1 / 38

Information Security

Information Security . By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com. Outline of Information Security. Introduction Impact of information Need of Information Security. Objectives of Information Security.

shelley
Télécharger la présentation

Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com

  2. Outline of Information Security • Introduction • Impact of information • Need of Information Security. • Objectives of Information Security. • Areas of Information Security. • Types of attackers • Why attacks? • Methods of Attacking on the Information • Methods of Defending the Information • Tips for the Information Security

  3. Introduction • Information Security is a complicated area and can be addressed by well-trained and experienced Professionals. • “When there is an attack on the system with the help of different threats, it means that our system is working very slowly, damaged and our information are unsecured” is called Information insecurity. This is a very big problem. • The Information Security is the solution for it.

  4. Importance of Information • Our work is based on records (information). • We spend minimum half our day with documents • 15% of Rs. spent managing documents. • Can’t work without data, record or information

  5. Need of Information Security • To privacy of our Data/Information • To safely data saving • Theft own Data/Information • To avoid bad use of our data • Lack of time • Lack of money • Lack of human resources

  6. Objectives of Data/Inf. Security Availability Confidentiality Objectives of Data/Info. security Authenticity Integrity

  7. Security Areas • Basically three areas of security • Physical security • Network security • Database Security

  8. Physical Security • Keep the servers in locked room with network and power cables snipped off. • Security of other hardware and machinery

  9. Network security all entry points to a network should be guarded. Network Security Switch Unprotected Network Server Internet Printer Workstation Firewall Modem Scanner Protected LAN

  10. Database Security • Database Integrity • User Authentication • Access Control • Availability

  11. Types of Attackers • Hackers • Lone criminals • Police • Malicious insiders • Press/media • Terrorists • Industrial espionage • National intelligence organizations • Info warriors

  12. Hackers • Attacks for the challenge • Own subculture with names, lingo and rules • Stereotypically young, male and socially • Can have considerable expertise and passion for attacks

  13. Lone criminals • Attack for financial gain • Cause the bulk of computer-related crimes • Usually target a single method for the attack

  14. Malicious insiders • Already inside the system • Knows weaknesses and tendencies of the organization • Very difficult to catch

  15. Press/media • Gather information for a story to sell papers/ commercial time Police • Lines are sometimes crossed when gathering information to pursue a case

  16. Terrorists • Goal is disruption and damage. • Most have few resources and skilled.

  17. National Intelligence Organizations • To investigation of different cases Industrial Espionage • To discover a competitors strategic marketing

  18. Info warriors • Military based group targeting information or networking infrastructures • Lots of resources • Willing to take high risks for short term gain

  19. Why attacks? • To publicity • To financial gain • Jealousness • To fun • To competition with the person of same field

  20. Specific types of attacks • Engineering attacks • Physical attacks • Environmental attacks

  21. Engineering attacks • Viruses • String of computer code that attaches to other programs and replicates • Worms • Replicates itself to multiple systems • Rarely dangerous, mostly annoying • Trojan Horses • Collects information and sends to known site on the network • Also can allow external takeover of your system

  22. Cont… colleague Attacker Virus Our system

  23. Cont.. • Password sniffing • Collect first parts of data packet and look for login attempts • IP Spoofing • Fake packet to “hijack” a session and gain access -Port scanning • Automated process that looks for open networking ports • Logs positive hits for later exploits

  24. Physical attacks • Equipment failure arising from defective components. • Temperature and humidity. • Physical destruction of hardware and equipment • Theft or sabotage.

  25. Environmental Attacks • Natural Disasters Fire, Earthquakes etc. • Man-Made Disasters War, Chemical Leaks etc.

  26. Methods of Information Security Threats • Backups • Antivirus Software • Cryptography • Biometrics • Honey pots • Firewalls • Burglar alarms

  27. Backups • Backups allow us to restore damaged or destroyed data. • We can set up backup servers on the network. • Backup media are- Floppy disks, external hard disks, ISP online backup.

  28. Antivirus • Antivirus is a program that we can install on our computer to detect and remove viruses. • It is used to scan hard disks, floppy disks, CDs, for viruses and scan e-mail messages and individual files, downloads from the Net.

  29. Cryptography • Cryptography is the art of converting info. Into a secret code that can be interpreted only by a person who knows how to decode it. Encrypted Cipher text Plain text Decrypted

  30. Example of Cryptography Original message Receiver Original message Sender Decrypted Encrypted

  31. Bioinformatics • The bioinformetics authentication process uses a person’s unique physical characteristics to authentically the identity. • Bioinformatics authentication method fingerprint recognition, voice authentication, face recognition, keystroke dynamics and retina. Retina Fingerprint

  32. Honey pots • A honey pots is a tool used for detecting an intrusion attempt. • A honey pots simulates a vulnerable computer on a network. • It contains no critical data or application but has enough data to lure an intruder.

  33. Honey pots Honey pots Intruder

  34. Firewall • A firewall is a tool for the network security that stand between trusted and entrusted networks and inspecting all traffic that flows between them. • In simple language firewall is a filter machine that monitors the type of traffic that flows in and out of the network.

  35. Firewall Firewall Private network Internet

  36. Burglar alarms • Traps set on specific networked objects that go off if accessed

  37. Tips for information Security • Use of strong password • Adopt a security policy • Use of anti-virus. • Information security officer • Use of firewalls • Use of bioinformatics • Beware to malicious insiders • Security training • Use of other security tools

  38. Thanks For Attention

More Related