Information Security Gerhard Steinke BUS 3620 According to Internetworldstats.com, there are 3,270,490,584 internet users worldwide Steinke

It is now unsafe to turn on your computer... Steinke

Open Wireless Networks Slammed on All Sides Viruses Employee Error Rogue Insiders Software Bugs Corporate Spies Script Kiddies Web Defacements Password Crackers Network vulnerabilities Denial of Service Open Wireless Networks Storage Media Rogue insider = rogue—stealing data, setting up secret access for themselves, even in anger planting logic bombs todestroy data , or just peeking at sensitive information they know is off limits -- they become the very insider threat that the IT department is supposed to be guarding against. Script kiddies = a person who uses existing computer scripts or code to hack into computers, lacking the expertise to write their own. Defacement = perusakan Backdoors = a feature or defect of a computer system that allows surreptitious unauthorized access to data. a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. This is a special case of the violation of memory safety. Phishing = the activity of defrauding an online account holder of financial information by posing as a legitimate company. Backdoors Worms Trojans Buffer Overflows Phishing Steinke

Definition: Information Security Confidentiality Protecting information from unauthorized disclosure Integrity Protecting information from unauthorized alteration/destruction Availability Ensuring the availability and access to the information Aleration = perubahan Availability Integrity Confidentiality

The Threat: Who Are They? Internal (authorized users (intentional & unintentional), contract worker, etc.) Hackers (‘script kiddies’ to experts) Industrial Espionage (legal? acceptable in some countries and sometimes government funded) Foreign Espionage Criminal (financial or criminal motivation) Other (terrorists, political activists) Steinke

The Cyber Security Threat The threat is global The attack sophistication is increasing The skill level required to become a threat is decreasing We live in a “Target Rich” environment Exposure time and response time are critical http://www.informationisbeautiful.net/visualiz ations/worlds-biggest-data-breaches-hacks/ http://www.privacyrights.org/data- breach/new Steinke

Security Basics Security policy Educate users – security awareness document security principles Educate users – security awareness Physical Security Network Security Monitor network, review logs Web Security Steinke

Technical Security Measures: Firewalls examines network packets entering/leaving an organization determine whether packets are allowed to travel ‘through’ the firewall Organization Steinke 4

Intrusion Detection System (IDS) Intrusion Prevention System (IPS) detect/prevent someone breaking into your system running in background and notifies you when… Match Alarm Steinke

Operational Controls Control program change requests require multiple authorizations independent testing of changes Investigate error messages, reports, alarms Monitor network status for operational, out- of-service stations, traffic queues Control tapes, disks and other system materials Steinke

Decryption Exercise Can you decrypt these? mfuttubsu cepninotry Decrypt = make (a coded or unclear message) intelligible. (membaca balik sandi) Steinke

Why Encryption? Disguising message Based in logic and mathematics Confidentiality Someone else can’t read the message Integrity Ensure message not altered Authentication Verify who sent message Non-repudiation Sender cannot deny they sent message Encrypt = convert (information or data) into a cipher or code, especially to prevent unauthorized access. Steinke

Encryption Substitution Cipher (13) ABCDEFGHIJKLMNOPQRSTUVWXYZ                        NOPQRSTUVWXYZABCDEFGHIJKLM Transposition Cipher Rearranging all characters in the plaintext Somewhat  mseoawth (3142) Attack: Could count frequency of letters… Break encryption by brute force - try all possible keys Longer key length is better Replace encryption software, find flaws in system Steal, bribe Steinke

Steganography Hiding information in a picture / video / audio file http://www.jjtc.com/Steganography/ S-tools demo Steinke

Symmetric / Secret Key Same key for encryption and decryption Secure key distribution required Scalability: n users require n*(n-1)/2 keys Steinke

Asymmetric or Public/Private Key Two keys – one encrypts, the other decrypts Public and Private keys generated as a pair Private key for user Public key for distribution Each key decrypts what the other encrypts Provides confidentiality, integrity, authentication and non-repudiation! Repudiation = penolakan

Picture of Asymmetric

Hash Function Create hash value / digital fingerprint Shorter than original message From variable length message to fixed length hash value One way function (can’t go back) Appended to message Provides integrity checking – message hasn’t changed Examples: MD5 - 128 bit hash SHA0 – 5: - 160+ bit (NIST) A hash function is any function that can be used to map data of arbitrary size to data of fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes.  Hash functions accelerate table or database lookup by detecting duplicated records in a large file. An example is finding similar stretches in DNA sequences. They are also useful in cryptography. A cryptographic hash function allows one to easily verify that some input data maps to a given hash value, but if the input data is unknown, it is deliberately difficult to reconstruct it (or equivalent alternatives) by knowing the stored hash value. This is used for assuring integrity of transmitted data, and is the building block for HMACs, which provide message authentication. Hashing is used with a database to enable items to be retrieved more quickly. Hashing can also be used in the encryption and decryption of digital signatures. The hash function transforms the digital signature, then both the hash value and signature are sent to the receiver. The receiver uses the same hash function to generate the hash value and then compares it to that received with the message. If the hash values are the same, it is likely that the message was transmitted without errors. One example of a hash function is called folding. This takes an original value, divides it into several parts, then adds the parts and uses the last four remaining digits as the hashed value or key. Another example is called digit rearrangement. This takes the digits in certain positions of the original value, such as the third and sixth numbers, and reverses their order. It then uses the number left over as the hashed value. It is nearly impossible to determine the original number based on a hashed value, unless the algorithm that was used is known. Appended = menambahkan.

Digital Signatures Create a hash value Encrypt hash value with your private key Attach to message to be sent Encrypt with recipients public key Send

What does Digital Signature do? Integrity – Message not changed Authentication - Verify sender identity Creates non-repudiation Applications: Used to authenticate software, data, images, electronic contracts, purchase orders

Biometrics Multi-factor authentication Identify people by measuring some aspect of individual anatomy or physiology, some deeply ingrained skill, or other behavioral characteristic Handwritten signatures Face Recognition Fingerprints Iris Codes Voice Retina Prints DNA Identification Palm Prints Handwriting Analysis

Errors All recognition systems are subject to error ‘Fraud’ / ‘false positive’ A client is accepted as authenticated when they should have been rejected ‘Insult’ / ‘false negative’ A client is rejected as NOT authenticated when in fact they should have been accepted.

Face Recognition Oldest way Widespread acceptance (and requirement) for photo ID Photo-ID is not particularly reliable, but has a very significant deterrent effect Deterrent = pencegahan

Facial Scan Strengths: Weaknesses: Attacks: Defenses: Database can be built from driver’s license records, visas, etc. Can be applied covertly (surveillance photos). (Super Bowl 2001) Few people object to having their photo taken Weaknesses: No real scientific validation Attacks: Surgery Facial Hair Hats Turning away from the camera Defenses: Scanning stations with mandated poses Covert = tersembunyi

Fingerprints Accounts for the majority of sales of biometric equipment Organizations are very reluctant to impose fingerprinting systems upon their clients Fingerprint sensors on laptops

Iris Codes Iris patterns believed to be unique Easier to capture and process than fingerprints Practical difficulties: Capturing the iris image is intrusive The subject has to be co-operative Intrusive = membosankan

Voice Recognition Strengths: Weaknesses: Attacks: Most systems have audio hardware Works over the telephone Can be done covertly Lack of negative perception Weaknesses: Background noise No large database of voice samples Attacks: Tape recordings Identical twins / soundalikes

Hand Scan Typical systems measure 90 different features: Overall hand and finger width Distance between joints Bone structure Primarily for access control: Machine rooms Strengths: No negative connotations – non-intrusive Reasonably robust systems Weaknesses: Accuracy is limited http://www.cjonline.com/images/040502/new.handscan.jpg Robust = kuat

Other Biometrics Retina Scan Facial Thermograms Vein identification Very popular in the 1980s military; not used much anymore. Facial Thermograms Vein identification Scent Detection Gait recognition Handwriting Facial Thermograms = detects heat patterns created by the branching of blood vessels and emitted from the skin. Vein identification/vascular biometrics = refers to identity management solutions that authenticate based on the unique patterns made by a user’s veins. Scent Detection = using canine to smell to detect substances. Gait recognition = involves people being identified purely through the analysis of the way they walk. 

Space Required for each Biometric Approx Template Size Voice 70k – 80k Face 84 bytes – 2k Signature 500 bytes – 1000 bytes Fingerprint 256 bytes – 1.2k Hand Geometry 9 bytes Iris 256 bytes – 512 bytes Retina 96 bytes

A Comprehensive Security Program Policies & Management Sponsorship Procedures Reporting Practices and Procedures Assessment Service Provider Compliance Awareness and Training

Security Principles Impossible to provide complete security Match security measures to value of assets Provide good security but keep system easy to use easy to use, little security <-----> difficult to use, high security Steinke

Security Today http://www.crn.com/slide- shows/security/300077563/the-10-biggest- data-breaches-of-2015-so- far.htm/pgno/0/1 http://krebsonsecurity.com/category/data- breaches/ http://www.indeed.com/q-IT-Security- jobs.html http://www.dhs.gov/topic/cybersecurity https://www.us-cert.gov/ncas/tips http://www.sans.org/ Steinke