Simple Network Management Protocol (SNMP)

Simplicity
Unlike CMIP, Simple Network Management Protocol (SNMP) is easy to use. It is an industry
standard and follows the guidelines set by standard organizations.
Widely Implemented
The Internet Engineering Task Force (IETF) sets goals for network management, including
SNMP. In SNMP, managed objects are called scalar objects. It was originally designed for
Internet components but is now used for WAN and telecom systems. Its ease of use makes
SNMP the most popular network management system today.
Industry Standard
The Telecommunications Management Network (TMN) is made to manage telecom services.
It is a standard from the International Telecommunication Union (ITU-T) based on OSI
CMIP/CMIS. TMN expands management by handling both networks and their components,
focusing on service and business needs.

IEEE LAN/WAN Standards

OSI Standards
The IEEE standards for LAN and MAN focus only on OSI layer 1 (physical) and layer 2
(data link). They are organized in a way that is similar to OSI specifications.
Lower Layers
Both CMIP and Internet/SNMP protocols rely on IEEE standards for the lower layers. The
IEEE 802.x series specifies the standards for different physical media and the data link
control (LLC) layer.
Logical Link Control
The IEEE 802.1 specifications cover the overview, architecture, and management of
networks. The LLC layer maps different physical media and protocols to the network layer.
Other specifications, like 802.3, focus on specific media and protocols, such as Ethernet
LANs.

Web-Based Management
Evolving Technology
The final category is web-based management, which uses web technology, a web server for
the management system, and web browsers for network management. Since this technology
is still developing, there are currently no established standards.
WBEM and JMX
Two popular technologies are Web-based Enterprise Management (WBEM) and Java
Management Extensions (JMX). A new group called the Desktop Management Task Force
(DMTF) is creating specifications for WBEM. The DMTF has adopted Microsoft's object-
oriented model, known as the Common Information Model.
Java Applets
JMX is based on a specific subset of Java applets developed by Sun Microsystems that
operate within network components.

NETWORK MANAGEMENT COMPLEXITY

SNMP
Widely favored over CMIP due to its simplicity and scalar technology.
CMIP
It has been revived because telecommunications providers need complete management of
their networks, services, and business operations.
TMN
It is being considered for implementing TMN because there are many existing SNMP-based
agents.

OSI NETWORK MANAGEMENT ARCHITECTURE

1)Organizational model:
An organizational model in network management outlines the system's components, their
roles, and relationships. Key terms include:
Object: Network elements like hosts, routers, and bridges.
Agent: Software managing the objects.
Manager: Controls and monitors the agents.
Objects are classified as managed (under supervision) or unmanaged (outside control).

2) OSI information model:

The OSI information model defines how management data is structured and stored. The
Structure of Management Information (SMI) organizes the data, and the Management
Information Base (MIB) stores and manages it.

3) Communication Model:
The third model in OSI management is the communication model, which has three
components: management application processes that function in the application layer,
management between layers and layer operation within the layers.

4) Functional Model:
The functional model is the fourth component of OSI management, and it deals with the user-
oriented requirement of network management. OSI defines five functional application areas,
namely-configuration, fault performance, security and accounting. These are defined as
system management functions in OSI.

WEB-BASED MANAGEMENT ADVANTAGES

Object-Oriented Technology
The new web-based management system allows for the implementation of object-oriented
technology while eliminating the need for dedicated workstations by using web browsers.
Polling Methodology
Both SNMP and CMIP use polling methodology, which adds extra load to the network.
Additionally, they require dedicated workstations for the network management system.
Web Browser Access
The new web-based management system enables the use of object-oriented technology and
removes the need for dedicated workstations by utilizing web browsers.
 UNIT-4
Infrastructure for network management, simple network protocol (SNMP)

Infrastructure for network management

• Network management includes the deployment, integration, and coordination of the
hardware, software, and human elements to monitor, test, poll, configure, analyze,
evaluate and control the network and element resources to meet the real-time,
operational performance, and quality of service requirements at a reasonable cost.
• So that network management requires the ability to "monitor, test, poll,
configure,…and control" the hardware and software and components in a network.
• Because the network devices are distributed, this will minimally require that the
network administrator be able to gather data (for example, for monitoring purposes)
from a remote entity and be able to affect changes (for example, control) at that
remote entity.
• A human analogy will prove useful here for understanding the infrastructure needed
for network management.
• Imagine that you are the head of a large organization that has branch offices around
the world. It is your job to make sure that the pieces of your organization are operation
smoothly. How would you do so? At a minimum, you will periodically gather data
from your branch offices in the form of reports and various quantitative measures of
activity, productivity , and budget.
• User will occasionally (but not always) be explicitly notified when there is a problem
in one of the branch offices; the branch manager who wants to climb the corporate
ladder(perhaps to get your job) may send you unsolicited reports indicating how
smoothly things are running at his/her branch.
• You will sift through the reports you receive, hoping to find smooth operations
everywhere, but no doubt finding problems in need of your attention.
• You might initiate a one-on-one dialogue with one of your problem branch offices,
gather more data in order to understand the problem, and then pass down an executive
order ”Make thing change!” to the branch office manager.
• Implicit in this very common human scenario is an infrastructure for controlling the
organization, the boss (you), the remote sites being controlled (the branch offices),
your remote agents(the branch office managers), communication protocols (for
transmitting standard reports and data, and for one-on-one dialogues), and data (the
report contents and the quantitative measures of activity, productivity, and budget).
• Each of these components in human organizational management has a counterpart in
network management.
• The architecture of a network management system is conceptually identical to this
simple human organizational analogy.
• The network management field has its own specific terminology for the various
Components of network management architecture, and so we adopt that terminology
here. As shown below,

• There are three principle components of network management architecture: a

managing entity (the boss in our above analogy-you), the managed devices (the branch
office), and the network management protocol.
• The managing entity is an application, typically with a human in the loop, running is a
centralized network management station in the network operations center (NOC). The
managing entity is the locus of activity for network management; it controls the
collection, processing, analysis, and/or display of network management information. It
is here that actions are initiated to control network behaviour and here that the human
network administrator interacts with the network devices.
• A managed device is a piece of network equipment (including its software) that
resides on a managed network. This is the branch office in our human analogy.
• A managed device might be host, router, bridge, hub, printer, or modem device.
Within a managed device, there may be several so-called managed objects.
• These managed objects are the actual pieces of hardware within the managed device
(for example, a network interface card), and the sets of configuration parameters for
the pieces of hardware and software (for example, an intra-domain routing protocol
such as RIP: Routing Information Protocol).
• In our human analogy, the managed objects might be the departments within the
branch office.
• These managed objects have pieces of information are available to the managing
entity. In our human analogy, the MIB corresponds to quantitative data (measures of
activity, productivity, and budget, with the latter being settable by the managing
entity) exchanged between the branch office and the main office.
• Finally, also resident in each managed device is a network management agent, a
process running in the managed device that communicates with the managing entity,
taking local actions on the managed device under the command and control of the
managing entity. The network management agent is the branch manager in our human
analogy.
• The third piece of network management architecture is the network management
protocol. The protocol runs between the managing entity and the managed devices,
allowing the managing entity to query the status of managed devices and indirectly
take actions at these devices via its agents.
• Agents can use the network management protocol to inform the managing entity of
exceptional events (for example, component failures or violation of performance
thresholds).
• It is important to note that the network management protocol does not itself manage
the network. Instead, it provides a tool with which the network administrator can
manage monitor, test, poll, configure, analyze, evaluate and control the network. This
is the subtle, but important distinction.
• Although the infrastructure for network management is conceptually simple, one can
often get bogged down with the network-management-speak vocabulary of "managing
entity“, "managed device", "managing agent", and "managing information base".
• For example, in network-management-speak, our simple host monitoring scenario,
"managing agents" located at "managed devices" as periodically queried by the
"managing entity“-- a simple idea, but a linguistic mouthful! Hopefully, keeping the
human organizational analogy and its obvious parallels with network management in
mind will be of help to understand the concept.
• Network Management Standards began maturing in the late 1980's with OSI
CMISE/CMIP (the Common Management Service Element/Common Management
Information Protocol) and the Internet SNMP (Simple Network-Management
Protocol) emerging as the two most important standards.
 • Both are designed to be independent of vendor-specific products or networks. Because
SNMP was quickly designed and deployed at a time when the need for network
management was becoming painfully clear, SNMP found widespread use and
acceptance. Today, SNMP has emerged as the most widely used and deployed
network management framework.
SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)
Review:
• SNMP management began in the 1970's. Internet Control Message Protocol (ICMP)
was developed to manage ARPANET. ICMP is a mechanism to transfer control
message between nodes. A popular example of this is Packet Internet Groups (PING),
which is part of the TCP/IP suite now.
• PING is very simple tool that is used to investigate the health of a node and the
robustness of communication with it from the source node. It started as an early form
of a network-monitoring tool.
• The ARPANET, which started in 1969, developed into the Internet in the 1980's with
the advent of UNIX and the popularization of client/server architecture.
• Data was transmitted in packet form using routers and gateways. TCP/IP-based
networks grew rapidly, mostly in the defense and academic communities and in small
enter-premarital companies that took advantage of the electronic media for
information exchange.
• The National Science Foundation officially dropped the name ARPANET in 1984,
and adopted the name Internet. Note that Internet is spelled with capital I and is
limited to TCP/IP-based network. An Internet Advisory Board (IAB) was formed to
administer Internet-activities.
• With the growth of the Internet, it became essential to have the capability to monitor
and configure gateways remotely.
• The Simple Gateway Monitoring Protocol (SGMP) was developed for this purpose--
an interim solution.
• The Internet Advisory Board recommended the development of SNMP, which is
enhancement of SGMP.
• Even SNMP was intended to be another interim solution, with the long-term solution
being migration to the OSI standard CMIP/CMIS.
• However, due to the enormous simplicity of SNMP and its extensive implementation,
it has become de facto standard.
• SNMPv2 was developed to make it independent of the OSI standard, as well as to add
features SNMPv2 has only partially overcome some of the limitations of SNMP.
 • The final version of SNMPv2 was released without one of the major enhancement on
its security features there are strong differences of opinion among working group
members on the specifications. SNMPv3 addresses the security feature.

Simple network management protocol

 The SNMP is a management protocol designed to make sure network protocols and
devices not only work but work well. It allows managers to locate problems and make
adjustments by exchanging a sequence of commands between a client and a server.
The diagram shows the SNMP architecture.

 A network manager runs a management client program at a site that communicates

with the management server program at another site.
 Typically the server problems are run on remote hosts and especially network routers.
Both management programs use commands defined by the SNMP protocol.
 Primarily the commands define how to request information from a server and send
information to a server or client.
 SNMP has several goals. The first is to simplicity SNMP function to reduce support
costs and make SNMP easier to use.
 Second, it must be extensible to accommodate future updates in network operations
and management.
 Third, the protocol must be independent of design, specifies of hosts or routers. The
result is an application-layer protocol that interfaces with transport services.
  Because SNMP is a management application it must know that process it is to manage
and how to refer to them. The routers and hosts that SNMP manages are called
objects. An object has a formed definition according to ASN.1 (Abstract Syntax
Notation 1), a formal language designed expressly for the definition of PDU (Protocol
Data Units) formats and objects.

Management Information Base (MIB)

• Each object server maintains a database of information that describes its
characteristics and activities. Because there are different object types, a standard
defines precisely what should be maintained. This standard, the Management
Information Base (MIB) was defined by group, that proposed SNMP. There are eight
categories of information specified by MIB.
(a) System: Describes the host or router operating system and contains information
such as when the server was booted, a description of the device it runs on, device
location, and contact person.
(b) Interface: Describes each network interface and contains items such as MTU size
(one of the problems the Internet Protocol faces is that different network architecture
allow different maximum frame sizes, also called maximum transfer units or MTU),
transmission rate, number of packets discarded for various reasons, number of octets
transmitted and received number of interfaces, and an interface description.
(c) Address translation: Contains a table used to change as IP address into a
network- specific one.
(d) IP: Describes information specific to the Internet Protocol. Examples of
information maintained include default time-to-live value for IP packets, number of
data grams eliminated for various reasons, number of data grams forwarded and
delivered to the transport protocol and received from the data link protocol, number of
fragments evaded, number of datagrams reassembled, and routing tables.
(e) ICMP (Internet control message protocol): Describes information specific to the
ICMP protocol, primarily, it contains many counters tracking the number of each type
of control message sent by ICMP.
(f) TCP: Among the items it contains are timeout lengths, number of connections,
number of segments sent and received, maximum number of simultaneous connection,
IP address of each entity using TCP and the IP address of the remote connection, and
the number of failed connection attempts.
(g) UDP (User datagram protocol): Among the items it contains are the number of
data grams delivered, discarded, or received and the IP addresses of entities using
UDP.
(h) EGP (Exterior gateway protocol): This is a protocol to exchange routing
information between two autonomous networks in an Internet. As with other
 categories, the MIB maintain counters tracking the number of EGP messages sent and
received.
SNMP Commands
• The management programs that use SNMP run asynchronously. That is, they send out
requests but can do other things while waiting for responses. Generally the requests, or
PDU, request information from a server, send information to a remote management
program, or respond to special conditions. SNMP defines five PDU (Protocol Data
Units) formats:
(a) Get Request: This command causes a Get Request PDU to be sent containing a
command code, object name, and specification of an MIB variable. The receiving
entity responds by sending a Get Response PDU containing values of the variable
requested or an error code in the event of an error.
b) Get Next Request: This command is similar to Get Request except that the
request is for values of variables that "follow" the ones specified in the PDU. The
notation of following is based on a lexicographic order determined by the MIB design.
This is especially, useful for traversing tables maintained by the management server.
(c) Get Response: A PDU sent in response to a previously received Get Request
PDU. It contains values requested or error codes
(d) Set Request: This command allows the manager to update values of MIB
variables maintained by remote management program and to remotely alter the
characteristics of a particular object, which, in turn, can affect network operation the
format does not violate any security measures that prevent unauthorized updates.
(e) Trap: The PDU is sent from a server to the manager when specific conditions or
events have occurred. It allows the manager to stay abreast of changes in the operating
environments. Some of the trap PDU's and their events are listed here:
Coldstart Trap: The management program has been reinitialized with potential
changes in the objects characteristics.
Warmstart Trap: Reinitialization has occurred, but no characteristics have been
altered.
Linkdown Trap: A communication link has failed.
Linkup Trap: A previously failed communication has been restored.
Neighbor Loss Trap: The station has lost contract with an EGP peer neighbor.
Authentication Failure Trap: An SNMP PDU that failed an authentication check has
been received.
Simple Network Management Protocol Version 2 (SNMPv2)
• In August 1988, the specification for SNMP was issued and rapidly became the
dominant network management standard.
• A number of vendors offer standalone network management workstation based on
SNMP.
• As the name suggests, SNMP is a simple tool for network management.
• With its widespread use, the deficiencies of SNMP became increasingly apparent;
these include both functional deficiencies and lack of security facility. As a result an
enhanced version, known as SNMPv2, was issued in 1993, with a revised version
issued in 1996.
• SNMPv2 was designed to overcome some of the perceived weaknesses of SNMP. For
example, one of the criticisms of SNMP is that, because of its simple command
format, communication requires a large no. of packets, SNMPv2 provides more
messaging options, thus, allowing the clients and hosts to communicate more
efficiently.
• SNMPv2 also provides more security than the original SNMP through its
implementation of message authentication and DES encryption.
• A third enhancement is increased flexibility to allow SNMPv2 to run on top of
multiple protocols such as AppleTalk, IPX, and OSI.
• SNMPv2 does not provide network management at all. SNMPv2 instead provides a
framework on which network management applications can be built.
• Those applications such as fault management, performance monitoring, accounting,
and so on.
• Many of the functional deficiencies of SNMP were addressed in SNMPv2.To correct
the security deficiencies of SNMPv1/v2, SNMPv3 was issued as a set of proposed
standards in January 1998.
• This set of documents does not provide a complete SNMP capability but rather defines
an overall SNMP architecture and set of security capabilities. These are intended to be
used with the existing SNMPV2.
• SNMPv3 provides three important services: authentication, privacy, and access
control.
• The first two are parts of the User-based Security model and the last is defined in the
View-based Access Control Model.
• Security services are governed by the identity of the user requesting the service; this
identity is expressed as a principal, which may be an individual or an application or a
group of individuals or applications.
 SYSTEM SECURITY

What is System Security?

 The end goal of security management is to create and implement policies and procedures to protect
people, buildings, information assets, machines, and systems.
 Cybersecurity management is a systematic approach to protecting digital assets, networks, and
information systems from cyber threats.
 The main goal is to prevent unauthorized access, data breaches, and malicious activities by
cybercriminals.

Basic Goal of Network Security?

 To protect information from accidental destruction or modification.
 To protect information from deliberate destruction or modification.
 Make sure the data is available to authorized users, when they need it and in a form they can use.

Security Plan:
 A security plan identifies and organizes the security activities for a computing system.
 The plan is both a description of the current situation and a plan for improvement.
 Every security plan must address seven issues.
1. Policies.
2. Current State.
3. Requirements.
4. Recommended Controls.
5. Continuing Attention.
6. Accountability.
7. Time Table.

Security Analysis:
 Who performs the security analysis, recommends a security program, and writes the security plan? As
with any such comprehensive task, these activities are likely to be performed by the committee that
represents all the interests involved.
 The size of the committee depends on the size and complexity of the computing organization and the
degree of its commitment to security. Organizational behaviour studies suggest that the optimum size for
a working committee is in between five and nine members.
 Sometimes large committee may serve as an oversight body to review and comment on the products of a
smaller working committee.

A security planning team should represent each of the following groups :

 Computer hardware group.
 System administrator.
 System programmers.
 Application programmers.
  Data entry personnel.
 Physical security personnel.
 Representative users.

CHANGE MANAGEMENT

What is Change Management?

 Change management is the process of modifying equipment, systems, software, or procedures in a
planned and authorized manner. This includes ensuring that a business purpose is behind the change
request.
 Change management procedures are one way to add structure and control to the development of large
software systems as they move from development to operation.
 Change management refers to a standard methodology for performing and recording changes during
software development and operation.
 The methodology defines steps that ensure that system changes are required by the organization, and are
properly authorized, documented, tested and approved by management.
 The term change management is often applied to the management of changes in the business
environment, typically as a result of business process reengineering or quality enhancement efforts.

Why Change Management is Important?

 Without change management, an organization can be a chaotic place to work. Human errors can result in
a large number of system outages and downtime.
 With proper change management in place, many of these errors can be significantly reduced. Changes
should follow a tightly controlled, repeatable process.

Following steps can be used to manage change control across the organization:
1. Identity and document the change: This step should include the type of equipment, system, or software
to be modified. It should also include when the change will occur, how long the change will last, and
who will perform the change.
2. Document the business reason, or driver, behind the change: Is this change in support of a new and
critical business application, or is to upgrade code on a firewall to fix an existing problem?
3. Estimate the impact of the change and determine if the impact is acceptable: Is this change likely to
bring down the Internet connection for an extended period, or is it a change that the users and
applications should not notice?
4. Document accurate back-out procedures in the event that the change does not succeed: In this situation,
the affected changes can be safely removed, enabling you to revert to your previous operational
configuration.
5. Once the impact has been accessed and the change has been approved, the change should be
communicated to all relevant parties: Only then should the change to be executed.
This may appear to be lengthy process, but it does provide many benefits to the organization. By forcing the
implementers to document and access the impact of their changes, they think through the change more carefully.
It also forces them to design and document a rollback plan ahead of time.

CMM- CAPABILITY MATURITY MODEL:

What is CMM?
 1991- Carnegie Mellon University’s Software Engineering Institute (SEI).
 CMM is frame work that describes the key elements of an effective software process.
 CMM model is more explicit than the ISO 9001 standard.
 It provides organization with the capability to improve their software.
 It defines the five maturity levels.

System Security Management

What is System Security Management?

 Protection of computer systems, networks, and data from unauthorized access, use, disclosure,
disruption, modification, or destruction.

Objectives:
 Prevent unauthorized access and data breaches.
 Protect sensitive data from theft or manipulation.
  Ensure system and network availability.
 Maintain regulatory compliance.

CCB- CONFIGURATION CONTROL BOARD

 Organizations should consider setting up a Configuration Control Board (CCB) to co-ordinate and
approve changes to a system’s baseline configuration. The CCB should have representatives from the
following areas:
1. Security
2. Systems support
3. Application development
4. Users.

Procedures:
 Hardware changes
 Software changes
 Documentation for hardware, software and System operations.

Software Control :
 Software control within a CCB refers to the processes and procedures for managing changes to software
components, ensuring their integrity, consistency, and documentation.
 Ensures software integrity and reliability
 Reduces software errors and rework
 Improves software change management

Management Procedures:

System Monitoring:
 System monitoring refers to the ongoing process of tracking, analyzing, and reporting on system
performance, security, and availability to ensure optimal operation and minimize downtime.
 Eg. Network Monitor, Database Monitor.

Intrusion and Misuse Detection :

 Identifies and alerts on potential unauthorized access or malicious activity within a network.
 Network –Based Intrusion –Detection.
 Eg. Excessive network traffic from an unfamiliar site.
 Host-Based Intrusion –Detection.
 Eg. Failed login attempts with bad passwords.

Protection Against Malicious Software :

There are many ways to exploit the vulnerability of computer software. The following can make unauthorized
changes:
  Computer viruses
 Network worms
 Trojan horses
 Logic bombs.
Organizations must know about and prevent the introduction of malicious softw Specific procedures might
include:

 Prohibition on software not authorized by a Configuration Control Board.

 Mandated use of approved antivirus and software-change-detection software.

Network Management :
Access to computers and networks should be closely managed to:

 Optimize service to the business.

Consistently apply security measures across the information-systems infrastructure.

Procedural controls to achieve and maintain network security may include:

 Allocation and/or separation of responsibilities.

 Intrusion or misuse detection.
 Guidelines for managing devices such as routers and firewalls.
 Management of cryptographic keys and equipment.
Organizations may need to interconnect or share computers or networks beyond traditional boundaries. The risk
of unauthorized access and security breaches is greater for information passed across such networks and their
computer systems. Security policies for networks that span organizational boundaries should consider additional
controls:

 Within networks, to segregate user groups

 Between networks, to protect information in transit.

Disaster Recovery:
Disaster Recovery (DR) in Change Management refers to the process of quickly restoring critical business
operations and IT systems after an unexpected disruption or disaster, ensuring minimal impact on the
organization.

Disaster Recovery Plan (DRP):

A DRP outlines procedures to:
 Identify potential risks and threats.
 Develop recovery strategies.
 Establish emergency response teams.
 Conduct regular training and testing.
 Process of Change Management

Identify the Change

Document the Changes

Document business care

Access impact

NO

Impact Acceptable Modify change

request

YES

Change Approved

Communicate change

Execute change
PROTECTING STORAGE MEDIA:
Organizations should develop and use procedures to protect all media, for
example tapes, disks and system documentation. Media should be protected
against:
 Damage
 Theft
 Loss.
 Unauthorized access
 Virus or other software, or network, attacks
 Inappropriate sanitization and/or disposal

 Classified media must be protected during transport to prevent unauthorized

disclosure or modification.
 Clear procedures should manage removable computer media (tapes, disks).
 All media should be marked and stored based on the highest security
classification.
 Media must be labelled to indicate sensitivity and security classification.
 All movements of media in and out of an organization should be recorded.
Media should be checked:

* On arrival for classification, damage, and malicious software such as

viruses.
* On departure for classified information and viruses.
 Private media should be strictly controlled and generally prohibited from
organizational systems.
 Organizations processing classified information should have independent
checks for exported media.
 Adequate backup facilities are essential for recovering essential business
data after incidents.
 Backups should align with the organization's business continuity plan.
 Procedures for emergency destruction of classified information in high-risk
environments are necessary.

Sanitization & Disposal:

 Sanitization erases information from media/equipment but doesn’t change its

classification.
 Physical destruction is the only reliable method to remove all traces of
information.
 Some sanitization methods can make information too expensive to recover.
 Media retains the highest classification until appropriately sanitized or
declassified.
 Waste material containing official information must be disposed of securely.
 approved ways of disposing of information-systems media, such as magnetic
media which include

* Degaussing (or demagnetization) - for floppy disks and magnetic tape,

though hard disks may also have tracking information destroyed this way.
* Overwriting with approved software - for hard disks, but not for floppy
discs or magnetic tape.
* Destruction - mandatory for magnetic media that has held information
classified TOP Secret.

PROTECTION OF SYSTEM DOCUMENTATIONS

System documentation may contain a range of sensitive information and
should be protected from unauthorized access by:
1. Physically securing it
2. Minimizing its distribution
3. Disposing securely when it is superseded
Security in Software Applications
Input data should be vetted in all key business systems, processing errors
of deliberate acts can Input data that has been correctly entered into an
application system. Systems should have validation checks to detect any such
corruption. The specific controls needed depend on the application and the
assessed impact of any corruption.

Operating Systems and Package Maintenance

All changes to operating systems software must be managed through
strong configuration management processes. Changes to original copies of
systems software and standard commercial software should be discouraged. If
necessary, changes should be made only to a clearly identified copy; the
original software should be retained.

Protection of Development Suite and Test Data

 Separate development and operational systems to minimize accidental
changes and unauthorized access.
 Run developmental and operational software in different environments.
 Protect source code and configuration files from unauthorized access and
changes.
 Manage source code under strict version control, clearly separating
operational and development versions.
 Do not store source code on operational systems or allow unnecessary
access for support staff.
 Complete testing data before implementation, ensuring it is protected and
controlled.
 Use test data that mimics live data for system and acceptance testing.
 Avoid using live databases with personal information for testing
purposes.
EXCHANGES OF INFORMATION AND SOFTWARE
Exchanges of information and software should be based on formal
agreements, in line with any relevant legislation and licensing arrangements.
Procedures and standards should be set to protect information in transit,
especially electronic data interchanges. One such mechanism is the Secure
Electronic Environment (SEE) for inter-organization communications classified
up to Sensitive.
Organizations should consider the following security concern in using
leased lines or public works to communicate between information systems that
process classified information:
 Data interception
 Data modification
 User impersonation
 Unauthorized access into networks.
 Initial planning to use leased lines and public networks should
incorporate security measures such as:
 Configuration management
 Security management
 Cryptography
 Border control

Organization networks connected to public networks must be protected

by appropriate security measures, even if processing only unclassified
information.
The main public network, the Internet, has become a widely used
business tool; electronic mail (e-mail) and access to the Worldwide Web are
used more and more for business communications and transactions.
 The Internet is vulnerable to:
 Message interception.
 Unauthorized access to systems.
 Attacks which can modify, manipulate or destroy data and
systems.
 Attacks which can hinder or disrupt services or systems.
Security Risks of the Internet :
 Vulnerability of traffic to unauthorized interception or modification
 Vulnerability to error, for example, incorrect addressing or
misdirection
 Lack of control over the reliability and availability of service
 Accessibility of official information in public directories.
Where the appropriate security measures are in place, connection to the
Internet is permissible for networks handling official information classified up
to Restricted or Sensitive.
Systems that process information classified Confidential or above must
not be connected to the Internet unless specific security measures are used such
as encryption products.

Security Risks of Telephone Systems

 The telephone system is widely accessible by many people, such as
maintenance technicians or switchboard operators, in the course of their
normal duties.
 Authorized and unauthorized monitoring of telephones is possible at
junctions and distribution points throughout the system.
 Conversations classified as Confidential or above should only occur over
telephone circuits with end-to-end cryptographic protection.
 Staff must be briefed on the risks of discussing classified information
over the phone, including social engineering tactics.
  Proper identification of callers is essential; if unsure, ask for a call-back
number for authentication.
 Telephone systems are vulnerable to monitoring and tampering, even
when "on-hook."
 Cellular phones should never be used in sensitive areas due to risks like:
 Inadvertent transmission of sensitive information.
 Silent ringing and automatic answering capabilities that can facilitate
eavesdropping.
 Vulnerability to interception using inexpensive radio-scanning receivers.
 Personal Electronic Devices (PEDs), such as PDAs, pose additional risks,
including
o Audio Recording Capabilities: Some PEDs are capable of
recording up to six hours of audio. Additionally, microphones may
be capable of picking up normal office conversations from a
distance in excess of 50 feet.
o IR Ports: Data from the IR port of a PED can be intercepted at (or
exercised from) significant distances.
 The following minimum precautions should be observed:
o Microphones: Site policies should preclude the introduction of
audio recording equipment including PEDs with microphones into
controlled spaces.
o IR Ports: Any IR Port on a PED should be covered with an IR
opaque metallic tape.
o Passwords: The use of strong device passwords should be
mandated, as the password may be the only mechanism that
prevents an attacker from loading malicious code onto a PED.

 Wireless-enabled devices have similar vulnerabilities to Wireless LANs

(WLANs) and must be treated accordingly.
  Pagers should not transmit classified information due to interception
risks.
 Be cautious with answerphones to avoid leaving classified messages.
 Disable remote maintenance features on PABXs to prevent unauthorized
access.
 Commercial fax systems are not secure and should not connect
unclassified and classified systems simultaneously.
 Facsimiles may be used without encryption for transmitting information
classified as Confidence, Restricted, or Sensitive within New Zealand.
 Video-conferencing systems must use appropriate encryption and should:
 Disable auto-answer features.
 Avoid using the Internet for sensitive video-conferencing.

SECURITY REQUIREMENTS OF SYSTEMS

Systems security must consider:
 Infrastructure
 Applications, including user-developed applications
 Availability of adequate capacity and resources.
Security can depend on how a business process that supports an
application or service is designed and implemented.
Before developing information systems, organizations should identify and
agree on security needs.
At the requirements phase of an information systems project, as part of
the overall business case, all security needs including fallback arrangements
should be:
 Identified
 Justified
 Agreed
 Documented.
 For systems with information that requires confidentiality, authentication,
integrity and protection in transit or on magnetic media, consider cryptography.
Cryptography or encryption is the process of transforming information
into an unintelligible form to safeguard its security and integrity. It uses an
encryption algorithm and a secret cryptographic key.
Cryptography also can ensure:
 Authentication: The identity of the respective parties can be
confirmed.
 Integrity: Any change to the information while in transit can be
detected.
 Non-repudiation: The sender cannot deny sending the
information.

While encryption can be a powerful tool, used carelessly it can:

 Hinder virus and system-misuse detection.
 Cause information to be lost.
 Provide users with a false sense of security.
The policy for cryptographic systems and techniques should account for
business net within and between departments.