Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems Security

Published byBritney Watts Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Systems Security"— Presentation transcript:

1 Information Systems Security
Attacks, Detection, and Prevention

2 Common Types of Attack Organizational Attacks Hackers Automated
Connection Fails Organizational Attacks Restricted Data Accidental Breaches in Security Automated Hackers Viruses, Trojan Horses, and Worms Denial of Service (DoS) DoS Organizational attacks involve one organization breaking into your network to try to access confidential information in order to gain a business advantage. Hackers enjoy exercising their skills by attempting to bypass security safeguards and gain illegal access to your network. Automated attacks use software to scan for network vulnerabilities or to implement an electronic brute force attack. Brute force attacks involve trying many different user names, passwords, or other credentials to gain access to your resources. Denial of service (DoS) attacks flood a server with requests for action, thus rendering it incapable of providing its normal service. Viruses, Trojan horses, and worms are harmful programs that act by exploiting some known vulnerability to install themselves on a computer (perhaps by entering as an attachment to an ). Once they are present on a computer, they distribute copies of themselves to other connected computers, and these copies also replicate themselves, resulting in a rapid infection of the computer network. Accidental breaches in security often result from poor practices or procedures. For example, if security information, such as user names and passwords, is exposed, an attacker can exploit that information to gain access to your network.

3 Social Engineering Attack
An attack where the goal is to obtain sensitive data, including user names and passwords, from network users through deception and trickery

4 Eavesdropping Attack An attacker tries to gain access to private network communication using a sniffing tool in order to steal the content of the communication itself or to obtain user names and passwords.

5 IP Spoofing Attack An attacker creates IP packets with a forged IP address and uses those packets to gain access to a remote system

6 Hijacking Attack The attacker takes control (hijacks) a TCP session (after authentication at the beginning of the session) to gain access to data or network resources using the identity of the legitimate user.

7 Replay Attack An attacker captures network traffic in the form of packets and stores it for retransmission at a later time to gain unauthorized access to a specific host or network

8 Man-in-the-middle Attack
An attacker inserts himself between two hosts to gain access to their data transmission. Instead of just listening to and capturing network traffic, the attacker is making the sender and receiver believe they are communicating with each other, when in fact they are communicating with the attacker’s computer

9 Denial of Service Attack
The attacker attempts to disable systems that provide services by Flooding the network link Sending flaw data to an application Consuming the system’s resources to the point that it shuts down

10 Malicious Code Attack An attacker inserts malicious code into a user’s system to disrupt or disable the operation system or an application Virus Worms Trojans Logic bombs

11 Virus Originally refers to poison and other noxious substances. A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus needs to attach to a program for replication.

12 Worm A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program

13 Trojan horse A malware that appears to perform a desirable function but in fact performs undisclosed malicious functions. Therefore, a computer worm or virus may be a Trojan horse. The term is derived from the classical story of the Trojan Horse.

14 Root kit A malware to help intruders gain access to systems while avoiding detection, usually by modifying the OS. It takes control of the root access, (in Windows "Administrator" access) so as to seize control of the operating system

15 Attacks against default security configuration
An attacker attempts to gain access or disrupt the operation of a computer by exploiting the security flaws that exists in the operating system as it is installed out of the box

16 Software Exploitation Attacks
An attacker attempts to gain access to a system or sensitive data by exploiting a flaw or feature in an application

17 Password Attack An attacker tries to guess passwords or crack encrypted password files

18 Backdoor Attack An attacker creates a mechanism for gaining access to a computer bypassing the normal security checking path

19 Defending Principles Secure the network Secure the host
Secure the application Apply security principles

20 Defense against Network Attack
Good configuration management Up-to-date OS Patch applied Default password removed Proper network architecture Router Firewall Switch

21 Terminology Firewall A device of program that controls the flow of network traffic between networks or hosts

22 Terminology Packet Filter Firewall
A routing device that includes access control functionality for host addresses and communication sessions Stateful Inspection Firewall A firewall that can filter packets, track the state of connections, and block packets that deviate from the expected state

23 Terminology Circuit Level Proxy
A form of proxy that validates each connection before it is established, in the same manner as stateful inspection Application Proxy Gateway An advanced firewall that combines lower layer access control with upper layer functionality, and includes a proxy agent that acts as an intermediary between two hosts that wish to communicate with each other

24 Terminology Demilitarized Zone (DMZ)
An interface on a routing firewall leading to a protected network that is different from the main network. This is a buffer Network Address Translation (NAT) Used to hide internal IP addresses from an external network through use of an addressing scheme (DHCP)

25 Firewall A firewall is a combination of hardware and software that sits in the entry point to the company network It monitors the type of traffic that comes into the company network, and it decides whether a packet is allowed to enter. All traffic (data packets) are screened by the firewall and only authorized packets are allowed to gain entry into the network.

26 Types of Firewall Packet filtering (also called screening routers)
Circuit level gateways Application proxies

27 Packet filtering Screening routers can look at the packet IP address (network layer) and the types of connections (transport layer). Then they provide filtering based on that information. The router connects two networks often performs packet filtering to control traffic between the networks. Administrators program the device with a set of rules that define how packet filtering is done.

28 Proxy and proxy server Proxy means to do something on other people’s behalf A proxy server is a server which services the requests of its clients by forwarding requests to other servers. The information on who uses the Internet and the transfer details are logged by the proxy user for further analysis

29 Proxy and proxy server When a client connects to the Internet through a proxy, its IP address is not revealed. This increase the security of the computer. A computer in a local area network would has a private IP. It must use a proxy and NAT to use a public IP to access the Internet.

30 Circuit Level Gateway It is a proxy and has all the benefits mentioned before. It operates at the session layer. It monitors TCP handshaking between packets to determine whether a requested session is legitimate. It does not filter individual packets

31 Application Proxy Application proxy is a proxy
It acts on the application layer, say web proxy, ftp proxy etc. It only allows packets of that particular application to pass and inspects the contents of the traffic, blocking what the firewall administrator views as inappropriate content.

32 VPN Virtual Private Networking (VPN) is a process by which organizations take advantage of the public network (Internet) to achieve connectivity for their branches as well as their remote users. The security of this connection is achieved by authentication and encryption. This function can be provided by a firewall.

33 Use of firewall

34 De-militarized Zone

35 2 firewall architecture

36 Multi-DMZ Architecture

37 Network Architecture

38 Network Architecture

39 Network Architecture

40 Secure the Host Harden the system
Apply latest patch for known vulnerabilities Install anti-virus software Install personal firewall Apply security policy Carry out security audit

41 Host configuration Patches and updates Services Protocols Accounts
Files and directories Shares Ports Auditing and logging Registry

42 Secure the Application
Most application suffers from the following vulnerabilities: Input validation Authentication Authorization Configuration management Sensitive data

43 Secure the Application
Session management Cryptography Parameter manipulation Exception management Auditing and logging

44 Security Principles Compartmentalize Use least privilege
Apply defense in depth Do not trust user input Check at the gate Fail securely

45 Security Principles Secure the weakest link Create secure defaults
Reduce your attack surface

46 Intrusion Detection A burglar alarm for network
A program to detect attacks on computers and networks Host-based IDS Network-based IDS

47 Intrusion Detection Principles
Actions of users and processes are statistically predictable Actions of users and processes do not include sequences of commands that subvert security Actions of processes lie inside the set permitted by the security policy Violation of any of the above is an indicator of an attack

48 Goals of IDS Detect a wide variety of intrusions (including insiders)
Detect intrusions in a timely manner Present summary to human expert Accuracy (false positive)

49 Construction of IDS Traffic collector Analysis engine
Signature database User interface and reporting

50 Modes of operation Integrity check Signature recognition
Anomaly detection

51 Host-based IDS Keep an eye on the critical files and analyse the log files Login at odd hours Login authentication failures Modification or access of critical files Use of certain programs Privilege escalation

52 Network-based IDS Look at the network traffic in and out of the organization at the major links Should operate at high speed and able to handle large amount of traffic

53 Limitations Cannot deal with encrypted traffic
Only known attacks can be detected HIDS are vulnerable to attacks since they are on the monitored machine NIDS can be bottleneck of the network Still a young topic and lots of work to be done

54 IDS products Cisco IDS by CISCO eTrust by Computer Associates
RealSecure by Internet Security Systems Netscreen IDP by Netscreen Intruder Alert by Symantec Corp. Tripwire by Tripware Inc. Snort by Snort

Download ppt "Information Systems Security"

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Similar presentations

Ads by Google