- PDF Free Download

Size: px

Start display at page:

Download ""

Arron Chambers
8 years ago
Views:

1 Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore

2 Outline of Information Security Introduction Impact of information Need of Information Security. Objectives of Information Security. Areas of Information Security. Types of attackers Why attacks? Methods of Attacking on the Information Methods of Defending the Information Tips for the Information Security

Areas of Information Security. Types of attackers Why attacks?

3 Introduction Information Security is a complicated area and can be addressed by well-trained and experienced Professionals. When there is an attack on the system with the help of different threats, it means that our system is working very slowly, damaged and our information are unsecured is called Information insecurity. This is a very big problem. The Information Security is the solution for it.

When there is an attack on the system with the help of different threats, it means that our system

4 Importance of Information Our work is based on records (information). We spend minimum half our day with documents 15% of Rs. spent managing documents. Can t work without data, record or information

5 Need of Information Security To privacy of our Data/Information To safely data saving Theft own Data/Information To avoid bad use of our data Lack of time Lack of money Lack of human resources

6 Objectives of Data/Inf. Security Availability Confidentiality Objectives of Data/Info. security Integrity Authenticity

7 Security Areas Basically three areas of security 1. Physical security 2. Network security 3. Database Security

8 Physical Security Keep the servers in locked room with network and power cables snipped off. Security of other hardware and machinery

9 Network Security Network security all entry points to a network should be guarded. Unprotected Network Switch Server Internet Printer Workstation Modem Firewall Protected LAN Scanner

10 Database Security Database Integrity User Authentication Access Control Availability

11 Types of Attackers Hackers Lone criminals Police Malicious insiders Press/media Terrorists Industrial espionage National intelligence organizations Info warriors

12 Hackers Attacks for the challenge Own subculture with names, lingo and rules Stereotypically young, male and socially Can have considerable expertise and passion for attacks

13 Lone criminals Attack for financial gain Cause the bulk of computer-related related crimes Usually target a single method for the attack

14 Malicious insiders Already inside the system Knows weaknesses and tendencies of the organization Very difficult to catch

15 Press/media Gather information for a story to sell papers/ commercial time Police Lines are sometimes crossed when gathering information to pursue a case

16 Terrorists Goal is disruption and damage. Most have few resources and skilled.

17 National Intelligence Organizations To investigation of different cases Industrial Espionage To discover a competitors strategic marketing

18 Info warriors Military based group targeting information or networking infrastructures Lots of resources Willing to take high risks for short term gain

19 Why attacks? To publicity To financial gain Jealousness To fun To competition with the person of same field

20 Specific types of attacks Engineering attacks Physical attacks Environmental attacks

21 Viruses Worms Engineering attacks String of computer code that attaches to other programs and replicates Replicates itself to multiple systems Rarely dangerous, mostly annoying Trojan Horses Collects information and sends to known site on the network Also can allow external takeover of your system

22 Cont colleague Attacker Virus Our system

23 Password sniffing Cont.. Collect first parts of data packet and look for login attempts IP Spoofing Fake packet to hijack a session and gain access -Port scanning Automated process that looks for open networking ports Logs positive hits for later exploits

24 Physical attacks Equipment failure arising from defective components. Temperature and humidity. Physical destruction of hardware and equipment Theft or sabotage.

25 Environmental Attacks Natural Disasters Fire, Earthquakes etc. Man-Made Made Disasters War, Chemical Leaks etc.

26 Methods of Information Security Threats Backups Antivirus Software Cryptography Biometrics Honey pots Firewalls Burglar alarms

27 Backups Backups allow us to restore damaged or destroyed data. We can set up backup servers on the network. Backup media are- Floppy disks, external hard disks, ISP online backup.

28 Antivirus Antivirus is a program that we can install on our computer to detect and remove viruses. It is used to scan hard disks, floppy disks, CDs, for viruses and scan messages and individual files, downloads from the Net.

29 Cryptography Cryptography is the art of converting info. Into a secret code that can be interpreted only by a person who knows how to decode it. Encrypted Plain text Cipher text Decrypted

30 Example of Cryptography Original message Sender Original message Receiver Encrypted Decrypted

31 Bioinformatics The bioinformetics authentication process uses a person s unique physical characteristics to authentically the identity. Bioinformatics authentication method fingerprint recognition, voice authentication, face recognition, keystroke dynamics and retina. Fingerprint Retina

32 Honey pots A honey pots is a tool used for detecting an intrusion attempt. A honey pots simulates a vulnerable computer on a network. It contains no critical data or application but has enough data to lure an intruder.

33 Honey pots Intruder Honey pots

34 Firewall A firewall is a tool for the network security that stand between trusted and entrusted networks and inspecting all traffic that flows between them. In simple language firewall is a filter machine that monitors the type of traffic that flows in and out of the network.

35 Firewall Private network Firewall Internet

36 Burglar alarms Traps set on specific networked objects that go off if accessed

37 Tips for information Security Use of strong password Adopt a security policy Use of anti-virus. Information security officer Use of firewalls Use of bioinformatics Beware to malicious insiders Security training Use of other security tools

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction