Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE NEED FOR NETWORK SECURITY Thanos Hatziapostolou.

Published byVivien Barton Modified over 9 years ago

Similar presentations

Presentation on theme: "THE NEED FOR NETWORK SECURITY Thanos Hatziapostolou."— Presentation transcript:

1

2 THE NEED FOR NETWORK SECURITY Thanos Hatziapostolou

3 The Need for Web Security2 PRESENTATION OBJECTIVES  Understand information security services  Be aware of vulnerabilities and threats  Realize why network security is necessary  What are the elements of a comprehensive security program

4 The Need for Web Security3 TRENDS FOR INFORMATION  More information is being created, stored, processed and communicated using computers and networks  Computers are increasingly interconnected, creating new pathways to information assets  The threats to information are becoming more widespread and more sophisticated  Productivity, competitiveness, are tied to the first two trends  Third trend makes it inevitable that we are increasingly vulnerable to the corruption or exploitation of information INFORMATION IS THE MOST VALUABLE ASSET

5 The Need for Web Security4 Information Security Services  Confidentiality  Integrity  Authentication  Nonrepudiation  Access Control  Availability

6 The Need for Web Security5 Information Security Services  Confidentiality  Maintaining the privacy of data  Integrity  Detecting that the data is not tampered with  Authentication  Establishing proof of identity  Nonrepudiation  Ability to prove that the sender actually sent the data  Access Control  Access to information resources are regulated  Availability  Computer assets are available to authorized parties when needed SERVICES

7 The Need for Web Security6  Collection of networks that communicate  with a common set of protocols (TCP/IP)  Collection of networks with  no central control  no central authority  no common legal oversight or regulations  no standard acceptable use policy  “wild west” atmosphere What Is The Internet?

8 The Need for Web Security7 Why Is Internet Security a Problem?  Security not a design consideration  Implementing change is difficult  Openness makes machines easy targets  Increasing complexity

9 The Need for Web Security8 Common Network Security Problems  Network eavesdropping  Malicious Data Modification  Address spoofing (impersonation)  ‘Man in the Middle’ (interception)  Denial of Service attacks  Application layer attacks

10 The Need for Web Security9 Security Incidents are Increasing Sophistication of Hacker Tools 19901980 Technical Knowledge Required High Low 2000 -from Cisco Systems

11 The Need for Web Security10 HACKED WWW HOMEPAGES 11/29/96 CIA HOMEPAGE DOJ HOMEPAGE USAF HOMEPAGE

12 The Need for Web Security11 Problem is Worsening 60000 50000 40000 30000 20000 10000 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 Internet Security Violations Jerusalem Tequila Michelangelo Good Times Melissa & ILOVEYOU Anna Kournikova Code Red Nimba Badtrans Source: CERT® Coordination Center Carnegie Mellon

13 The Need for Web Security12 VIRUSES VIRUSES Risk ThreatDiscoveredProtection TROJ_SIRCAM.ANew !!Latest DAT W32.Navidad11/03/200011/06/2000 W95.MTX8/17/20008/28/2000 W32.HLLW.QAZ.A7/16/20007/18/2000 VBS.Stages.A6/16/20006/16/2000 VBS.LoveLetter5/04/20005/05/2000 VBS.Network2/18/20002/18/2000 Wscript.KakWorm12/27/199912/27/1999 W32.Funlove.409911/08/199911/11/1999 PrettyPark.Worm6/04/19996/04/1999 Happy99.Worm1/28/19991/28/1999

14 The Need for Web Security13 Consider that…  90% of companies detected computer security breaches in the last 12 months  59% cited the Internet as the most frequent origin of attack  74% acknowledged financial losses due to computer breaches  85% detected computer viruses Source: Computer Security Institute

15 The Need for Web Security14 WHO ARE THE OPPONENTS?  49% are inside employees on the internal network  17% come from dial-up (still inside people)  34% are from Internet or an external connection to another company of some sort HACKERS

16 The Need for Web Security15 HACKER MOTIVATIONS  Money, profit  Access to additional resources  Experimentation and desire to learn  “Gang” mentality  Psychological needs  Self-gratification  Personal vengeance  Emotional issues  Desire to embarrass the target

17 The Need for Web Security16 Internet Security? Malicious Code Viruses Worms Buffer Overflows Session Hijacking Port Scanning Trojans Denial of Service Spoofing Replay Attack Man-in-the-middle

18 The Need for Web Security17 What Do People Do When They Hear All These?  Take the risks!  But there are solutions  Ignoring the situation is not one of them

19 The Need for Web Security18 THE MOST COMMON EXCUSES  So many people are on the Internet, I'm just a face in the crowd. No one would pick me out.  I'm busy. I can't become a security expert--I don't have time, and it's not important enough  No one could possibly be interested in my information  Anti-virus software slows down my processor speed too much.  I don't use anti-virus software because I never open viruses or e-mail attachments from people I don't know.

20 The Need for Web Security19 SANS Five Worst Security Mistakes End Users Make 1.Opening unsolicited e-mail attachments without verifying their source and checking their content first. 2.Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape. 3.Installing screen savers or games from unknown sources. 4.Not making and testing backups. 5.Using a modem while connected through a local area network.

21 The Need for Web Security20 SECURITY COUNTERMEASURES THREE PHASE APPROACH PROTECTION DETECTION RESPONSE

22 The Need for Web Security21 ELEMENTS OF A COMPREHENSIVE SECURITY PROGRAM Have Good Passwords Use Good Antiviral Products Use Good Cryptography Have Good Firewalls Have a Backup System Audit and Monitor Systems and Networks Have Training and Awareness Programs Test Your Security Frequently Principles

23 The Need for Web Security22 CRYPTOGRAPHY Necessity is the mother of invention, and computer networks are the mother of modern cryptography. Ronald L. Rivest  Symmetric Key Cryptography  Public Key Cryptography  Digital Signatures

24 The Need for Web Security23 Firewall Visible IP Address Internal Network PC Servers Host A system or group of systems that enforces an access control policy between two networks.

25 The Need for Web Security24

26 The Need for Web Security25 THANK YOU I have questions…

Download ppt "THE NEED FOR NETWORK SECURITY Thanos Hatziapostolou."

Similar presentations

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.

SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Introducing Computer and Network Security

Introducing Computer and Network Security
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google