Discussion Week 14

D14.1: Discussion Topic 1:

In regards to laws and regulations… Complying with the law is obviously important, but in my industry (healthcare), sometimes this is a gray area.  In my professional field, HIPPA regulates how we handle personally identifiably information.  Encryption both at rest and in transit, is required in many cases.  However, consider the nature of healthcare, and the urgency of providing emergency care.  I have witnessed many times, where a physician in the emergency department needed to consult on case, and the most expedient method was to simply email the patient’s test results, images, etc., without any encryption or protection of their data.  How do you feel about this situation?  Is non-compliance ever justified?  How could these issues be mitigated, without impacting the mission of the organization?

D14.2: Discussion Topic 2:

Read RFC 1087: Ethics and the Internet.  Is the document still relevant today?  Is this document still something that Internet users would understand today?  How could it be improved?

D14.3: Discussion Topic 3:

You are a security consultant with the Security Advisors Co. and have been asked to help investigate a recent security incident that took place at the law firm of Dewey, Cheatham, and Howe. In your assignment you have been assigned to work with the vice president of IT.

The security incident that you are investigating appears to be a case of an intruder who broke into a company computer to remove and destroy information on an upcoming legal case. A forensic examination revealed that the incident was actually an inside job that was perpetrated by one of the new programmers, who is a relative of the VP of IT.

When you wrote your findings and presented them to your client, the VP of IT asked you to change the findings in your report to show that the perpetrator could not be found. The VP has promised future work for your company and a good recommendation for your work if you comply.

What will you do next?

Discuss one of the following topics:

• In this unit, we looked at the categories of network security software and devices.  However, in the market, many of these have converged… the line between a firewall and a router is much less defined, especially in low to mid-range devices.  Is this a good thing or a bad thing?  What are the consequences of this convergence?
• In the presentation, there is some discussion on open source and commercial network security devices.  Which would you prefer, and why?  Does it depend on the environment?  What do we sacrifice when we go with one over the other?  Is there any intersection between open source and commercial network security devices?
• In the presentation, we see that there are two actions when not passing traffic… We can reject or deny.  What is the difference between these?  When might you use one or the other?

Discuss one of the following 3 topics:

1. What is buffer bloat, and what does it have to do with TCP?
2. We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet).  However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important?  What do we gain when we sacrifice TCP’s reliability for UDP?
3. In this unit, we examine the TCP header in detail.  Although we haven’t started discussing firewalls and TCP, what kinds of things in the TCP segment header would be useful for a firewall?  What could a firewall look for in the header to identify nefarious traffic?

In this unit, we begin to discuss some security tools, such as password crackers, disassemblers, packet sniffers, etc.  We will discuss many of these tools in the next section of the course, which covers networks.  You will also use these tools much more extensively in your ethical hacking and penetration testing courses.

In this discussion, consider the use of these tools on your own networks.  Should IT professionals in an organization be using these tools?  What would be your feelings if your IT group was considering the banning of these tools on their network, with disciplinary ramifications?  Is this a good idea, or are there good reasons for IT professionals to have these tools?  What about non-IT employees?

In this unit, we discussed the growing trend of BYOD (Bring your own device) and some of the challenges associated with this.  There has been some talk in the news in the past concerning users, their own devices, and security concerns.  For example, in health care, many doctors prefer to use a tablet for electronic medical records, and many are using their own devices to connect to web based services.  What concerns could there be with HIPAA, and how could they be mitigated?

 

Another example is government workers.  President Obama is the first US President to carry a Blackberry (why not an iPhone?), and former Secretary of State Hillary Clinton chose to use her own device and email, thus none of her communications in her official capacity are available for public review.  What are some concerns with these trends, and how have they / could they be mitigated?

Take a look at this document from the Centers for Disease Control, which provides a plan for business to prepare for an influenza pandemic: http://www.flu.gov/planning-preparedness/business/businesschecklist.pdf

There are many threats to organizations, and we can’t worry about all of them.  As an IT security professional, would you be concerned with the threat from a pandemic?  What threats do you feel are worth considering and being prepared?  Conversely, what kinds of threats should we be less concerned with?  Does anyone recall hiding under their desk during the Cold War… was this a threat worth preparing for? Can you find any other documents from the Government that offer guidance on other threats?

Research how quantum computing is being used in both enhancing cryptography, and weakening existing cryptography standards, and discuss these with the class.  Based on your research, how do you think quantum computing will change the IT security field, and how long do think until we begin seeing these changes?  A lot of this is very theoretical at this time, but how much longer until we will need a lot more than just one paragraph in this text that discusses quantum computing?

Research Kerckhoffs’ Principal, and read the segment in the text titled “Never Trust Proprietary Algorithms”.  I think we can all agree that having open protocols is considered critical in cryptography.  But what about other areas of IT?  Should we also demand open protocols in other areas of IT?  How might the use of proprietary versus open protocols affect IT security in other areas?

One of the techniques for mitigating risk of application vulnerabilities is restricting what types of applications can be executed on your network.  Windows Active Directory includes tools in group policy that can restrict application use.  You can “white list” applications, meaning only applications you approve can be used, or you can blacklist applications, meaning any application can be used, except those you disallow.  There is another option, where you restrict applications based on whether the application has a trusted signature (more of certificates and trust later…)

Which of these methods do you think is most appropriate?  In your discussions, stay cognizant of the C-I-A triad in IT security… Frequently, we forget how important availability can be, and in our efforts to protect our networks, we may disallow needed applications.  Discuss this balance in different kinds of organizations, and where these techniques might be appropriate.

Linux or Windows?  Seems like nothing starts a war in the IT department like this topic… but which is better?  Which is more secure?  These two operating systems are very different, and regardless of your preference, you will need to handle both in any sizable IT infrastructure.  For this discussion, chose a service, and tell us which OS you would prefer, why you think it might be better both in technology and security.  Be sure to provide some evidence for your choice, and highlight the differences between these two operating systems and their utilities.   Also, if you disagree with someone else’s assessment, rather posting your own service/OS, propose an alternative along with evidence as to why you would make that choice.

And – depending on how serious you are about Windows / Linux… keep the conversation civil 🙂

This week we looked at Single Sign-On, and standards that can allow authentication even outside the organizational boundaries.  We also familiarized ourselves with these technologies in our case study review.  In this week’s discussion, let’s continue the conversation… are there any security concerns with using authentication services outside our organizational boundaries?  When would the benefits outweigh the risks?  How can we mitigate risks?

This week, let’s keep the discussion informal; we can get to know one another, and get acclimated to using the discussion forum for this course.  Post a short bio about yourself, and your experience as it relates to this course and program.