module v security management
TRANSCRIPT
-
8/12/2019 Module v Security Management
1/20
Module V: Security Management
Topics: The Information Security.
System Vulnerability and Abuse.
System Threats(Malicious Software, Hacking etc..) and counter measure.
Antivirus, Firewalls, Anti-spyware.
Security Audit.
Security Managementis a broad field ofmanagementrelated toasset
management,physical securityandhuman resourcesafety functions. It
entails the identification of an organization's information assets and the
development, documentation and implementation of policies, standards,
procedures and guidelines.
Innetwork managementit is the set of functions that
protectstelecommunications networksand systems from
unauthorizedaccessby persons, acts, or influences and that includes
many subfunctions, such as creating, deleting, and
controlling securityservices and mechanisms; distributing security-
relevantinformation;reporting security-relevant events; controlling the
distribution of cryptographic keying material; and
authorizingsubscriberaccess, rights, and privileges.
Management tools such as information classification,risk
assessmentandrisk analysisare used to identify threats, classify
assets and to rate system vulnerabilities so that effective control can be
implemented.
http://en.wikipedia.org/wiki/Managementhttp://en.wikipedia.org/wiki/Managementhttp://en.wikipedia.org/wiki/Managementhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Human_resourceshttp://en.wikipedia.org/wiki/Human_resourceshttp://en.wikipedia.org/wiki/Human_resourceshttp://en.wikipedia.org/wiki/Network_managementhttp://en.wikipedia.org/wiki/Network_managementhttp://en.wikipedia.org/wiki/Network_managementhttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/Subscriberhttp://en.wikipedia.org/wiki/Subscriberhttp://en.wikipedia.org/wiki/Subscriberhttp://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Risk_analysis_(engineering)http://en.wikipedia.org/wiki/Risk_analysis_(engineering)http://en.wikipedia.org/wiki/Risk_analysis_(engineering)http://en.wikipedia.org/wiki/Risk_analysis_(engineering)http://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Subscriberhttp://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Network_managementhttp://en.wikipedia.org/wiki/Human_resourceshttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Management -
8/12/2019 Module v Security Management
2/20
The Information Security:Information securitymeans protecting
information and systems from unauthorized access, use, disclosure,
disruption, modification, perusal, inspection, recording or destruction.
The terms information security,computer securityand assurance arefrequently used interchangeably. These fields are interrelated often and share
the common goals of protecting theconfidentiality,integrityand availability of
information; however, there are some subtle differences between them.
These differences lie primarily in the approach to the subject, the
methodologies used, and the areas of concentration. Information security is
concerned with the confidentiality, integrity and availability ofdataregardless
of the form the data may take: electronic, print, or other forms. Computer
security can focus on ensuring the availability and correct operation of
acomputer systemwithout concern for the information stored or processed by
the computer. Information assurance focuses on the reasons for assurance
that information is protected, and is thus reasoning about information security.
Governments,military,corporations,financial institutions,hospitals,and
privatebusinessesamass a great deal of confidential information about their
employees, customers, products, research, and financial status. Most of this
information is now collected, processed and stored on electronic computersand transmitted acrossnetworksto other computers.
Basic principles:-
Confidentiality
Confidentialityis the term used to prevent the disclosure of information to
unauthorized individuals or systems. For example, acredit cardtransactionon
the Internet requires thecredit card numberto be transmitted from the buyer
to the merchant and from the merchant to atransaction processingnetwork.
The system attempts to enforce confidentiality by encrypting the card number
during transmission, by limiting the places where it might appear (in
databases, log files, backups, printed receipts, and so on), and by restricting
http://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Computer_systemhttp://en.wikipedia.org/wiki/Computer_systemhttp://en.wikipedia.org/wiki/Computer_systemhttp://en.wikipedia.org/wiki/Governmentshttp://en.wikipedia.org/wiki/Governmentshttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Corporationshttp://en.wikipedia.org/wiki/Corporationshttp://en.wikipedia.org/wiki/Corporationshttp://en.wikipedia.org/wiki/Financial_institutionshttp://en.wikipedia.org/wiki/Financial_institutionshttp://en.wikipedia.org/wiki/Financial_institutionshttp://en.wikipedia.org/wiki/Hospitalshttp://en.wikipedia.org/wiki/Hospitalshttp://en.wikipedia.org/wiki/Hospitalshttp://en.wikipedia.org/wiki/Businesseshttp://en.wikipedia.org/wiki/Businesseshttp://en.wikipedia.org/wiki/Businesseshttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Financial_transactionhttp://en.wikipedia.org/wiki/Financial_transactionhttp://en.wikipedia.org/wiki/Financial_transactionhttp://en.wikipedia.org/wiki/Credit_card_numberhttp://en.wikipedia.org/wiki/Credit_card_numberhttp://en.wikipedia.org/wiki/Credit_card_numberhttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Credit_card_numberhttp://en.wikipedia.org/wiki/Financial_transactionhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Businesseshttp://en.wikipedia.org/wiki/Hospitalshttp://en.wikipedia.org/wiki/Financial_institutionshttp://en.wikipedia.org/wiki/Corporationshttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Governmentshttp://en.wikipedia.org/wiki/Computer_systemhttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Computer_security -
8/12/2019 Module v Security Management
3/20
access to the places where it is stored. If an unauthorized party obtains the
card number in any way, a breach of confidentiality has occurred.
Confidentiality is necessary (but not sufficient) for maintaining theprivacyof
the people whose personal information a system holds.
Integrity
In information security, integrity means that data cannot be modified
undetectably. This is not the same thing asreferential integrityindatabases,
although it can be viewed as a special case of Consistency as understood in
the classicACIDmodel oftransaction processing.Integrity is violated when a
message is actively modified in transit. Information security systems typically
provide message integrity in addition to data confidentiality.Availability
For any information system to serve its purpose, the information must
beavailablewhen it is needed. This means that the computing systems used
to store and process the information, thesecurity controlsused to protect it,
and the communication channels used to access it must be functioning
correctly.High availabilitysystems aim to remain available at all times,
preventing service disruptions due to power outages, hardware failures, and
system upgrades. Ensuring availability also involves preventingdenial-of-
service attacks.
Authenticity
In computing,e-Business,and information security, it is necessary to ensure
that the data, transactions, communications or documents (electronic or
physical) are genuine. It is also important for authenticity to validate that both
parties involved are who they claim to be.
Non-repudiation
In law,non-repudiationimplies one's intention to fulfill their obligations to a
contract. It also implies that one party of a transaction cannot deny having
received a transaction nor can the other party deny having sent a transaction.
http://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Referential_integrityhttp://en.wikipedia.org/wiki/Referential_integrityhttp://en.wikipedia.org/wiki/Referential_integrityhttp://en.wikipedia.org/wiki/Databaseshttp://en.wikipedia.org/wiki/Databaseshttp://en.wikipedia.org/wiki/Databaseshttp://en.wikipedia.org/wiki/ACIDhttp://en.wikipedia.org/wiki/ACIDhttp://en.wikipedia.org/wiki/ACIDhttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Security_controlshttp://en.wikipedia.org/wiki/Security_controlshttp://en.wikipedia.org/wiki/Security_controlshttp://en.wikipedia.org/wiki/High_availabilityhttp://en.wikipedia.org/wiki/High_availabilityhttp://en.wikipedia.org/wiki/High_availabilityhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/E-Businesshttp://en.wikipedia.org/wiki/E-Businesshttp://en.wikipedia.org/wiki/E-Businesshttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/E-Businesshttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/High_availabilityhttp://en.wikipedia.org/wiki/Security_controlshttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/ACIDhttp://en.wikipedia.org/wiki/Databaseshttp://en.wikipedia.org/wiki/Referential_integrityhttp://en.wikipedia.org/wiki/Privacy -
8/12/2019 Module v Security Management
4/20
Electronic commerceuses technology such asdigital signaturesandpublic
key encryptionto establish authenticity and non-repudiation.
System Vulnerability and Abuse
When data are stored in digital form, they are more vulnerable thanwhen they exist in manual form.
Security refers to the policies, procedures, and technical measuresused to prevent unauthorized access, alteration, theft, or physicaldamage to information systems.
Controlsconsist of all the methods, policies, and organizationalprocedures that ensure the safety of the organization's assets; theaccuracy and reliability of its accounting records; and operationaladherence to management standards.
Threats to computerized information systems include hardware andsoftware failure; user errors; physical disasters such as fire orpower failure; theft of data, services, and equipment; unauthorizeduse of data; and telecommunications disruptions. On-line systems
and telecommunications are especially vulnerable because data andfiles can be immediately and directly accessed through computerterminals or at points in the telecommunications network.
http://en.wikipedia.org/wiki/Electronic_commercehttp://en.wikipedia.org/wiki/Electronic_commercehttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Public_key_encryptionhttp://en.wikipedia.org/wiki/Public_key_encryptionhttp://en.wikipedia.org/wiki/Public_key_encryptionhttp://en.wikipedia.org/wiki/Public_key_encryptionhttp://pop_win%28%27controls.htm%27%29/http://pop_win%28%27controls.htm%27%29/http://pop_win%28%27controls.htm%27%29/http://en.wikipedia.org/wiki/Public_key_encryptionhttp://en.wikipedia.org/wiki/Public_key_encryptionhttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Electronic_commerce -
8/12/2019 Module v Security Management
5/20
Figure 8-1
FIGURE 8-1 CONTEMPORARY SECURITY CHALLENGES ANDVULNERABILITIESThe architecture of a Web-based application typically includes a Web client, a
server, and corporate information systems linked to databases. Each of these
components presents security challenges and vulnerabilities. Floods, fires,
power failures, and other electrical problems can cause disruptions at any point
in the network.
The Internet poses additional problems because it was explicitly designed to be easily accessed
by people on different computer systems. Information traveling over unsecured media can beintercepted and misused. Fixed IP addresses serve as fixed targets for hackers, and Internet
software has become a means for introducing viruses and malicious software to otherwise securenetworks.
Wireless networks are even more vulnerable because radio frequency bands are easy to scan.LANs that use the Wi-Fi (802.11b) standard can be easily penetrated by outsiders with laptops,
wireless cards, external antennae, and freeware hacking software. Service set identifiers (SSID)
identifying access points in a Wi-Fi network are broadcast multiple times and can be picked up
fairly easily by sniffer programs. Inwar driving,eavesdroppers drive by buildings or parkoutside and try to intercept wireless network traffic. The initial security standard developed for
Wi-Fi, called Wired Equivalent Privacy (WEP), is not very effective. WEP is built into allstandard 802.11 products, but users must turn it on, and many neglect to do so, leaving many
access points unprotected.
Figure 8-2
http://pop_win%28%27war_driving.htm%27%29/http://pop_win%28%27war_driving.htm%27%29/http://pop_win%28%27war_driving.htm%27%29/http://pop_win%28%27war_driving.htm%27%29/ -
8/12/2019 Module v Security Management
6/20
FIGURE 8-2 WI-FI SECURITY CHALLENGES
Many Wi-Fi networks can be penetrated easily by intruders using snifferprograms to obtain an address to access the resources of a network without
authorization.
Malicious software, ormalware,includes threats such ascomputer virusesand worms,and Trojan horses. A computer virus is rogue software that attaches itself to other programs or
data files in order to be executed, and may be highly destructive to files, computer memory, and
hard drives. Viruses are typically designed to spread from computer to computer through e-mail
attachments or copied files.
Wormsare independent computer programs that copy themselves to computers over a networkindependently from other computer programs or files, and therefore spread more rapidly.
ATrojan horseis an apparently benign program that actually performs some hidden actionsuch as installing malicious code or compromising the security of a computer.
Spyware can also act as malicious software by obtaining information about users' buying habits
and infringing on privacy.Keyloggersrecord keystrokes made on a computer to discoversteal serial numbers for software and passwords.
http://pop_win%28%27malware.htm%27%29/http://pop_win%28%27malware.htm%27%29/http://pop_win%28%27malware.htm%27%29/http://pop_win%28%27comp_virses.htm%27%29/http://pop_win%28%27comp_virses.htm%27%29/http://pop_win%28%27comp_virses.htm%27%29/http://pop_win%28%27worms.htm%27%29/http://pop_win%28%27worms.htm%27%29/http://pop_win%28%27trojan_horse.htm%27%29/http://pop_win%28%27trojan_horse.htm%27%29/http://pop_win%28%27trojan_horse.htm%27%29/http://pop_win%28%27keyloggers.htm%27%29/http://pop_win%28%27keyloggers.htm%27%29/http://pop_win%28%27keyloggers.htm%27%29/http://pop_win%28%27keyloggers.htm%27%29/http://pop_win%28%27trojan_horse.htm%27%29/http://pop_win%28%27worms.htm%27%29/http://pop_win%28%27comp_virses.htm%27%29/http://pop_win%28%27malware.htm%27%29/ -
8/12/2019 Module v Security Management
7/20
Ahackeris an individual who intends to gain unauthorized access to a computer system. Thetermcrackeris typically used for hackers with criminal intent. Hackers spoof, or misrepresentthemselves, by using fake e-mail addresses or masquerading as someone else. Hacker activities
include:
Theft of goods and services
System damage
Cyber vandalism: The intentional disruption, defacement, oreven destruction of a Web site or corporate informationsystem.
Spoofing: Hiding of the hackers true identities or emailaddresses, or redirecting a Web link to a different web site that
benefits the hacker.
Theft of proprietary information: A=0is an eavesdroppingprogram that monitors network information and can enablehackers to steal proprietary information transmitting over thenetwork.Denial of service (DoS) attacks: Flooding a network or serverwith thousands of false communications to crash or disrupt thenetwork. A0attack uses hundreds or even thousands of
computers to inundate and overwhelm the network fromnumerous launch points. Hackers can infect thousands ofunsuspecting users' computers with malicious software to formabotnetof resources for launching a DDoS.
Figure 8-3
http://pop_win%28%27hacker.htm%27%29/http://pop_win%28%27hacker.htm%27%29/http://pop_win%28%27hacker.htm%27%29/http://pop_win%28%27cracker.htm%27%29/http://pop_win%28%27cracker.htm%27%29/http://pop_win%28%27cracker.htm%27%29/http://pop_win%28%27cybervandalism.htm%27%29/http://pop_win%28%27sniffer.htm%27%29/http://pop_win%28%27sniffer.htm%27%29/http://pop_win%28%27dos.htm%27%29/http://pop_win%28%27ddos.htm%27%29/http://pop_win%28%27ddos.htm%27%29/http://pop_win%28%27ddos.htm%27%29/http://pop_win1%28%27botnet.htm%27%29/http://pop_win1%28%27botnet.htm%27%29/http://pop_win1%28%27botnet.htm%27%29/http://pop_win1%28%27botnet.htm%27%29/http://pop_win%28%27ddos.htm%27%29/http://pop_win%28%27dos.htm%27%29/http://pop_win%28%27sniffer.htm%27%29/http://pop_win%28%27cybervandalism.htm%27%29/http://pop_win%28%27cracker.htm%27%29/http://pop_win%28%27hacker.htm%27%29/ -
8/12/2019 Module v Security Management
8/20
FIGURE 8-3 WORLDWIDE DAMAGE FROM DIGITAL ATTACKSThis chart shows estimates of the average annual worldwide damage from
hacking, malware, and spam since 1999. These data are based on figures from
mi2G and the authors.
In computer crime, the computer can be either the target of or the instrument of a crime. Themost economically damaging kinds of computer crime are DoS attacks, introducing viruses, theft
of services, and disruption of computer systems.
Other examples of computer crime include:
Identity theft: In identity theft, an impostor obtains key piecesof personal information to impersonate someone else andobtain credit, merchandise, or false credentials.
Phishing: Setting up fake Web sites or sending e-mailmessages that appear legitimate in order to coerce users forconfidential data. Other phishing techniques includeevil
twins(wireless networks masquerading as legitimate Internethotspots, used to capture personal information) andpharming,redirecting users bogus Web sites posing as legitimate Websites.
http://pop_win%28%27i_theft.htm%27%29/http://pop_win%28%27phishing.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27pharming.htm%27%29/http://pop_win%28%27pharming.htm%27%29/http://pop_win%28%27pharming.htm%27%29/http://pop_win%28%27pharming.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27phishing.htm%27%29/http://pop_win%28%27i_theft.htm%27%29/ -
8/12/2019 Module v Security Management
9/20
Click fraudoccurs when an individual or computer program fraudulently clickson an online ad without any intention of learning more about the advertiser or
making a purchase. Click fraud can also be perpetrated with software programsdoing the clicking, and bot networks are often used for this purpose.
The U.S. Congress responded to the threat of computer crime in 1986 with the
Computer Fraud and Abuse Act. This act makes it illegal to access a computer
system without authorization. Most U.S. states and European nations have similar
legislation. Congress also passed the National Information Infrastructure ProtectionAct in 1996 to make virus distribution and hacker attacks to disable Web sites
federal crimes.
One concern is that terrorists or foreign intelligence services could exploit network
or Internet vulnerabilities to commit cyber terrorism or cyber warfare and cripple
networks controlling essential services such as electrical grids and air trafficcontrol systems.
The largest financial threats to businesses actually come from insiders, either
through theft and hacking or through lack of knowledge. Malicious intruders maysometimes trick employees into revealing passwords and network access data
throughsocial engineering.Employees can also introduce faulty data orimproperly process data.
Software errors are also a threat to information systems and cause untold losses in
productivity. Hidden bugs or program code defects, unintentionally overlooked byprogrammers working with thousands of line of programming code, can cause
performance issues and security vulnerabilities. Software vendors create lines ofcode calledpatchesto repair flaws without disrupting the software's operation.
Technologies and Tools for Security and Control
Various tools and technologies used to help protect against ormonitor intrusion include authentication tools, firewalls, intrusion
detection systems, and antivirus and encryption software.
Access controlconsists of all the policies and procedures a companyuses to prevent improper access to systems by unauthorizedinsiders and outsiders.Authenticationrefers to the ability to knowthat a person is who he or she claims to be. Access control softwareis designed to allow only authorized persons to use systems or to
http://pop_win%28%27click_fraud.htm%27%29/http://pop_win%28%27click_fraud.htm%27%29/http://pop_win%28%27s_engineering.htm%27%29/http://pop_win%28%27s_engineering.htm%27%29/http://pop_win%28%27s_engineering.htm%27%29/http://pop_win%28%27patches.htm%27%29/http://pop_win%28%27patches.htm%27%29/http://pop_win%28%27patches.htm%27%29/http://pop_win%28%27access_control.htm%27%29/http://pop_win%28%27access_control.htm%27%29/http://pop_win%28%27authentication.htm%27%29/http://pop_win%28%27authentication.htm%27%29/http://pop_win%28%27authentication.htm%27%29/http://pop_win%28%27authentication.htm%27%29/http://pop_win%28%27access_control.htm%27%29/http://pop_win%28%27patches.htm%27%29/http://pop_win%28%27s_engineering.htm%27%29/http://pop_win%28%27click_fraud.htm%27%29/ -
8/12/2019 Module v Security Management
10/20
access data using some method for authentication. Newauthentication technologies include:
Token:A physical device similar to an identification card that isdesigned to prove the identity of a single user.
Smart card: A device about the size of a credit card thatcontains a chip formatted with access permission and otherdata.
Biometric authentication: Compares a person's uniquecharacteristics, such as fingerprints, face, or retinal image,against a stored set profile.
A firewall is a combination of hardware and software that controlsthe flow of incoming and outgoing network traffic and preventsunauthorized communication into and out of the network. Thefirewall identifies names, Internet Protocol (IP) addresses,applications, and other characteristics of incoming traffic. It checksthis information against the access rules programmed into thesystem by the network administrator. There are a number offirewall screening technologies:
Packet filteringexamines fields in the headers of data packets
flowing between the network and the Internet, examiningindividual packets in isolation.
Stateful inspectiondetermines whether packets are part of anongoing dialogue between a sender and a receiver.
Network Address Translation (NAT)conceals the IP addresses ofthe organization's internal host computer(s) to protect againstsniffer programs outside the firewall.
Application proxy filteringexamines the application content ofpackets. A proxy server stops data packets originating outsidethe organization, inspects them, and passes a proxy to theother side of the firewall. If a user outside the company wantsto communicate with a user inside the organization, the
http://pop_win%28%27token.htm%27%29/http://pop_win%28%27token.htm%27%29/http://pop_win%28%27smart_card.htm%27%29/http://pop_win%28%27b_aunthentication.htm%27%29/http://pop_win%28%27pocket_filtering.htm%27%29/http://pop_win%28%27pocket_filtering.htm%27%29/http://pop_win%28%27stateful.htm%27%29/http://pop_win1%28%27nat.htm%27%29/http://pop_win1%28%27proxi_filtering.htm%27%29/http://pop_win1%28%27proxi_filtering.htm%27%29/http://pop_win1%28%27proxi_filtering.htm%27%29/http://pop_win1%28%27nat.htm%27%29/http://pop_win%28%27stateful.htm%27%29/http://pop_win%28%27pocket_filtering.htm%27%29/http://pop_win%28%27b_aunthentication.htm%27%29/http://pop_win%28%27smart_card.htm%27%29/http://pop_win%28%27token.htm%27%29/ -
8/12/2019 Module v Security Management
11/20
outside user first "talks" to the proxy application and the proxyapplication communicates with the firm's internal computer.
Figure 8-6
FIGURE 8-6 A CORPORATE FIREWALLThe firewall is placed between the firms private network and the public Internet
or another distrusted network to protect against unauthorized traffic.
Intrusion detection systemsfeature full-time monitoring tools placedat the most vulnerable points of corporate networks to detect and
deter intruders continually. Scanning software looks for patternsindicative of known methods of computer attacks, such as badpasswords, checks to see if important files have been removed ormodified, and sends warnings of vandalism or systemadministration errors.
Antivirus softwareis designed to check computer systems and drivesfor the presence of computer viruses. However, to remain effective,the antivirus software must be continually updated.
Vendors of Wi-Fi equipment have developed stronger securitystandards. The Wi-Fi Alliance industry trade group's 802.11ispecification tightens security for wireless LAN products.
Many organizations use encryption to protect sensitive informationtransmitted over networks.Encryptionis the coding and scramblingof messages to prevent their access by unauthorized individuals.
Two methods for encrypting network traffic on the Web are:
Secure Sockets Layer (SSL): SSL and its successorTransportLayer Security (TLS)enable client and server computers toestablish a secure connection session and manage encryptionand decryption activities.
http://pop_win%28%27ids.htm%27%29/http://pop_win%28%27ids.htm%27%29/http://pop_win%28%27antivirus.htm%27%29/http://pop_win%28%27encryption.htm%27%29/http://pop_win%28%27encryption.htm%27%29/http://pop_win%28%27encryption.htm%27%29/http://pop_win%28%27ssl.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27ssl.htm%27%29/http://pop_win%28%27encryption.htm%27%29/http://pop_win%28%27antivirus.htm%27%29/http://pop_win%28%27ids.htm%27%29/ -
8/12/2019 Module v Security Management
12/20
Secure Hypertext Transfer Protocol (S-HTTP)is another protocolused for encrypting data flowing over the Internet, but it islimited to individual messages.
Data is encrypted by applying a secret numerical code, called anencryption key, so that the data are transmitted as a scrambled setof characters. To be read, the message must be decrypted(unscrambled) with a matching key. There are two alternativemethods of encryption:
Symmetric key encryption:The sender and receiver createa single encryption key that is shared.
Public key encryption:A more secure encryption method
that uses two different keys, one private and one public.
Figure 8-7
PUBLIC KEY ENCRYPTIONA public key encryption system can be viewed as a series of public and private
keys that lock data when they are transmitted and unlock the data when they
are received. The sender locates the recipients public key in a directory anduses it to encrypt a message. The message is sent in encrypted form over the
Internet or a private network. When the encrypted message arrives, the
recipient uses his or her private key to decrypt the data and read the message.
Digital signatures and digital certificates help with authentication.Adigital signatureis a digital code attached to an electronicallytransmitted message that is used to verify the origin and contentsof a message.Digital certificatesare data files used to establish theidentity of users and electronic assets for protection of onlinetransactions. A digital certificate system uses a trusted third partyknown as a certificate authority (CA) to validate a user's identity.The digital certificate system would enable, for example, a creditcard user and a merchant to validate that their digital certificateswere issued by an authorized and trusted third party before theyexchange data.Public key infrastructure (PKI),the use of public key
http://pop_win%28%27http.htm%27%29/http://pop_win%28%27http.htm%27%29/http://pop_win%28%27ds.htm%27%29/http://pop_win%28%27ds.htm%27%29/http://pop_win%28%27ds.htm%27%29/http://pop_win%28%27dc.htm%27%29/http://pop_win%28%27dc.htm%27%29/http://pop_win%28%27pki.htm%27%29/http://pop_win%28%27pki.htm%27%29/http://pop_win%28%27pki.htm%27%29/http://pop_win%28%27pki.htm%27%29/http://pop_win%28%27dc.htm%27%29/http://pop_win%28%27ds.htm%27%29/http://pop_win%28%27http.htm%27%29/ -
8/12/2019 Module v Security Management
13/20
cryptography working with a certificate authority, is a principaltechnology for providing secure authentication of identity online.
Figure 8-8
FIGURE 8-8 DIGITAL CERTIFICATESDigital certificates help establish the identity of people or electronic assets. They
protect online transactions by providing secure, encrypted, online
communication.
-
8/12/2019 Module v Security Management
14/20
System Threats(Malicious Software, Hacking etc..) and counter
measure.
Threat:-Incomputer securitya threatis a possible danger that might exploit
avulnerabilityto breach security and thus cause possible harm.
A threat can be either "intentional"(i.e., intelligent; e.g., an individual cracker
or a criminal organization) or "accidental"(e.g., the possibility of a computer
malfunctioning, or the possibility of an "act of God" such as anearthquake,
afire,or atornado)or otherwise a circumstance, capability, action, or event.
Sources of Threats
A person, a group of people, or even some phenomena unrelated to
human activity can serve as an information security threat. Following
from this, all threat sources break down into three groups:
The human factor. This group of threats concerns the actions of people
with authorized or unauthorized access to information. Threats in thisgroup can be divided into:
External, including cyber criminals, hackers, internet scams, unprincipled
partners, and criminal structures.
Internal, including actions of company staff and users of home PCs.
Actions taken by this group could be deliberate or accidental.
The technological factor. This threat group is connected with technical
problems - equipment used becoming obsolete and poor-quality software
and hardware for processing information. This all leads to equipment
failure and often to data loss.
The natural-disaster factor. This threat group includes any number of
events brought on by nature and other events independent of human
activity.
http://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Intentionhttp://en.wikipedia.org/wiki/Intentionhttp://en.wikipedia.org/wiki/Intentionhttp://en.wikipedia.org/wiki/Accidenthttp://en.wikipedia.org/wiki/Accidenthttp://en.wikipedia.org/wiki/Accidenthttp://en.wikipedia.org/wiki/Earthquakehttp://en.wikipedia.org/wiki/Earthquakehttp://en.wikipedia.org/wiki/Earthquakehttp://en.wikipedia.org/wiki/Firehttp://en.wikipedia.org/wiki/Firehttp://en.wikipedia.org/wiki/Firehttp://en.wikipedia.org/wiki/Tornadohttp://en.wikipedia.org/wiki/Tornadohttp://en.wikipedia.org/wiki/Tornadohttp://en.wikipedia.org/wiki/Tornadohttp://en.wikipedia.org/wiki/Firehttp://en.wikipedia.org/wiki/Earthquakehttp://en.wikipedia.org/wiki/Accidenthttp://en.wikipedia.org/wiki/Intentionhttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Computer_security -
8/12/2019 Module v Security Management
15/20
Types of ThreatsWorms
This malicious program category largely exploits operating system
vulnerabilities to spread itself. The class was named for the way the
worms crawl from computer to computer, using networks and e-mail.
This feature gives many worms a rather high speed in spreading
themselves.
Viruses
Programs that infected other programs, adding their own code to them to
gain control of the infected files when they are opened. This simple
definition explains the fundamental action performed by a virus -
infection.
Trojans
Programs that carry out unauthorized actions on computers, such as
deleting information on drives, making the system hang, stealing
confidential information, etc. This class of malicious program is not a
virus in the traditional sense of the word (meaning it does not infect other
computers or data). Trojans cannot break into computers on their own
and are spread by hackers, who disguise them as regular software. Thedamage that they incur can exceed that done by traditional virus attacks
by several fold.
Spyware
Software that collects information about a particular user or organization
without their knowledge. You might never guess that you have spyware
installed on your computer.
Risk ware
Potentially dangerous applications include software that has not malicious
features but could form part of the development environment for
malicious programs or could be used by hackers as auxiliary components
for malicious programs.
-
8/12/2019 Module v Security Management
16/20
Rootkits
Utilities used to conceal malicious activity. They mask malicious programs
to keep anti-virus programs from detecting them. Rootkits modify the
operating system on the computer and alter its basic functions to hide its
own existence and actions that the hacker undertakes on the infected
computer.
How threats spread
As modern computer technology and communications tools develop,
hackers have more opportunities for spreading threats. Let's take a closer
look at them:
The Internet
The Internet is unique, since it is no one's property and has no
geographical borders. In many ways, this has promoted development of
countless web resources and the exchange of information. Today, anyone
can access data on the Internet or create their own webpage.
However, these very features of the worldwide web give hackers the
ability to commit crimes on the Internet, making them difficult to detect
and punish as they go.
USB flash drives
USB flash drives are widely used for storing and transmitting
information.
When you use a USB disk that has malicious programs on it, you candamage data stored on your computer and spread the virus to your
computer's other drives or other computers on the network.
-
8/12/2019 Module v Security Management
17/20
Tips to protect yourself from malware
Be mindful of what you are clicking on
Many websites that hosts harmful content will use banners and pop up
advertisements, pretending to be an error messages or offering you a
prize. When you visit these sites harmful content is downloaded into your
computer. Avoid being tempted in the first place.
Be aware of what you are downloading
Don't download software from a website that's full of advertisements, or
listings of 'free' programs, these are often fake files. Be cautious and
question them, scan them with security software prior to opening or only
download programs from reputable or corporate websites.
Purchase security software
Many users are not aware that using pirated software can not protect
user's computer against threats and the pirated software from
unauthorized third parties may contain viruses.
Be careful before you open your removable media
Many malicious programs attack your computers and spread via USBstorage. USB Disk Security can protect your computer against any threats
via removable media.
Update Windows when prompted
Microsoft release updates for Windows regularly. They include important
security patches and tools. Install them when prompted to patch up
security gaps in your operating system, browser or third party software.
Take extra care when using Peer-To-Peer programs
Since files shared on P2P networks are not policed. Anyone can release
anything they want via this medium. As such get into the habit of
scanning the files you downloaded before running/executing them.
-
8/12/2019 Module v Security Management
18/20
Accept incoming files when you expect them and from people that
you know
Some threats have the ability to infect machines and automatically send
copies of themselves to that user's contact list. It may appear that your
friend is sending you a file but it may turn out to be a malicious program
propagating itself.
Know your File Formats
Images usually come in .jpg .jpeg .png .bmp .gif .tif formats. Executables
come in .exe .bat .com .dll formats. If someone says they are sending
you a photo but the file ends with .exe or .com, please do not open it.
They're obviously mistaken or potentially endangering you.
Be aware of what's happening
There are various places to seek for help and learn more about your
computer. It pays to be knowledgeable on your computer, as malicious
threats often take advantage of those who are unaware of what's
happening.
Antivirus, Firewalls, Anti-spyware.
Antivirusor anti-virus softwareissoftwareused to prevent, detect and
removemalware, such as:computer viruses,adware,backdoors,
maliciousBHOs,dialers,fraud tools,hijackers,key loggers,
maliciousLSPs,root kits,spyware,Trojan horsesandworms.Computer
security,including protection fromsocial engineeringtechniques, is commonlyoffered in products and services of antivirus software companies. This page
discusses the software used for the prevention and removal of
malwarethreats,rather than computer security implemented by software
methods.
http://en.wikipedia.org/wiki/Softwarehttp://en.wikipedia.org/wiki/Softwarehttp://en.wikipedia.org/wiki/Softwarehttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Browser_Helper_Objecthttp://en.wikipedia.org/wiki/Browser_Helper_Objecthttp://en.wikipedia.org/wiki/Browser_Helper_Objecthttp://en.wikipedia.org/wiki/Dialerhttp://en.wikipedia.org/wiki/Dialerhttp://en.wikipedia.org/wiki/Dialerhttp://en.wikipedia.org/wiki/Fraudtoolhttp://en.wikipedia.org/wiki/Fraudtoolhttp://en.wikipedia.org/wiki/Fraudtoolhttp://en.wikipedia.org/wiki/Browser_hijackinghttp://en.wikipedia.org/wiki/Browser_hijackinghttp://en.wikipedia.org/wiki/Browser_hijackinghttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Layered_Service_Providerhttp://en.wikipedia.org/wiki/Layered_Service_Providerhttp://en.wikipedia.org/wiki/Layered_Service_Providerhttp://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Layered_Service_Providerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Browser_hijackinghttp://en.wikipedia.org/wiki/Fraudtoolhttp://en.wikipedia.org/wiki/Dialerhttp://en.wikipedia.org/wiki/Browser_Helper_Objecthttp://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Software -
8/12/2019 Module v Security Management
19/20
A firewallcan either be software-based or hardware-based and is used to
help keep a network secure. Its primary objective is to control the incoming
and outgoing network traffic by analyzing the data packets and determining
whether it should be allowed through or not, based on a predetermined rule
set. A network's firewall builds a bridge between an internal network that isassumed to be secure and trusted, and another network, usually an external
(inter)network, such as the Internet, that is not assumed to be secure and
trusted.
Spywareis a type of malicious program installed oncomputersthatcollects information about users without their knowledge. The presence of
spyware is typically hidden from the user and can be difficult to detect. Some
spyware, such askey loggers,may be installed by the owner of a shared,
corporate, orpublic computerintentionally in order to monitor users.
While the term spywaresuggests software that monitors a user's computing,
the functions of spyware can extend beyond simple monitoring. Spyware can
collect almost any type of data, includingpersonal informationlikeInternet
surfinghabits, user logins, and bank or credit account information. Spyware
can also interfere with user control of a computer by installing additional
software or redirectingWeb browsers.Some spyware can change computersettings, which can result in slow Internet connection speeds, un-authorized
changes in browser settings, or changes to software settings.
http://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Public_computerhttp://en.wikipedia.org/wiki/Public_computerhttp://en.wikipedia.org/wiki/Public_computerhttp://en.wikipedia.org/wiki/Personally_identifiable_informationhttp://en.wikipedia.org/wiki/Personally_identifiable_informationhttp://en.wikipedia.org/wiki/Personally_identifiable_informationhttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Personally_identifiable_informationhttp://en.wikipedia.org/wiki/Public_computerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Computer -
8/12/2019 Module v Security Management
20/20
Anti-spyware programs
Anti-spyware programs can combat spyware in two ways:
1. They can provide real-time protection in a manner similar to that ofanti-
virusprotection: they scan all incomingnetworkdata for spyware and
blocks any threats it detects.
2. Anti-spyware software programs can be used solely for detection and
removal of spyware software that has already been installed onto the
computer. This kind of anti-spyware can often be set to scan on a
regular schedule.
Security audit:-A computer security auditis a manual or systematicmeasurable technical assessment of a system or application. Manual
assessments include interviewing staff, performing security vulnerability
scans, reviewing application and operating system access controls, and
analyzing physical access to the systems. Automated assessments,
orCAAT's, include system generated audit reports or using software to
monitor and report changes to files and settings on a system. Systems can
include personal computers, servers, mainframes, network routers, switches.
Applications can include Web Services, Microsoft Project Central, OracleDatabase. (examples only).
http://en.wikipedia.org/wiki/Anti_virushttp://en.wikipedia.org/wiki/Anti_virushttp://en.wikipedia.org/wiki/Anti_virushttp://en.wikipedia.org/wiki/Anti_virushttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_Assisted_Auditing_Techniqueshttp://en.wikipedia.org/wiki/Computer_Assisted_Auditing_Techniqueshttp://en.wikipedia.org/wiki/Computer_Assisted_Auditing_Techniqueshttp://en.wikipedia.org/wiki/Computer_Assisted_Auditing_Techniqueshttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Anti_virushttp://en.wikipedia.org/wiki/Anti_virus