mk presentation latest
TRANSCRIPT
-
8/7/2019 Mk Presentation Latest
1/53
SECURITY IN INFORMATION
TECHNOLOGY
By:- Mithun.k
Mtech TM
08/07/2010
-
8/7/2019 Mk Presentation Latest
2/53
Overview
What is security?
Why do we need security?
Who is vulnerable?
2 lines of defense
3 security areas
Common security threats, attacks and
countermeasures
-
8/7/2019 Mk Presentation Latest
3/53
What is Security?
Dictionary.com says:1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear;
confidence.3. Something that gives or assures safety, as:
1. A group or department of private guards: Callbuilding security if a visitor acts suspicious.
2. Measures adopted by a government to preventespionage, sabotage, or attack.
3. Measures adopted, as by a business orhomeowner, to prevent a crime such as burglary orassault:
-
8/7/2019 Mk Presentation Latest
4/53
What is Information Security?
Protect information, systems & hardwarethat uses, stores and process thatinformation from misuse or theft
By Insider or outsiderIntentionally or Unintentionally
For the protection of Information, we needtools such as policy, awareness, training &education.
-
8/7/2019 Mk Presentation Latest
5/53
Why do we need Security?
1. Protects the organisations ability to function2. Enables the safe operation of applications
3. Protects the data, the organisation collects
&uses4. Safeguards the technology assets in use at
the organisation.
-
8/7/2019 Mk Presentation Latest
6/53
Who is vulnerable?
Financial institutions and banks
Internet service providers
Pharmaceutical companies
Government and defense agencies
Contractors to various government agencies
Multinational corporations
ANYONE ON THE NETWORK
-
8/7/2019 Mk Presentation Latest
7/53
Information security plan
Develop policies
Communicate
Identify
Test system
Obtain support
-
8/7/2019 Mk Presentation Latest
8/53
2 lines of defense
People Technology
-
8/7/2019 Mk Presentation Latest
9/53
People:1st line of defense
Security breaches due to people within the
organizationSocial engineering
Dumpster diving is a way that hackers getthe information
-
8/7/2019 Mk Presentation Latest
10/53
Technology : 2nd line of defense
Without some type of defense, technology is
vulnerable to breaches
There are many different types oftechnologies available to keep the
information safe
-
8/7/2019 Mk Presentation Latest
11/53
3 Security areas
1. Authentication & Authorization
1. Prevention & Resistance
1. Detection & Response
-
8/7/2019 Mk Presentation Latest
12/53
1) Authentication & Authorization
includes
1. something user knowsEg:- ID or Password
2. something user hasEg:- Smartcard or Token
3. something that is part of userEg:- Fingerprint or Voice signature
-
8/7/2019 Mk Presentation Latest
13/53
2) Prevention & Resistance
To keep the information safe
Prevent the intruders to get into the data
Methods:-Firewall
Cryptography
Content filtering etc
-
8/7/2019 Mk Presentation Latest
14/53
3) Detection & Response
Antivirus softwares can be used to protectthe system
It will respond to the intrusion of themalicious codes like viruses, worms,
trojan horses etc
-
8/7/2019 Mk Presentation Latest
15/53
Threats
Threat is an object or person or other entitythat represents a constant danger to anasset or organization
Different groups of threats:-1. Inadvertent acts
2. Deliberate acts
3. Acts of God
4. Technical failure5. Management Failure
-
8/7/2019 Mk Presentation Latest
16/53
a) Inadvertent acts
i) Acts of human error of failure:-
Accidents, employee mistakes
Reasons:-Inexperience
Improper training
Incorrect assumtions
Effects:-Entry of erroneous data
Accidental deletion or modification of data
Storage of data in unprotected areas
-
8/7/2019 Mk Presentation Latest
17/53
a) Inadvertent actscon
ii) Deviations in QoS by service provider:-
Situations in which product or service is not
delivered to organization as expected.Eg:-
~Internet service issues in stock market,~ communication & other service provider issues
~ power irregularities
-
8/7/2019 Mk Presentation Latest
18/53
b) Deliberate acts
People or organisation engage in purposefulacts designed to harm others.
i) Deliberate acts of espionage or trespass:-
An unauthorised individual gains access to theinformation an organisation is trying to protect
eg:- hacking, cracking etc.
-
8/7/2019 Mk Presentation Latest
19/53
b) Deliberate actsi) Deliberate acts of espionage or trespass:- con.
Hacker:-People who use and create computer software togain access to the information illegally.
Enjoys programming
Seeks further knowledgeShows a positive approach to the system
Two types:-
Expert
Novice
-
8/7/2019 Mk Presentation Latest
20/53
b) Deliberate actsi) Deliberate acts of espionage or trespass:- con.
Cracker:-Who cracks or removes an application softwareprotection that is designed to prevent unauthorizedduplication (copyright protected).
Theyll destroy vital data, deny legitimate user serviceetc
Negative approach to system
Phreaker:-Hacks the public telephone network to make freecalls and to disrupt the services
-
8/7/2019 Mk Presentation Latest
21/53
b) Deliberate acts con
ii) Deliberate acts of information extortion:-It is the possibility of an attacker or formerly trustedinsider stealing information from a computer system &demanding compensation for its return.
iii) Deliberate acts of sabotage:-To deliberately sabotage the operation of a business
to destroy an asset or damage the image of theorganisation.
-
8/7/2019 Mk Presentation Latest
22/53
b) Deliberate acts con
iv) Deliberate act of theft:-Threat within organization is constant problem
It can be physical, electronic or intellectual.
v) Deliberate software attacks:-Individual or group develop or designs software toattack an unsuspecting system.
Softwares are called MALWARE orMALICIOUSCODE orMALICIOUS SOFTWARE.
eg:- Denial of services attacks conducted byMAFIABOY on Amazon.com, Dell.com, etc
-
8/7/2019 Mk Presentation Latest
23/53
-
8/7/2019 Mk Presentation Latest
24/53
b) Deliberate actsv) Deliberate software attacks :- con
Worms:-
Malicious programs that replicate themselves withoutinfecting the program
Programs that spread from one system to the other
network connectionDoesnt exists in a particular system but affects the filein that system
Types:-
Morris Worm
Code RedNimda
-
8/7/2019 Mk Presentation Latest
25/53
b) Deliberate actsv) Deliberate software attacks :- con
Trojan Horses:-
Software programs that hide their true nature andreveal their designed behaviour only when activated.
Arrives via e-mail or application software
Activated when software or attachment is executed
Installs backdoor that allows hacker to have access tothe system
-
8/7/2019 Mk Presentation Latest
26/53
c) Threats of God
Fire
Flood
Earthquake
Lightening
Landslide
Tornado
HurricaneTsunami
Dust contamination
-
8/7/2019 Mk Presentation Latest
27/53
d) Technical failures
Hardware:-Technical hardware failures or errors occur when amanufacturer distributes to users equipmentcontaining a known or unknown flaw.
Software:-Threats come from purchasing software withunknown hidden faults.
-
8/7/2019 Mk Presentation Latest
28/53
e) Management failures
Threat come from managements potential lack ofsufficient planning and foresight to anticipate thetechnology needed for evolving buisness requirements
Managements strategic planning should always includean analysis of technology current in the organisation
-
8/7/2019 Mk Presentation Latest
29/53
-
8/7/2019 Mk Presentation Latest
30/53
Attacks con
Malicious codes:-
Individual or group develop or designs software toattack an unsuspecting system
Hoaxes:-Warning about the latest viruses & worms
Transmitting a virus hoax, with a real virus attached
Back doors / Trap door:-
Secret entry point into a program
Allows those who commonly know access bypassingusual security procedures
Very hard to block in OS
-
8/7/2019 Mk Presentation Latest
31/53
Attacks con
Password crack:-
Attempt to reverse calculate a password is called cracking
Used when a copy of Security Account Manager (SAM) datafile can be obtained.
SAM file contains Hashed representation of password.
Brute force:-
Try every possible combination of passwords
Dictionary attacks:-
Uses a list of commonly
used passwords (dictionary),
to guess instead of random
combination.
-
8/7/2019 Mk Presentation Latest
32/53
Attacks con
Spoofing:-
Intruder sends message to computer with an IP addressindicating true host
Hacker first findout IP address of true host.
Once Connection was established, hacker got access to the
system
Spam:-
Unsolicited commercial e-mail
Considered as nuisance rather than an attack.
Mail bombing:-
Attacker router large number of unsolicited e-mail to thetarget.
Target e-mail address is buried under unwanted e-mails.
-
8/7/2019 Mk Presentation Latest
33/53
Attacks con
Sniffer:-
Program or device that can monitor data travelling overnetwork.
Unauthorized sniffers are extremely dangerous tonetwork.
Packet sniffers- they can work on TCP/IP n/w
Social engineering:-
Process of using social skills to convince people to
reveal the credentials and other valuable informations.
-
8/7/2019 Mk Presentation Latest
34/53
Attacks con
Denial of Service(Dos):-
Purpose: Make a network service unusable,usually by overloading the server or network
Many different kinds of DoS attacks
SYN flooding
SMURF
Distributed attacks
-
8/7/2019 Mk Presentation Latest
35/53
Attacks con
Denial of service:-
-
8/7/2019 Mk Presentation Latest
36/53
Attacks con
Denial of service:-
SMURF:-
Source IP address of a broadcast ping is forgedLarge number of machines respond back to victim,overloading it
-
8/7/2019 Mk Presentation Latest
37/53
Attacks con
Denial of service:-
-
8/7/2019 Mk Presentation Latest
38/53
Attacks con
Distributed denial of service:-
Same techniques as regular DoS, but on a much largerscale
Mini Case Study CodeRed
July 19, 2001: over 359,000 computers infected withCode-Red in less than 14 hours
Used a recently known buffer exploit in Microsoft IIS
Damages estimated in excess of $2.6 billion
-
8/7/2019 Mk Presentation Latest
39/53
Attacks con
TCP attacks / Man in the middle :-
Attacker sniffs packets into the network, modifies them& inserts it back into the network.
Using IP spoofing
If an attacker learns the associated TCP state for theconnection, then the connection can be hijacked!
Attacker can insert malicious data into the TCP stream,and the recipient will believe it came from the originalsource
Eg:- Instead of downloading and running new program,you download a virus and execute it.
-
8/7/2019 Mk Presentation Latest
40/53
Attacks con
TCP attacks:-Say hello to Alice, Bob and Mr. Big Ears
-
8/7/2019 Mk Presentation Latest
41/53
Attacks con
TCP attacks:-Alice and Bob have an established TCP connection
-
8/7/2019 Mk Presentation Latest
42/53
Attacks con
TCP attacks:-Mr. Big Ears lies on the path between Alice andBob on the network
He can intercept all of their packets
-
8/7/2019 Mk Presentation Latest
43/53
Attacks con
TCP attacks:-First, Mr. Big Ears must drop all of Alices packetssince they must not be delivered to Bob (why?)
Packet
s TheVoid
-
8/7/2019 Mk Presentation Latest
44/53
Attacks con
TCP attacks:-
Then, Mr. Big Ears sends his malicious packet withthe next ISN (sniffed from the network)
-
8/7/2019 Mk Presentation Latest
45/53
Counter measures
Firewalls
Intrusion detection system
Cryptography
Counter filters
Scanning and analysis tools
-
8/7/2019 Mk Presentation Latest
46/53
Firewalls
Any device or software which prevents a specifictype of information moving between outside andinside world, ie untrusted and trusted netwoks.
A firewall is like a castle with a drawbridgeOnly one point of access into the network
This can be good or bad
-
8/7/2019 Mk Presentation Latest
47/53
Firewalls
Intranet
DMZInternet
Firewa
ll
Firewa
ll
Web server, email
server, web proxy,etc
-
8/7/2019 Mk Presentation Latest
48/53
Firewalls
Used to filter packets based on acombination of features
These are called packet filtering firewalls
There are other types too, but they will not bediscussed
Ex. Drop packets with destination port of 23 (Telnet)
Can use any combination of IP/UDP/TCP headerinformation
-
8/7/2019 Mk Presentation Latest
49/53
Intrusion detection system
Works on the basis of previously set condition, if thereviolation from this rule it will not allow the process tocontinue.
Types:-Host based IDS
Network based IDS
Signature based IDS
Statistical anomaly based IDS
-
8/7/2019 Mk Presentation Latest
50/53
Cryptography
Data is initially encrypted to a coded form.
The decoding mechanism can be done only withknowledge about its initial coding,
Authorized hosts are provided with decoding algorithms
So the hacking can be minimised.
-
8/7/2019 Mk Presentation Latest
51/53
Conclusions
The Internet works only because weimplicitly trust one another
It is very easy to exploit this trust
The same holds true for softwareThe security breach in the IT can be limitedto an extent by our careful and updated
knowledge in terms of technology andmanagement
-
8/7/2019 Mk Presentation Latest
52/53
Reference
Principles of Information & TechnologyMichel E. Whitman & Herbert J. Mattord
Youtube / Information technology & security
Secure computing
www.Wikipedia.org
-
8/7/2019 Mk Presentation Latest
53/53
Thank you!