Presentation is loading. Please wait.

Presentation is loading. Please wait.

The art of war teaches us not to rely on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not.

Similar presentations


Presentation on theme: "The art of war teaches us not to rely on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not."— Presentation transcript:

1

2 The art of war teaches us not to rely on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have make our own position unassailable. The Art of War Sun Tzu

3

4 RELEVANCE OF CYBER SECURITY

5 THE I T ROAD MAP ORG RESTRUCTURING OF ARMY : PHASE II IW- OFFENSIVE ORG & INFO DISSEMINATION SYSTEMS ORG RESTRUCTURING OF ARMY : PHASE I IW- DFENSIVE CIDSS – TEST BED LOGISTIC NW COMD ITI (CITI) SETTING UP AIIT ASTROID PHASE - I IW- PROTECTIVE IW – AWARENESS DRIVE M/S – ARMY WIDE BACK BONE II FOR INFO SUPER HIGHWAY FULL IT LITERACY ARTRAN MIS – ALL CORPS BACK BONE I FOR INFO SUPER HIGHWAY ASTROID IT IN CIVIC ACTION MIS – CORPS PILOT PROJECT ARMY INTRANET UP TO COMD HQ IT ROAD MAP :

6 TO GIVE YOU AN OVERVIEW OF CYBER SECURITYAND ACQUAINT YOU WITH CYBER SECURITY INITIATIVES AT DIFFERENT LEVELS

7 THREATS AND TARGETS FUNDAMENTALS AND TECHNIQUES INITIATIVES NATIONAL AND ARMY MCTE UNIT LEVEL IMPLEMENTATION OF CYBER SECURITY

8 CYBER SECURITY CYBER SECURITY INTEGRATES & COORD POLICIES & PROCEDURES, OPS, PERS & TECHNOLOGY, TO PROTECT & DEFEND INFO & INFO SYS.

9 ELECTRONIC INFO IS VULNERABLE EVESDROPPINGMANIPULATION STEALINGDESTRUCTION DENIAL

10

11 CHARACTERISTICS OF CYBER THREATS No international boundaries Low cost Detection avoidance Inadequate laws

12 SECURITY THREATS s SECURITY “THREAT” IS :- PASSIVE (DISCLOSURE OF INFO) OR ACTIVE (DESTRUCTION, CORRUPTION OF RESOURCE, INTERRUPTION OF SERVICE) eg. FILE REMOVED OR FILE REPLACED BY JUNK

13 PASSIVE THREATS Hi! ? Network Hi! Sender Recipient Intruder Hi!

14 SOURCE ATTACKER DESTINATION ACTIVE THREATS

15 The unauthorised use of a device attached to a communication facility to alter transmitting data or control signals or to generate spurious data or control signals Modification, Removal Of Data Denial of Message Service Masquerade

16 Comn Centres Accounting Distribution OPERATIONS, COMNS PLANNING, COMD AND CONTROL NETWORKS & SUPPORT PROCESSES SYSTEMS & PEOPLE COMPONENTS & SOFTWARE The “Attackers” Aiming Points The “Attackers” Targets Targets in the Cyber Environment Business Planning

17 APPLICATIONS DATABASES OPERATING SYSTEMS NETWORK SERVICES The IT Infrastructure – Weak Points

18 Security Breaches … Some Statistics

19 “Insider” Breaches Installation/use of unauthorized software Infection of company equipment Use of company computing resources for illegal or illicit communications Abuse of computer access controls Physical theft, sabotage or intentional destruction of computing equipment Fraud % of respondents experiencing these breaches in the past 12 months 0% 10% 20% 30% 40% 50% 60% 70% 80% Survey2000 Information Security 73%73% 70%70% 63% 58% 42% 13%

20 “Outsider” Breaches Viruses/Trojans/Worms Denial-of-service Exploits related to active program scripting Attacks related to protocol weaknesses Attacks related to insecure passwords Attacks on bugs in Web servers % of respondents experiencing these breaches in the past 12 months 0% 10% 20% 30% 40% 50% 60% 70% 80% 73%73% 37% 26% 25% 37% 24% Survey2000 Information Security

21 Trends Viruses Abuse of computer access controls Physical theft, sabotage or intentional destruction of computing equipment % of respondents experiencing these breaches in 1999 & % 10% 20% 30% 40% 50% 60% 70% 80% 73%73% 23% 80% 52% 58% 42% Survey2000 Information Security

22 Recent Security Breaches  US Office of Surface Mining  Hewlett Packard Company  Cruise Missile Command and Control programs (US Navy)  Arab Academy for science and technology and Maritime Transport  Panasonic Fax Machines UK  Nokia Corporation  NEC Corporation (Japan)  Compaq Computer Corporation Sites hit in March breaches (…just the ones which were reported…) Source :

23 …And this is what they did US NAVY SITE COMPAQ SITE PANASONIC SITE

24 SOURCE : PRICE WATCH HOUSE AND INFORMATION WEEK

25 OFFENSIVE TOOLS AND TECHNOLOGIES

26 CYBER TOOLS FOR ATTACK Hacking / Cracking tools Virus Programs Sniffers, Trojan horses Auditing Tools (SATAN)

27 –L0PHT-Crack –Back Orifice 2000 – Netbus – NetScan Pro – Jack the Ripper – Happy Hacker Suite Hacking Tools

28 The Problem How to carry the trust which we have in the paper based world into the realm of cyber space ?

29 In the paper based society, we ;  Write a letter on letter head and sign it. WHICH ENSURES the identity of an individual or application AUTHENTICATION Security in Paper Media…1

30  We sign in front of the witness WHICH ENSURES that information cannot be manipulated Ref:Sub:Sir, This is with your Ref vide XYZ Signature INTEGRITY Security in Paper Media…2

31  Put the letter in an envelope and seal it WHICH ENSURES that information is kept private and intact CONFIDENTIALITY Security in Paper Media…3

32  Send information by Certified mail WHICH ENSURES that information can not be disowned NON REPUDIATION Security in Paper Media…4

33 DEFENSIVE TOOLS AND TECHNOLOGIES FIREWALLS ANTI VIRUS IDS VPN PKI

34 AUTHENTICATION Verification of originator NONREPUDIATION Undeniable proof of participation AVAILABILITY Assured access by authorised users CONFIDENTIALITY Protection from unauthorised disclosure INTEGRITY Protection from unauthorised change ELEMENTS OF CYBER SECURITY RESTORATION Protection, Detection & Reaction capabilities

35

36 What Is A Firewall  Device that connects networks (internal and/or external with varying levels of trust) Security Policy  Used to implement and enforce a Security Policy regarding communication between those networks Untrusted Networks & Servers Trusted Networks Firewall Router Internet Intranet Public Accessible Servers & Networks Trusted Users Untrusted Users Server Segment

37 PCs SERVERS WAN / INTRANET HQ XYZ CORPS HQ ABC CORPS MOBILE USER FIREWALL Placing a Firewall ROUTER SWITCH ROUTER

38 PCs SERVERS WAN SWITCH ROUTER FIREWALL ANTI VIRUS MOBILE USER …… Virus Protection HQ XYZ CORPS HQ ABC CORPS

39 PCs SERVERS WAN SWITCH ROUTER FIREWALL ANTI VIRUS IDS HQ XYZ CORPS OFFICE 2 MOBILE USER Intrusion Detection Systems

40 EXTERNAL ATTACK ALERT! ATTACK DETECTED RECORD SESSION TERMINATE SESSION ALERT! ATTACK DETECTED / LOG/ REPORT RECONFIGURE FIREWALL/ ROUTER INTERNAL ATTACK ALERT RECORD SESSION SEND LOG SESSION REAL TIME WATCHDOG / LOG/ REPORT

41 Virtual Private Networks Joins networks spread over a geographical expanse. Provides a data tunnel through a public network. Ensures the data which passes through it is encrypted. Effective means of confidentiality through Internet.

42 Virtual Private Networks DATA ENCRYPTION TUNNEL

43 P K I

44 Security Requirements NON REPUDIATION AUTHENTICATION CONFIDENTIALITY INTEGRITY Replace letterhead & signature on original document Replace Envelope Ref:Sub:Sir, This is with your Ref vide XYZ Signature Cryptographic digital signature Encryption

45 Symmetric Cryptography Algorithm + Requires a shared key between the two parties + Algorithm Encryption Decryption Key

46 Asymmetric Cryptography Algorithm + Requires a key pair between the two parties + Algorithm Encryption Decryption Public Key Private Key

47 Common e-Security Technologies Authentication Confidentiality Integrity Non- repudiation Anti-virus Firewalls Access Control Encryption Public Key Infrastructure BCP - v /99

48 NAV RATNAS OF CYBER SECURITY FIREWALLS VPNsIDS CERTIFICATE MGT VIRUS PROTECTION ENCRYPTION PKI SECURITY POLICY PHYSICAL SECURITY

49

50 CERTIFYING AUTHS - FOR LICENCING, CERTIFYING & MONITORING USE OF DIGITAL SIGNATURES CYBER REGULATIONS ADVISORY COMMITTEE s PENALTIES & ADJUDICATION TO CURB CMPTR CRIMES ADJUDICATING OFFRS CYBER REGULATIONS APPELLATE TRIBUNAL (HEADED BY HIGH COURT JUDGE) INFORMATION TECHNOLOGY ACT NATIONAL LEVEL

51 Covers all types of computer systems in the army Safeguarding of Classified and Sensitive Unclassified Info Networking of Info Stores Nomination and duties of System Security Administrator Periodic review of Safeguards Internet access Dial up access Security of WAP Use of commercially available off the shelf security software Backups Handling of TOP SECRET software SALIENT FEATURES : CYBER SECURITY POLICY ARMY LEVEL

52 INITIATIVES

53 TASKS s Knowledge centre on Cyber Security and Converging Technologies s Undertake pilot studies and projects s Adaptation of technology s Monitoring of outsourced pilot projects s Advice on evaluation, induction, testing & R&D s Interaction with trade, industry, academia & other agencies

54

55 Physical Security – Hardware / Software Anti Virus Consciousness of staff using e-Media Storage of classified data Accounting procedures for print outs Procedures for copying data Password protection Shared folders in LAN environment

56

57 7 Top Management Errors that Lead to Computer Security Vulnerabilities Number 1:  Assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job. Number 2:  Fail to understand the relationship of information security to the business problem -- they understand physical security but do not see the consequences of poor information security. Number 3:  Fail to deal with the operational aspects of security: make a few fixes and then not allow the follow through necessary to ensure the problems stay fixed. Source: SANS Institute Resources

58 …7 Top Management Errors that Lead to Computer Security Vulnerabilities Number 4:  Rely primarily on a firewall. Number 5:  Fail to realize how much money their information and organizational reputations are worth Number 6:  Authorize reactive, short-term fixes so problems re- emerge rapidly Number 7:  Pretend the problem will go away if they ignore it Source: SANS Institute Resources

59 Mistakes People Make that Lead to Security Breaches The Five Worst Security Mistakes End Users  Opening unsolicited attachments without verifying their source and checking their content first.  Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape.  Installing screen savers or games from unknown sources.  Not making and testing backups.  Using a modem while connected through a local area network. Source: SANS Institute Resources

60 Six Steps to Cyber Security Baselining and Policy Formulation Planning and Design of a Secure Architecture Training and Education Technology and Implementation Audit, Monitoring and Forensics Validation and Updation of the Process

61 Security Assessments Understanding Security Requirements IT Threats IT Vulnerabilities External & Internal Scenario Changes Security Audit Validate Security Policy Security Policy Deploy Technology The Security Model Training

62

63


Download ppt "The art of war teaches us not to rely on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not."

Similar presentations


Ads by Google