Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com

Outline of Information Security Introduction Impact of information Need of Information Security. Objectives of Information Security. Areas of Information Security. Types of attackers Why attacks? Methods of Attacking on the Information Methods of Defending the Information Tips for the Information Security

Introduction Information Security is a complicated area and can be addressed by well-trained and experienced Professionals. When there is an attack on the system with the help of different threats, it means that our system is working very slowly, damaged and our information are unsecured is called Information insecurity. This is a very big problem. The Information Security is the solution for it.

Importance of Information Our work is based on records (information). We spend minimum half our day with documents 15% of Rs. spent managing documents. Can t work without data, record or information

Need of Information Security To privacy of our Data/Information To safely data saving Theft own Data/Information To avoid bad use of our data Lack of time Lack of money Lack of human resources

Objectives of Data/Inf. Security Availability Confidentiality Objectives of Data/Info. security Integrity Authenticity

Security Areas Basically three areas of security 1. Physical security 2. Network security 3. Database Security

Physical Security Keep the servers in locked room with network and power cables snipped off. Security of other hardware and machinery

Network Security Network security all entry points to a network should be guarded. Unprotected Network Switch Server Internet Printer Workstation Modem Firewall Protected LAN Scanner

Database Security Database Integrity User Authentication Access Control Availability

Types of Attackers Hackers Lone criminals Police Malicious insiders Press/media Terrorists Industrial espionage National intelligence organizations Info warriors

Hackers Attacks for the challenge Own subculture with names, lingo and rules Stereotypically young, male and socially Can have considerable expertise and passion for attacks

Lone criminals Attack for financial gain Cause the bulk of computer-related related crimes Usually target a single method for the attack

Malicious insiders Already inside the system Knows weaknesses and tendencies of the organization Very difficult to catch

Press/media Gather information for a story to sell papers/ commercial time Police Lines are sometimes crossed when gathering information to pursue a case

Terrorists Goal is disruption and damage. Most have few resources and skilled.

National Intelligence Organizations To investigation of different cases Industrial Espionage To discover a competitors strategic marketing

Info warriors Military based group targeting information or networking infrastructures Lots of resources Willing to take high risks for short term gain

Why attacks? To publicity To financial gain Jealousness To fun To competition with the person of same field

Specific types of attacks Engineering attacks Physical attacks Environmental attacks

Viruses Worms Engineering attacks String of computer code that attaches to other programs and replicates Replicates itself to multiple systems Rarely dangerous, mostly annoying Trojan Horses Collects information and sends to known site on the network Also can allow external takeover of your system

Cont colleague Attacker Virus Our system

Password sniffing Cont.. Collect first parts of data packet and look for login attempts IP Spoofing Fake packet to hijack a session and gain access -Port scanning Automated process that looks for open networking ports Logs positive hits for later exploits

Physical attacks Equipment failure arising from defective components. Temperature and humidity. Physical destruction of hardware and equipment Theft or sabotage.

Environmental Attacks Natural Disasters Fire, Earthquakes etc. Man-Made Made Disasters War, Chemical Leaks etc.

Methods of Information Security Threats Backups Antivirus Software Cryptography Biometrics Honey pots Firewalls Burglar alarms

Backups Backups allow us to restore damaged or destroyed data. We can set up backup servers on the network. Backup media are- Floppy disks, external hard disks, ISP online backup.

Antivirus Antivirus is a program that we can install on our computer to detect and remove viruses. It is used to scan hard disks, floppy disks, CDs, for viruses and scan e-mail messages and individual files, downloads from the Net.

Cryptography Cryptography is the art of converting info. Into a secret code that can be interpreted only by a person who knows how to decode it. Encrypted Plain text Cipher text Decrypted

Example of Cryptography Original message Sender Original message Receiver Encrypted Decrypted

Bioinformatics The bioinformetics authentication process uses a person s unique physical characteristics to authentically the identity. Bioinformatics authentication method fingerprint recognition, voice authentication, face recognition, keystroke dynamics and retina. Fingerprint Retina

Honey pots A honey pots is a tool used for detecting an intrusion attempt. A honey pots simulates a vulnerable computer on a network. It contains no critical data or application but has enough data to lure an intruder.

Honey pots Intruder Honey pots

Firewall A firewall is a tool for the network security that stand between trusted and entrusted networks and inspecting all traffic that flows between them. In simple language firewall is a filter machine that monitors the type of traffic that flows in and out of the network.

Firewall Private network Firewall Internet

Burglar alarms Traps set on specific networked objects that go off if accessed

Tips for information Security Use of strong password Adopt a security policy Use of anti-virus. Information security officer Use of firewalls Use of bioinformatics Beware to malicious insiders Security training Use of other security tools