Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE NEED FOR NETWORK SECURITY

Published byみさえ つつの Modified over 5 years ago

Similar presentations

Presentation on theme: "THE NEED FOR NETWORK SECURITY"— Presentation transcript:

1 THE NEED FOR NETWORK SECURITY
Thanos Hatziapostolou

2 PRESENTATION OBJECTIVES
Understand information security services Be aware of vulnerabilities and threats Realize why network security is necessary What are the elements of a comprehensive security program The Need for Web Security

3 TRENDS FOR INFORMATION
More information is being created, stored, processed and communicated using computers and networks Computers are increasingly interconnected, creating new pathways to information assets The threats to information are becoming more widespread and more sophisticated Productivity, competitiveness, are tied to the first two trends Third trend makes it inevitable that we are increasingly vulnerable to the corruption or exploitation of information INFORMATION IS THE MOST VALUABLE ASSET The Need for Web Security

4 Information Security Services
Confidentiality Integrity Authentication Nonrepudiation Access Control Availability The Need for Web Security

5 Information Security Services
Confidentiality Maintaining the privacy of data Integrity Detecting that the data is not tampered with Authentication Establishing proof of identity Nonrepudiation Ability to prove that the sender actually sent the data Access Control Access to information resources are regulated Availability Computer assets are available to authorized parties when needed SERVICES Confidentiality Integrity Authentication Ensures that the origin of a message is correctly identified, with an assurance that the identity is not false Nonrepudiation Neither the sender nor the receiver of a message is able to deny the transmission Access Control Availability The Need for Web Security

6 The Need for Web Security
What Is The Internet? Collection of networks that communicate with a common set of protocols (TCP/IP) Collection of networks with no central control no central authority no common legal oversight or regulations no standard acceptable use policy “wild west” atmosphere The Need for Web Security

7 Why Is Internet Security a Problem?
updated Security not a design consideration Implementing change is difficult Openness makes machines easy targets Increasing complexity This sub-section addresses why Internet security is a problem and how it came to be that we are depending on an infrastructure with fundamental vulnerabilities. The Need for Web Security

8 Common Network Security Problems
Network eavesdropping Malicious Data Modification Address spoofing (impersonation) ‘Man in the Middle’ (interception) Denial of Service attacks Application layer attacks The Need for Web Security

9 Security Incidents are Increasing
High Sophistication of Hacker Tools Technical Knowledge Required Quote From Cisco System :” When most people read about Internet hacking incidents, they get the impression that these are highly complex, technical attacks that takes a genius to create. Reality is that the really smart people first come up with these highly complex, technical attacks, but they share the information and the tools required to pull off the attack on the Internet. The “open sharing” of hacking information and tools allows individuals with minimal technical knowledge to duplicate the attack. Often, it is as easy as downloading the attack tool from the Internet and launching it against targets. You don’t need to know anything other than how to run the attack tool. The bottom line is that it doesn’t take a genius to successfully attack systems and networks, it just takes someone downloading attack tools.” Low 1980 1990 2000 -from Cisco Systems The Need for Web Security

10 The Need for Web Security
HACKED WWW HOMEPAGES CIA HOMEPAGE DOJ HOMEPAGE USAF HOMEPAGE The Need for Web Security 11/29/96

11 Problem is Worsening Code Red 60000 50000 40000 30000 20000 10000 Anna Kournikova 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 Melissa & ILOVEYOU Badtrans Tequila Nimba Internet Security Violations Good Times Jerusalem Michelangelo Source: CERT® Coordination Center Carnegie Mellon The Need for Web Security

12 The Need for Web Security
VIRUSES Risk Threat Discovered Protection TROJ_SIRCAM.A New !! Latest DAT W32.Navidad 11/03/ /06/2000 W95.MTX 8/17/ /28/2000 W32.HLLW.QAZ.A 7/16/ /18/2000 VBS.Stages.A 6/16/ /16/2000 VBS.LoveLetter 5/04/ /05/2000 VBS.Network 2/18/ /18/2000 Wscript.KakWorm 12/27/ /27/1999 W32.Funlove /08/ /11/1999 PrettyPark.Worm 6/04/ /04/1999 Happy99.Worm 1/28/ /28/1999 The Need for Web Security

13 The Need for Web Security
Consider that… 90% of companies detected computer security breaches in the last 12 months 59% cited the Internet as the most frequent origin of attack 74% acknowledged financial losses due to computer breaches 85% detected computer viruses Source: Computer Security Institute The Need for Web Security

14 The Need for Web Security
WHO ARE THE OPPONENTS? 49% are inside employees on the internal network 17% come from dial-up (still inside people) 34% are from Internet or an external connection to another company of some sort HACKERS The Need for Web Security

15 The Need for Web Security
HACKER MOTIVATIONS Money, profit Access to additional resources Experimentation and desire to learn “Gang” mentality Psychological needs Self-gratification Personal vengeance Emotional issues Desire to embarrass the target The Need for Web Security

16 The Need for Web Security
Internet Security? Malicious Code Session Hijacking Viruses Trojans Worms Replay Attack Port Scanning Buffer Overflows Denial of Service Man-in-the-middle Spoofing The Need for Web Security

17 What Do People Do When They Hear All These?
Take the risks! But there are solutions Ignoring the situation is not one of them The Need for Web Security 6

18 THE MOST COMMON EXCUSES
No one could possibly be interested in my information Anti-virus software slows down my processor speed too much. I don't use anti-virus software because I never open viruses or attachments from people I don't know. So many people are on the Internet, I'm just a face in the crowd. No one would pick me out. I'm busy. I can't become a security expert--I don't have time, and it's not important enough The Need for Web Security

19 SANS Five Worst Security Mistakes End Users Make
Opening unsolicited attachments without verifying their source and checking their content first. Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape. Installing screen savers or games from unknown sources. Not making and testing backups. Using a modem while connected through a local area network. The Need for Web Security

20 SECURITY COUNTERMEASURES
THREE PHASE APPROACH PROTECTION DETECTION RESPONSE The Need for Web Security

21 ELEMENTS OF A COMPREHENSIVE SECURITY PROGRAM
Principles Have Good Passwords Use Good Antiviral Products Use Good Cryptography Have Good Firewalls Have a Backup System Audit and Monitor Systems and Networks Have Training and Awareness Programs Test Your Security Frequently INTRUSION DETECTION SYSTEM Immediate alerts on security-relevant activities Statistical analyses to establish norms Alerts on variations from norms The Need for Web Security

22 The Need for Web Security
CRYPTOGRAPHY Necessity is the mother of invention, and computer networks are the mother of modern cryptography. Ronald L. Rivest Symmetric Key Cryptography Public Key Cryptography Digital Signatures The Need for Web Security

23 The Need for Web Security
Firewall A system or group of systems that enforces an access control policy between two networks. Visible IP Address Internal Network PC Servers Host The Need for Web Security

24 The Need for Web Security

25 The Need for Web Security
THANK YOU I have questions… The Need for Web Security

Download ppt "THE NEED FOR NETWORK SECURITY"

Similar presentations

THE NEED FOR NETWORK SECURITY Thanos Hatziapostolou.

THE NEED FOR NETWORK SECURITY Thanos Hatziapostolou.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.

SECURITY ISSUES IN NETWORKS WITH INTERNET ACCESS PRESENTED BY Sri Vallabh Aida Janciragic Sashidhar Reddy.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Securing Information Systems

Securing Information Systems
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Similar presentations

Ads by Google