mk presentation latest

8/7/2019 Mk Presentation Latest

1/53

SECURITY IN INFORMATION

TECHNOLOGY

By:- Mithun.k

Mtech TM

08/07/2010


2/53

Overview

What is security?

Why do we need security?

Who is vulnerable?

2 lines of defense

3 security areas

Common security threats, attacks and

countermeasures


3/53

What is Security?

Dictionary.com says:1. Freedom from risk or danger; safety.

2. Freedom from doubt, anxiety, or fear;

confidence.3. Something that gives or assures safety, as:

1. A group or department of private guards: Callbuilding security if a visitor acts suspicious.

2. Measures adopted by a government to preventespionage, sabotage, or attack.

3. Measures adopted, as by a business orhomeowner, to prevent a crime such as burglary orassault:


4/53

What is Information Security?

Protect information, systems & hardwarethat uses, stores and process thatinformation from misuse or theft

By Insider or outsiderIntentionally or Unintentionally

For the protection of Information, we needtools such as policy, awareness, training &education.


5/53

Why do we need Security?

1. Protects the organisations ability to function2. Enables the safe operation of applications

3. Protects the data, the organisation collects

&uses4. Safeguards the technology assets in use at

the organisation.


6/53

Who is vulnerable?

Financial institutions and banks

Internet service providers

Pharmaceutical companies

Government and defense agencies

Contractors to various government agencies

Multinational corporations

ANYONE ON THE NETWORK


7/53

Information security plan

Develop policies

Communicate

Identify

Test system

Obtain support


8/53

2 lines of defense

People Technology


9/53

People:1st line of defense

Security breaches due to people within the

organizationSocial engineering

Dumpster diving is a way that hackers getthe information


10/53

Technology : 2nd line of defense

Without some type of defense, technology is

vulnerable to breaches

There are many different types oftechnologies available to keep the

information safe


11/53

3 Security areas

1. Authentication & Authorization

1. Prevention & Resistance

1. Detection & Response


12/53

1) Authentication & Authorization

includes

1. something user knowsEg:- ID or Password

2. something user hasEg:- Smartcard or Token

3. something that is part of userEg:- Fingerprint or Voice signature


13/53

2) Prevention & Resistance

To keep the information safe

Prevent the intruders to get into the data

Methods:-Firewall

Cryptography

Content filtering etc


14/53

3) Detection & Response

Antivirus softwares can be used to protectthe system

It will respond to the intrusion of themalicious codes like viruses, worms,

trojan horses etc


15/53

Threats

Threat is an object or person or other entitythat represents a constant danger to anasset or organization

Different groups of threats:-1. Inadvertent acts

2. Deliberate acts

3. Acts of God

4. Technical failure5. Management Failure


16/53

a) Inadvertent acts

i) Acts of human error of failure:-

Accidents, employee mistakes

Reasons:-Inexperience

Improper training

Incorrect assumtions

Effects:-Entry of erroneous data

Accidental deletion or modification of data

Storage of data in unprotected areas


17/53

a) Inadvertent actscon

ii) Deviations in QoS by service provider:-

Situations in which product or service is not

delivered to organization as expected.Eg:-

~Internet service issues in stock market,~ communication & other service provider issues

~ power irregularities


18/53

b) Deliberate acts

People or organisation engage in purposefulacts designed to harm others.

i) Deliberate acts of espionage or trespass:-

An unauthorised individual gains access to theinformation an organisation is trying to protect

eg:- hacking, cracking etc.


19/53

b) Deliberate actsi) Deliberate acts of espionage or trespass:- con.

Hacker:-People who use and create computer software togain access to the information illegally.

Enjoys programming

Seeks further knowledgeShows a positive approach to the system

Two types:-

Expert

Novice


20/53

b) Deliberate actsi) Deliberate acts of espionage or trespass:- con.

Cracker:-Who cracks or removes an application softwareprotection that is designed to prevent unauthorizedduplication (copyright protected).

Theyll destroy vital data, deny legitimate user serviceetc

Negative approach to system

Phreaker:-Hacks the public telephone network to make freecalls and to disrupt the services


21/53

b) Deliberate acts con

ii) Deliberate acts of information extortion:-It is the possibility of an attacker or formerly trustedinsider stealing information from a computer system &demanding compensation for its return.

iii) Deliberate acts of sabotage:-To deliberately sabotage the operation of a business

to destroy an asset or damage the image of theorganisation.


22/53

b) Deliberate acts con

iv) Deliberate act of theft:-Threat within organization is constant problem

It can be physical, electronic or intellectual.

v) Deliberate software attacks:-Individual or group develop or designs software toattack an unsuspecting system.

Softwares are called MALWARE orMALICIOUSCODE orMALICIOUS SOFTWARE.

eg:- Denial of services attacks conducted byMAFIABOY on Amazon.com, Dell.com, etc


23/53


24/53

b) Deliberate actsv) Deliberate software attacks :- con

Worms:-

Malicious programs that replicate themselves withoutinfecting the program

Programs that spread from one system to the other

network connectionDoesnt exists in a particular system but affects the filein that system

Types:-

Morris Worm

Code RedNimda


25/53

b) Deliberate actsv) Deliberate software attacks :- con

Trojan Horses:-

Software programs that hide their true nature andreveal their designed behaviour only when activated.

Arrives via e-mail or application software

Activated when software or attachment is executed

Installs backdoor that allows hacker to have access tothe system


26/53

c) Threats of God

Fire

Flood

Earthquake

Lightening

Landslide

Tornado

HurricaneTsunami

Dust contamination


27/53

d) Technical failures

Hardware:-Technical hardware failures or errors occur when amanufacturer distributes to users equipmentcontaining a known or unknown flaw.

Software:-Threats come from purchasing software withunknown hidden faults.


28/53

e) Management failures

Threat come from managements potential lack ofsufficient planning and foresight to anticipate thetechnology needed for evolving buisness requirements

Managements strategic planning should always includean analysis of technology current in the organisation


29/53


30/53

Attacks con

Malicious codes:-

Individual or group develop or designs software toattack an unsuspecting system

Hoaxes:-Warning about the latest viruses & worms

Transmitting a virus hoax, with a real virus attached

Back doors / Trap door:-

Secret entry point into a program

Allows those who commonly know access bypassingusual security procedures

Very hard to block in OS


31/53

Attacks con

Password crack:-

Attempt to reverse calculate a password is called cracking

Used when a copy of Security Account Manager (SAM) datafile can be obtained.

SAM file contains Hashed representation of password.

Brute force:-

Try every possible combination of passwords

Dictionary attacks:-

Uses a list of commonly

used passwords (dictionary),

to guess instead of random

combination.


32/53

Attacks con

Spoofing:-

Intruder sends message to computer with an IP addressindicating true host

Hacker first findout IP address of true host.

Once Connection was established, hacker got access to the

system

Spam:-

Unsolicited commercial e-mail

Considered as nuisance rather than an attack.

Mail bombing:-

Attacker router large number of unsolicited e-mail to thetarget.

Target e-mail address is buried under unwanted e-mails.


33/53

Attacks con

Sniffer:-

Program or device that can monitor data travelling overnetwork.

Unauthorized sniffers are extremely dangerous tonetwork.

Packet sniffers- they can work on TCP/IP n/w

Social engineering:-

Process of using social skills to convince people to

reveal the credentials and other valuable informations.


34/53

Attacks con

Denial of Service(Dos):-

Purpose: Make a network service unusable,usually by overloading the server or network

Many different kinds of DoS attacks

SYN flooding

SMURF

Distributed attacks


35/53

Attacks con

Denial of service:-


36/53

Attacks con

Denial of service:-

SMURF:-

Source IP address of a broadcast ping is forgedLarge number of machines respond back to victim,overloading it


37/53

Attacks con

Denial of service:-


38/53

Attacks con

Distributed denial of service:-

Same techniques as regular DoS, but on a much largerscale

Mini Case Study CodeRed

July 19, 2001: over 359,000 computers infected withCode-Red in less than 14 hours

Used a recently known buffer exploit in Microsoft IIS

Damages estimated in excess of $2.6 billion


39/53

Attacks con

TCP attacks / Man in the middle :-

Attacker sniffs packets into the network, modifies them& inserts it back into the network.

Using IP spoofing

If an attacker learns the associated TCP state for theconnection, then the connection can be hijacked!

Attacker can insert malicious data into the TCP stream,and the recipient will believe it came from the originalsource

Eg:- Instead of downloading and running new program,you download a virus and execute it.


40/53

Attacks con

TCP attacks:-Say hello to Alice, Bob and Mr. Big Ears


41/53

Attacks con

TCP attacks:-Alice and Bob have an established TCP connection


42/53

Attacks con

TCP attacks:-Mr. Big Ears lies on the path between Alice andBob on the network

He can intercept all of their packets


43/53

Attacks con

TCP attacks:-First, Mr. Big Ears must drop all of Alices packetssince they must not be delivered to Bob (why?)

Packet

s TheVoid


44/53

Attacks con

TCP attacks:-

Then, Mr. Big Ears sends his malicious packet withthe next ISN (sniffed from the network)


45/53

Counter measures

Firewalls

Intrusion detection system

Cryptography

Counter filters

Scanning and analysis tools


46/53

Firewalls

Any device or software which prevents a specifictype of information moving between outside andinside world, ie untrusted and trusted netwoks.

A firewall is like a castle with a drawbridgeOnly one point of access into the network

This can be good or bad


47/53

Firewalls

Intranet

DMZInternet

Firewa

ll

Firewa

ll

Web server, email

server, web proxy,etc


48/53

Firewalls

Used to filter packets based on acombination of features

These are called packet filtering firewalls

There are other types too, but they will not bediscussed

Ex. Drop packets with destination port of 23 (Telnet)

Can use any combination of IP/UDP/TCP headerinformation


49/53

Intrusion detection system

Works on the basis of previously set condition, if thereviolation from this rule it will not allow the process tocontinue.

Types:-Host based IDS

Network based IDS

Signature based IDS

Statistical anomaly based IDS


50/53

Cryptography

Data is initially encrypted to a coded form.

The decoding mechanism can be done only withknowledge about its initial coding,

Authorized hosts are provided with decoding algorithms

So the hacking can be minimised.


51/53

Conclusions

The Internet works only because weimplicitly trust one another

It is very easy to exploit this trust

The same holds true for softwareThe security breach in the IT can be limitedto an extent by our careful and updated

knowledge in terms of technology andmanagement


52/53

Reference

Principles of Information & TechnologyMichel E. Whitman & Herbert J. Mattord

Youtube / Information technology & security

Secure computing

www.Wikipedia.org


53/53

Thank you!

mk presentation latest

Documents