Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Gerhard Steinke BUS 3620

Published byLee Berry Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Security Gerhard Steinke BUS 3620"— Presentation transcript:

1 Information Security Gerhard Steinke BUS 3620
According to Internetworldstats.com, there are 3,270,490,584 internet users worldwide Steinke

2 It is now unsafe to turn on your computer...
Steinke

3 Open Wireless Networks
Slammed on All Sides Viruses Employee Error Rogue Insiders Software Bugs Corporate Spies Script Kiddies Web Defacements Password Crackers Network vulnerabilities Denial of Service Open Wireless Networks Storage Media Rogue insider = rogue—stealing data, setting up secret access for themselves, even in anger planting logic bombs todestroy data , or just peeking at sensitive information they know is off limits -- they become the very insider threat that the IT department is supposed to be guarding against. Script kiddies = a person who uses existing computer scripts or code to hack into computers, lacking the expertise to write their own. Defacement = perusakan Backdoors = a feature or defect of a computer system that allows surreptitious unauthorized access to data. a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. This is a special case of the violation of memory safety. Phishing = the activity of defrauding an online account holder of financial information by posing as a legitimate company. Backdoors Worms Trojans Buffer Overflows Phishing Steinke

4 Definition: Information Security
Confidentiality Protecting information from unauthorized disclosure Integrity Protecting information from unauthorized alteration/destruction Availability Ensuring the availability and access to the information Aleration = perubahan Availability Integrity Confidentiality

5 The Threat: Who Are They?
Internal (authorized users (intentional & unintentional), contract worker, etc.) Hackers (‘script kiddies’ to experts) Industrial Espionage (legal? acceptable in some countries and sometimes government funded) Foreign Espionage Criminal (financial or criminal motivation) Other (terrorists, political activists) Steinke

6 The Cyber Security Threat
The threat is global The attack sophistication is increasing The skill level required to become a threat is decreasing We live in a “Target Rich” environment Exposure time and response time are critical ations/worlds-biggest-data-breaches-hacks/ breach/new Steinke

7 Security Basics Security policy Educate users – security awareness
document security principles Educate users – security awareness Physical Security Network Security Monitor network, review logs Web Security Steinke

8 Technical Security Measures: Firewalls
examines network packets entering/leaving an organization determine whether packets are allowed to travel ‘through’ the firewall Organization Steinke 4

9 Intrusion Detection System (IDS) Intrusion Prevention System (IPS)
detect/prevent someone breaking into your system running in background and notifies you when… Match Alarm Steinke

10 Operational Controls Control program change requests
require multiple authorizations independent testing of changes Investigate error messages, reports, alarms Monitor network status for operational, out- of-service stations, traffic queues Control tapes, disks and other system materials Steinke

11 Decryption Exercise Can you decrypt these? mfuttubsu cepninotry
Decrypt = make (a coded or unclear message) intelligible. (membaca balik sandi) Steinke

12 Why Encryption? Disguising message Based in logic and mathematics
Confidentiality Someone else can’t read the message Integrity Ensure message not altered Authentication Verify who sent message Non-repudiation Sender cannot deny they sent message Encrypt = convert (information or data) into a cipher or code, especially to prevent unauthorized access. Steinke

13 Encryption Substitution Cipher (13) ABCDEFGHIJKLMNOPQRSTUVWXYZ
                       NOPQRSTUVWXYZABCDEFGHIJKLM Transposition Cipher Rearranging all characters in the plaintext Somewhat  mseoawth (3142) Attack: Could count frequency of letters… Break encryption by brute force - try all possible keys Longer key length is better Replace encryption software, find flaws in system Steal, bribe Steinke

14 Steganography Hiding information in a picture / video / audio file
S-tools demo Steinke

15 Symmetric / Secret Key Same key for encryption and decryption
Secure key distribution required Scalability: n users require n*(n-1)/2 keys Steinke

16 Asymmetric or Public/Private Key
Two keys – one encrypts, the other decrypts Public and Private keys generated as a pair Private key for user Public key for distribution Each key decrypts what the other encrypts Provides confidentiality, integrity, authentication and non-repudiation! Repudiation = penolakan

17 Picture of Asymmetric

18 Hash Function Create hash value / digital fingerprint
Shorter than original message From variable length message to fixed length hash value One way function (can’t go back) Appended to message Provides integrity checking – message hasn’t changed Examples: MD bit hash SHA0 – 5: bit (NIST) A hash function is any function that can be used to map data of arbitrary size to data of fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes.  Hash functions accelerate table or database lookup by detecting duplicated records in a large file. An example is finding similar stretches in DNA sequences. They are also useful in cryptography. A cryptographic hash function allows one to easily verify that some input data maps to a given hash value, but if the input data is unknown, it is deliberately difficult to reconstruct it (or equivalent alternatives) by knowing the stored hash value. This is used for assuring integrity of transmitted data, and is the building block for HMACs, which provide message authentication. Hashing is used with a database to enable items to be retrieved more quickly. Hashing can also be used in the encryption and decryption of digital signatures. The hash function transforms the digital signature, then both the hash value and signature are sent to the receiver. The receiver uses the same hash function to generate the hash value and then compares it to that received with the message. If the hash values are the same, it is likely that the message was transmitted without errors. One example of a hash function is called folding. This takes an original value, divides it into several parts, then adds the parts and uses the last four remaining digits as the hashed value or key. Another example is called digit rearrangement. This takes the digits in certain positions of the original value, such as the third and sixth numbers, and reverses their order. It then uses the number left over as the hashed value. It is nearly impossible to determine the original number based on a hashed value, unless the algorithm that was used is known. Appended = menambahkan.

19 Digital Signatures Create a hash value
Encrypt hash value with your private key Attach to message to be sent Encrypt with recipients public key Send

20 What does Digital Signature do?
Integrity – Message not changed Authentication - Verify sender identity Creates non-repudiation Applications: Used to authenticate software, data, images, electronic contracts, purchase orders

21 Biometrics Multi-factor authentication
Identify people by measuring some aspect of individual anatomy or physiology, some deeply ingrained skill, or other behavioral characteristic Handwritten signatures Face Recognition Fingerprints Iris Codes Voice Retina Prints DNA Identification Palm Prints Handwriting Analysis

22 Errors All recognition systems are subject to error
‘Fraud’ / ‘false positive’ A client is accepted as authenticated when they should have been rejected ‘Insult’ / ‘false negative’ A client is rejected as NOT authenticated when in fact they should have been accepted.

23 Face Recognition Oldest way
Widespread acceptance (and requirement) for photo ID Photo-ID is not particularly reliable, but has a very significant deterrent effect Deterrent = pencegahan

24 Facial Scan Strengths: Weaknesses: Attacks: Defenses:
Database can be built from driver’s license records, visas, etc. Can be applied covertly (surveillance photos). (Super Bowl 2001) Few people object to having their photo taken Weaknesses: No real scientific validation Attacks: Surgery Facial Hair Hats Turning away from the camera Defenses: Scanning stations with mandated poses Covert = tersembunyi

25 Fingerprints Accounts for the majority of sales of biometric equipment
Organizations are very reluctant to impose fingerprinting systems upon their clients Fingerprint sensors on laptops

26 Iris Codes Iris patterns believed to be unique
Easier to capture and process than fingerprints Practical difficulties: Capturing the iris image is intrusive The subject has to be co-operative Intrusive = membosankan

27 Voice Recognition Strengths: Weaknesses: Attacks:
Most systems have audio hardware Works over the telephone Can be done covertly Lack of negative perception Weaknesses: Background noise No large database of voice samples Attacks: Tape recordings Identical twins / soundalikes

28 Hand Scan Typical systems measure 90 different features:
Overall hand and finger width Distance between joints Bone structure Primarily for access control: Machine rooms Strengths: No negative connotations – non-intrusive Reasonably robust systems Weaknesses: Accuracy is limited Robust = kuat

29 Other Biometrics Retina Scan Facial Thermograms Vein identification
Very popular in the 1980s military; not used much anymore. Facial Thermograms Vein identification Scent Detection Gait recognition Handwriting Facial Thermograms = detects heat patterns created by the branching of blood vessels and emitted from the skin. Vein identification/vascular biometrics = refers to identity management solutions that authenticate based on the unique patterns made by a user’s veins. Scent Detection = using canine to smell to detect substances. Gait recognition = involves people being identified purely through the analysis of the way they walk. 

30 Space Required for each Biometric
Approx Template Size Voice 70k – 80k Face 84 bytes – 2k Signature 500 bytes – 1000 bytes Fingerprint 256 bytes – 1.2k Hand Geometry 9 bytes Iris 256 bytes – 512 bytes Retina 96 bytes

31 A Comprehensive Security Program
Policies & Management Sponsorship Procedures Reporting Practices and Procedures Assessment Service Provider Compliance Awareness and Training

32 Security Principles Impossible to provide complete security
Match security measures to value of assets Provide good security but keep system easy to use easy to use, little security <-----> difficult to use, high security Steinke

33 Security Today shows/security/ /the-10-biggest- data-breaches-of-2015-so- far.htm/pgno/0/1 breaches/ jobs.html Steinke

Download ppt "Information Security Gerhard Steinke BUS 3620"

Similar presentations

Security Controls and Systems in E-Commerce

Security Controls and Systems in E-Commerce
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
Ch. 11: IS Security Gerhard Steinke BUS 3620

Ch. 11: IS Security Gerhard Steinke BUS 3620
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
C8- Securing Information Systems

C8- Securing Information Systems

Similar presentations

Ads by Google