Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security.

Published byRudolph Parrish Modified over 7 years ago

Similar presentations

Presentation on theme: "Information Security."— Presentation transcript:

1 Information Security

2 “Nothing in this world is secure”

3 Top 5 Security incidents globally
1. Viruses and malicious code %. 2. Password exposure %. 3. Theft of computer equipment %. 4. Disclosure of confidential data %. 5. Lack of security %.

4

5 Pillars of Security

6 Confidentiality Confidentiality, keeping information secret from unauthorized access, is probably the most common aspect of information security: we need to protect confidential information. An organization needs to guard against those malicious actions that endanger the confidentiality of its information. Attacks threatening confidentiality In general, two types of attack threaten the confidentiality of information: snooping and traffic analysis. Snooping refers to unauthorized access to or interception of data. Traffic analysis refers other types of information collected by an intruder by monitoring online traffic.

7 Integrity Information needs to be changed constantly. In a bank, when a customer deposits or withdraws money, the balance of their account needs to be changed. Integrity means that changes should be done only by authorized users and through authorized mechanisms. Attacks threatening integrity The integrity of data can be threatened by several kinds of attack: modification, masquerading, and repudiation.

8 Availability The third component of information security is availability. The information created and stored by an organization needs to be available to authorized users and applications. Information is useless if it is not available. Information needs to be changed constantly, which means that it must be accessible to those authorized to access it. Unavailability of information is just as harmful to an organization as a lack of confidentiality or integrity. Imagine what would happen to a bank if the customers could not access their accounts for transactions. Attacks threatening availability Denial of service (DoS) attacks may slow down or totally interrupt the service of a system. The attacker can use several strategies to achieve this. They might make the system so busy that it collapses, or they might intercept messages sent in one direction and make the sending system believe that one of the parties involved in the communication or message has lost the message and that it should be resent.

9 Security Services Standards have been defined for security services to achieve security goals and prevent security attacks.

10 SYMMETRIC-KEY CRYPTOGRAPHY
Alice can send a message to Bob over an insecure channel with the assumption that an adversary, Eve, cannot understand the contents of the message by simply eavesdropping on the channel. The original message from Alice to Bob is referred to as plaintext; the message that is sent through the channel is referred to as the ciphertext. Alice uses an encryption algorithm and a shared secret key. Bob uses a decryption algorithm and the same secret key.

11 SYMMETRIC-KEY CRYPTOGRAPHY

12 Substitution ciphers A substitution cipher replaces one symbol with another. The ciphertext is therefore “wtaad”.

13 Transposition ciphers
A transposition cipher does not substitute one symbol for another, instead it changes the location of the symbols. A symbol in the first position of the plaintext may appear in the tenth position of the ciphertext, while a symbol in the eighth position in the plaintext may appear in the first position of the ciphertext. In other words, a transposition cipher reorders (transposes) the symbols.

14 Alice needs to send the message “Enemy attacks tonight” to Bob
Alice needs to send the message “Enemy attacks tonight” to Bob. Alice and Bob have agreed to divide the text into groups of five characters and then permute the characters in each group. The following shows the grouping after adding a bogus character (z) at the end to make the last group the same size as the others. The key used for encryption and decryption is a permutation key, which shows how the character are permuted. For this message, assume that Alice and Bob used the following key:

15 The third character in the plaintext block becomes the first character in the ciphertext block, the first character in the plaintext block becomes the second character in the ciphertext block and so on. The permutation yields: Alice sends the ciphertext “eemyntaacttkonshitzg” to Bob. Bob divides the ciphertext into five-character groups and, using the key in the reverse order, finds the plaintext.

16 ASYMMETRIC-KEY CRYPTOGRAPHY

17 The general idea of asymmetric-key cryptography as used for confidentiality. The figure shows that, unlike symmetric-key cryptography, there are distinctive keys in asymmetric-key cryptography: a private key and a public key. If encryption and decryption are thought of as locking and unlocking padlocks with keys, then the padlock that is locked with a public key can be unlocked only with the corresponding private key. Eve should not be able to advertise her public key to the community pretending that it is Bob’s public key.

18 In symmetric-key cryptography, symbols are permuted or substituted:
in asymmetric-key cryptography, numbers are manipulated.

19 Digital signatures We are all familiar with the concept of a signature. A person signs a document to show that it originated from him/her or was approved by him/her. The signature is proof to the recipient that the document comes from the correct entity. In other words, a signature on a document, when verified, is a sign of authentication—the document is authentic. When Alice sends a message to Bob, Bob needs to check the authenticity of the sender: he needs to be sure that the message comes from Alice and not Eve. Bob can ask Alice to sign the message electronically. In other words, an electronic signature can prove the authenticity of Alice as the sender of the message. We refer to this type of signature as a digital signature.

20 Digital signature process
The sender uses a signing algorithm to sign the message. The message and the signature are sent to the recipient. The recipient receives the message and the signature and applies the verifying algorithm to the combination. If the result is true, the message is accepted, otherwise it is rejected. The digital signature process

21 Certification authority
The previous approach can create a heavy load on the center if the number of requests is large. The alternative is to create public-key certificates. Bob wants two things: he wants people to know his public key, and he wants no-one to accept a forged public key as his. Bob can go to a certification authority (CA), a government authority that binds a public key to an entity and issues a certificate. The CA itself has a well known public key that cannot be forged. The CA issues a certificate for Bob. To prevent the certificate itself from being forged, the CA signs the certificate with its private key. Now Bob can upload the signed certificate. Anyone who wants Bob’s public key downloads the signed certificate and uses the center’s public key to extract Bob’s public key.

22 Firewalls

23 What is a Firewall In the Internet and similar networks, connecting an organization to the Internet provides a two-way flow of traffic. This is clearly undesirable in many organizations, as proprietary information is often displayed freely within a corporate intranet (that is, a TCP/IP network, modeled after the Internet that only works within the organization). In order to provide some level of separation between an organization's intranet and the Internet, firewalls have been employed. A firewall is simply a group of components that collectively form a barrier between two networks.

24 Common Firewall Features
Access Control Firewalls enhance security by limiting access from systems outside of the firewall to the systems inside. Firewalls accomplish this by filtering the incoming and outgoing data; looking for insecure connections or information, and denying unauthorized users access to internal systems. Concentrated Security By having a central point from which the security of the network is controlled, the network is considerably easier to configure and maintain. This also limits the number of mistakes that are possible when securing a large number of individual hosts on a network.

25  Enhanced Privacy By limiting or denying those outside of the firewall access to the internal network, firewalls greatly increase the privacy of that network. Since unauthorized users outside of the firewall cannot access anything but the firewall itself, and not the underlying network, privacy is maintained. Network Use Statistics Since Firewalls are already monitoring all traffic that passes through them; it is very simple to also keep detailed logs of network use. And at the same time, firewalls can also log or trigger alarms when misuse is detected.

26 Policy Enforcement Firewalls simplify the task of instituting a single security policy across all of the services which are being offered by allowing a single point of configuration. Implementation Firewalls can be implemented in a variety of ways, and as a result there can be a large discrepancy in the level of security provided. Most routers can even be configured to provide simple access control via packet filtering. Firewalls, however, provide a much greater level of security.

27 Techniques in Firewalls
Packet Level Filters This is the simplest type of filtering. Packets (data) are either passed through or dropped, depending on their source or destination address or ports. Although this type of filtering is not very secure by itself, or flexible, it has very little overhead associated with it, and therefore has little effect on the speed of filtered connections. An example of a service which a firewall would use application level filters for is SMTP, which is the protocol used to transfer . This type of filtering is very secure, but at the sacrifice of speed, performance, and sometimes ease of use.

28 Application Level Filters
A service runs on the firewall, which actively interacts between a client and a server. The client connects to the firewall and makes a request. The firewall, in turn, connects to the server and makes the request on behalf of the client. The firewall then returns the information from the server to the client. An Application Level Filter generally has a complete understanding of the underlying protocol, and as a result, it can completely control what information passes through, and can prevent any unauthorized use.

29 Circuit Level Filters This filter fits somewhere between Application and Packet filters. The filtering is determined by the type of service and source and destination addresses. Authorized connections are simply passed through the firewall via proxies; the proxy has no knowledge of the underlying protocol. Circuit Level Filters are commonly used for outgoing connections, since they are less secure than application level filters. An example of a type of service which a firewall would use circuit level filters for is an outgoing Telnet connection Even though this type of filtering is not as secure as Application Level Filtering, it has less overhead and is therefore faster. All three filters have their own advantages and disadvantages. Therefore, good firewalls implement all three kinds of filters to some degree in their design.

30 Stateful inspection or dynamic packet filtering
The terms stateful inspection or dynamic packet filtering refer to a more capable set of filtering functions on routers. Packet filtering is restricted to making its filtering decisions based only on the header information on each individual packet without considering any prior packets. Stateful inspection filtering allows both complex combinations of payload (message content) and context established by prior packets to influence filtering decisions. As with packet filtering, stateful inspection is implemented as an “add-on” to routing, so the host on which the stateful inspection function is executing must also be acting as a router.

31 Multilayer Inspection
Combines the best aspects of both stateful inspection technology and application-level Proxy technology Ultra-secure Multi-Link VPN

32 Firewall Topology Basic border firewall Untrustworthy host
This is the starting point for all firewalls. A basic border firewall is a single host interconnecting an organization’s internal network and some untrusted network, typically the Internet. In this configuration, the single host provides all firewall functions. Untrustworthy host To the basic border firewall, add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming and outgoing traffic to go through the untrustworthy host. The host is referred to as untrustworthy because it cannot be protected by the firewall; therefore, hosts on the trusted networks can place only limited trust in it.

33 DMZ network Dual firewall
In a DMZ ( DeMilitarized Zone ) network, the untrusted host is brought “inside” the firewall, but placed on a network by itself (the firewall host then interconnects three networks). This increases the security, reliability, and availability of the untrusted host, but it does not increase the level of trust that other “inside” hosts can afford it. Other untrustworthy hosts for other purposes (for example, a public web site or ftp server) can easily be placed on the DMZ network, creating a public services network. Dual firewall The organization’s internal network is further isolated from the untrustworthy network by adding a second firewall host. By connecting the untrustworthy network to one firewall host, the organization’s internal network to the other, and the DMZ between, traffic between the internal network and the Internet must traverse two firewalls and the DMZ.

34 All in one solution Internet Multiple ISP’s DMZ Internal network
Management server DMZ integrates features of multiple network elements into one simply managed solution eliminates the need for separate: firewall load balancing software or devices server load balancing software or devices content scanner load balancing software or devices ISP/router load balancing devices reduces also the rack space needed Internal network

35 Intrusion Detection

36 Intrusion detection systems (IDS)
are just one component of an effective security solution. are most effective when coupled with a strong security and incident response policy. are not fully automated. They guide and assist the humans charged with managing threats against electronic assets. It alert attacks from intruders i.e. if any unwanted services is accessed by hackers, it will send a mail to the admin about the attack with the details of the attacker (IP address, service requested etc) and reconfigure the Firewall. Why are we telling you this? To remind you that, even though we're only talking about IDS in this presentation, the best solution other security technologies as well. An IDS solution is useless without a security policy. Without this policy, it will be impossible to decide which IDS sensors best fit your requirements. Many vendors have a tendency to sell their IDS as a silver bullet: "Install this and your problems will go away". The current state of IDS technology has not reached the silver bullet stage. 4. This is a question that invariably comes up -- How many people do I need to run this thing? The answer really depends on how your organization wants to use IDS. The choice of one IDS sensor over another is one factor in determining the resources you must dedicate to your IDS. This is why the assess and design phases of an IDS implementation are so important.

37 THE PERFECT IDS? This is an ideal IDS response to a typical attack:
business partner uses a legitimate connection into your corporate network to instigate an attack IDS recognizes the suspicious activity and automatically reacts by: alerting you to malicious activity terminating the connection reconfiguring the firewall/router to block traffic from that person/site either temporarily or permanently You, knowing the IDS will take care of things until you get there, calmly finish your coffee before responding. Life is good, we all get plenty of sleep, and our families don’t forget who we are!!

38 Thank You

Download ppt "Information Security."

Similar presentations

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Chapter 12 Network Security.

Chapter 12 Network Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
OV 12 - 1 Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Similar presentations

Ads by Google