Internet & Information Security:Internet & Information Security:

IntroductionIntroduction DefinitionDefinition StatisticsStatistics Security Breaches – General ExamplesSecurity Breaches – General Examples DescriptionDescription Challenges, SolutionsChallenges, Solutions Common Threats Common Threats Tools for Information Security - DevelopersTools for Information Security - Developers ConclusionConclusion

Man Admits

Hacking in New

York Times

-MSNBC

Jan 8, 2004

Hackers Attack eBay Account-Zee NewsMar 25, 2005

NASA Sites

Hacked

-Computer World

Apr 24, 2005

Secret Inform

ation

Stolen from In

dian

Army

-The Times Of In

dia

Jan 25, 2006

Information Hacked by a militant from DRDO.

-The Hindu

May 25, 2006

CBI investigates

hack at e-voting

software

-Aaj Tak

Nov 25, 2006

Space information hacked from ISRO

-Hindustan Times

Dec 24, 2006

Need of Information Need of Information Security !Security !

Present ScenarioPresent Scenario

THE MODERN THIEF CAN STEAL MORE WITH ATHE MODERN THIEF CAN STEAL MORE WITH A

COMPUTER THAN A GUN.COMPUTER THAN A GUN.

MORE DAMAGE COULD BE CARRIED OUT WITH A MORE DAMAGE COULD BE CARRIED OUT WITH A KEYBOARD THAN A BOMB.KEYBOARD THAN A BOMB.

DefinitionDefinition

The protection of information systems against The protection of information systems against unauthorized access to or modification of unauthorized access to or modification of nformation, whether in storage, processing or nformation, whether in storage, processing or transit, and against the denial of service to transit, and against the denial of service to authorized users or the provision of service to authorized users or the provision of service to unauthorized users, including those measures unauthorized users, including those measures necessary to detect, document, and counter such necessary to detect, document, and counter such threats.threats.

StatisticsStatisticsIndiana University: April 3-4, 2008Indiana University: April 3-4, 2008

321 Security Breaches in 2006. 321 Security Breaches in 2006.

441 organizations reported a breach in 2007 – 441 organizations reported a breach in 2007 – more than one per day.more than one per day.

In the first two weeks of January 2008, 7 breaches In the first two weeks of January 2008, 7 breaches reported by higher education.reported by higher education.

26% of the 321 Security Breaches in 2006 26% of the 321 Security Breaches in 2006 involved involved Higher EducationHigher Education

106 businesses106 businesses

84 educational institutions84 educational institutions

96 government agencies (state, federal, local)96 government agencies (state, federal, local)

35 medical institutions (hospitals) 35 medical institutions (hospitals)

Over 2,000,000 student recordswere exposed by highereducation in 2006

Reasons Provided for School Breaches:Reasons Provided for School Breaches:

Hackers

Stolen HardwareStolen Laptops

Malicious Insider

Armed Robber

Handling Errors

> 50% <1%

> 20%

~10%

<1%

<1%

Reasons for Security Breaches In Reasons for Security Breaches In General ExamplesGeneral Examples

Human Error HackersVendor

MismanagementUnencrypted

Remote Devices

OverlookingNew Hires

Inadequate Policies and Procedures

Procedural Errors

Inadequate Training or Awareness

Malicious Employees

Unencrypted Wireless

Transmissions

Inadequate Data Disposal

Lost or StolenRemote Devices

Four widely accepted elements (aims, principles, Four widely accepted elements (aims, principles, qualities, characteristics, attributes ... et.) of qualities, characteristics, attributes ... et.) of information security are:information security are:

confidentiality confidentiality integrity integrity availabilityavailability authenticationauthentication

Description of Internet Description of Internet & &

Information SecurityInformation Security

Managing security has become increasing complexManaging security has become increasing complexGrowing external and internal threatsGrowing external and internal threatsInternal threats increasingly common than external – Internal threats increasingly common than external – much easier toomuch easier tooGood external security measures in placeGood external security measures in placeAttackers looking for other means of Attackers looking for other means of circumventing /bypassing guards and getting insidecircumventing /bypassing guards and getting insideSocial engineering becoming popularSocial engineering becoming popularMethods - personal contact, installing backdoor, key Methods - personal contact, installing backdoor, key loggers,spyware, phising via email attachmentsloggers,spyware, phising via email attachments

Information Security ChallengesInformation Security Challenges

Information Security SolutionsInformation Security Solutions

Nothing is 100% secure!!!Nothing is 100% secure!!!You can only mitigate the risks.You can only mitigate the risks.Approach should be to apply defense-in-depth.Approach should be to apply defense-in-depth.The most effective way to apply security is in layers.The most effective way to apply security is in layers.Place security measures at different points in your Place security measures at different points in your network.network.Construct a series of obstacles of varying difficulty.Construct a series of obstacles of varying difficulty.Secure each component in your network (firewalls, Secure each component in your network (firewalls, routers, servers, desktops).routers, servers, desktops).If one measure fails the next will protect.If one measure fails the next will protect.The series of obstacles may finally make the attacker The series of obstacles may finally make the attacker give up!give up!

Common Security Threats & Common Security Threats & VulnerabilitiesVulnerabilities

Threat:Threat:

Any person, object, or event that, if realized, can potentially cause Any person, object, or event that, if realized, can potentially cause damage to the network or networked devicedamage to the network or networked device

Vulnerability:Vulnerability:

A weakness in a host or network that can be exploited by a threatA weakness in a host or network that can be exploited by a threat

Common ThreatsCommon Threats

Unauthorized IntrusionsUnauthorized Intrusions

Denial of Service (DoS) AttacksDenial of Service (DoS) Attacks

Viruses, Worms, Trojan Horses (Backdoors)Viruses, Worms, Trojan Horses (Backdoors)

Website DefacementsWebsite Defacements

Internal AttacksInternal Attacks

Unauthorized Unauthorized IntrusionsIntrusions

Intruders want to gain control of your computer and Intruders want to gain control of your computer and to use it to launch attacks on other computer systems.to use it to launch attacks on other computer systems.

Having control of your computer gives them the ability Having control of your computer gives them the ability to hide their true location as they launch attacks, often to hide their true location as they launch attacks, often against high-profile computer systems such as against high-profile computer systems such as government or financial systems.government or financial systems.

The damage created depends on the intruder's The damage created depends on the intruder's motives.motives.

Confidential information maybe compromised, altered Confidential information maybe compromised, altered or damaged.or damaged.

Denial of ServiceDenial of Service

Interruption of service either because the system is Interruption of service either because the system is destroyed or is temporarily unavailabledestroyed or is temporarily unavailable

e.g.e.g.Destroying a computer's hard diskDestroying a computer's hard diskSevering the physical infrastructureSevering the physical infrastructureUsing up all available system resource - Using up all available system resource - CPU, memory,disk spaceCPU, memory,disk spaceConsuming network bandwidth to the Consuming network bandwidth to the serverserver

Viruses & WormsViruses & Worms

A virus requires a user to do something to A virus requires a user to do something to continue the propagation – harmful, may continue the propagation – harmful, may destroy datadestroy data

A worm can propagate by itself - self-A worm can propagate by itself - self-propagating malicious code, consumes propagating malicious code, consumes resources destructively, DoS– Blaster, resources destructively, DoS– Blaster, SlammerSlammer

Highly prevalent/common on the InternetHighly prevalent/common on the Internet

Common distribution: e-mail, ftp, media Common distribution: e-mail, ftp, media sharing, hidden codessharing, hidden codes

Trojans (Backdoors)Trojans (Backdoors)

Trojans (Backdoors) - Executable Trojans (Backdoors) - Executable codes installed that enable entry codes installed that enable entry

into the infected host without into the infected host without authorizationauthorization

Once installed the back door can Once installed the back door can be used by the attacker at their be used by the attacker at their leisureleisure

Launching points for further Launching points for further security attacks (DDOS, SPAM)security attacks (DDOS, SPAM)

Bots (Spyware)Bots (Spyware) Modularized root-kits for specific functions.Modularized root-kits for specific functions.

What Bots can do:What Bots can do:

Create Launch pad for DDOS attacksCreate Launch pad for DDOS attacksPacket sniffingPacket sniffingKey loggingKey loggingFile Serving of illegal or malicious codeFile Serving of illegal or malicious codeReplicatingReplicating

Website DefacementsWebsite Defacements

Intent: To create political propaganda based attacksIntent: To create political propaganda based attacks

To make a political statementTo make a political statement

Launched primarily at Government Orgs, Media, Launched primarily at Government Orgs, Media, Religious GroupsReligious Groups

By exploiting known vulnerabilities in websites or By exploiting known vulnerabilities in websites or serversservers

The attacker can plant codes or files to vandalize The attacker can plant codes or files to vandalize sitesite

Internal AttacksInternal Attacks

Computer Security Institute/FBI and Ernst & Young say nearly Computer Security Institute/FBI and Ernst & Young say nearly 50% of all network attacks come from the inside50% of all network attacks come from the inside

Often, from unhappy/disgruntled workersOften, from unhappy/disgruntled workers

76% of the IT executives surveyed by Net Versant said they 76% of the IT executives surveyed by Net Versant said they were concerned about inside attacks from unhappy employeeswere concerned about inside attacks from unhappy employees

Losses associated with insider attacks can be more damagingLosses associated with insider attacks can be more damaging

Other Common AttacksOther Common Attacks

Connection (Session) hijackingConnection (Session) hijacking

IP source address spoofingIP source address spoofing

Smurf attackSmurf attack

Brute-force/Dictionary attacks (password guessing)Brute-force/Dictionary attacks (password guessing)

Humans are often the weakest link = social enggHumans are often the weakest link = social engg

"Hi, this is Bob, what's the root password?""Hi, this is Bob, what's the root password?"

VulnerabilitiesVulnerabilitiesInsecure protocols/services running on a hostInsecure protocols/services running on a host

Exploitable security hole on a host without latest patches or Exploitable security hole on a host without latest patches or workaroundsworkarounds

Poorly protected hosts without firewalls, IDSs, etc.Poorly protected hosts without firewalls, IDSs, etc.

Use of weak or default passwordsUse of weak or default passwords

Insecure configuration of hostsInsecure configuration of hosts

Execution of malicious codes – Trojan, BackdoorsExecution of malicious codes – Trojan, Backdoors

Use of pirated or downloaded software from a public siteUse of pirated or downloaded software from a public site without verifying checksum (integrity) and authenticity (signature)without verifying checksum (integrity) and authenticity (signature)

Social engineeringSocial engineering

Tools For Information SecurityTools For Information Security

PasswordsPasswords

Bio-MetricsBio-Metrics

Smart CardsSmart Cards

Token devicesToken devices

FirewallsFirewalls

Virus Protection ToolsVirus Protection Tools

Intrusion detection Intrusion detection SystemSystem

Cryptographic ToolsCryptographic Tools

Digital SignaturesDigital Signatures

Digital CertificateDigital Certificate

FirewallFirewallProtects your internal network from the external worldProtects your internal network from the external world

Enforces an access control policy between two networksEnforces an access control policy between two networks

Install firewalls also between office departmentsInstall firewalls also between office departments

Disallow unauthorized traffic in/out of your networkDisallow unauthorized traffic in/out of your network

Define rules depending on required services/protocolDefine rules depending on required services/protocol

Prevent DOS attacks using rate limitsPrevent DOS attacks using rate limits

Data

Data

Data

Data

Data

Data

DataData

DataData

No Checking Of Data

No Protection

Data

Only Secured Data Pass through it.

Data

Data

Data

FirewallFirewall

Types Of FirewallTypes Of Firewall

Packet filtering firewallsPacket filtering firewalls

Application layer firewallsApplication layer firewalls

Stateful inspection Stateful inspection firewallsfirewalls

Bio-MetricsBio-Metrics

Multiscale Head Search

Feature Search

Wrap WrapFace

Masking And Contrasrt

Norm

Detection And

Alignment

Bio-MetricsBio-Metrics

Face Recognition Face Recognition

System System

Coder

Eigen space Projection

Recognition System ID

Recognition And Coding

Bio-MetricsBio-Metrics Face Recognition Face Recognition

System System

Basics of CryptographyBasics of Cryptography

Plain Text Secret Key Cipher Text

Cipher Text Secret Key Plain Text

Encryption

Decryption

Message Text

Signature

Cipher Text

Message Text

SignatureEncryptionDecryption

Private Key Of Sender

Public Key Of SenderSender Receiver

Digital SignatureDigital Signature

Private Key

Public Key

The SSL is the most common protocol used in ‘Electronic Certificate’.The SSL is the most common protocol used in ‘Electronic Certificate’.

Its main capability is to encrypt messagesIts main capability is to encrypt messages..

Secure Socket LayerSecure Socket Layer

Secure Electronic TransactionSecure Electronic Transaction

A more comprehensive protocol for credit A more comprehensive protocol for credit card processing is SET.card processing is SET.

It is not used much due to its cost and complexityIt is not used much due to its cost and complexity

ElectronicElectronic CertificateCertificate

Electronoc Certificate are issued by a trusted third Electronoc Certificate are issued by a trusted third party,called a certificate authority(CA).party,called a certificate authority(CA). In order to verify that a specific public key belongs to a In order to verify that a specific public key belongs to a

specific organization.specific organization. A certificate may verify name,age,gender and other A certificate may verify name,age,gender and other

attributes of the individual to whom the public key belongs.attributes of the individual to whom the public key belongs. Certificate are signed by CA and are valid until an Certificate are signed by CA and are valid until an

expiration dateexpiration date

Hardware & Software Hardware & Software RequirementRequirement

Hardware & Software Hardware & Software Requirement & MaintenanceRequirement & Maintenance

Hardware:Hardware:RouterRouterFirewallFirewallNessusNessusHping2Hping2SPIKE ProxySPIKE ProxyShadow Security ScannerShadow Security ScannerSolar Winds ToolsetsSolar Winds ToolsetsFirewalkFirewalk

Software :Software :Systems SW : Operating systems Systems SW : Operating systems ApplicationsApplicationsFirewallFirewall

Developers of Security ToolsDevelopers of Security Tools

Main manufacturer of security tools is Main manufacturer of security tools is ‘‘CISCO’.CISCO’.CISCO CISCO DSniffDSniffHping2Hping2NessusNessusGFI LAN guardGFI LAN guardSam SpadeSam SpadeISS Internet ScannerISS Internet ScannerNiktoNiktoSuperScanSuperScanSPIKE ProxySPIKE ProxyShadow Security ScannerShadow Security ScannerNmapNmap

RetinaRetinaSAINTSAINTSARA Security SARA Security FirewalkFirewalkN-StealthN-StealthAchillesAchillesBrutusBrutusFragrouteFragroute

ConclusionConclusion

Providing Security is a cheap process than hacking Providing Security is a cheap process than hacking of important data.of important data.

As such it ensures the safety and security of the As such it ensures the safety and security of the information and IT assets that underwrite our way of information and IT assets that underwrite our way of life.life.

Information Security will enhance the level of Information Security will enhance the level of confidence among trading partners.confidence among trading partners.

Consumers will be able to trust the integrity and Consumers will be able to trust the integrity and confidentiality of certified suppliers no matter where confidentiality of certified suppliers no matter where they might be located.they might be located.