IT Security

What is Information Security?

• Information security describes efforts to protect computer and non computer equipment, facilities, data, and information from misuse by unauthorized parties

• Information assets of an organization are of three types: hardware, software and data.

Weaknesses

• Technology weaknesses - Inherent security weaknesses or vulnerabilities (hardware/software, OS)

• Configuration weaknesses - Insecure default settings (left the defaults), Misconfigured network equipment, Insecure user accounts/passwords

• Security policy weaknesses - Security administration is lax, including monitoring and auditing, Lack of a written security policy

Objectives• Information security is intended to achieve three

main objectives:– Confidentiality: protecting a firm’s data and

information from disclosure to unauthorized persons

– Availability: making sure that the firm's data and information is only available to those authorized to use it

– Integrity: information systems should provide an accurate representation of the physical systems that they represent

Threats• An information security threat is a person,

organization, mechanism, or event that can potentially inflict harm on the firm's information resources

• Threats can be internal or external, accidental or intentional

Unauthorized acts that present risks can be categorized into three types:1. Unauthorized Use2. Unauthorized Destruction and Denial of Service 3. Unauthorized Modification

Threats to Organizations

7

Security Concerns

Internet

Viruses

Denial of ServiceInformation Theft

Unauthorized Access

Industrial Espionage

HacktivismPublic Confidence

PrivacyPornography

Access Control1. User identification. Users first identify themselves by

providing something that they know, such as a password

2. User authentication. Once initial identification has been accomplished, users verify their right to access by providing something that they have, such as a smart card or token, or an identification chip

3. User authorization. With the identification and authentication checks passed, a person can then be authorized certain levels or degrees of use. For example, one user might be authorized only to read from a file, whereas another might be authorized to make changes

Firewalls

A security system that acts as a protective boundary between a network and the outside world

Isolates computer from the internet using a "wall of code" – Inspects each individual "packet" of data as it

arrives at either side of the firewall– Inbound to or outbound from your computer– Determine whether it should be allowed to pass or

be blocked

“Typical” corporate network

Web ServerWeb Server

Mail forwardingMail forwarding

Mail serverMail server DNS (internal)DNS (internal)

DNS (DMZ)DNS (DMZ)

InternetInternet

File ServerFile Server

User machinesUser machinesUser machinesUser machinesUser machines

Web ServerWeb Server

DemilitarizedZone (DMZ)

IntranetFirewall

Firewall

Types of Firewalls

• Packet filtering firewalls - firewall examines each packet based on source and destination IP address

• Stateful packet inspection firewalls - Examines the contents of packets

• Hybrids – do both

Encryption

• Encryption: a process of encoding a message so that its meaning is not obvious.

• Decryption: the reverse process: transforming an encrypted message back into its normal form.– Symmetric key encryption: Encryption key and

decryption key are the same.– Asymmetric key encryption: Encryption key and

decryption key are different.

Models of Encryption and Decryption

public/encryption key of Recipient secret key/decryption key of Recipient

e.g. RSA

Symmetric

Asymmetric

Intrusion detection Systems

• An Intrusion Detection System is required to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall.

• This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware

• Signature versus Anomaly detection