Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information technology security Fundamentals of Information Technology Session 8.

Similar presentations


Presentation on theme: "Information technology security Fundamentals of Information Technology Session 8."— Presentation transcript:

1 Information technology security Fundamentals of Information Technology Session 8

2 Why we need IT security Estimated UK losses to cybercrime in 2011 were in the region of £27 billion –£21bn of costs to businesses –£2.2bn to government –£3.1bn to citizens. This accounts only for reported crimes; the figure is probably much higher

3 Why we need IT security

4 What is cybercrime? Cybercrime is not new crime; it is old crime facilitated by new digital technologies, e.g. –Theft –Fraud –Identity theft –Obscene publication –Slander –Copyright infringement Digital technology facilitates these crimes; in many cases, it makes them easier and less risky to carry out

5 The role of computer networks in cybercrime The growth of cybercrime correlates exactly with the proliferation of computer networks, particularly the Internet Large public networks, like the Internet, create vulnerabilities which present opportunities for criminals Vulnerabilities create the potential to develop new threats. These threats create new risks for organisations, which in turn have potential detrimental impacts on information and/or financial assets In response to threats and risks, organisations must seek to adopt a range of protective countermeasures These should be set out in an information security management document

6 Vulnerabilities A vulnerability is a point where a system is weak In IT systems vulnerabilities exist: –At the interface between internal and external networks –Along lines of network communication –In loopholes in application code –Where data is stored Vulnerabilities in IT systems arise for several reasons: –Human error/carelessness –Technical weaknesses –Lack of foresight/planning

7 Threats Threats are targeted at vulnerabilities in IT systems A threat is a malicious and/or illegal activity conducted by individuals or groups. Common examples of threats are: –Hacking –Sniffing –Malware infection (Viruses/Worms/Trojans) –Denial of service attack –Phishing –Copyright infringement –Software piracy

8 Risks Risks are the potential outcomes of threats being carried out against organisations or individuals Organisations need to employ risk management techniques to mitigate the likely occurrence and impact of potential threats ThreatRisks PhishingIdentity theft. Fraud HackingLoss of sensitive/personal data. Theft. Loss of trust Virus/Malware InfectionDamage to systems. Loss of service Denial of servicesLoss/degradation of service. Loss of revenue and trust

9 Risk management The level of risk associated with a threat can be decided by looking at likelihood and impact

10 Risk management The countermeasures an organisation puts in place will be determined by its attitude to risk. This may be that: –No risks are acceptable: all risks, whether low, medium or high, should be treated. –Low risks are acceptable: only medium and high risks should be treated. –Low and medium risks are acceptable: only high risks should be treated. Attitude to risk is generally determined by: –Available resources –Previous experience of information security breaches, –The current approach to risk of other organisations in the same sector. –Legislation or regulation –Contractual obligations

11 Countermeasures VulnerabilityThreatRiskPossible countermeasure Provision of IM to employees SniffingLoss of company data Encrypt IM transmissions Customer payments SniffingLoss of customer card details. Loss of trust Implement TLS for payment systems NetworkUnauthorised access Theft of customer details. Loss of trust. Litigation Establish more robust network authorization policy Invest in proxy server system / VoIP Viruses/wormsDestruction of data. System degradation. Loss of service Invest in better anti-virus system. Invest in firewall Public websiteDenial of Service attack Loss of public presence. Loss of trust. Loss of revenue Create mirror web site

12 Countermeasures Countermeasures need to be continually updated as criminals learn how to overcome them (e.g. automatic updates) Success in the development of countermeasures generally means no more than staying just ahead of the threat However, this is not always possible, as criminals are continually looking for ways to circumvent countermeasures either through the use of technology or through human agents (e.g. crooked employees in bank call centres) One countermeasure alone is never enough to protect an organisation’s digital assets: a combination of countermeasures needs to be adopted

13 Countermeasures – Encryption All communications across the Internet are vulnerable to packet sniffing

14 Countermeasures – Encryption Encrypting data sent across a network, makes it impenetrable to third parties by converting it to unreadable code Encryption should be used for sensitive communications sent across the Internet All online payments should use security protocols like Secure Socket Layer (SSL) or more recently Transport Layer Security (TLS) that ensure privacy between communicating applications TLS works by negotiating a unique encryption algorithm and cryptographic keys between a client and a server before data is exchanged.

15 Countermeasures – (Reverse) Proxy server A reverse proxy server places an extra barrier between an external network and an internal network’s assets (e.g. the Internet and private company files) A reverse-proxy only allows internet users to indirectly access certain internal servers

16 Countermeasures – (Reverse) Proxy server Internet users then only see the IP address of the proxy server, so the true identity of internal servers is hidden; thus, making them less vulnerable to attack A reverse proxy server will first check to make sure a request is valid. If a request is not valid, it will not continue to process the request resulting in the client receiving an error or a redirect. Reverse proxy servers are also used as a platform for encrypted connection software such SSL or TLS

17 Countermeasures – Firewall A firewall is a system or group of systems that enforces an access control policy between two networks, usually the Internet and a Private LAN A firewall can also be used to secure sensitive sections of private networks from unauthorised employee access

18 Countermeasures – Firewall A firewall can be software (e.g. Windows Firewall), hardware or a combination of hardware and software A firewall is used to: –Inspect all inbound and outbound internet messages (Uses packet filtering to distinguish between legitimate messages that are responses to valid user activity and illegitimate messages that are unsolicited). Makes its decisions based on message source address, destination address and requested port and in many cases on previous traffic history (stateful packet filtering) –Block network traffic from specified applications that can serve as conduits for threats (e.g. LimeWire, Yahoo Messenger) –Block denial of service attacks Firewall rules must be pre-specified by the system administrator A firewall is a first line of defence; it does not stop viruses or other malware

19 Countermeasures – Antivirus Antivirus software are computer programs that attempt to identify, neutralize or eliminate malware (viruses, worms, trojans) Antivirus software commonly uses three approaches to identify malware: –Virus dictionary (Antivirus scans files in memory, the operating system and registry and compares them to a dictionary of known malware) –Identifying suspicious behaviour (Antivirus notes the behaviour of all executable programs and brings any suspicious activity to the attention of the user, e.g. an executable is triggered by another executable) –Whitelisting (Rather than looking for only known bad software, this approach prevents execution of all computer code except that which has been previously identified as trustworthy by the system administrator)

20 Countermeasures – Antivirus All three approaches have their weaknesses –A virus dictionary only protects against known viruses. Antivirus software only protects against 20-30% of zero day threats –The suspicious behaviour approach tends to produce many false positives, which in turn can result in the user becoming desensitized –Whitelisting is difficult in large, complex organisations where there are a large number of applications. This makes keeping an inventory of trusted applications difficult. It also reduces flexibility of software installation

21 Fallback and Disaster recovery As well as first line countermeasures, fallback measures also need to be factored into IT security policies. This will include: –Mirror websites –Back up servers –Backed up data –Offsite hosting To prevent against outright disaster, an organisation should develop a disaster recovery policy. This sets out the procedures for dealing with any significant or unusual incident that has long-term implications to business

22 Education Technical countermeasures by themselves are never enough, as many security breaches are the result of human error rather than technical weakness. For example: –Employee installs infected software –Employee uses unsecured connection for transmission of sensitive company data –Administrator fails to set access privileges correctly –Firewall software not updated To mitigate against human error companies need to develop –An acceptable use policy which lays out to employees and other users the rules for using the organisation’s IT Systems –Training to disseminate security protocols and acceptable use policy

23 Legal obligations All organisations are legally obliged to have a minimum level of IT security where they hold sensitive data on individuals (e.g. customer data) Failure to ensure the minimum security measures can result in prosecution under the Data Protection Act 1998 (DPA) Norwich Union was fined £1.26 million in 2007 for allowing thieves to gain access to customer account details and steal £3.3 million

24 FIT Session 8 – Activities Now do –Activity 8 – IT security


Download ppt "Information technology security Fundamentals of Information Technology Session 8."

Similar presentations


Ads by Google