information security 1 information security: security tools jeffy mwakalinga
TRANSCRIPT
Information SecurityInformation Security 1
Information Security:Information Security:Security ToolsSecurity ToolsJeffy MwakalingaJeffy Mwakalinga
Information SecurityInformation Security 2
Information security Information security is definedis defined as methods and technologiesas methods and technologies
for deterrence (scaring away hackers), for deterrence (scaring away hackers), protection, detection, response, protection, detection, response,
recovery and extended functionalitiesrecovery and extended functionalities
IntroductionIntroduction
Information SecurityInformation Security 3
Generic Security PrinciplesGeneric Security Principles
Deterrence(Scare away)Deterrence
(Scare away)RecoveryRecoveryResponseResponseDetectionDetectionProtectionProtection
Generic Security SystemGeneric Security System
Informationwhile in storage
Informationwhile in transmission
Hardware
Hacker
Information SecurityInformation Security 4
Security ToolsSecurity Tools
IntroductionIntroduction Security Services Security Services Overview of Existing Security Overview of Existing Security ToolsTools
Information SecurityInformation Security 5
Security Services : ConfidentialitySecurity Services : Confidentiality
To keep a message To keep a message secret to secret to those that are not those that are not authorized authorized to read itto read it
ConfidentialityConfidentiality
AuthenticatioAuthenticationn Access ControlAccess Control Integrity Integrity
AvailabilityAvailability
Non-repudiationNon-repudiation
Information SecurityInformation Security 6
Security Services: AuthenticationSecurity Services: Authentication
ConfidentialityConfidentiality
AuthenticationAuthentication
Access ControlAccess Control Integrity Integrity
AvailabilityAvailability
Non-repudiationNon-repudiation
To verify the identity of To verify the identity of the user / computer the user / computer
Information SecurityInformation Security 7
Security Services: Access ControlSecurity Services: Access Control
ConfidentialityConfidentiality
AuthenticationAuthentication
Access ControlAccess Control Integrity Integrity
AvailabilityAvailability
Non-repudiationNon-repudiation
To be able to tell who can do what with which resource
Information SecurityInformation Security 8
Security Services: IntegritySecurity Services: Integrity
ConfidentialityConfidentiality
AuthenticationAuthentication
Access ControlAccess Control Integrity Integrity
AvailabilityAvailability
Non-repudiationNon-repudiation
To make sure that a To make sure that a message has not been message has not been changed while on changed while on Transfer, storage, etc Transfer, storage, etc
Information SecurityInformation Security 9
Security Services: Non-repudiationSecurity Services: Non-repudiation
ConfidentialityConfidentiality
AuthenticationAuthentication
Access ControlAccess Control Integrity Integrity
AvailabilityAvailability
Non-repudiationNon-repudiation
To make sure that a To make sure that a user/server can’t deny user/server can’t deny later having participated later having participated in a transactionin a transaction
Information SecurityInformation Security 10
Security Services: AvailabilitySecurity Services: Availability
ConfidentialityConfidentiality
AuthenticationAuthentication
Access ControlAccess Control Integrity Integrity
AvailabilityAvailability
Non-repudiationNon-repudiationTo make sure that the To make sure that the services are always services are always available to users.available to users.
Information SecurityInformation Security 11
Security OverviewSecurity Overview
IntroductionIntroduction Security ServicesSecurity Services Overview of Existing Security SystemsOverview of Existing Security Systems
Information SecurityInformation Security 12
Overview of Existing Security Systems : Overview of Existing Security Systems : FirewallsFirewallsUsed even for Deterring (Scaring attackers)Used even for Deterring (Scaring attackers)
Firewalls Designed to prevent malicious packets from entering Software based Runs as a local program to protect one computer (personal firewall) or as a program on a separate computer (network firewall) to protect the networkHardware based separate devices that protect the entire network (network firewalls)
Information SecurityInformation Security 13
Overview of Existing Security Systems : Overview of Existing Security Systems : Detection -Detection -Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection System (IDS) Examines the activity on a network Goal is to detect intrusions and take action
Two types of IDS:Host-based IDS Installed on a server or other computers (sometimes all)
Monitors traffic to and from that particular computerNetwork-based IDS Located behind the firewall and monitors all network traffic
Information SecurityInformation Security 14
Overview of Existing Security Overview of Existing Security Systems :Systems : Network Address Translation Network Address Translation (NAT)(NAT)
Network Address Translation (NAT) Systems Hides the IP address of network devices Located just behind the firewall. NAT device uses an alias IP address in place of the sending machine’s real one “You cannot attack what you can’t see”
Information SecurityInformation Security 15
Overview of Existing Security Systems :Overview of Existing Security Systems :
Proxy ServersProxy Servers
Proxy Server Operates similar to NAT, but also examines packets to look for malicious content Replaces the protected computer’s IP address with the proxy server’s address
Protected computers never have a direct connection outside the networkThe proxy server intercepts requests. Acts “on behalf of” the requesting client
Information SecurityInformation Security 16
Adding a Special Network called Demilitarized Adding a Special Network called Demilitarized Zone (DMZ)Zone (DMZ)
Demilitarized Zones (DMZ) Another network that sits outside the secure network perimeter. Outside users can access the DMZ, but not the secure network
Some DMZs use two firewalls. This prevents outside users from even accessing the internal firewall Provides an additional layer of security
Information SecurityInformation Security 17
Overview of Existing Security Systems :Overview of Existing Security Systems : Virtual PrivateVirtual Private Networks Networks (VPN)(VPN)
Virtual Private Networks (VPNs) Virtual Private Networks (VPNs) A secure A secure network connection over a public network network connection over a public network • Allows mobile users to securely access Allows mobile users to securely access
informationinformation• Sets up a unique connection called a tunnel Sets up a unique connection called a tunnel
Information SecurityInformation Security 18
Overview of Existing Security Systems :Overview of Existing Security Systems : Virtual Private Virtual Private Networks (VPN)Networks (VPN)
Information SecurityInformation Security 19
Overview of Existing Security Systems :Overview of Existing Security Systems : HoneypotsHoneypots
Honeypots Computer located in a DMZ and loaded with files and software that appear to be authentic, but are actually imitations
Intentionally configured with security holesGoals: Direct attacker’s attention away from real targets; Examine the techniques used by hackers
Information SecurityInformation Security 20
Overview of Existing Security Systems :Overview of Existing Security Systems : Secure Socket Secure Socket Layer (SSL)Layer (SSL)
SSL is used for securing communication between SSL is used for securing communication between clients and servers. It provides mainly clients and servers. It provides mainly confidentiality, integrity and authenticationconfidentiality, integrity and authentication
WWW ServerClient
Establish SSL connection - communication protected
Information SecurityInformation Security 21
Protecting one ComputerProtecting one Computer
Summary (continued)Summary (continued)
Operating system hardening is the process Operating system hardening is the process of making a PC operating system more of making a PC operating system more securesecure• Patch managementPatch management• Antivirus software – to protect your pc from Antivirus software – to protect your pc from
virusesviruses• Antispyware softwareAntispyware software• Firewalls – to deter (scare), protectFirewalls – to deter (scare), protect• Setting correct permissions for sharesSetting correct permissions for shares• Intrusion detection Systems – to detect Intrusion detection Systems – to detect
intrusionsintrusions• Cryptographic systemsCryptographic systems
Information SecurityInformation Security 22
Protecting a Wireless Local Area Network (WLAN)Protecting a Wireless Local Area Network (WLAN)
Information SecurityInformation Security 23
Security in a Wireless LANSecurity in a Wireless LAN
WLANs include a different set of WLANs include a different set of security issuessecurity issues
Steps to secure:Steps to secure:• Turn off broadcast informationTurn off broadcast information• MAC address filteringMAC address filtering• EncryptionEncryption• Password protect the access pointPassword protect the access point• Physically secure the access pointPhysically secure the access point• Use enhanced WLAN security standards Use enhanced WLAN security standards
whenever possiblewhenever possible• Use cryptographic systemsUse cryptographic systems
Information SecurityInformation Security 24
SummarySummary
IntroductionIntroduction
Security Services Security Services
Overview of Existing Security Overview of Existing Security ToolsTools
Information SecurityInformation Security 25
??Questions Questions