it security. what is information security? information security describes efforts to protect...
Post on 13-Dec-2015
213 Views
Preview:
TRANSCRIPT
IT Security
What is Information Security?
• Information security describes efforts to protect computer and non computer equipment, facilities, data, and information from misuse by unauthorized parties
• Information assets of an organization are of three types: hardware, software and data.
Weaknesses
• Technology weaknesses - Inherent security weaknesses or vulnerabilities (hardware/software, OS)
• Configuration weaknesses - Insecure default settings (left the defaults), Misconfigured network equipment, Insecure user accounts/passwords
• Security policy weaknesses - Security administration is lax, including monitoring and auditing, Lack of a written security policy
Objectives• Information security is intended to achieve three
main objectives:– Confidentiality: protecting a firm’s data and
information from disclosure to unauthorized persons
– Availability: making sure that the firm's data and information is only available to those authorized to use it
– Integrity: information systems should provide an accurate representation of the physical systems that they represent
Threats• An information security threat is a person,
organization, mechanism, or event that can potentially inflict harm on the firm's information resources
• Threats can be internal or external, accidental or intentional
Unauthorized acts that present risks can be categorized into three types:1. Unauthorized Use2. Unauthorized Destruction and Denial of Service 3. Unauthorized Modification
Threats to Organizations
7
Security Concerns
Internet
Viruses
Denial of ServiceInformation Theft
Unauthorized Access
Industrial Espionage
HacktivismPublic Confidence
PrivacyPornography
Access Control1. User identification. Users first identify themselves by
providing something that they know, such as a password
2. User authentication. Once initial identification has been accomplished, users verify their right to access by providing something that they have, such as a smart card or token, or an identification chip
3. User authorization. With the identification and authentication checks passed, a person can then be authorized certain levels or degrees of use. For example, one user might be authorized only to read from a file, whereas another might be authorized to make changes
Firewalls
A security system that acts as a protective boundary between a network and the outside world
Isolates computer from the internet using a "wall of code" – Inspects each individual "packet" of data as it
arrives at either side of the firewall– Inbound to or outbound from your computer– Determine whether it should be allowed to pass or
be blocked
“Typical” corporate network
Web ServerWeb Server
Mail forwardingMail forwarding
Mail serverMail server DNS (internal)DNS (internal)
DNS (DMZ)DNS (DMZ)
InternetInternet
File ServerFile Server
User machinesUser machinesUser machinesUser machinesUser machines
Web ServerWeb Server
DemilitarizedZone (DMZ)
IntranetFirewall
Firewall
Types of Firewalls
• Packet filtering firewalls - firewall examines each packet based on source and destination IP address
• Stateful packet inspection firewalls - Examines the contents of packets
• Hybrids – do both
Encryption
• Encryption: a process of encoding a message so that its meaning is not obvious.
• Decryption: the reverse process: transforming an encrypted message back into its normal form.– Symmetric key encryption: Encryption key and
decryption key are the same.– Asymmetric key encryption: Encryption key and
decryption key are different.
Models of Encryption and Decryption
public/encryption key of Recipient secret key/decryption key of Recipient
e.g. RSA
Symmetric
Asymmetric
Intrusion detection Systems
• An Intrusion Detection System is required to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall.
• This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware
• Signature versus Anomaly detection
top related