Presentation is loading. Please wait.

Presentation is loading. Please wait.

The art of war teaches us not to rely on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not.

Published byRachel Board Modified over 9 years ago

Similar presentations

Presentation on theme: "The art of war teaches us not to rely on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not."— Presentation transcript:

1

2 The art of war teaches us not to rely on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have make our own position unassailable. The Art of War Sun Tzu

3

4 RELEVANCE OF CYBER SECURITY

5 THE I T ROAD MAP ORG RESTRUCTURING OF ARMY : PHASE II IW- OFFENSIVE ORG & INFO DISSEMINATION SYSTEMS ORG RESTRUCTURING OF ARMY : PHASE I IW- DFENSIVE CIDSS – TEST BED LOGISTIC NW COMD ITI (CITI) SETTING UP AIIT ASTROID PHASE - I IW- PROTECTIVE IW – AWARENESS DRIVE M/S – ARMY WIDE BACK BONE II FOR INFO SUPER HIGHWAY FULL IT LITERACY ARTRAN MIS – ALL CORPS BACK BONE I FOR INFO SUPER HIGHWAY ASTROID IT IN CIVIC ACTION MIS – CORPS PILOT PROJECT ARMY INTRANET UP TO COMD HQ IT ROAD MAP : 2008 2006 2002 1998 2008 2004 2000

6 TO GIVE YOU AN OVERVIEW OF CYBER SECURITYAND ACQUAINT YOU WITH CYBER SECURITY INITIATIVES AT DIFFERENT LEVELS

7 THREATS AND TARGETS FUNDAMENTALS AND TECHNIQUES INITIATIVES NATIONAL AND ARMY MCTE UNIT LEVEL IMPLEMENTATION OF CYBER SECURITY

8 CYBER SECURITY CYBER SECURITY INTEGRATES & COORD POLICIES & PROCEDURES, OPS, PERS & TECHNOLOGY, TO PROTECT & DEFEND INFO & INFO SYS.

9 ELECTRONIC INFO IS VULNERABLE EVESDROPPINGMANIPULATION STEALINGDESTRUCTION DENIAL

10

11 CHARACTERISTICS OF CYBER THREATS No international boundaries Low cost Detection avoidance Inadequate laws

12 SECURITY THREATS s SECURITY “THREAT” IS :- PASSIVE (DISCLOSURE OF INFO) OR ACTIVE (DESTRUCTION, CORRUPTION OF RESOURCE, INTERRUPTION OF SERVICE) eg. FILE REMOVED OR FILE REPLACED BY JUNK

13 PASSIVE THREATS Hi! ? Network Hi! Sender Recipient Intruder Hi!

14 SOURCE ATTACKER DESTINATION ACTIVE THREATS

15 The unauthorised use of a device attached to a communication facility to alter transmitting data or control signals or to generate spurious data or control signals Modification, Removal Of Data Denial of Message Service Masquerade

16 Comn Centres Accounting Distribution OPERATIONS, COMNS PLANNING, COMD AND CONTROL NETWORKS & SUPPORT PROCESSES SYSTEMS & PEOPLE COMPONENTS & SOFTWARE The “Attackers” Aiming Points The “Attackers” Targets Targets in the Cyber Environment Business Planning

17 APPLICATIONS DATABASES OPERATING SYSTEMS NETWORK SERVICES The IT Infrastructure – Weak Points

18 Security Breaches … Some Statistics

19 “Insider” Breaches Installation/use of unauthorized software Infection of company equipment Use of company computing resources for illegal or illicit communications Abuse of computer access controls Physical theft, sabotage or intentional destruction of computing equipment Fraud % of respondents experiencing these breaches in the past 12 months 0% 10% 20% 30% 40% 50% 60% 70% 80% Survey2000 Information Security 73%73% 70%70% 63% 58% 42% 13%

20 “Outsider” Breaches Viruses/Trojans/Worms Denial-of-service Exploits related to active program scripting Attacks related to protocol weaknesses Attacks related to insecure passwords Attacks on bugs in Web servers % of respondents experiencing these breaches in the past 12 months 0% 10% 20% 30% 40% 50% 60% 70% 80% 73%73% 37% 26% 25% 37% 24% Survey2000 Information Security

21 Trends Viruses Abuse of computer access controls Physical theft, sabotage or intentional destruction of computing equipment % of respondents experiencing these breaches in 1999 & 2000 0% 10% 20% 30% 40% 50% 60% 70% 80% 73%73% 23% 80% 52% 58% 42% Survey2000 Information Security

22 Recent Security Breaches  US Office of Surface Mining  Hewlett Packard Company  Cruise Missile Command and Control programs (US Navy)  Arab Academy for science and technology and Maritime Transport  Panasonic Fax Machines UK  Nokia Corporation  NEC Corporation (Japan)  Compaq Computer Corporation Sites hit in March 2001 937 breaches (…just the ones which were reported…) Source : www.attrition.orgwww.attrition.org

23 …And this is what they did US NAVY SITE COMPAQ SITE PANASONIC SITE

24 58 15 11 13 3 SOURCE : PRICE WATCH HOUSE AND INFORMATION WEEK

25 OFFENSIVE TOOLS AND TECHNOLOGIES

26 CYBER TOOLS FOR ATTACK Hacking / Cracking tools Virus Programs Sniffers, Trojan horses Auditing Tools (SATAN)

27 –L0PHT-Crack –Back Orifice 2000 – Netbus – NetScan Pro – Jack the Ripper – Happy Hacker Suite Hacking Tools

28 The Problem How to carry the trust which we have in the paper based world into the realm of cyber space ?

29 In the paper based society, we ;  Write a letter on letter head and sign it. WHICH ENSURES the identity of an individual or application AUTHENTICATION Security in Paper Media…1

30  We sign in front of the witness WHICH ENSURES that information cannot be manipulated Ref:Sub:Sir, This is with your Ref vide ------- -------------------- XYZ Signature INTEGRITY Security in Paper Media…2

31  Put the letter in an envelope and seal it WHICH ENSURES that information is kept private and intact CONFIDENTIALITY Security in Paper Media…3

32  Send information by Certified mail WHICH ENSURES that information can not be disowned NON REPUDIATION Security in Paper Media…4

33 DEFENSIVE TOOLS AND TECHNOLOGIES FIREWALLS ANTI VIRUS IDS VPN PKI

34 AUTHENTICATION Verification of originator NONREPUDIATION Undeniable proof of participation AVAILABILITY Assured access by authorised users CONFIDENTIALITY Protection from unauthorised disclosure INTEGRITY Protection from unauthorised change ELEMENTS OF CYBER SECURITY RESTORATION Protection, Detection & Reaction capabilities

35

36 What Is A Firewall  Device that connects networks (internal and/or external with varying levels of trust) Security Policy  Used to implement and enforce a Security Policy regarding communication between those networks Untrusted Networks & Servers Trusted Networks Firewall Router Internet Intranet Public Accessible Servers & Networks Trusted Users Untrusted Users Server Segment

37 PCs SERVERS WAN / INTRANET HQ XYZ CORPS HQ ABC CORPS MOBILE USER FIREWALL Placing a Firewall ROUTER SWITCH ROUTER

38 PCs SERVERS WAN SWITCH ROUTER FIREWALL ANTI VIRUS MOBILE USER …… Virus Protection HQ XYZ CORPS HQ ABC CORPS

39 PCs SERVERS WAN SWITCH ROUTER FIREWALL ANTI VIRUS IDS HQ XYZ CORPS OFFICE 2 MOBILE USER Intrusion Detection Systems

40 EXTERNAL ATTACK ALERT! ATTACK DETECTED RECORD SESSION TERMINATE SESSION ALERT! ATTACK DETECTED EMAIL/ LOG/ REPORT RECONFIGURE FIREWALL/ ROUTER INTERNAL ATTACK ALERT RECORD SESSION SEND EMAIL LOG SESSION REAL TIME WATCHDOG EMAIL/ LOG/ REPORT

41 Virtual Private Networks Joins networks spread over a geographical expanse. Provides a data tunnel through a public network. Ensures the data which passes through it is encrypted. Effective means of confidentiality through Internet.

42 Virtual Private Networks DATA ENCRYPTION TUNNEL

43 P K I

44 Security Requirements NON REPUDIATION AUTHENTICATION CONFIDENTIALITY INTEGRITY Replace letterhead & signature on original document Replace Envelope Ref:Sub:Sir, This is with your Ref vide ------- -------------------- XYZ Signature Cryptographic digital signature Encryption

45 Symmetric Cryptography Algorithm + Requires a shared key between the two parties + Algorithm Encryption Decryption Key

46 Asymmetric Cryptography Algorithm + Requires a key pair between the two parties + Algorithm Encryption Decryption Public Key Private Key

47 Common e-Security Technologies Authentication Confidentiality Integrity Non- repudiation Anti-virus Firewalls Access Control Encryption Public Key Infrastructure BCP - v1.0 - 04/99

48 NAV RATNAS OF CYBER SECURITY FIREWALLS VPNsIDS CERTIFICATE MGT VIRUS PROTECTION ENCRYPTION PKI SECURITY POLICY PHYSICAL SECURITY

49

50 CERTIFYING AUTHS - FOR LICENCING, CERTIFYING & MONITORING USE OF DIGITAL SIGNATURES CYBER REGULATIONS ADVISORY COMMITTEE s PENALTIES & ADJUDICATION TO CURB CMPTR CRIMES ADJUDICATING OFFRS CYBER REGULATIONS APPELLATE TRIBUNAL (HEADED BY HIGH COURT JUDGE) INFORMATION TECHNOLOGY ACT NATIONAL LEVEL

51 Covers all types of computer systems in the army Safeguarding of Classified and Sensitive Unclassified Info Networking of Info Stores Nomination and duties of System Security Administrator Periodic review of Safeguards Internet access Dial up access Security of WAP Use of commercially available off the shelf security software Backups Handling of TOP SECRET software SALIENT FEATURES : CYBER SECURITY POLICY ARMY LEVEL

52 INITIATIVES

53 TASKS s Knowledge centre on Cyber Security and Converging Technologies s Undertake pilot studies and projects s Adaptation of technology s Monitoring of outsourced pilot projects s Advice on evaluation, induction, testing & R&D s Interaction with trade, industry, academia & other agencies

54

55 Physical Security – Hardware / Software Anti Virus Consciousness of staff using e-Media Storage of classified data Accounting procedures for print outs Procedures for copying data Password protection Shared folders in LAN environment

56

57 7 Top Management Errors that Lead to Computer Security Vulnerabilities Number 1:  Assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job. Number 2:  Fail to understand the relationship of information security to the business problem -- they understand physical security but do not see the consequences of poor information security. Number 3:  Fail to deal with the operational aspects of security: make a few fixes and then not allow the follow through necessary to ensure the problems stay fixed. Source: SANS Institute Resources

58 …7 Top Management Errors that Lead to Computer Security Vulnerabilities Number 4:  Rely primarily on a firewall. Number 5:  Fail to realize how much money their information and organizational reputations are worth Number 6:  Authorize reactive, short-term fixes so problems re- emerge rapidly Number 7:  Pretend the problem will go away if they ignore it Source: SANS Institute Resources

59 Mistakes People Make that Lead to Security Breaches The Five Worst Security Mistakes End Users  Opening unsolicited e-mail attachments without verifying their source and checking their content first.  Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape.  Installing screen savers or games from unknown sources.  Not making and testing backups.  Using a modem while connected through a local area network. Source: SANS Institute Resources

60 Six Steps to Cyber Security Baselining and Policy Formulation Planning and Design of a Secure Architecture Training and Education Technology and Implementation Audit, Monitoring and Forensics Validation and Updation of the Process

61 Security Assessments Understanding Security Requirements IT Threats IT Vulnerabilities External & Internal Scenario Changes Security Audit Validate Security Policy Security Policy Deploy Technology The Security Model Training

62

63

Download ppt "The art of war teaches us not to rely on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 1 – Introduction

Chapter 1 – Introduction
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Similar presentations

Ads by Google