elements of a comprehensive security program

Download Report

Transcript elements of a comprehensive security program

THE NEED FOR
NETWORK SECURITY
Hunar & Nawzad & Kovan & Abdulla & Aram
PRESENTATION OBJECTIVES
 Understand information security services
 Be aware of vulnerabilities and threats
 Realize why network security is necessary
 What are the elements of a comprehensive
security program
The Need for Web Security
2
TRENDS FOR INFORMATION

More information is being created, stored, processed and
communicated using computers and networks

Computers are increasingly interconnected, creating new
pathways to information assets

The threats to information are becoming more widespread
and more sophisticated


Productivity, competitiveness, are tied to the first two trends
Third trend makes it inevitable that we are increasingly vulnerable
to the corruption or exploitation of information
INFORMATION IS THE MOST VALUABLE ASSET
The Need for Web Security
3
Information Security Services






Confidentiality
Integrity
Authentication
Nonrepudiation
Access Control
Availability
The Need for Web Security
4
Information Security Services
 Confidentiality
 Maintaining the privacy of data
 Integrity
 Detecting that the data is not tampered with
 Authentication
 Establishing proof of identity
 Nonrepudiation
 Ability to prove that the sender actually sent the data
 Access Control
 Access to information resources are regulated
 Availability
 Computer assets are available to authorized parties when needed
The Need for Web Security
5
What Is The Internet?
 Collection of networks that communicate
 with a common set of protocols (TCP/IP)
 Collection of networks with
 no central control
 no central authority
 no common legal oversight or
regulations
 no standard acceptable use policy
 “wild west” atmosphere
The Need for Web Security
6
Why Is Internet Security a
Problem?
 Security not a design
consideration
 Implementing change is
difficult
 Openness makes
machines easy targets
 Increasing complexity
The Need for Web Security
7
Common Network Security
Problems






Network eavesdropping
Malicious Data Modification
Address spoofing (impersonation)
‘Man in the Middle’ (interception)
Denial of Service attacks
Application layer attacks
The Need for Web Security
8
VIRUSES
Risk Threat
TROJ_SIRCAM.A
W32.Navidad
W95.MTX
W32.HLLW.QAZ.A
VBS.Stages.A
VBS.LoveLetter
VBS.Network
Wscript.KakWorm
W32.Funlove.4099
PrettyPark.Worm
Happy99.Worm
Discovered
New !!
11/03/2000
8/17/2000
7/16/2000
6/16/2000
5/04/2000
2/18/2000
12/27/1999
11/08/1999
6/04/1999
1/28/1999
The Need for Web Security
Protection
Latest DAT
11/06/2000
8/28/2000
7/18/2000
6/16/2000
5/05/2000
2/18/2000
12/27/1999
11/11/1999
6/04/1999
1/28/1999
9
Consider that…
 90% of companies detected computer
security breaches in the last 12 months
 59% cited the Internet as the most
frequent origin of attack
 74% acknowledged financial losses
due to computer breaches
 85% detected computer viruses
Source: Computer Security Institute
The Need for Web Security
10
WHO ARE THE OPPONENTS?
 49% are inside employees on
the internal network
 17% come from dial-up (still
inside people)
 34% are from Internet or an
external connection to another
company of some sort
HACKERS
The Need for Web Security
11
THE MOST COMMON EXCUSES
 No one could possibly be interested in my information
 Anti-virus software slows down my processor speed
too much.
 I don't use anti-virus software because I never open
viruses or e-mail attachments from people I don't
know.
 So many people are on the
Internet, I'm just a face in
the crowd. No one would
pick me out.
 I'm busy. I can't become a
security expert--I don't have
time, and it's not important
enough
The Need for Web Security
12
ELEMENTS OF A COMPREHENSIVE
SECURITY PROGRAM
 Have Good Passwords
 Use Good Antiviral Products
 Use Good Cryptography
 Have Good Firewalls
 Have a Backup System
 Audit and Monitor Systems and Networks
 Have Training and Awareness Programs
 Test Your Security Frequently
The Need for Web Security
13
CRYPTOGRAPHY
Necessity is the mother of invention, and
computer networks are the mother of modern
cryptography.
Ronald L. Rivest
 Symmetric Key Cryptography
 Public Key Cryptography
 Digital Signatures
The Need for Web Security
14
Firewall
A system or group of systems that enforces an access control
policy between two networks.
PC Servers
Visible
IP
Address
Internal
Network
Host
The Need for Web Security
15
The Need for Web Security
16
THANK YOU
I have questions…
The Need for Web Security
17