Law and Ethics

United States has led the development and implementation of Information Security Legislation to prevent misuse and exploitation of information and information technology.

General Computer Crime Laws:

Computer Fraud and Abuse (CFA) Act of 1986 is the law for many computer related federal laws and enforcement efforts. National Information Infrastructure Protection Act has been amended in October 1996 to CFA. Punishment for offenses prosecuted under this statute varies from fines to imprisonment for up to 20 years.

CFA ACT further modified by the USA PATRIOT (United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) ACT of 2001. Which is enacted in 2001 as a mechanism to provide the United States with a means to investigate and respond to the 9/11 attacks on New York World Trade Center.

Electronic Communications Privacy Act (ECPA) of 1986: is a collection of statutes that regulates the interception of wire, electronic, and oral communications. There statutes are frequently referred to as the federal wiretapping acts.

·         Interception and disclosure of wire, oral, or electronic communications

·         Manufacture, distribution, possession, and advertising of wire, oral, or electronic communication intercepting devices.

·         Confiscation of wire, oral, or electronic communication intercepting devices.

·         Evidentiary use of intercepted wire or oral communications

·         Authorization for interception of wire, oral or electronic communications.

·         Authorization for disclosure and use of intercepted wire, oral, or electronic communications.

·          

Source: Management of Information Security by Whitman and Mattord.

Firewalls

In Information Security a firewall is any device that prevents a specific type of information from moving between trusted and untrusted network. Trusted is in-side world, Un-trusted is outside the world such as Internet. The firewall may be a separate computer system, a service running on an existing router or server, or a separate network containing a number of supporting devices.

First generation of firewalls are packet filtering firewalls, are networking devices that filter packets by examining every incoming and outgoing packet header.  Second generation firewalls known as application-level firewalls; often consist of dedicated computers kept separate from the first filtering router, commonly used in conjunction with a second or internal filtering router. Second server is often called as proxy server.  Third generation firewalls, stateful inspection firewalls, keep track of each network connection established between internal and external systems using as state table. State tables track the state and context of each exchanged packet by recording which station sent which packet and when.  Like first generation stateful inspection firewalls perform packet filtering; stateful inspection firewall can restrict incoming packets by restricting access to packets that constitute responses to internal requests. If the stateful inspections firewall receives an incoming packet that it cannot match in its state table, it defaults to its access control list (ACL) to determine whether to allow the packet to pass. Fourth Generation firewalls called ‘dynamic packet filtering firewalls’, allow only a particular packet with specific source, destination, and port address to pass through the firewall. The new generation firewall is a hybrid built from capabilities of modern networking equipment that can perform a variety of tasks according to the organization’s needs, known as Unified Threat Management (UTM).

Firewall Architectures

Configurations are sometimes mutually exclusive, sometimes can be combined. Architectural implementations of firewalls are

Packet filtering routers:  Routers configured to block packets that the organization doesn’t allow into the network.  This lowers the organization risk from external attack.

Screened-Host Firewall Systems: Combines the packet filtering with a separate, dedicated firewall such as an application proxy server. Approach allows the router to screen packets to minimize the network traffic and load on the internal proxy.

Dual-homed host firewalls: Bastion host contains two network interfaces; one that is connected to external network and one that is connected to the internal network. All traffic must go through the firewall to move between the internal and external networks.

Screened –subnet firewalls: Consists of one or more internal bastion hosts located behind a packet filtering router, with each host protecting the trusted network. 

First general model uses two filtering routers, with one or more dual homed bastion hosts between them.  The second general model connections from the outside or untrusted network are routed through an external filter router, connections from the outside or untrusted network are route into and then out of a routing firewall to the separate network segment known as the DMZ, connections into the trusted internal network are allowed only from the DMZ bastion host servers.

Source: Management of Information Security by Whitman and Mattord.

Access Controls

Access controls regulate the admission of users into trusted areas of an Organization. Access controls or Logical and physical. They are Identification, Authentication, Authorization and Accountability.

Identification: Is a mechanism that provides information about an unverified entity that wants to be granted access to known entity, supplicant identification is called as ID.

Authentication: Is the process of validating a supplicant’s identity.  Ensures that the entity requesting access is the entity claims to be.

There are four types of Authentication mechanism:

Something you know:  This authentication mechanism verifies the user’s identity by mean of password, passphrase or some other unique authentication code, such as a pin. A good rule of thumb is for strong password requires at least 10 characters long, contains at least one letter, one number and one special character. It is better if it has upper and lowercase combinations.

Below table provides length of password and time to crack the password based on Intel i7 PC (875K)

Length	Odds of Cracking: 1 in  (Based on Number of Characters and Password length	Estimated time to crack
8	208,827,064,576	2.3 Sec.
9	5,429,503,678,976	1.0 Min.
10	141,167,095,653,376	25.5 Min.
11	3,670,344,486,987,780	11.1 Hrs.
12	95,428,956,661,682,200	12 Days
13	2,481,152,873,203,740,000	311.8 Days
14	64,509,974,703,297,200,000	22.2 Years
15	1,677,259,342,285,730,000,000	577.5 years
16	43,608,742,899,428,900,000,000	15,014.4 Years

Something you have: This authentication mechanism makes use of something a card, or token that the user or the system has. This category includes ID, ATM cards, smart cards or cartographic token. Tokens may be Synchronous are synchronized with a server, each device use the time to generate the authentication number that is entered during the user login. Asynchronous tokens use a challenge –response system in which the server challenges the user with a number, then user enters the challenge number into the token, which in turn calculates a response number, then the user enter the number into system to gain the access.

Something you are:   This mechanism takes advantage of something inherent in the user that is evaluated suing bio-metrics includes the following;

·         Fingerprints

·         Face recognition.

·         Hand Geometry

·         Retina Scan

·         Iris scan

·         Voice Recognition

·         Palm vein authentication.

Something you produce: This mechanism makes use of something the use performs or produces, example are signature or voice pattern.

Reference: Management of Information Security by Whitman and Mattord