Networking & Security

Download Report

Transcript Networking & Security

Internet Security
Sunil Ji Garg
GM, Software, UPTEC
Living in a World Of Hackers,
Crackers, Thieves & Terrorists






Railway Tickets Fraud.
Increase in site visits but
decrease in business.
Digit Site Redirected
Internet British Lottery
Fraud.
Fake NASA Examination
Indian IT Hub-Bangalore
under attack.
Remember



It is not your computer
when somebody else has a
access to it.
It is not your server when it
is serving someone you do
not know.
Retaining a secret is
possible only when the
person you shared it with is
in the heaven.
Sharing Vs. Securing



SHARING is NOT
inversely proportional to
SECURING.
INTER-NETWORKING
makes it SHARABLE
SECURITY makes it
RELIABLE
Internetworking + Security
= Win-Win Framework
Safe and Secure Inter-networking


Safety relates to
Confidentiality and
Integrity of information.
Security relates to
Authentication and Nonrepudiation.
ALL FOUR
REQUIREMENTS
COME UNDER
“SECURITY” IN THE
PRESENT CONTEXT
OF NETWORKING.
Devices are Vulnerable

Client Computers


Servers


OS Loopholes, Soft password schemes,
friendliness needs, Application Bugs, Virus
attacks
Weak Standards, Casual Administration,
Bugs, Virus Attacks
Intermediate Devices

Distributed Administration, Varying
Standards
Mediums are Vulnerable

Wires


Fibres


Fast, Moderately Secure, Economic
Extemely Fast, Secure, Economic for bulk
traffic
Wire-Less

Moderate Speed, Security Costs,
Moderately priced, easy deployment
Protocols are Vulnerable





TCP/IP (Spoofing Possible by changing
Source-Destination Addresses at packet
level).
DNS (Recursive Domain Name Look-up is
possible is getting a map of IP addresses and
the services each IP station is running).
Open TCP ports can be spidered.
Internet Control Message Protocol (ICMP)
message types can be changed.
Network can be flooded with junk.
Security Fundamentals

Privacy Vs. Security.
 What is to be
protected?.
 From whom it is to be
protected?.
 Motive of Intruders.
 Threat Perception.
 Security Methods.
 Pre and Post-breach
measures.
Privacy Vs. Security


Privacy : Ability to maintain
selective anonymity
Security : Information
Integrity, Uninterrupted
service, Information
Secrecy.
Security Increase may
increase privacy or it may
be reduced it due to other
impacts.
What is to be protected?

Computer Information from being
damaged.
 Computer Information from illegitimate
usage.
 Computer Access Information from misusage (Password, Digital Ids, Account
No., Credit Card Nos. etc.)
From Whom it is to be protected?








Deliberate Crackers/Hackers.
Money Makers of different varieties.
People who get allured with open locks.
Novice/Accidental error makers.
Middlemen.
Programmers/Administrators/Security
verifiers.
Rule-Makers.
Previous Authorities.
Motive of Intruders (Active/Passive)









Theft (Financially rewarding)
Spying (Positive or negative)
Misrepresentation.
Revenge.
Ignorance (being unaware of implications.)
Damage (Sadist)
Prank (Just for Fun)
Respect (By proving special skills)
Analysis (Long term commercial gain)
Threat Perception

Email : Primary Medium to Attack
 Threat from Viruses (Programs that self-replicate to
spread fast, damage information, hog resources or
Deny service)
 Spywares.
 Impersonation.
 Password Insecurity.
 Sniffers (Programs that take information passively).
 Alluring methods and Spams.
 Data Modifiers.
Security Methods

Cryptography
 Audits (Logs, sniffs,
watches, event
records)
 Barriers (Firewalls,
Proxies, network
segmentation)
Cryptography







Substitution & Transposition based
on keys.
DES (Digital Encryption
Standards).
Public/Private asymmetric-key
methods .
RSA Algorithm.
One way Hashing.
Digital Signatures.
Certification Authorities (For
authentic Public Keys: Certificates).
Digital Signature Authentication
S
E
N
D
R
E
C
V
Plain
Message
One
Way
Hash
Plain
Message
Pvt. Key
Encryption
Message
Digest
Create New MD
Digital
Signature
Digital
Signature
Message
Digest
Message
Digest
Decrypt With Public Key
Compare
Message
Digests to
Authenticate
Security Audits

Sniffing


Logs


Recording Information headers
Watches


Hearing and recording Traffic for analysis
Put sniffers on specific traffic source/dest.
Event Recorders

Utilising OS features for analysis.
Security Barriers

Firewalls



Proxies


Packet level traffic selection
Application level selection.
Remote Hosts see only the proxy, traffic
behind is proxied by it.
Network Segmentation

Permitting Type specific traffic in segmeted
local areas.
Sharing/Security Experience Extract





Sharing wins customer delight.
Trust helps to make a secure design, Secure
design brings more trust.
Most vulnerable security holes begin with
human-beings.
Security is a continuous process.
Emergency measures for security breach
shall be pre-planned.
Thank-You

More questions/discussions invited.
 Follow-up discussions via


Email: [email protected]
Website: www.indyan.com