INFORMATION SYSTEM : SECURITY MEASURES Nurul Filzah Bt Hussain Muhammad Lokman Nurhakim Bin Hamin Nor Afina Binti Nor Aziz Nurul Farhah Amanina Bt Faizul Anuwar

Organization can protect themselves against such attacks including  Firewalls  Authentication & Encryption  Digital signature  Digital certificates

FIREWALLS AND PROXY SERVERS Firewall are the best defense against unauthorized access to system over the Internet.  Hardware and software that block access to computing resources. Keep unauthorized users out, they are also used to restrict unauthorized software or instructions,  Such as : computer viruses and other rogue software.

Firewall controls communication between trusted network and “untrusted” network. Installed on a server or a router. Network professional :  Check which applications can access the Internet and which servers might be accessed from the organization’s network.

DMZ ( Demilitarized Zone ) The network of computers that are connected to the company’s trusted network (such as an Intranet) at one end and the untrusted network – the public Internet – at the other end. Includes resources to which the organization allows direct access from the Internet.

PROXY SERVER Another server for all information requests from resources inside the trusted network. Can be placed between the Internet and the organization’s trusted network when there is no DMZ. Both organizational network server and proxy server employ firewall. Be installed on the server of the organizational network and the router. Router : Boundary router  Double firewall architecture adds an extra measure of security for an intranet.

Authentication and Encryption Authentication process of ensuring that the person who sends a message to or receives a message from you is indeed that person. Can be accomplished by senders and receivers exchanging codes known only to them. Once authentication is established, keeping a message secret can be accomplished by transforming it into a form that cannot be read by anyone who intercepts it. Coding a message into a form unreadable to an inceptor is called encryption

Public - key Encryption Two types symmetric encryption Asymmetric encryption Symmetric encryption o When both the senders and recipient use the same secret key. o Requires that the recipient have the key before the encrypted text is received. o The key is referred to simply as a secret key or private key.

Asymmetric encryption o comprises two keys; one is public key and the other is private key. o A public key is distributed widely and might be known to everyone. o A private key is secret and known only to the recipient of the message. o The public and private key are related in such a way that only the public key can be used to encrypt message, and only the corresponding private key can be used to decrypt the message. o It is virtually impossible to deduce the private key from the public key. o What differentiates them from one another is the different encryption algorithm each uses.

Transport layer security Transport layer security (TLS) is used for transactions on the web. TLS is part of virtually all current web browsers. TLS uses a combination of public key and symmetric key encryption.

Cont.. TLS works as follows: i.When a visitor connects to an online site, the site’s server sends the visitor’s browser its public key. ii.The visitor’s browser creates a temporary symmetric secret key of 128 bits. The key is transmitted to the site’s server encrypted by using the site’s public key. Now both the visitor’s browser and the site’s server know the same secret key and can only use it for encryption. iii.The visitor can now safely transmit confidential information.

Digital Signatures A way to authenticate online messages, analogous to a physical signature on a piece of paper, but implemented with public-key cryptography. Two phases are involved in creating a digital signature:-  The encryption software uses a hashing algorithm (a mathematical formula) to create a message digest from the file you wish to transmit.  Then, the software uses your private key to encrypt the message digest. *A Message digest is akin to the unique fingerprint of a file.

Digital Certificates to authenticate a digital signature both buyer and sellers must use digital certificatios (also knows as digital IDs) Are Computer files that serve as the equivalent of ID cards by associating one’s identity with one’s pubic key. An issue of digital certificates is called a certificate authority (CA). A CA certifies the identity of anyone who requires about a party communicating on the internet. A CA issues the public and private keys associated with a certificates.

Digital Certificates Contains its holder’s name, a serial number, expiration date, a copy of the certificate holder’s public key and the digital signature of the certificate authority. Digital signature are equivalent of tamper-proof photo identification cards. Public keys encryption technique taht verify the identityes of the buyer and seller in electronic transactions and present document from being altered after the transaction is complete.

The Downside of Security Measures Security Measure – Passwords, encryption applications and firewalls – They slow down data communication and – Require user discipline, which is not always easy to maintain Passwords – Many employees tend to forget their passwords especially if they must replaced them once or three a month – In some companies, the employees have to remember a different password for every system they use. – There might be four or five different system, each with its own access control

Single Sign-on (SSO) A simpler solution User are required to identify themselves only once before accessing several different system. However, SSO require special software that interacts with all the system in an organization And must be linked through the network

SSO as an effective way CIOs often said it as an effective way to decrease the amount of work their subordinates must do There is a case at Philadelphia Gas Works (PGW), a utility company with a staff of 1700 serving over half of million customers The IT staff receives 20k calls per year, half of which is related to forgotten passwords Since SSO was implemented, the number of calls decreased to about 50% per year

Encryption Its slows down communication because the software must encrypt and decrypt every message When you use a secure website, much of information you view on screen is encrypted by the software installed on the site’s server Then decrypted by your browser

All this activity takes time, and the delay only exacerbates the Internet’s low download speed Firewalls have the same slowing effects, screening every download takes time which affects anyone trying access information IT specialists must explain to managers the implications of applying security measures, especially on systems connected to the Internet and determine which resource should be accessed only with passwords and require screening methods

Specialist must tell employees what impact a new security measures on their daily work and if there is any problems, the specialists must convince them that the inconvenience is the price for protecting data And continue to work on methods that minimize inconvenience and delay

Virtual Private Network (VPN) Enable employees to access ISs using special security software This approach allows employees to access an intranet only from computers equipped with the proper VPN software and only if they remember passwords

End Thank you.