Portable storage devices are a threat to data confidentiality and this threat is not recognised in the majority of organisations. Vice president Eric Ouellet of research for security at Gartner Inc. in Stamford said in a recent article that as little as 10% of enterprises have policies that deal with removable storage devices. This low recognition is not due to inabilities of controlling the problem as there are solutions available. (Mearian, March 2006) Data confidentiality can be explained quite simply as the access of data by the predetermined authorized people or systems. Many organisations spend hundreds and sometimes hundreds of thousands of dollars on network and computer security and therefore data confidentiality. Innocently or intentionally guests, employees and visitors who have access to any workstation can breach and hence create a threat to data confidentiality quickly and furtively. Through the use of portable storage devices data confidentiality could be breached in an organisation in a number of ways these include physical theft of a storage device in order to retrieve data i.e. hard drive and copying the data with the aid of various devices such as a flash drive (Pfleeger, 2003)

Physical theft

Hard drives

Physical theft of storage devices would be the most obvious breach in data confidentiality. Since many of today’s systems are backed up onto portable storage devices themselves, physical theft of such as device creates a direct threat to any organisation. Encryption of portable storage devices makes stolen information and the device useless to thieves. This also ensures forensic retrieval is not carried out after a hard drive has been thrown out or lost/stolen.

Forensic retrieval can be used to retrieve data from magnetic media since data can potentially still be retrieved even if it is overwritten or formatted.

Various devices

Flash drives

There are many portable storage devices available, the most popular being USB (Universal Serial Bus) drives or flash drives. Whilst there are different versions of flash drives which use different connection types such as firewire, this report will focus on the more common and universal USB connection. In today’s society increasing demand for ubiquitous computing, is causing devices to become smaller and have more memory capacity. With USB flash drives now around 10cm and smaller and capable of between 8MB (megabytes) and 64GB (gigabytes) storage. Retrieval of sensitive data would be extremely easy, assuming the attacker had unrestricted physical access as well as virtual access such as passwords and USB ports are not disabled. Through USB’s larger memory sizes, compared to older technologies such as floppy drives which only have 1.44MB storage, a potential theft is able to store copious amounts of data on such a device. Large databases of sensitive information such as hospital and government records could be copied on to these devices with ease. USB devices have a limited number of write erase cycles and write operations gradually slow as the device ages. Running applications from a flash drive, although viable, to breach data confidentiality is not the best option since running software or an operating system means undertaking a lot of read write cycles and a better option would be to use a portable hard drive, because of this policies need to be made to restrice the execution of software of external hard drives. (USB Flash Drive, Wikipedia 2006)

Key Logger

Not only could sensitive files be copied (assuming unrestricted access) other devices such as key loggers, which store key strokes inputted on a keyboard. Storage devices like these could be used to gain access to confidential data at a later date through logged passwords and access methods. Furthermore malware such as virus, spyware, adware could be loaded from the portable storage devices, either unintended or intentional which would lead to data attacks.

CD/DVD drives

Other devices include CD/DVD burners and external hard drives. Although these devices are less portable since they are much larger making them harder to hide and a user could easily be caught breaching data confidentiality by a security administrator or staff member.

However one could argue that in order for organisations to go about there daily proceedings they would need CD/DVD burners, thumb drives and external hard drives. In this scenario utilising software such as Device Shield, software developed by Layton technology which allows the administrator to gain full control of every port, drive and individual devices, ensuring efficiency of the organisation is not compromised. Device Shield also captures history of actions attempting to access blocked devices/ports etc creating a tracing route if confidentiality is breached. Device Shield and similar software which is available could be used in conjunction with policies referring to portable storage devices to create a secure working environment. (Device Shield: Protection against the threat from within, 2006)

References

Robb, D. (October, 2006) Backups gone badly retrieved October 16, 2006 from http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=&articleId=266212&taxonomyId=019&intsrc=kc_li_story

Latamore, G. B. (October, 2006) How to Back Up your PDA retrieved October 16, 2006 from http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=&articleId=265905&taxonomyId=019&intsrc=kc_li_story

No author, (2006) Sanctuary device control retrieved October 16, 2006 from http://www.securewave.com/sanctuary_usb_endpoint_security_software.jsp?gclid=CNCKkNPa_4cCFUpkDgodhkDnFw

Bolan C. (2006) Hardware Security and Data Security, Edith Cowan University, retrieved October 15, 2006 from MYECU lecture slides

Mearian, L. (March, 2006) IT Managers See Portable Storage Device Security Risk retrieved October 14, 2006 from http://www.computerworld.com/hardwaretopics/storage/story/0,10801,109680,00.html

Pfleeger. C. P & Pfleeger, S.L. (2003) Security in Computing 3^rd Ed, Upper Saddle River, New Jersey, Prentice Hall Professional Technical

No Author, (2006) Device Shield: Protection Against The Threat From Within retrieved October, 15, 2006 from http://www.deviceshield.com/pages/deviceshield.asp?crtag=google&gclid=CP7jntHa_4cCFUdtDgodTkbyHg

Wikipedia, (2006) USB Flash Drive retrieved October 16, 2006 from http://en.wikipedia.org/wiki/USB_Flash_Drive

Packet spoofing or IP spoofing is the act of faking the source of a packet. A security attack like this impedes the network security. Packet spoofing breaks the three qualities that a secure system has; confidentiality, integrity and availability. Confidentiality is keeping information access to authorised parties. Integrity ensures that a system can only be modified by authorised parties and in authorised ways. Availability is ensuring that access to a network is not prevented, authorised parties should are able to access the system at appropriate times. All attacks mentioned breach at least one of these qualities of a secure system. (Pfleeger, 2003) When a file such as a photo is sent over a network, both a home or internet network, the photo is split into small pieces and information of how to handle the files are encapsulated called protocols. The header of the packet amongst other things contains the order value or algorithm in which the packets where sent. Packets will probably arrive out of order and must the packets must be placed back together using the order sent value.

Packet spoofing is possible because of the vulnerabilities in the network protocols. A few examples of network spoofing are masquerade, a smurf and SYN flood which are denial of service attacks, and attacking confidentiality, session hijacking.

Internet Protocol (IP)

Internet protocol is a network protocol from the OSI model, on layer 3. IP has no information, contained in the header of the network packet, regarding its transactions state and whether the packet has properly reached its destination. This vulnerability enables the source and destination IP address to be altered. By forging the source and destination IP address so it contains a different address an attacker can make it appear that a packet was sent by a different machine.

Transmission Control Protocol (TCP)

TCP uses a connected design to send data; and participants build a 3-way handshake.

The TCP header is different to the IP header but can still be manipulated using software. The TCP packet header contains amongst other things the sequence and acknowledgement numbers. The data contained in these ensures packet delivery by determining whether or not a failed packet needs to be resent. This is done by the sequence number which is the number of the first byte in the current packet whereas the acknowledgement number contains the value of the next expected sequence number. This confirms for both the client and server that the proper packets were received.

Connection is established by a client who must find an open port on the server. This is done by sending a SYN (synchronise) this is a synchronisation of sequence numbers on two connecting computers. In response the server replies with a SYN-ACK and the client then sends back an ACK back to the server. This ensures there is acknowledgement of the connection.

Integrity attacks; Masquerade

Masquerade

In a masquerade a host pretends to be another. A common masquerade attacks are having alterations of domain names and websites. For example bank.org and bank.com could be two different and separate websites. Bank.org could be a legitimate bank, but bank.com could be a carbon copy of the original bank.org website and could be used to collect sensitive data and information. By using different links and passing the connection to the original site whilst collecting the victims’ data. Through this technique an attacker could have multiple avenues such as access to computer systems by obtain login names and passwords, alter change, steal money and therefore breach the integrity of the network. (Pfleeger, 2003)

Availability Denial of service attacks; Smurf attack and SYN flood

TCP ensures delivery of packets through a 3 way handshake, availability of a network can not be ensured and there are different types of Denial of service attacks. All of these attacks send a large amount of messages to the system which causes it to not function. And in both Smurf and a SYN flood the original source of the flood can not be traced as the attacker will spoof the messages making them appear from another machine.

Smurf

The smurf attack uses spoofed broadcast ping message to flood at target system. A large amount of Internet control message protocol (ICMP) or traffic ‘ping’ to IP broadcast addresses are sent. Some devices actually multiply the traffic and will send an ICMP echo request replying to the original ping message. “Smurfable” networks have greatly reduced nowadays due to network management although users using old technologies are still capable of being “smurfed’. (Smurf Attack, Wikipedia 2006)

SYN flood

Similar to a smurf attack a SYN flood is when an attacker sends a large amount of SYN requests to a target system. As discussed a TCP connection uses a three-way handshake by sending a succession of acknowledgments and acceptance messages. Sending a large amount of SYN messages the server will not receive its needed ACK acknowledgement message needed to continue the connection. The SYN message floods the network and hence makes it unavailable. (SYN Flooding, Wikipedia 2006)

Confidentiality; Session Hijacking

Session Hijacking

Session Hijacking refers to the exploitation of a valid session key to gain unauthorised access to information or service in a network. Although session keys are normally randomised and encrypted to prevent session hijacking a third party ( the attacker) will intercept traffic between two systems. The attacker then has access to the system, monitoring information and collecting data. A similar attack called man-in-middle attack is when the hijacking usually starts at the start of the session between the two systems. The attack uses the public key and decrypts the data and then encrypts it back to it original form to pass on to the receiver. (Pfleeger, 2003)

Reference

Pfleeger. C. P & Pfleeger, S.L. (2003) Security in Computing 3^rd Ed, Upper Saddle River, New Jersey, Prentice Hall Professional Technical

Tanase, M. (2003) IP Spoofing: An Introduction retrieved October 15, 2006 from http://www.securityfocus.com/infocus/1674

No author, (2006) SYN flood Retrieved October 15 2006 from http://en.wikipedia.org/wiki/SYN_flood

No author, (2006) Smurf Attack Retrieved October 15 2006 from http://en.wikipedia.org/wiki/Smurf_attack

No author, (2006) Transmission Control Protocol: Connection establishment Retrieved October 15 2006 from http://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment

Virtual Private Network, (VPN), is a private communications network, of two or more computers, which uses encryption, to provide a secure connection through the internet; although sometimes VPN services can be created via third-party vendors who own physical lines and clients pay to use them. Using third-party vendors is not, the majority of the time, very cost effective.

Types of VPN

There are three types of VPNs

Intranet VPN-

Allows connectivity between remote locations of a single company and allows organisations to create LAN to LAN connections

Extranet VPN-

When two close organisations or a business and its customers want to share data and information, which allows all of the connected LANs to work in a shared environment

Remote access VPN-

Is when a user can enter the VPN remotely without using a VPN device but instead goes via his/her own Internet service provider (ISP) and authenticates him/her self as seen in the diagram below.

(Dennis, 2003, pg 207)

How it works:

A VPN connection will be setup containing these qualities;

Connection:

Each user must have some type of connection to the internet whether it is a simple dialup connection or a faster T-Carrier Service such as T4 giving effective speeds of 218mbps (Dennis, 2002)

Authentication:

Since VPNs are placing private data on a public network, the internet, and users are accessing it remotely, authentication measures must be used in-order to combat potential threats to the data, these authentication techniques can be summarised into three categories:

Something you know, eg. a login name

Something you have, eg. a physical card key or

Something you are eg. a fingerprint pattern

Encryption:

VPNs are very similar to private packet switched networks as both try to keep data private. Encrypting data is the only way in ensuring the privacy of the information being sent modern encryption algorithms such as symmetric DES, AES, RC5 Blowfish or asymmetric algorithms such RSA or a more secure combination of both. (Module 4: Crypto 1, 2005)

Tunnels and Encapsulation:

VPNs enable its users to create permanent virtual circuits (PVC) that are called tunnels, these virtual circuits are defined for frequent and consistent use by the network, and do not change unless changed by the network administrator/manager. The VPN devices send and receive packets through internet tunnel. The VPN encapsulates the data with different protocols and frames which provides the information to the receiving VPN on how to process the new packet. These protocols go over the existing protocols that a piece of data would normally need to be transferred over the internet these are as follows Peer-to-Peer (PPP), Internet protocol (IP), Transmission Control Protocol (TCP), and Simple Mail transfer Protocol (SMTP). These protocols act like wrapping paper with written addresses and instructions of how to handle that data. The VPN furthers this encapsulation for sending over a tunnelled network by placing the VPN protocol Layer-2 tunnelling protocol (L2TP). This is then wrapped in another IP address since it is sent to the address of the VPN device. The final protocol is synchronous optical network (SONET) this is because each circuit on the internet, T1 SONET OC-48 etc has its own data link protocol so the VPN device surrounds the OP packet with the appropriate frame for the appropriate circuit that the final packet will be travelling on. On the receivable end the receiving VPN device simply strips off or decrypts the protocols and receives the packet. (Dennis, 2002)

Advantages

Improve productivity for a business or organisation.

Reduce transit time and transportation costs for remote users, such as airplane tickets and petrol costs. Simplify network topology and security in some scenarios.

Low costs comparative to other choices.

Disadvantages

Even though VPNs have dedicated tunnels it doesn’t mean that it is dedicated to an individual user, it simply means that it has a specific address that each packet must follow. This essentially means that if there is a lot users online the network will be become bottlenecked because unlike other networks it can not choose another address or path to follow since it is inside the ‘tunnel’.

(What is a virtual private network, no date)

References

Dennis, A. (2002). Networking In The Internet Age. United States of America: John Wiley and Sons, Inc

Tyson, J. (N.D.) How Virtual Private Networks work. Retrieved October 2, 2006 from http://computer.howstuffworks.com/vpn.htm

Howe, D. (1999) The Free On-line Dictionary of Computing, Retrieved October 3, 2006 from http://dictionary.reference.com/search?q=virtual%20private%20network

Wikipedia (September, 2006) Virtual Private Network, Retrieved October 3, 2006 from http://en.wikipedia.org/wiki/VPN

No author, (No Date) What is a virtual private network?, Retrieved October 3, 2006 from http://www.ciscopress.com/content/images/1587051796/samplechapter/1587051796content.pdf

No author, (2005) Module 4: Crypto 1, Retrieved October 3, 2006, Computer security lecture slides. Edith Cowan University from http://myecu.ecu.edu.au/webapps/portal/frameset.jsp?tab=courses&url=/bin/common/course.pl?course_id=_35490_1