Internet Security - Department of Information Technology

Download Report

Transcript Internet Security - Department of Information Technology

Internet & Information Security:









Introduction
Definition
Statistics
Security Breaches – General Examples
Description
Challenges, Solutions
Common Threats
Tools for Information Security - Developers
Conclusion
Need of Information
Security !
Information
Hacked by a
militant from
DRDO.
-The Hindu
May 25, 2006
Space information
hacked from ISRO
-Hindustan Times
Dec 24, 2006
Present Scenario
THE MODERN THIEF CAN STEAL MORE WITH A
COMPUTER THAN A GUN.
MORE DAMAGE COULD BE CARRIED OUT WITH A
KEYBOARD THAN A BOMB.
Definition

The protection of information systems against
unauthorized access to or modification of
nformation, whether in storage, processing or
transit, and against the denial of service to
authorized users or the provision of service to
unauthorized users, including those measures
necessary to detect, document, and counter such
threats.
Statistics
Indiana University: April 3-4, 2008
 321 Security Breaches in 2006.
 441 organizations reported a breach in 2007 –
more than one per day.
 In the first two weeks of January 2008, 7 breaches
reported by higher education.
26% of the 321 Security Breaches in 2006
involved Higher Education
Over 2,000,000 student records
were exposed by higher
education in 2006
 106 businesses
 84 educational institutions
 96 government agencies (state, federal, local)
 35 medical institutions (hospitals)
Reasons Provided for School Breaches:
<1%
Hackers
> 50%
Armed Robber
Stolen Laptops
> 20%
Stolen Hardware
<1%
Handling Errors
~10%
Malicious Insider
<1%
Reasons for Security Breaches In
General Examples
Human Error
Hackers
Vendor
Mismanagement
Unencrypted
Remote Devices
Lost or Stolen
Remote Devices
Inadequate
Data Disposal
Unencrypted
Wireless
Transmissions
Malicious
Employees
Inadequate
Training or
Awareness
Procedural
Errors
Inadequate
Policies and
Procedures
Overlooking
New Hires
Description of Internet
&
Information Security
Four widely accepted elements (aims, principles,
qualities, characteristics, attributes ... et.) of
information security are:




confidentiality
integrity
availability
authentication
Information Security Challenges
Managing security has become increasing complex
Growing external and internal threats
Internal threats increasingly common than external –
much easier too
Good external security measures in place
Attackers looking for other means of circumventing
/bypassing guards and getting inside
Social engineering becoming popular
Methods - personal contact, installing backdoor, key
loggers,spyware, phising via email attachments
Information Security Solutions
Nothing is 100% secure!!!
You can only mitigate the risks.
Approach should be to apply defense-in-depth.
The most effective way to apply security is in layers.
Place security measures at different points in your
network.
Construct a series of obstacles of varying difficulty.
Secure each component in your network (firewalls,
routers, servers, desktops).
If one measure fails the next will protect.
The series of obstacles may finally make the attacker
give up!
Common Security Threats &
Vulnerabilities
Threat:
Any person, object, or event that, if realized, can potentially cause
damage to the network or networked device
Vulnerability:
A weakness in a host or network that can be exploited by a threat
Common Threats
Unauthorized Intrusions
Denial of Service (DoS) Attacks
Viruses, Worms, Trojan Horses (Backdoors)
Website Defacements
Internal Attacks
Unauthorized Intrusions
Intruders want to gain control of your computer and to
use it to launch attacks on other computer systems.
Having control of your computer gives them the ability
to hide their true location as they launch attacks, often
against high-profile computer systems such as
government or financial systems.
The damage created depends on the intruder's
motives.
Confidential information maybe compromised, altered
or damaged.
Denial of Service

Interruption of service either because the system is
destroyed or is temporarily unavailable
e.g.
Destroying a computer's hard disk
Severing the physical infrastructure
Using up all available system resource CPU, memory,disk space
Consuming network bandwidth to the
server
Viruses & Worms
A virus requires a user to do something to
continue the propagation – harmful, may
destroy data
A worm can propagate by itself - selfpropagating malicious code, consumes
resources destructively, DoS– Blaster,
Slammer
Highly prevalent/common on the Internet
Common distribution: e-mail, ftp, media
sharing, hidden codes
Trojans (Backdoors)

Trojans (Backdoors) - Executable
codes installed that enable entry
into the infected host without
authorization

Once installed the back door can be
used by the attacker at their leisure

Launching points for further
security attacks (DDOS, SPAM)
Bots (Spyware)
Modularized root-kits for specific functions.
What Bots can do:
Create Launch pad for DDOS attacks
Packet sniffing
Key logging
File Serving of illegal or malicious code
Replicating
Website Defacements
Intent: To create political propaganda based attacks
To make a political statement
Launched primarily at Government Orgs, Media,
Religious Groups
By exploiting known vulnerabilities in websites or
servers
The attacker can plant codes or files to vandalize site
Internal Attacks
Computer Security Institute/FBI and Ernst & Young say nearly
50% of all network attacks come from the inside
Often, from unhappy/disgruntled workers
76% of the IT executives surveyed by Net Versant said they
were concerned about inside attacks from unhappy employees
Losses associated with insider attacks can be more damaging
Other Common Attacks
Connection (Session) hijacking
IP source address spoofing
Smurf attack
Brute-force/Dictionary attacks (password guessing)
Humans are often the weakest link = social engg
"Hi, this is Bob, what's the root password?"
Vulnerabilities
Insecure protocols/services running on a host
Exploitable security hole on a host without latest patches or
workarounds
Poorly protected hosts without firewalls, IDSs, etc.
Use of weak or default passwords
Insecure configuration of hosts
Execution of malicious codes – Trojan, Backdoors
Use of pirated or downloaded software from a public site
without verifying checksum (integrity) and authenticity (signature)
Social engineering
Tools For Information Security
Passwords
Virus Protection Tools
Bio-Metrics
Intrusion detection
System
Smart Cards
Cryptographic Tools
Token devices
Digital Signatures
Firewalls
Digital Certificate
Firewall
Protects your internal network from the external world
Enforces an access control policy between two networks
Install firewalls also between office departments
Disallow unauthorized traffic in/out of your network
Define rules depending on required services/protocol
Prevent DOS attacks using rate limits
Firewall
Only Secured Data Pass
No Checking Of Data
through it.
No Protection
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Types Of Firewall
Packet filtering firewalls
Application layer firewalls
Stateful inspection firewalls
Bio-Metrics
Bio-Metrics
Face Recognition
System
Multiscale
Head Search
Feature
Search
Wrap
Wrap
Detection
And
Alignment
Face Masking
And Contrasrt
Norm
Bio-Metrics
Face Recognition
System
Coder
Eigen space
Projection
Recognition
System
Recognition And
Coding
ID
Basics of Cryptography
Plain Text
Secret Key
Cipher Text
Encryption
Decryption
Cipher Text
Secret Key
Plain Text
Digital Signature
Private Key
Public Key
Message Text
Signature
Sender
Encryption
Private Key Of
Sender
Cipher
Text
Message Text
Decryption
Public Key Of
Sender
Signature
Receiver
Secure Socket Layer
The SSL is the most common protocol used in ‘Electronic Certificate’.
.
Its main capability is to encrypt messages
Secure Electronic Transaction
A more comprehensive protocol for credit
card processing is SET.
It is not used much due to its cost and complexity
Electronic Certificate
Electronoc Certificate are issued by a trusted third
party,called a certificate authority(CA).
In order to verify that a specific public key belongs to a
specific organization.
A certificate may verify name,age,gender and other
attributes of the individual to whom the public key belongs.
Certificate are signed by CA and are valid until an
expiration date
Hardware & Software
Requirement
Hardware & Software Requirement
& Maintenance
Hardware:
Router
Firewall
Nessus
Hping2
SPIKE Proxy
Shadow Security Scanner
Solar Winds Toolsets
Firewalk
Software :
Systems SW : Operating systems
Applications
Firewall
Developers of Security Tools
Main manufacturer of security tools is ‘CISCO’.
CISCO
Retina
DSniff
SAINT
Hping2
SARA Security
Nessus
Firewalk
GFI LAN guard
N-Stealth
Sam Spade
Achilles
ISS Internet Scanner
Brutus
Nikto
Fragroute
SuperScan
SPIKE Proxy
Shadow Security Scanner
Nmap
Conclusion
Providing Security is a cheap process than hacking
of important data.
As such it ensures the safety and security of the
information and IT assets that underwrite our way of
life.
Information Security will enhance the level of
confidence among trading partners.
Consumers will be able to trust the integrity and
confidentiality of certified suppliers no matter where
they might be located.