sri lath a
TRANSCRIPT
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 1/16
1
INFORMATION SECURITY
1.INTRODUCTION: As of January 2008, the internet connected an estimated 541.7
million computers in more than 250 countries on every continent, even Antarctica . The internet
is not a single network, but a worldwide collection of loosely connected networks that are
accessible by individual computer hosts, in a variety of ways, to anyone with a computer
and a network connection. Thus, individuals and organizations can reach any point on the
internet without regard to national or geographic boundaries or time of day.
However, along with the convenience and easy access to
information come risks. Among them are the risks that valuable information will be lost, stolen,
changed, or misused. If information is recorded electronically and is available on networked
computers, it is more vulnerable than if the same information is printed on paper and locked in a
file cabinet. Intruders do not need to enter an office or home; they may not even be in the same
country. They can steal or tamper with information without touching a piece of paper or a
photocopier. They can also create new electronic files, run their own programs, and hide
evidence of their unauthorized activity.
2.What is Information Security (IS) about? Everyone:
Information Security has three primary goals, known as the security triad:
Confidentiality :
Making sure that those who should not see your information, can not see it.
Integrity :
Making sure the information has not been changed from how it was intended to be.
Availability :Making sure that the information is available for use when you need it.
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 2/16
2
As you can see, the security triad can be remembered as the letters CIA. These principals are
simplistic when broken down, but when you think about it more in depth, all steps taken within
security are to help complete one or more of these three security goals.
When most people think about Information Security, they will generally
only think of the first item, Confidentiality, and for good reason, since that's all the media seems to think
security is about. Confidentiality is also, ironically, the one of the three goals you most often do not
need. A public web-site does not want to be confidential, it would defeat the point of being public. In
order to promote Confidentiality, you have several tools at your disposal, depending on the nature of
the information. Encryption is the most commonly thought of method used to promote Confidentiality,
but other methods include Access Control Lists (ACLs) that keep people from having access to
information, using smart cards plus pin numbers to prevent unauthorized people into your building and
looking around, or even explaining to your employees what information about the company they can
and can not disclose over the phone .
Integrity is the part of the triad that affects the most people in the IT
world, but few seem to notice it, and fewer still think of it as a security issue. The files on your
operating system must maintain a high level of integrity, but worms ,viruses and trojans are a
major issue in IT, and can also be a way that an attacker can get information out of your network,
or inject his own information into it. And integrity is not just about malicious parties, it also
covers items such as disk errors, or accidental changes made to files by unauthorized users.
Access control lists (ACLs), physical security, and regular backups all fall under integrity .
Availability is the part of the triad most administrators have to
worry about at work, and with good reason. It's the most common, and most visible, part of the
security triad and it is part of the job duties of just about every administrator, even non-security
based ones. It's mostly about system uptime for them, but it can also cover subjects such as
accidentally denying a user access to a resource they should have, having a user locked out of the
front door because the biometrics does not recognize his fingerprints (False negative), or even
major issues such as natural disasters, and how the company should recover in case of one.
3. How do I protect my information?
Now that you know the goals of security, you may ask: “how do I apply them?” Well, first, you
must decide what needs protected. In other words, you need audit all of your assets, from
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 3/16
3
information stored on servers to physical items such as staplers, if your duties call for it. Since
most people reading this are applying the principals here just to information security, we will
first focuson information classifications. There are many different ways of classifying
information, but many of them follow the same basic principals.
According to Microsoft's view of information, there are four types of information:
● Public
● Internal
● Confidential
● Secret
While it may not be as cool as remembering CIA, the word PICS should help you remember
these four data types. But remember, while Microsoft and others use these classifications of data,
not all groups follow this as a standard. In other words, it's just not as wide spread as the talk
about the CIA model, and some companies may use their own models.
Depending on the type of data, security is compromised just by exposing the
information to others. With other types of data, however, damage is only done if the data was
altered or unavailable. Here is a more in-depth explanation of the four major data types:
PUBLIC INFORMATION:
Public data is designed to be shown, so there is no
reason to protect it from being seen, and thus confidentiality is not a concern. If Public data is
changed or destroyed, however, you lose something you can remember by the letters PTR,or
PoinTeR: Prestige, Trust, and Revenue. Public data needs to be accessible, but only a few users
or machines should be able to change it.
Examples of Public data for businesses may be information on your company web site or any
documentation sent to all consumers of your product or services. For home users it may be your
personal homepage, or something akin to a myspace page. While it would do no harm for this
data to be seen by others, if this data was changed in transit, the results could be disastrous.And
funny. Must mostly disastrous.
INTERNAL INFORMATION:
Internal data, also called Private data, is data that company workers
generally know, but outsiders should not know.It's items such as PINs (Personal Identification
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 4/16
4
Numbers) for doors if everyone shares the same pin, the location of some rooms within the
building (such as server rooms or wiring cabinets), or internal procedures of the company. It’s
information that most company workers can find out, or may even need to know. Discovering
this information is normally not a risk in itself, but it allows for better attacks. The main risk is
modification, either by an outside force such as an attacker, or most cases, accidentally by an
internal user . Security breaches of this type of information will generally affect the operations of
a business, and not much else. Most files on your OS would actually fall under this, as damage to
them will only affect operations. Keep in mind, however, that internal data can also be a stepping
stone to launch attacks on other, more secure, forms of data. On the flip side removing internal
data from the view of workers can cause damages to business operations, performing a form of
Denial of Service (DoS) attack. For a home user, Private data could be where you store your
keys, security codes for home security systems, to even less obvious items.
CONFIDENTIAL INFORMATION:
Confidential data is the data used by a limited
number of internal users, and should not be known to the majority of workers. This is the class
Human Resources (HR) data and payroll information falls under. Read access to this data is
limited to a few users, and write access is generally restricted even more. If this becomes public
internally, Operations and Internal Trusts are at stake, while if reviled externally, you once again
lose PTR, along with Operations and Internal Trusts. OS files dealing with security also fall intothis area in most cases. Confidential data is just a few steps away from Secret data, and like
Secret, it needs to be protected. For a home user this could be some emails you've wrote, your
browser history, or a folder containing pictures and movies the rest of the household wouldn't
approve of.
SECRET INFORMATION:
Secret data is the data most people think of when they hear about
breaches in information. This data is your trade secrets, intellectual property, and External
Secrets, such as info held in trust for others (partner company's, or customers). Loss of this data
may cause critical damage to the company, and could very well be the downfall of it. Besides the
PTR loss, and maybe loss of operations, there's fines and legal actions to think of in most cases.
While this may seem like only businesses would have data that fall in these four classes, all
information can be placed inside them, sometimes into more then one class. As stated before,
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 5/16
5
most of the files used by your operating system would fall under Internal data. It’s not something
that needs to be kept secret so much as needs to be kept from being changed. Music files on your
machine? They have an effect on the operation of how you run your life, and so fall under
operations. Credit card information could be considered secret data as well.
4. COMMON ATTACKS:
Without security measures and controls in place, your data might be subjected to an attack. Some
attacks are passive, meaning information is monitored; others are active, meaning the
information is altered with intent to corrupt or destroy the data or the network itself.
Your networks and data are vulnerable to any of the following types of attacks if you do not have
a security plan in place.
Access Attack
Access Attack is the act of secretly listening to the private conversation of others without their
consent. This attack can also be done over telephone lines, email, instant messaging, and other
methods of communication considered private
Modification:
Modification attack is an attempt to modify information that an attacker is not authorized to
modify.
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 6/16
6
Repudiation Attack:
Repudiation or masquerading is a technique that hides an entire address space, usually consisting
of private network addresses
Denial of service
Unlike a password-based attack, the denial-of-service attack prevents normal use of your
computer or network by valid users.
After gaining access to your network, the attacker can do any of the following:
Randomize the attention of your internal Information Systems staff so that they do not
see the intrusion immediately, which allows the attacker to make more attacks during the
diversion.
Send invalid data to applications or network services, which causes abormal termination
or behavior of the applications or services.
Flood a computer or the entire network with traffic until a shutdown occurs because of
the overload.
Block traffic, which results in a loss of access to network resources by authorized users.
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 7/16
7
5.TOOLS:
Viruses:
Computer viruses are software programs deliberately designed to: interfere with computer
operation; record, corrupt, or delete data; or spread themselves to other computers and
throughout the Internet, often slowing things down and causing other problems in the process.
How do viruses work?
Basic viruses typically require unwary computer users to inadvertently share or send them.
Some viruses that are more sophisticated, such as worms, can replicate and send themselves
automatically to other computers by controlling other software programs, such as an e-mail
sharing application. Certain viruses, called Trojans (named after the fabled Trojan horse), can
falsely appear as a beneficial program to coax users into downloading them. Some Trojans can
even provide expected results while quietly damaging your system or other networked
computers at the same time.
How Can I Protect My Computer From Viruses?
Install an antivirus program and keep it updated. University Technology Services has purchased
a volume license for antivirus software and made it available for download by students, staff and
faculty.
Keeping antivirus programs updated is imperative. Because new viruses are released every day,
there's always some risk that your computer will be infected by a virus that your antivirusprogram does not "know" about. Unless a rapidly-spreading virus is released, you should be
reasonably safe if you update your antivirus program weekly.
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 8/16
8
How Do I Know If My Computer Is Infected By A Virus?
In a perfect world, your antivirus software will warn you of an infection. However, that may not
happen if you have not been downloading updates or if your antivirus software stops functioning
for some reason. (For example, some viruses attack antivirus software).
There's no single symptom for virus infections. Some viruses inform you themselves by
displaying messages like, "Ha, ha, you're infected by whatever." Others just usurp system and
network resources to do things like send e-mail messages or propagate themselves over the
network. Still others delete or corrupt critical files. If your computer starts performing differently
for no apparent reason, it may be infected by a virus.
Worms:
Worms? What are they?
Worms are programs that make copies of themselves in different places on a computer. The
objective of this type of malware is usually to saturate computers and networks, preventing them
from being used. Unlike viruses, worms don’t infect files.
What do they do?
The main objective of worms is to spread and infect as many computers as possible. They do this
by creating copies of themselves on infected computers, which then spread to other computers by
several channels including email, P2P programs and instant messaging, among others.
Worms often use social engineering techniques. To do so, malware creators use attractive names
to camouflage the malicious files. Most of these names relate to sex, famous people, pirate
software, current affairs or generally try to appeal to people’s morbid curiosity.
The use of these techniques significantly increases around dates such as Valentine’s Day,
Christmas and Halloween.
Evolution of Worms:
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 9/16
9
Worms have also been adapted to fit the new malware dynamic. Previously, worms were
designed largely to achieve notoriety for the creators, and were therefore programmed to spread
massively and infect computers around the world.
Now, however, worms are more geared towards generating financial gain. They are used to
create massive botnets which control thousands of computers around the world. Cyber-crooks
then send commands to these computers (zombies) to send spam, launch denial of service
attacks, download malicious files, etc. Conficker or The Gaobot or Sdbot families are just a few
examples of this type of worm. In the following statistics you can chack out the importance of
this type of malware nowadays:
At present, there are thousands upon thousands of computers being used as zombies without their
owners realizing. These compromised computers can still be used normally, and so often the
only indication of the infection is reduced performance.
How can you protect yourself from Worms?
There are a series of basic measures that users can take to ensure that computers are
protected against worms:
Scanning any potentially suspicious files with an antivirus solution.
Keeping antivirus programs up-to-date and, if you don’t have an antivirus, you can
install any of Panda Security’s antivirus solutions to give you full protection against
these and other threats.
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 10/16
10
Running a free antivirus scan of your computer to check whether it is worm-free.
TROJANS:The effects of the Trojans can be very dangerous, taking into account their evolution in the last
years. Here you can find all the information regarding them.
Trojans? What are they?
The main objective of this type of malware is to install other applications on the infected
computer, so it can be controlled from other computers.
Trojans do not spread by themselves, and as their name suggests, like the astute Greeks in their
attack on Troy, these malicious codes reach computers in the guise of an apparently harmless
program, which, in many cases, when executed releases a second program, the Trojan itself.
Currently, the percentage of malware traffic represented by the Trojans worldwide
is: Worm: 14.04%
What do they do?
The effects of Trojans can be highly dangerous. Like viruses, they can destroy files orinformation on hard disks. They can also capture and resend confidential data to an external
address or open communication ports, allowing an intruder to control the computer remotely.
Additionally, they can capture keystrokes or record passwords entered by users. Given all these
characteristics, they are frequently used by cyber-crooks, for example, to steal confidential
banking information.
Evolution
Trojans were designed initially to cause as much damage as possible on the compromised
computer. They were designed to format disks or eliminate system files, although they were not
widely noticed, as at that time malware creators were looking to cause widespread epidemics,
and Trojans could not spread by themselves. One such example was Autorooter.
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 11/16
11
In recent years, thanks to the massive uptake of the Internet, the trend has changed and cyber-
crooks have seen the use of this type of malware for stealing bank details, usernames and
passwords, personal information, etc. In fact, this has led to the creation of new categories of
malware: Banker Trojans and Spyware.
Within the banker Trojan category, one example which has been highly active recently is
Trj/Sinowal, a kit sold on some Russian forums which allows the buyer to create bespoke banker
Trojans to launch an attack.
At PandaLabs we have observed a worrying increase in the production of banker Trojans, as
illustrated in the following graph. Trojans currently account for 70% of all malware we receive at
the laboratory.
How can you protect yourself?
To protect yourself against this ubiquitous type of malware, we offer a series of practical tips:
Don’t download content from dubious or unknown websites.
Keep a close eye on downloads made over P2P networks.
Keep antivirus programs up-to-date and, if you don’t have an antivirus, you can install any of
Panda Security’s antivirus solutions to give you full protection against these and other
threats.
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 12/16
12
Run a free antivirus scan of
5.SECURITY MECHANISMS:
Firewalls:
Firewalls are computer security systems that protect your office/home PCs or
your network from intruders, hackers & malicious code. Firewalls protect you from
offensive software that may come to reside on your systems or from prying hackers. In a
day and age when online security concerns are the top priority of the computer users,
Firewalls provide you with the necessary safety and protection.
WHAT EXACTLY THEY WORK?
Firewalls are software programs or hardware devices that filter the traffic that flows into you PC
or your network through a internet connection. They sift through the data flow & block that
which they deem (based on how & for what you have tuned the firewall) harmful to your
network or computer system.
When connected to the internet, even a standalone PC or a network of interconnected computers
make easy targets for malicious software & unscrupulous hackers. A firewall can offer the
security that makes you less vulnerable and also protect your data from being compromised or
your computers being taken hostage.
How do they work?
Firewalls are setup at every connection to the Internet, therefore subjecting all data flow to
careful monitoring. Firewalls can also be tuned to follow "rules". These Rules are simply
security rules that can be set up by yourself or by the network administrators to allow traffic to
their web servers, FTP servers, Telnet servers, thereby giving the computer
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 13/16
13
owners/administrators immense control over the traffic that flows in & out of their systems or
networks.
Rules will decide who can connect to the internet, what kind of connections can be made, which
or what kind of files can be transmitted in out. Basically all traffic in & out can be watched and
controlled thus giving the firewall installer a high level of security & protection.
Types of Firewall
Software firewalls
New generation Operating systems come with built in firewalls or you canbuy a firewall software for the computer that accesses the internet or acts as the gateway
to your home network.
Hardware firewalls
Hardware firewalls are usually routers with a built in Ethernet card and
hub. Your computer or computers on your network connect to this router & access the
web.
CRYPTOGRAPHY:
What Is Cryptography?
Cryptography is the science of providing security for information. It has been
used historically as a means of providing secure communication between individuals,
government agencies, and military forces. Today, cryptography is a cornerstone of the modern
security technologies used to protect information and resources on both open and closed
networks.
Basic Components of Modern Cryptography
Modern electronic cryptosystems use complex mathematical algorithms and other techniques and
mechanisms to provide network and information security. Cryptography-based security
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 14/16
14
technologies commonly use one or more of the following basic components to provide security
functions:
Encryption algorithms
Message digest functions
Hashed Message Authentication Code (HMAC) functions
Secret key exchange algorithms
Digital signatures
Risk Factors for Cryptography Systems
There is no simple formula for determining how safe a specific cryptosystem is from attacks and
potential security compromises. However, the following factors affect the risk of successful
attacks on cryptosystems:
Symmetric key length
Public key length
Key lifetimes
Amount of plaintext known to attackers
Strength of the security technology implementation
Randomness of generated key
Strength of the security protocols
AUTHENTICATION:
Proving that you are who you say you are, where you say you are, at the time you say it
is.
Authentication may be obtained by the provision of a password or a scan of your retina.
Authentication is the process of determining whether someone or something is, in fact,
who or what it is declared to be. To access most technology services of Indiana
University, you must provide such proof of identity.
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 15/16
15
INTRUSION DETECTION SYSTEM(IDS):
Intrusion detection system is a device or software application that
monitors network and/or system activities for malicious activities or policy violations and
produces reports to a Management Station. Some systems may attempt to stop an intrusion
attempt but this is neither required nor expected of a monitoring system Intrusion detection and
prevention systems (IDPS) are primarily focused on identifying possible incidents, logging
information about them, and reporting attempts. In addition, organizations use IDPSes for other
purposes, such as identifying problems with security policies, documenting existing threats, and
deterring individuals from violating security policies. IDPSes have become a necessary addition
to the security infrastructure of nearly every organization.
Types:For the purpose of dealing with IT, there are two main types of IDS:
Network intrusion detection system (NIDS)
It is an independent platform that identifies intrusions by examining network traffic and
monitors multiple hosts. Network intrusion detection systems gain access to network
traffic by connecting to anetwork hub, network switch configured for port mirroring,
or network tap. In a NIDS, sensors are located at choke points in the network to be
monitored, often in the demilitarized zone (DMZ) or at network borders. Sensors capture
all network traffic and analyzes the content of individual packets for malicious traffic. An
example of a NIDS is Snort.
Host-based intrusion detection system (HIDS)
It consists of an agent on a host that identifies intrusions by analyzing system calls,
application logs, file-system modifications (binaries, password files, capability
databases, Access control lists, etc.) and other host activities and state. In a HIDS, sensors
usually consist of a software agent. Some application-based IDS are also part of this
category. An example of a HIDS is OSSEC.
Stack-based intrusion detection system (SIDS)
This type of system consists of an evolution to the HIDS systems. The packets are
examined as they go through the TCP/IP stack and, therefore, it is not necessary for them
to work with the network interface in promiscuous mode. This fact makes its
implementation to be dependent on the Operating System that is being used.
8/2/2019 Sri Lath A
http://slidepdf.com/reader/full/sri-lath-a 16/16
16
Intrusion detection systems can also be system-specific using custom tools and honeypots.
CONCLUSIONS:
Information security is the ongoing process of exercising due care and due diligence to protect
information, and information systems, from unauthorized access, use, disclosure, destruction,
modification, or disruption or distribution. The never ending process of information security
involves ongoing training, assessment, protection, monitoring & detection, incident response &
repair, documentation, and review. This makes information security an indispensable part of all
the business operations across different domains.