1 / 0

By: Gulrez Alam Khan

By: Gulrez Alam Khan. INFORMATION SECURITY MEASURES & POLICIES. Gulrez Alam Khan Computer Science and Information Department. College of Art and Science, Wadi Addawasir Salman Abdul Aziz University- KSA. By: Gulrez Alam Khan. INFORMATION SECURITY.

cole
Télécharger la présentation

By: Gulrez Alam Khan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. By: Gulrez Alam Khan

  2. INFORMATION SECURITY MEASURES & POLICIES

    Gulrez Alam Khan Computer Science and Information Department. College of Art and Science, Wadi Addawasir Salman Abdul Aziz University- KSA By: Gulrez Alam Khan
  3. INFORMATION SECURITY Information Security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, recording or destruction.
  4. Why Information Security? Information is critical to any business and paramount to the survival of any organization in today’s globalised digital economy. Governments, military, corporations, financial institutions, etc. amass huge confidential information about their employees, customers, research & financial status. Most of this information is stored on computers and transmitted across networks to other computers. Conventional warfare has been replaced by digital or cyber war. Rivals continue attempts to gain access to the adversaries information.
  5. Some Examples Bradley Manning, US soldier: involved in the biggest breach of classified data (7 Lakhs Classified files, battlefield videos & diplomatic cables) in US History for providing files to WikiLeaks. A hacker stole a database from South Carolina’s Deptt. Of Revenue, exposing 3.6 million Social Security numbers and 3.8 Lakhs payment card records. More than 6.5 Lakhs businesses were also compromised. As per recent article of Indiatimes: As India’s 108 bn $ IT Service industry is becoming the world’s favoured outsourcing centre, India is emerging as a top destination for cyber data theft.
  6. Computer Security Losses
  7. REASONS FOR ATTACKS Fraud: These attacks are after credit card numbers, bank accounts, passwords…anything of use of themselves or sell for profit Activism: Activists disagree with a particular political or social stance one takes, and want only to create chaos and embarrass the opponent organization. Industrial Espionage: Specific proprietary information is targeted either in rivalry or to make profit.
  8. FORMS OF THREAT Computer Viruses Trojan Horse Address Book Theft Domain Name System Poisoning Zombies (Enslaving of Computers), IP Spoofing (Replicating IP address) Password grabbers Network Worms Hijacked Home Pages Denial of Service attacks Phishing Identity theft
  9. Top Three Security Threats Malware (Malicious Software) Internet- Facing Applications Social Engineering
  10. Social Engineering Social Engineering is the art of deceptively influencing a person face to face, over the phone, via e mail, etc. to get the desired information. For an organization with more than 30 employees one expert puts the success rate of social engineering at 100%. For e.g.- Convincing an employees to share a company password over the phone or chat Tricking someone into opening a malicious e mail attachment Sending a “free” hardware that’s been pre- infected
  11. TYPICAL SYMPTOMS File deletion File corruption Visual effects Pop-Ups Erratic (and unwanted) behavior Computer crashes
  12. THREAT CONSEQUENCES Unauthorized Disclosure exposure, interception, inference, intrusion Deception masquerade, falsification, repudiation Disruption incapacitation, corruption, obstruction Usurpation (Budget) misappropriation, misuse
  13. Pillars of Information Security: CIA Data Availability Data Integrity Data Confidentiality
  14. CONFIDENTIALITY Preventing disclosure of information to unauthorized individuals or systems. For e.g. A Credit Card transaction. The system attempts to enforce confidentiality by “encrypting” the card number during transmission from buyer to seller.
  15. INTEGRITY Maintaining and assuring the accuracy and consistency of data over its entire life-cycle. This means the data cannot be modified in an unauthorized or undetected manner.
  16. AVAILABILITY The information must be available when it is needed, to ensure its utility. This means that the computing systems used to store and process the information, the security controls used to protect it , and the communication channels used to access it must be functioning correctly.
  17. MEASURES FOR INFORMATION SECURITY Use a strong password A strong password is the best way to protect yourself against identity theft and unauthorized access to your confidential information. Protect confidential information Varied people have access to information that must not be shared, including the password. Familiarize yourself with the applicable laws and policies which govern these records and act accordingly.
  18. Make sure operating system and virus protection are up-to-date This will avoid vulnerability to hackers and others looking to steal information. Use secure and supported applications Any software you install has the potential to be exploited by hackers, so be very careful to only install applications from a trusted source. The use of pirated software is illegal. Be wary of suspicious e-mails Don't become a phishing victim. Never click on a link in an email; if you're tempted, cut and paste the “url” into your browser. That way, there's a good chance your browser will block the page if it's bad. And don't open email attachments until you've verified their legitimacy with the sender.
  19. Store confidential information only on HSU servers CDs, DVDs, and USB drives are all convenient ways to store data; the trouble is, they're just as convenient for thieves as for you. Wherever possible, store confidential information in your network folder or other protected central space. If you must store confidential information locally, you must encrypt it and then delete it as soon as you no longer need it. Back up your data … and make sure you can restore it If your computer becomes infected, the hardware fails, you may be unable to retrieve important information. So make sure your data is backed up regularly - and test that backup from time to time to make sure that the restore works correctly.
  20. BASIC GUIDELINES Do not take unusual precautions –this will attract attention – act normal Persons having the confidential information should be made personally responsible for protecting the same Security must be sensible or low profile Security should be organized in depth
  21. Security Technologies Used
  22. Network Security Issues Why is Network Security Important? Common Security Threats Types of Network Attack General Mitigation Techniques
  23. 1.1 Why is Network Security important? Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability. To make the situation even more challenging, the types of potential threats to network security are always evolving.
  24. 1.2 Why is Network Security important? It refers to any activities designed to protect your network. Specifically, these activities protect the usability, reliability, integrity, and safety of your network and data. Effective network security targets a variety of threats and stops them from entering or spreading on your network.
  25. Attack sophistication vs. Hackers Technical Knowledge
  26. 1. 3 Terminologies Threat - an action or event that might compromise security. It represents a potential risk to a computer or system. Vulnerability - the existence of a weakness in a design or configuration that can lead to an exploitation or some other unwanted and unexpected event that can compromise the security of a system. TargetofEvaluation - this is the system that needs to be tested, or evaluated to see if it has vulnerabilities. Attack - An actual assault on a system. Exploit - A way to compromise the security of a system, usually a proof of concept about a vulnerability.
  27. 1.3 Terminologies (cont.) Hacker – A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent. Cracker – A more accurate term to describe someone who tries to gain unauthorized access to network resources with malicious intent.
  28. 1.4 Classes of Hacker White hat – an individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. Black hat – Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat. Gray hat – individual who works both offensively and defensively at various time
  29. 1.5 Other Types of Cracker Phreaker – An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls. Spammer – An individual who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages. Phisher – Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.
  30. 1.6 What does Hacker Do? Reconnaissance Which can be Active or Passive in nature Host or Target Scanning Live system detection Port Scanning Gaining access Operating system level/ application level Network level Denial of service if otherwise unsuccessful Then Maintaining access By using backdoor or Trojan programs Finally, covering their attacks
  31. Why is Network Security Important? Common Security Threats Types of Network Attack General Mitigation Techniques
  32. Vulnerabilities Threats to Physical Infrastructure Threats to Networks Social Engineering 2- Common Security threats
  33. 2.1.1 Vulnerability Vulnerability is the degree of weakness which is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices. There are three primary vulnerabilities or weaknesses: Technological weaknesses Configuration weaknesses Security policy weaknesses
  34. 2.1.2 Vulnerabilities Technology weakness – Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol, operating system, and network equipment weaknesses. Configurationweakness – Network administrators or network engineers need to learn what the configuration weaknesses are and correctly configure their computing and network devices to compensate. Policyweakness – Security risks to the network exist if users do not follow the security policy. Some common security policy weaknesses and how those weaknesses are exploited are listed in the figure.
  35. 2.2.1 Threats to Physical Infrastructure When you think of network security, or even computer security, you may imagine attackers exploiting software vulnerabilities. A less glamorous, but no less important, class of threat is the physical security of devices. An attacker can deny the use of network resources if those resources can be physically compromised.
  36. 2.3 Threats to Networks Unstructured Threats –consist of mostly inexperienced individuals using easily available hacking tools, such as shell scripts and password crackers. StructuredThreats –these people know system vulnerabilities and use sophisticated hacking techniques to penetrate unsuspecting businesses. Externalthreats can arise from individuals or organizations working outside of a company who do not have authorized access to the computer systems or network. They work their way into a network mainly from the Internet or dialup access servers. Internalthreats occur when someone has authorized access to the network with either an account or physical access.
  37. Why is Network Security Important? Common Security Threats Types of Network Attack General Mitigation Techniques
  38. Reconnaissance Access Denial of Service Virus – worms, Trojan and other malicious software 3. Types of Network Attacks
  39. 3.1.1 Types of Network Attacks Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes another type of attack. Access - System access is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password. Denial of service (DoS) is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services. Common names for this type of software are worms, viruses, and Trojan horses.
  40. 3.1.2 Reconnaissance Attack Reconnaissance attacks can consist of the following: Internet information queries Ping sweeps (mapping if IPs) Port scans (Systematically scan the port of N/W) Packet sniffers Network snooping and packet sniffing are common terms for eavesdropping. Two common uses of eavesdropping are as follows: Information gathering –Network intruders can identify usernames, passwords, or information carried in a packet. Information theft –The theft can occur as data is transmitted over the internal or external network. The network intruder can also steal data from networked computers by gaining unauthorized access. Examples include breaking into or eavesdropping on financial institutions and obtaining credit card numbers.
  41. 3.1.3 Three of the most effective methods for counteracting eavesdropping are as follows: Using switched networks instead of hubs so that traffic is not forwarded to all endpoints or network hosts. Using encryption that meets the data security needs of the organization without imposing an excessive burden on system resources or users. Implementing and enforcing a policydirective that forbids the use of protocols with known susceptibilities to eavesdropping. For example, SNMP version 3 can encrypt community strings, so a company could forbid using SNMP version 1, but permit SNMP version 3.
  42. 3.2.1 Access Attacks Password attacks Trust exploitation attack Password attacks can be implemented using a packet sniffer to yield user accounts and passwords that are transmitted as clear text. Password attacks usually refer to repeated attempts to log in to a shared resource, such as a server or router, to identify a user account, password, or both. These repeated attempts are called dictionaryattacks or brute-forceattacks. Trust exploitation attack is to compromise a trusted host. If a host in a network of a company is protected by a firewall (inside host), but is accessible to a trusted host outside the firewall (outside host), the inside host can be attacked through the trusted outside host.
  43. 3.1.2 Access Attacks A man-in-the-middle (MITM) attack is carried out by attackers that manage to position themselves between two legitimate hosts. The attacker may allow the normal transactions between hosts to occur, and only periodically manipulate the conversation between the two.
  44. 3.1.3 How to mitigate this access attack? Other sorts of MITM attacks are potentially even more harmful. If attackers manage to get into a strategic position, they can steal information, hijack an ongoing session to gain access to private network resources, conduct DoS attacks, corrupt transmitted data, or introduce new information into network sessions. WAN MITM attack mitigation is achieved by using VPN tunnels, which allow the attacker to see only the encrypted, undecipherable text. LAN MITM attacks use such tools as ettercap and ARP poisoning. Most LAN MITM attack mitigation can usually be mitigated by configuring port security on LAN switches.
  45. 3.3.1 Denial of Service DoS attacks prevent authorized people from using a service by using up system resources. Such as : Ping of death - A ping is normally 64 or 84 (with IP header) bytes, while a ping of death could be up to 65,536 bytes which cant be held by a host. SYNFlood –A SYN flood attack exploits the TCP three-way handshake. It involves sending multiple SYN requests (1,000+) to a targeted server. DistributedDoS (DDoS) attacks are designed to saturate network links with illegitimate data. This data can overwhelm an Internet link, causing legitimate traffic to be dropped. The Smurfattack– uses spoofed broadcast ping messages to flood a target system. I
  46. 3.3.2 Denial of Service
  47. 3.3.2 Mitigating Denial of Service DoS and DDoS attacks can be mitigated by implementing special anti-spoof and anti-DoS access control lists. ISPs can also implement traffic rate, limiting the amount of nonessential traffic that crosses network segments. A common example is to limit the amount of ICMP (Internet Control Message Protocol) traffic that is allowed into a network, because this traffic is used only for diagnostic purposes.
  48. 3.4.1 Malicious Code Attacks The primary vulnerabilities for end-user workstations are worm, virus, and Trojan horse attacks. A worm executes code and installs copies of itself in the memory of the infected computer, which can, in turn, infect other hosts. A virus (Vital Information Resources Under-Siege) is malicious software that is attached to another program for the purpose of executing a particular unwanted function on a workstation. A Trojanhorse is different from a worm or virus only in that the entire application was written to look like something else, when in fact it is an attack tool.
  49. 3.4. 2 Virus Attack Mitigation The following are the recommended steps for worm attack mitigation: Containment– Contain the spread of the worm in and within the network. Compartmentalize uninfected parts of the network. Inoculation – Startpatching all systems and, if possible, scanning for vulnerable systems. Quarantine– Track down each infected machine inside the network. Disconnect, remove, or block infected machines from the network. Treatment– Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.
  50. Why is Network Security Important? Common Security Threats Types of Network Attack General Mitigation Techniques
  51. Host and Server Based Security Intrusion Detection and Prevention Based Security, Common Security Appliances and Applications 4. General Mitigation Techniques
  52. 4.1.1 Host and Server Based Security There are some simple steps that should be taken that apply to most operating systems: Default usernames and passwords should be changed immediately. Access to system resources should be restricted to only the individuals that are authorized to use those resources. Any unnecessary services and applications should be turned off and uninstalled, when possible. Install host antivirus software to protect against known viruses. Install Personal Firewall to prevent attacks on PCs. Install Operating System Patches
  53. 4.2.1 Intrusion Detection Prevention Intrusion detection systems (IDS) detect attacks against a network and send logs to a management console. Intrusion prevention systems (IPS) prevent attacks against the network and should provide the following active defense mechanisms in addition to detection: Prevention –Stops the detected attack from executing. Reaction –Immunizes the system from future attacks from a malicious source. Host-based intrusion prevention system (HIPS), actually stops the attack, prevents damage, and blocks the propagation of worms and viruses. HIPS software must be installed on each host, either the server or desktop, to monitor activity performed on and against the host.
  54. 4.2.3 Common Security Appliances and Applications Threat control –Regulates network access, isolates infected systems, prevents intrusions, and protects assets by counteracting malicious traffic, such as worms and viruses. Devices that provide threat control solutions are: Devices: Cisco ASA 5500 Series Adaptive Security Appliances Integrated Services Routers (ISR) Network Admission Control Cisco Security Agent for Desktops Cisco Intrusion Prevention Systems The Cisco NAC appliance uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. Cisco Security Agent software provides threat protection capabilities for server, desktop, and point-of-service (POS) computing systems. CSA defends these systems against targeted attacks, spyware, rootkits, and day-zero attacks.
  55. 4.2.4 Common Security Appliances and Applications
  56. Top Security Recommendations Change wireless LAN authentication Choose scalable solutions Add additional security services Scheduled access point discovery Scheduled security audits Distributed personal firewalls or IDS agents Monitor the network Connect access points to switches Configure mutual authentication for clients and Access Points against a RADIUS (Remote Authentication Dial In User Service) server
  57. References http://cs-www.ncsl.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf http://www.securitydocs.com http://tipsybottle.com/technology/wireless.shtml http://netsecurity.about.com/cs/hackertools/a/aafreewifi.htm
  58. Thank You!
  59. Queries?
More Related