information security

04/13/2304/13/23 11

Prepared by MUSTAHID ALI

04/13/2304/13/23 22

CONCEPT OF INFORMATIONCONCEPT OF INFORMATION

Instruction Data Information

Information is obtained through processing of data

Data is raw fact and figure which helps to process to produce the information

Example:-100+200=300

Instruction

Raw Data

Information

304/13/23

Information security means protecting information and information system from unauthorized access,use, disclosure ,disruption, modification or destruction.

Basic Principle of Information Security Confidentiality

Integrity

Availability

PARKERIAN HEXAD

Confidentiality Possession or control Integrity Authenticity Availability Utility

404/13/23

04/13/2304/13/23 55

Access control systemAccess control system

Physical and Environmental ProtectionPhysical and Environmental Protection

EncryptionEncryption

Personal SecurityPersonal Security

04/13/2304/13/23 66

The goal of access control is to allow access by The goal of access control is to allow access by authorized individuals and devices and to disallow authorized individuals and devices and to disallow access to all others.access to all others.

Access should be authorized and provided only to Access should be authorized and provided only to individuals whose identity is established, and their individuals whose identity is established, and their activities should be limited to the minimum required for activities should be limited to the minimum required for

business purposesbusiness purposes..

04/13/23 7

What Firewalls DoWhat Firewalls Do

They can be configured to keep unauthorized They can be configured to keep unauthorized or outside users from gaining access to or outside users from gaining access to internal or private networks and services. internal or private networks and services.

They can also be configured to prevent They can also be configured to prevent internal users from gaining access to outside internal users from gaining access to outside or unauthorized networks and services. or unauthorized networks and services.

04/13/23 8

FirewallsFirewalls  A Network Firewall is a system or group of A Network Firewall is a system or group of

systems used to control access between systems used to control access between two networks -- a trusted network and an two networks -- a trusted network and an untrusted network -- using pre-configured untrusted network -- using pre-configured rules or filters.rules or filters.

04/13/23 9

1.Packet filtering1.Packet filtering

2.Circuit filtering2.Circuit filtering

3.Application gateways3.Application gateways

04/13/2304/13/23 1010

It is a cryptography technology to encrypted the data It is a cryptography technology to encrypted the data with a key so that no one can make sense of it while with a key so that no one can make sense of it while its being transmitted.its being transmitted.

Characteristic of encryption and decryption:Characteristic of encryption and decryption:

Data encrypted with public key can only be decrypted Data encrypted with public key can only be decrypted with private key.with private key.

Data encrypted with private key can only be Data encrypted with private key can only be decrypted with public key.decrypted with public key.

04/13/2304/13/23 1111

Encryption or encoding information helps prevent it by Encryption or encoding information helps prevent it by authorized user. authorized user.

Both the sender and receiver have to know what set of rules Both the sender and receiver have to know what set of rules (cipher text) he was used to transform original information in (cipher text) he was used to transform original information in to its cipher text (code).to its cipher text (code).

Example: ”Example: ” UDUPA”-is the original messageUDUPA”-is the original message

“ “IRIDA”-is cipher text (arbitrary no. chosen is”12’)IRIDA”-is cipher text (arbitrary no. chosen is”12’)

1 2 3 4 5 6 7 8 9 10 11 121 2 3 4 5 6 7 8 9 10 11 12

A B C D E F G H I J K L M N O P Q R S T A B C D E F G H I J K L M N O P Q R S T

U V W X Y SU V W X Y S

04/13/2304/13/23 1212

Three types of encryption exist:Three types of encryption exist:

1)1) Symmetric encryptionSymmetric encryption

2)2) Asymmetric encryptionAsymmetric encryption

3)3) One-Way HashingOne-Way Hashing

04/13/23 13

SYMMETRIC ENCRYPTION

04/13/23 14

Asymmetric encryption

04/13/23 15

One-Way Hashing

04/13/23 16

There are many things that you can do to protect our Personal There are many things that you can do to protect our Personal information….information….

PasswordPassword

BackupsBackups

Software updatesSoftware updates

Antivirus softwareAntivirus software

RoutersRouters

04/13/2304/13/23 1717

♠ Security is a very difficult topic. Everyone has a different idea of what Security is a very difficult topic. Everyone has a different idea of what security'' is, and what levels of risk are acceptable. Once that has security'' is, and what levels of risk are acceptable. Once that has been defined, everything that goes on with the network can be been defined, everything that goes on with the network can be evaluated with respect to that policy. evaluated with respect to that policy.

♠ Define the Security Policy for the company. This should be Define the Security Policy for the company. This should be endorsed by top management and should convey their endorsed by top management and should convey their concern and commitment. concern and commitment. ..

In other words we can say that :-In other words we can say that :-

♠ Information security is the ongoing process of exercising due care and Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. disruption or distribution.

♠ The never ending process of information security involves ongoing The never ending process of information security involves ongoing training, assessment, protection, monitoring & detection, incident training, assessment, protection, monitoring & detection, incident response & repair, documentation, and review. response & repair, documentation, and review.