IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Slides:

Advertisements

Similar presentations

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Advertisements

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Firewall Configuration Strategies

Security+ Guide to Network Security Fundamentals

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Firewalls and Intrusion Detection Systems

Intrusion Detection Systems and Practices

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Web server security Dr Jim Briggs WEBP security1.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Department Of Computer Engineering

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

NW Security and Firewalls Network Security

FIREWALL Mạng máy tính nâng cao-V1.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

BUSINESS B1 Information Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

What does “secure” mean? Protecting Valuables

C8- Securing Information Systems

Today’s Lecture Covers < Chapter 6 - IS Security

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Operating system Security By Murtaza K. Madraswala.

Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

Information Security What is Information Security?

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Chap1: Is there a Security Problem in Computing?.

Security fundamentals Topic 10 Securing the network perimeter.

Firewall – Survey  Purpose of a Firewall  To allow ‘proper’ traffic and discard all other traffic  Characteristic of a firewall  All traffic must go.

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.

SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Security fundamentals

Chapter 40 Internet Security.

CS457 Introduction to Information Security Systems

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

Why do we need Firewalls?

Secure Software Confidentiality Integrity Data Security Authentication

Computer Data Security & Privacy

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Security in Networking

6.6 Firewalls Packet Filter (=filtering router)

Firewalls Purpose of a Firewall Characteristic of a firewall

INFORMATION SYSTEMS SECURITY and CONTROL

Introduction to Network Security

Mohammad Alauthman Computer Security Mohammad Alauthman

Protection Mechanisms in Security Management

Presentation transcript:

IT Security

What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and information from misuse by unauthorized parties Information assets of an organization are of three types: hardware, software and data.

Weaknesses Technology weaknesses - Inherent security weaknesses or vulnerabilities (hardware/software, OS) Configuration weaknesses - Insecure default settings (left the defaults), Misconfigured network equipment, Insecure user accounts/passwords Security policy weaknesses - Security administration is lax, including monitoring and auditing, Lack of a written security policy

Objectives Information security is intended to achieve three main objectives: – Confidentiality: protecting a firm’s data and information from disclosure to unauthorized persons – Availability: making sure that the firm's data and information is only available to those authorized to use it – Integrity: information systems should provide an accurate representation of the physical systems that they represent

Threats An information security threat is a person, organization, mechanism, or event that can potentially inflict harm on the firm's information resources Threats can be internal or external, accidental or intentional Unauthorized acts that present risks can be categorized into three types: 1.Unauthorized Use 2.Unauthorized Destruction and Denial of Service 3.Unauthorized Modification

Threats to Organizations

7 Security Concerns Internet Viruses Denial of Service Information Theft Unauthorized Access Industrial Espionage Hacktivism Public Confidence Privacy Pornography

Access Control 1.User identification. Users first identify themselves by providing something that they know, such as a password 2.User authentication. Once initial identification has been accomplished, users verify their right to access by providing something that they have, such as a smart card or token, or an identification chip 3.User authorization. With the identification and authentication checks passed, a person can then be authorized certain levels or degrees of use. For example, one user might be authorized only to read from a file, whereas another might be authorized to make changes

Firewalls A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using a "wall of code" – Inspects each individual "packet" of data as it arrives at either side of the firewall – Inbound to or outbound from your computer – Determine whether it should be allowed to pass or be blocked

“Typical” corporate network Web Server Mail forwarding Mail server DNS (internal) DNS (DMZ) Internet File Server User machines Web Server Demilitarized Zone (DMZ) Intranet Firewall

Types of Firewalls Packet filtering firewalls - firewall examines each packet based on source and destination IP address Stateful packet inspection firewalls - Examines the contents of packets Hybrids – do both

Encryption Encryption: a process of encoding a message so that its meaning is not obvious. Decryption: the reverse process: transforming an encrypted message back into its normal form. – Symmetric key encryption: Encryption key and decryption key are the same. – Asymmetric key encryption: Encryption key and decryption key are different.

Models of Encryption and Decryption public/encryption key of Recipientsecret key/decryption key of Recipient e.g. RSA Symmetric Asymmetric

Intrusion detection Systems An Intrusion Detection System is required to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware Signature versus Anomaly detection