonf/ wpfOD;csif;tvdkuf OD;pGm User Account rsm; wnfaqmuf
&rnf/ Permissions ^ Rights ( Read, Write, Execute, Modify, Full Control ) rsm;aqmif½Guf
ay;&rnf/ ,if; User Account wlnDolrsm;udk Network Operating Systems rsm;rS
oabmwlnDpkzGJYxm;jcif;tm; aygif;pyf^yl;aygif;onf(Combined)[kac:onf/ xdkodkY User rsm;rS
Data t&if;tjrpfrsm; tm; 0ifa&mufoHk;pGJEdkifjcif;udk Effective Permissions [kac:ygonf/
Network Operating system rsm;onf Organization-based Security aqmif½GufEdkifygonf/
,if;udk Organizational Unit (OU) [kac:ygonf/ Windows 2000 Server, Windows 2003
Server wdkY jzpfNyD; Computers, Groups, Printers, Users, Shared Resources rsm;tm; wpfck
wnf;wGif Big Directory Tree tjzpfwnfaqmufxm;Edkifygonf/ Active Directory Users and
Computers [kvnf;ac:ygonf/
xdkodkY aqmif½Gufjcif;onf MuD;rm;aom pDrHcefYcGJrIjzpfayonf/ ,cif½Sdaom Network
Size MuD;rm;vmaomfvnf; One Big Directory Tree wGifxm;½Sdjcif;jzifh us,fjyefYMuD;xGm;
vmjcif;r½Sday/ Organizational Unit onf xdkodkYtajctaersm;tm; taxmuftuljyK&ef Tool
yifjzpfygonf/ Organizational Unit onf Users ESifh Groups rsm;twGuf odrf;qnf;&efae&m
wpfcktjzpfomaqmif½Gufjcif;jzpfNyD; Rights ^ Permissions rsm;twGuf &,lEdkifjcif;r½Sdyg/
Policies

onf User Account, Computer, Group odkYr[kwf Organizational Unit rsm;twGuf

Policy
rsm;pGmtaxmuftyHhjzpfygonf/ odkYaomf (Network Operating System rsm;ay:wGifwnfrSDí
aqmif½Guf&jcif;jzpfygonf/ Windows 2000 System rsm;ay:wGif Local Policies rsm;toHk;jyKyg
u Local Security Settings [kac:ygonf/

Protecting a Network from External Threats

Physical Protection

xdkodkUaqmif½Guf&mwGif tydkif;(2)ydkif;jzifhaqmif½Gufygonf/ Servers Site ESifh Clients

Site [líaqmif½GufEdkifygonf/ Server ydkif;aqmif&Guf&mwGif vG,fulpGmaqmif½GufEdkifygonf/
Unauthorized Person rsm;twGuf Lock up wm;jrpfumuG,faqmif½Gufxm;&efomjzpfonf/
BuD;rm;aom tzGJUtpnf;rsm;wGif Special Server Room rsm;tjzpfwnf&SdNyD; jynfhpkHaom Card-
Key Locks rsm;jzifhaqmif½Gufxm;ygonf/ 0if^xGuf aqmif½Gufolrsm;udkvnf; pepfwus
apmifhMunfhaompepfxm;&Sdygonf/ ao;i,faomtzGJUtpnf;rsm;wGif tNrJwapydwfxm;jcif;jzifh
umuG,fxm;ygonf/ rarhravsmhaqmif½Guf&efrSm Network Switches rsm;\ vkHNcHKa&;jzpfyg
onf/ Hackers rsm;onf Network twGif;0ifa&mufEdkif&efrSm ,if; Switches yifjzpfojzifh
tvG,fwulcsdwfqufr&Edkif&ef umuG,fxm;&rnfjzpfonf/ Server Protection aqmif½Guf&m
wGif wpfcgw&Hü Techs onf Server Log in aqmif½Gufxm;csdefwGif ta0;a&mufaewwf
ojzifh Screensaver tm; Password Protected aqmif½Gufxm;&onf/
 Clients ydkif;aqmif½Guf&mwGifcufcJaomfvnf; Users rsm;rS tcsdKUaom Physical Security
rsm;udkaqmif½GufEdkifayonf/ yxraqmif&Guf&efrSm ScreenSaver Password rsm; tokH;jyK&
rnfjzpfonf/ Hacker rS Network twGif;0ifa&muf&ef BudK;yrf;rI&,lEdkifrnfr[kwfay/ 'kwd,
tcsuftaejzifh okH;pGJaompm½Gufpmwrf;rsm;tm; rvdktyfonfhtcgtvG,fwultrdIufjcif;odkU
pGefUypfonfhtavhtxr&Sdap&ef ESifh tydkif;tprsm;tjzpfjzwfawmufypfEdkifaom Paper Shedder
xm;&Sd&efvdktyfygonf/ aemufqkH;tcsuftaejzifh ½kH;cef;wpfcktwGif;0ifa&mufNyD; pm;yGJtHqGJ
rsm;zGifhMunfhygu t0ga&mif Sticky Notes jzifh User names ESifh Passwords rsm;tm;awGU&
avh&Sdygonf/ Users rsm;taejzifh Note Down aqmif½Gufygu vkHNcHKpGmaomhcwfodrf;qnf;
&ayonf/
FireWalls
Firewall onf Network tm; umuG,fEdkif&ef enf;vrf;rsKd;pkHjzifhtokH;jyKEdkifygonf/
Hiding IP Adresses ESifh Blocking TCP/IP Ports rsm;jzpfygonf/

1. Hiding IP Adresses

Network rsm;udk umuG,f&ef trsm;qkH;tokH;jyKaomenf;ynmrSm Internal Network

twGif;wGif trSefwu,ftokH;jyKaeaom Real IP rsm;tm; Internet rSrjrifap&ef Hide vkyf
xm;jcif;jzpfygonf/ Hacker onf Real IP &&Sdygu Network System tm; vG,fulpGm&SmazG
Edkifrnfjzpfojzifh Real IP rsm;tm;rjrifEdkif&ef Hide vkyfxm;jcif;jzpfonf Hacking Techniques
rsm;twGuftvG,fulqkH; umuG,fwm;qD;EdkifrIyifjzpfygonf/ xdkodkUaqmif½Guf&efrSm Network
Address Translation (odkUr[kwf) Proxy Server rSwqifh Internal Network wnfaqmuf&ef
jzpfygonf/ Network Address Translation ESifh Proxy Server tm; rnfonfudkaqmif½Guf&ef
a½G;cs,f&onfrSm okH;pGJrnfh Network ay:rIwnfa½G;cs,f&onf/ tb,faMumifhqdkaomf wpfck
csif;pDwGif&Sd pGrf;aqmif&nfrsm;wGif aumif;usKd;^qdk;usKd;rsm; ,SOfwGJwnf&SdaeaomaMumifhjzpfyg
onf/
NATs onf IP Addresses udk Translate vkyfjcif;omaqmif½Gufjcif;jzpfNyD; TCP Ports
odkUr[kwf Informating ESifhvkH;0roufqdkifay/ Proxy Server onf Port Number ajymif;vJjcif;
ESifh Real IP Address tm; Hide vkyfjcif;aqmif½GufEdkifonf/ xdkodkU Proxy Server okH;pGJjcif;jzifh
Security Level jrifhrm;oGm;rnfjzpfaomfvnf; wefzdk;jrifhrm;oGm;rnfjzpfonf/ ,if;tcsuf
aMumifh Networks rsm;onf NATs udkomokH;pGJavh&Sdygonf/ Proxy Server onf Web Service
om aqmif½GufEdkifNyD; Port ESifh IP ajymif;vJwdkif; Network twGif;&Sd Client Application rsm; Update
aqmif½Gufay;&onf/
2. Port Filtering

'kwd,tokH;trsm;qkH; Firewall Tool rSm Port Filtering jzpfonf/ Port Blocking [k

vnf;ac:ygonf/ Hackers rsm;onf pkaygif;okH;pGJvQuf&Sdonfhtenf;i,faom Port rsm;rS
0ifa&muf&efBudK;yrf;avh&Sdygonf/ Port Filtering qdkonfrSm rnfonfh TCP odkUr[kwf UDP
Packets onf rvdktyfonfh Port rsm;odkUjzwfoef;jcif;rS wm;qD;umuG,fNyD; okH;vdkonfh Port
wpfckodkUomoGm;&ef System Administrator rSaqmif½Gufay;jcif;jzpfonf/ Port Filtering onf
rsm;pGmxda&mufrI &Sdygonf/ odkUaomfvkyfief;aqmif½Guf&mwGif qDavQmfrI&Sdap&ef Configuration
tm;tav;teufxm;jyKvkyf&efvdktyfygonf/ rnfolrqdkjyoemr&SdEdkifonfrSm Well-Known
Port rsm;jzpfonfh 80(HTTP) ? 20/21(FTP) ? 25(SMTP) ? 110(POP) jzpfNyD; tNrJwap
xdktenf;i,faom Lesser-known ports rsm;onf Network rsm;wGifyGifhaewwfygonf/
rMumrDu rdrd\ Personal Firewall twGif; Port Filtering udkwnfaqmufcJh&m t&m&m
aumif;rGefpGmvkyfaqmifEdkifcJhygonf/ rdrdrS Internet Game jzpfonfh Half-Life udk upm;&ef
qkH;jzwfcJh&m ,if; Game wGifvdktyfaom TCP ports rsm;jzpfaom 27010 ESifh 27015 rsm;
Internet ay:wGif yGifhaernfjzpfygonf/ xdktjyif Microsoft Netmeeting tokH;jyKvdkygu Ports
389 ? 522 ? 1503 ? 1720 ESifh 1731 wdkUyGifhrSomaqmif½GufEdkifrnfjzpfygonf/ ,if;yGifhae
aom Ports rsm;rS0ifa&mufvmEdkifojzifh apmifhMuyfMunfh½Iae&rnfjzpfonf/ xdktajctaersm;
udk netstat -an command jzifhMunfh½IUEdkifygonf/ Linux wGif IPFILTER/NETFILTER jzifh
Firewall \vkyfaqmifcsufrsm;udkMunfh½IEdkifonf/
aemufydkif; Garteway Router rsm;onf NAT ESifh Port Filtering ESpfckvkH;udk wpfNydKif
wnf;aqmif½GufvmEdkifNyDjzpfygonf/

3. Packet Filtering
Port Filtering onf Port Number rsm;udkomqufqHaqmif½GufNyD; IP Address tm; vkH;0
tav;*½krjyKay/ IP Packet rsm;0ifa&mufvmjcif;udk Filtered vkyfxm;aom Port Number
rsm;ESifhawGUygu ,if; Packet rsm; Block jzpfoGm;rnf/ IP Address tm; tav;*½kjyKjcif;
awmhr[kwfay/ Packet Filtering onf IP Address wpfckwnf;om apmifhMunfhjcif;jzpfonf/
xdkaMumifh Packet Filtering udk IP Filtering [kvnf;odMuNyD; owfrSwfxm;aom IP odkUr[kwf
IP Address Range twGif; 0ifvmaom^xGufoGm;aom Packet rsm;tm; Block vkyfEdkifygonf/
Packet Filtering onf Outgoing IP Address rsm;tm; Block vkyf&ef Network Administrator rS
Internal System rsm;jzpfí odNyD; Specific IP rsm;udkaqmif&Guf&ojzifh usefonfxuf Filtering
vkyf&jcif;ydkrdkaumif;rGefygonf/ Internet 0ifa&muf&ef wm;jrpfxm;aom Users rsm;twGuf
Outgoing Packet rsm;tm; Block vkyfxm;jcif;onf aumif;rGefaomenf;vrf;wpfckjzpfygonf/