NETWORKING LAB

EXPERIMENT NO - 24

CYBER SECURITY POLICY

 AIM
THE AIM OF THE
EXPERIMENT IS TO LEARN
ABOUT CYBER SECURITY
POLICY AND GUIDE LINES.
 SEQUENCE OF PRESENTION

 RISK MANAGEMENT

 CYBER SECURITY

 SECURITY AUDIT

 DO’S & DON’TS AT UNIT LEVEL

 INTERACTIVE QUESTION ANSWER SESSION

 RISK MANAGEMENT
 IDENTIFYING PRIORITIZING AND EVALUATION IN
FORMATION ASSETS

 IDENTIFYING THREATS TO EVALUATED ASSETS.

 IDENTIFYING VULNERABILITIES THAT MIGHT BE

EXPLOITED BY THE THREATS.

 IDENTIFYING THE IMPACT OF GIVEN THREATS ON THE

ASSETS FROM CONFIDENTIALLY, INTEGRITY AND
AVAILVALITIY VIEW POINT.

 IDENTIFYING LIKELIHOOD/PROBABILITY OF
EXPLOITATION OF EXISTING VULNERABILITY BY A
GIVEN THREAT.
 CYBER SECURITY

 VARIOUS BODIES OF ARMY CYBER SECURITY

 ARMY CYBER SECURITY ESTABLISHMENT (ACSE)

 CYBER SECURITY CELLS

 SECTORAL COMPUTER EMERGENCY RESPONSE TEAM

 CYBER SECURITY APPOINTMENTS

 COMD HQ - COL COMMUNICATION

 CORPS/AREA HQ - DCSO/SO1

 DIV HQ - 2IC SIGNAL REGT

 BDE/SUB AREA HQ - OC SIGNAL COY

 NETWORK SECURITY

SECURE WAN COMMUNICATION

 PHYSICAL LAYER SECURITY.
 NETWORK LAYER SECURITY

SECURE LAN COMMUNICATION

 TRANSPORT LAYER SECURITY.
 APPLICATION LAYER SECURITY
 NETWORK ACCESS CONTROL

 REMOTE ACCESS.

 SEGREGATION OF NETWORK SERVICES.

 EQUIPMENT IDENTIFICATION IN NETWORKS.

 REMOTE DIAGNOSTIC AND CONFIGURATION PORT
PROTECTION.
 NETWORK ROUTING CONTROL .
 SECURITY AUDIT

 ALL NETWORKS WILL BE MONITORED AND AUDITED

FOR IMPLEMENTATION OF CYBER SECURITY
MEASURES.THIS WILL BE DONE THROUGH ACSE AT AHQ.

 THE SECURITY AUDITS AT FORMATIONS WILL BE

CONDUCTED BY THE CYBER SECURITY CELLS WHICH WILL
COME UP AT RESPECTIVE FORMATION HQ AND WILL
FUNCTION UNDER THE CONTROL OF RESPECTIVE CSO.
 OBJECTIVES OF SECURITY AUDIT

 CHECK FOR CONFORMANCE TO EXISTING SECURITY POLICY.

ADVISORIES AND PROCEDURES.
 IDENTITY THE INADEQUACIES AND EXAMINE THE
EFFECTIVENESS OF THE
EXISTING POLICY, ADVISORIES AND PROCEDURES.
 IDENTITY AND UNDERSTAND THE EXISTING VULNERABILITIES.
 REVIEW EXISTING SECURITY MEASURES ON OPERATIONAL,
ADMINISTRATIVE
AND MANAGERIAL ISSUES AND ENSURE COMPLIANCE TO
SECURITY POLICES.
 PROVIDE RECOMMENDATIONS AND CORRECTIVE ACTION FOR
IMPROVEMENTS.
RESPONSIBILITES OF CYBER SECURITY AUDITS

 CSO AT COMMAND/ CORPS HQ

 NETWORK ADMINISTRATORS

 SECURITY AUDIT TEAM

 ACSE
 SECURITY INCIDENT REPORTING AND
RESONSE
 SECURITY BREACH.

 THREAT TO NETWORK SERVICES.

 VULNERABILITIES IN ANY SOFTWARE AND SERVICES BEING

PROVIDED.

 MALFUNCTION OF ANY HARDWARE OR SOFTWARE

COMPONENT.

 NON COMPLIANCES WITH CYBER SECURITY POLICY.

 UNCONTROLLED SYSTEM CHANGES.

 ACCESS VIOLATIONS.
 CYBER SECURITY EDUCATION
 CYBER SECURITY TRAINING INSTITUTE SUCH AS
 CDAC, STQC, IIT etc.
 FUNDAMENTAL AND ADVANCED CYBER SECURITY
COURSES CONDUCTED AT MCTE.
 INFORMATION SECURITY COURSE CONDUCTED AT IIT
KHARAGPUR.
 CYBER FORENSICS COURSE CONDUCTED BY C-DAC.
 CYBER SECURITY AWARENESS AND EDUCATION
COURSE AT ACSE.
 THE VACANCIES FOR SUCH COURSE BE DEMANDED
FROM AHQ FM TIME TO TIME.
 CYBER SECURITY TRG COMPETENCE
 TRG INSTITUDE SUCH AS MCTE, STCs MUST INCLUDE
AND PERIODICALLY REVIEW CYBER SECURITY MODULES
IN THEIR TRG COURSES
 TO KEEP UPDATED ON VARIOUS NATIONAL AND
INTERNATIONAL SECURITY STANDARDS AND SECURITY
PROTOCOLS.
 CERT-ARMY WILL BE REPONSIBLE TO CONDUCT
CYBER SECURITY EDU AND AWARENESS PROGRAM FOR
THE ARMY.
 CERT-ARMY WILL CONDUCT BASIS CYBER SECURITY
COURSES FOR SYSTEM/ NW ADMIN AT AHQ.
 SPECIALIZED CYBER SECURITY COURSES FOR SIGS
OFFRs AND JCO FM COMD AND CORPS CYBER CELLS.
SECURITY AIDE MEMOIRE AT UNIT LEVEL

 CERT-ARMY ORGANIZE ADVANCE CYBER SECURITY

COURSES ON INCIDENT HANDLING, SECURITY AUDIT,
RISK ASSESSMENT, VULNERABILITY ASSESSMENT.

 THE POLICIES, ORDERS AND INSTRUCTIONS LAID

DOWN/ ISSUED BY DIRECTORATE GEN OF MIL OPS AND
DIRECTORATE GEN OF MIL INT.
 PASSWORD OR PASS PHRASES
DOs

 Use hard-to-guess passwords or preferably, a

pass phrase and keep them private.(e.g. My 2nd
child is a Girl, the password could be M2Ciag).
 Change your password every fortnight.
 When your computer prompts you to save your
password click “NO”.
 If your think your password has been
compromised, change it immediately.
 PASSWORD OR PASS PHRASES
DON’Ts
 Do not reuse your previous password.
 Do not use the same password:-
(i) for your accounts
(ii) power on, login and screensaver.
 Never tell or share your password with anyone.
 Never use a word find in dictionary ( English or
foreign).
 Never write passwords down on a small pieces of
paper taped to your computer.
 Do not share file in your computer.
 ANTI-VIRUS SOFTWARE

 SCAN ALL REMOVABLE MEDIA BEFORE OPENING IT ON

YOUR COMPUTER.

 AN OUT OF DATE VIRUS SCANNER IS ONLY

MARGINALLY BETTER THAN NO VIRUS SCANNER AT
ALL. REGULARLY CHECK FOR AND INSTALL UPDATES.

DESKTOP SOFTWARE FIREWALLS

 INSTALL A DESKTOP SOFTWARE FIREWALL ON YOUR

COMPUTER. TINY PERSONAL FIREWALL, SEAGATE
PERSONAL FIREWALL.

 CONFIGURE THE SOFTWARE FIREWALL TO FILTER

 ENCRYPTION AND SECURE DELETION

 INSTALL SECURE DESK VERSION 2.0 SOFTWARE FOR

ENCRYPTION \AND SECURE DELETION, AVAILABLE AT
HTTPS://PORTAL.ARMY.MIL/PORTAFL/DOCS/DOWNLOADS/T
OOLS.HTM.
 ENCRYPT FILES AND FOLDER CONTAINING SENSITIVE
INFORMATION.
 SECURE DELETE UNWANTED FILES AND FOLDER
FORM YOUR SYSTEM REGULAT\RLY TO PREVENT THEIR
AVAILABILITY TO UNAUTHORIZED USERS.
 BACK-UP AND REMOVABLE MEDIA
BACK-UP
 REGULARLY BACK UP YOUR DATA ON EXTERNAL
REMOVABLE MEDIA.
 PERIODICALLY CHECK BACK UP DATA.
REMOVABLE MEDIA
 TREAT REMOVABLE MEDIA AS CONTROLLED
STORES.
 KEEP A RECORD OF ALL REMOVABLE MEDIA LIKE
FLOPPIES, CDS, DVDS ETC HELD WITH YOU
 THE REMOVABLE MEDIA MUST BE ACCOUNTED
AND ALWAYS KEPT UNDER LOCK AND KEY.
 AUTHORISED SOFTWARE

DOS
 USE ONLY REQUIRED AND AUTHORIZED SOFTWARE.
 USE LICENSED AND GENUINE COPIES OF SOFTWARE ONLY.

DON’TS

 DO NOT INSTALL “PEER TO PEER” SOFTWARE ON YOUR

COMPUTER.
 DO NOT INSTALL SOFTWARE UTILITIES ON YOUR
COMPUTER ON TRAIL BASIS
 INTERNET CONNECTIONS
DOS
 INTERNET MUST BE ACCESSED FROM A COMPUTER
SPECIALLY EARMARKED FOR IT.
 LOCATE THE INTERNET COMPUTER IN A SEPARATE ACCESS.
 KEEP ACCURATE RECORD OF INTERNET ACCESS.

DON’TS
 DO NOT USE THE SAME COMPUTER FOR OFFICIAL TASKS
AND LATER CONNECT IT TO THE INTERNET ON A TIME SHARING
BASIS.
 DO NOT DO OFFICIAL WORK ON THE INTERNET COMPUTER.
 DO NOT INSTALL A DIAL-UP MODEM ON YOUR OFFICE
COMPUTER.
 CARRY OUT ACTIVITIES ON IT DAY

 CHANGE YOUR PASSWORD.

 UPDATE AND PATCH YOUR COMPUTER.

 TAKE BACK UP OF YOUR CRITICAL DATA.

 SECURE DELETE UNWANTED FILES AND FOLDER

FROM COMPUTER.

 TAKE A STOCK CHECK OF ALL REMOVABLE

MEDIA HELD ON YOUR CHANGE.
ELEMENTS OF CYBER SECURITY
AUTHENTICATION
Verification of originator

NONREPUDIATION
Undeniable proof
of participation

AVAILABILITY
Assured access by
authorised users

RESTORATION CONFIDENTIALITY
Protection, INTEGRITY Protection from
Detection Protection from unauthorised disclosure
& Reaction unauthorised change
capabilities
Personnel Security
Physical Security
Hardware Security
Software Security
Database Security
Comn Security
Network Security
Conventional Measures
Accountability Issues
Password Cont
Loc of Nodes
Fire Protection & Alarm System
Timing Cont
Insider Mole
Auth & Trained Pers
Record of Access
Regular Trg on Cyber Threat &
Counter Measures
Surprise Checks
Audit of Activity Logs
Access to other Service Pers
Access to Civ Pers
Server Access
Hot Standby Systems
On-line UPS for Nodes &
Off-line for other clients
Power Conditioning
Backup Policy
Fire proof Storage Cabinets
Legal Software only
Centralised Modification rights
Sys Administrator to Cont Access
Self Testing Systems
Auto Updation
Updated Virus Protection
 Centrally Controlled

 Access Rights Definition

a

 Who?, What?, How much?,

When? & How long?
 Within LAN Software based
Secrecy
 Media Secrecy - LAN to WAN

 Bulk Encryption between WANs

Authentication Procedures
Non-repudiation Feature
Firewalls
Regular Audit - look for breaches
A firewall is a wall made of fire-resistant material
that is placed in between units in a multi-unit
residential or commercial structure, such as an
apartment building, a duplex, or row house to
prevent the spread of fire.
 "a set of related programs, located at a
network gateway server, that protects the
resources of a private network from users
from other networks."
A firewall is only effective when it is integrated and
understood as part of a company or organization's
overall security architecture. Firewalls won't protect
against idiots, traitors, or wily hackers who operate
from within, who walk out the door with sensitive
data on their laptop or a disk in their briefcase; nor
can firewalls keep out most viruses.
 BIOS Level
 Life Span
 Length
 Number of Attempts
 Sharable Folders and Files
 Checks to be Ensured
 Security of Password
Confidentiality, Integrity
and
Non-Repudiation
 Secure Document Delivery - 1
Hi!
Hi!

Ajit
Hi! Sender
Network

Hi!
?
•Has any unauthorised person seen it?

Recipient
 Secure Document Delivery - 2
Hi!
Hi!
Bye!
Ajit
Hi! Sender
Bye!
Network

Bye!
?
Has the message been changed since it
was sent?

Recipient
 Secure Document Delivery - 3
Hi!

Ajit
Hi! Sender
Network

Hi!
?
Is the message really from the claimed
sender?

Recipient
 Confidentiality

Assuring that Information (internals)

and the existence of comn tfc
(externals) will be kept secret,with
access limited to appropriate parties
 Integrity
Ensuring that Information will not be
accidentally or maliciously altered or
destroyed,that only authenticated users will
have access to services,and that transactions
will be certified and unable to be subsequently
repudiated(property of non repudiation)
But isn’t Encryption the answer ?

Well, the short answer is yes !

The long answer follows…..

Cryptography
 Forms of Cryptography
• Symmetric

• Asymmetric
PLAINTEXT PLAINTEXT

LOCKING UNLOCKING
KEY KEY

CIPHERTEXT
CIPHERTEXT
What about Key Management?
 PUB KEY B
MSG PUBLIC ?????
DIRECTORY

PUBLIC KEY B
PVT KEY B

?????? MSG
 Verifying a Digital Signature
Computed Hash Digitally Signed
Hash Function
Message

= ? Decryption Message

Decrypted Hash Public Key

of Signer Digital Signature

Recipient

Certificate
Repository Request for
Signer’s certificate
 Advantages
• Key Management
• Authentication using Digital
Signatures
• Integrity of Messages
 Simple Secret Key Distribution
• A generates his public-private key pair
• A sends his public key to B
• B generates a secret session key,encrypts it with A’s public
key and sends it to A
• A decrypts the secret key using his private key
• A discards his key pair and B also discards A’s public key
• Now both know the secret key and can communicate
securely
• Using the secret session key

What is the Flaw in this scheme?

 REAL TIME WATCHDOG-IDS
ALERT
ALERT!
ATTACK
DETECTED
ALERT

RECORD SESSION
SEND EMAIL INTERNAL
LOG SESSION ATTACK

EMAIL/
EMAIL/
LOG/ RECONFIGURE
LOG/ FIREWALL/
REPORT
REPORT ROUTER

ALERT!
ATTACK
DETECTED
TERMINATE
SESSION
RECORD SESSION

EXTERNAL
ATTACK
 SNIFFERS
• Device to grab info travelling along a
NW. Can be H/W or S/W.
• Captures data by placing the NW
adapter in Promiscuous mode.
• Threats :-
– ability to capture passwords
– ability to capture confd or proprietary info
– can be used for security breach
 PASSWORD CRACKER
• A program to decrypt passwords or
disable password protection.
• Algorithm :
– Obtain a dictionary file containing list of
words
– Feed each word through a program that
encrypts using DES (Data Encryption
Standard)
– compare each resulting encrypted word with
target password
 TROJANS
• An unauthorised program contained in a
legitimate program and performs fns
unknown to the user.
• Likely places:
– OS
– S/W downloaded from Internet
 OTHER TOOLS& TECHNIQUES

• Network Scanners
• Email Floods,Forgeries and Spams
• IP spoofing
• Viruses
• Worms
• Buffer Overflows
• Ping Floods
• Counterfeiting
 CONCLUSION

INFO, DOCU, PERS AND CYBER SECURITY NEEDS MUST

CONSTANTLY KEEP PACE WITH EVER CHANGING
TECHNOLOGIES AND APPLICATIONS. PERSONAL COMPUTERS,
NETWORK AND ACCESS TO THE INTERNET ARE BECOMING
THE NORM IN THE ARMY. THE PACE OF TECHNOLOGICAL
ADVANCES POSES NEW CHALLENGES IN RISK MANAGEMENT.
THERE IS A NEED FOR CONCERTED EFFORTS AT ALL LEVEL OF
COMMAND, TO KEEP PACE WITH EMERGING TECHNOLOGIES
AND THE SECURITY RISKS THEY POSE TO OUR SYSTEMS
WITHIN THE ARMY WITH AN OVERALL OBJECTIVE OF
ENSURING INFORMATION ASSURANCE.