Define information security Define security as process, not point product.

Transcription

1 CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product.

2 Define information security Information is a knowledge obtained from investigation, study, instruction, news or facts. Security is freedom from danger, safety; freedom from fear. Information security measures adopted to prevent the unauthorized use, misuse, modification, or denial of use of knowledge, facts, data, or capability. Or it is the steps you take to guard your information.

3 Define information security People are the weakest link in securing the organization information. Information security will not guarantee the safety of the organization, information, or computer systems. Security is a process, not a product A single layer of security cannot ensure good security. Effective security is achieved by a combination of all security disciplines. Do not rely on a single product for all security you must use layered approach.

4 Define information security Information security is mindset; examine the threats to the organization. with this mindset, the user of information should feel confident and comfortable with the security process used by an organization. There is currently no effective process to certify computer system.

5 History of security Physical security : All assets and important information are physical. To protect these assets, physical security was used, such as walls, moats, and guards. Communication security : Use of encryption system (cipher) is allowing the user to send messages that could not be read if they are intercepted. Emissions security. Computer security. Network security. Information security.

6 Define security as process Many different products and types of products are necessary to fully protect an organization some of these technologies and products include : 1. Anti-virus software. 2. Access controls. 3. policy management 4. Firewalls. 5. Biometrics 6. Vulnerability scanning. 7. Encryption.

7 Anti-virus The goal of anti-virus is to reduce the exposure of the organization to malicious code. Anti-virus software will not protect organization from an intruder who misuses a legitimate program to gain access to the system.

8 Access control Capability to restrict access to files based on the ID of the user. Access control can restrict legitimate users from accessing files they should not have access to. Authenticating a user s access is accomplished by using any combination of something you know, something you have, or something you are.

9 Policy management and intrusion detection Policies and procedures are important components of a good security program, and the management of policies across computer systems is equally important. Using of a policy management system, an organization can be made aware of any system that does not confirm to policy. Intrusion detection identify when someone doing something wrong and stop them. Intrusion detection systems are not foolprof and cannot replace security practices

10 Firewalls Firewalls are access control devices for the network and can assist in protecting an organization s internal network from external attacks. By their nature, firewalls are border security products, meaning that they exist on the border between the internal network and the external networks. Although firewalls provide protection from attackers, they cannot prevent an attack from using an allowed connection.

11 Biometrics Biometrics uses a biological elements to authenticate the user s access. Biometrics are yet another authentication mechanism and they too can reduce the risk of someone guessing a password. Types of Biometrics scanners include fingerprints, face recognition and voice. Each method usually required some type of device to identify human characteristics.

12 Encryption Encryption is the primary mechanism for communications security. Encryption might even protect information that is in storage by encrypting files. The encryption system will not differentiate between legitimate and illegitimate users if both present the same keys to the encryption algorithm. Therefore,encryption by itself will not provide security. Encryption need to controls on the Encryption keys and the system at hole.

13 Vulnerability Scanning and Physical Security Scanning computer system for vulnerabilities is an important part of a good security program. Vulnerability scanning will not detect legitimate users who may have inappropriate access. Physical security is the one product category that could provide complete protection to computer systems and information. Employees must have access to computers and information in order for the organizations to function. Therefore, the physical security must allow some people to gain access in this case physical security will not protect system from attacks that use legitimate access.

14 Chapter two Types of Attacks Look at : Access attacks. Modification attacks Denial-of-service attacks Repudiation attacks

15 Types of attacks There are four primary categories of attacks: 1. Access attacks. 2. Modification attacks 3. Denial-of-service attacks 4. Repudiation attacks

16 2.1 Access attack An access attack is an attempt to gain information that the attacker is not authorized to see. This attack can occur wherever the information resides or may exist during transmission. This type of attack is an attack against the confidentiality of the information. There are three kinds of access attack: 1. Snooping 2. Eavesdropping 3. Interception

17 2.1.1 Snooping Snooping is looking through information files in the hopes that the attacker will find something interesting. If the files are on a computer system, an attacker may attempt to open one file after another until information is found. information stored on media Information on local hard drive and left in the office or on backups taken off-site desktop computer

18 2.1.2 Eavesdropping When someone listens in on a conversation that they are not a part of, that is Eavesdropping. To gain unauthorized access to information, an attacker must position himself at a location where information of interest is likely to pass by. Wireless networks have increased the opportunity to perform Eavesdropping. Mainframe attacker s computer Traffic from the desktop to The mainframe travels over The local area network. the attacker can listen on the session from the desktop by attaching to the same local area network

19 2.1.3 Interception Interception is an active attack against the information. When an attacker Intercepts information he is inserting himself in the path of the information and capturing it before it reaches its destination. Attackers may allow the information to continue to its destination or not. Information access using Interception is the most difficult option for an attacker.

20 How access attacks are accomplished If access control permission are set properly, the unauthorized individual should be denied access. Correct permissions will prevent most casual snooping. There are many vulnerabilities that will allow attacker to succeed in accessing the unauthorized data. Attackers use a Sniffer to Eavesdropping on the transmission. A sniffer is a computer that is configured to capture all the traffic on the network. A sniffer can be installed after an attacker has increased his privileges on a system or if the attacker is allowed to connect his own system to the network.

21 2.2 Modification attack A modification attack is an attempt to modify information that an attacker is not authorized to modify. Attacker may do one of the following : 1. Changes: one type of modification attack is to change existing information, such as an attacker changing an existing employee s salary or student grades. 2. Insertion: when an insertion attack is made, information that did not previously exist is added. For example, an attacker might choose to add transaction in a banking system that moves funds from customer s account to his own. 3. Deleting: a delete attack is the removal of existing information.

22 How modification attacks are accomplished If the attacker has access to files, modification can be made. If the attacker does not have authorized access to files the attacker would first have to increase his access to the system or remove the permission on the file. Attackers use vulnerability on the computer system to access the system or files. Then attacker can modify the file data. The attacker exploits vulnerability on the server and replace homepage with something new.

23 Define Denial-of-Service Attacks Denial-of-Service (DoS) Attacks are attacks that deny the use of resources to legitimate users of the system, information, or capabilities. (DoS) is nothing more than vandalism. Denial of Access may occurs on: 1. Information: Denial of Access to information causes the information to be unavailable. 2. Application: Denial of Access to applications normally an attack against a computer system running the application. 3. Systems: Denial of Access to systems cause all information that is stored on the system to become unavailable.

24 How Denial-of-Service Attacks are accomplished DoS attacks against the information can be made by simply turning off the system. Turning off the system will also cause an attack against system. DoS attacks against the application. Attacker send a predefined set of commands to the application telling the application not process properly. The application will likely crash.

25 Repudiation Repudiation attack is an attempt to give false information or to deny that real event or transaction should have occurred. An attacker may masquerade as another person to collect information or interrupt normal operations.