Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Systems. Three tenets of security Confidentiality Integrity Availability.

Published byJimmy Gillson Modified over 9 years ago

Similar presentations

Presentation on theme: "Security and Systems. Three tenets of security Confidentiality Integrity Availability."— Presentation transcript:

1 Security and Systems

2 Three tenets of security Confidentiality Integrity Availability

3 e-Security –the problem is real 90% of companies surveyed by the FBI have detected cyber attacks recently Disgruntled employees, industrial espionage, and data theft are responsible for 70-80% of security breaches Increase in external threats from hackers, ex-employees, competitors and cyber terrorists The rise of “Script Kiddies” - Hackers who do not target specific organizations, but run scripts scanning the net for ANY vulnerable network

4 Security Myths Nobody would want our data. Who knows us? We are anonymous There is no danger to my network at all. I am not on the Internet, I am safe. I don’t need any security devices. I have a Firewall I have an antivirus on my server. I am safe All our employees are very committed & reliable!

5 Know your IT law Cyber crimes – Hacking, damage to computer source code, publishing lascivious information in an electronic form, breach of privacy / confidentiality, publishing digital signature, etc. Interception by Government – intercept any information transmitted through any computer resource if the same is necessary in the interest of the sovereignty or integrity of India, Digital Signatures legally valid and enforceable.

6 Know your IT law Authentication of electronic records in India shall be effected by the use of asymmetric crypto system and hash function If someone uses your network to attack an external network and the attacked complains, you are liable to be penalized Companies must have a detailed I T Security Policy in tune with the mandatory specific provisions of the IT Act and IT Rules.

7 Threats to data

8 Protectable Data assets Business Information – contracts, SLAs, financial data, customer details, etc Intellectual property – source codes, inventions, research papers, etc National secrets E-commerce

9 Threats to data Accessed by External hackers Divulged by ignorant employees Corrupted by virus attacks Hardware failures Inadequate access controls Badly designed applications Clear transmission over public internet Last but not the least system administrators !!

10 Types of External Attacks Malicious code attacks Corporate espionage Web graffiti Denial-of-service Database hacks Installing Back doors Identity Theft

11 Typical Network Attack locate system to attack gain privilege access gain user access Cover tracks Install backdoors attack other hosts engage in other unauthorized activity take or alter Information

12 Methods adopted in attacks Pinging Sniffing Probing Flooding Hacking Cracking Scripting Buffer Overflow Reverse engineering

13 Gain user access Identity theft Masquerading Eavesdropping Spoofing Piggy backing Social Engineering

14 Alter or steal information Sniffing Man-in-the middle attacks Cookies Sabotage by employees

15 Common Reasons Flawed design or implementation of network infrastructure Rapidly changing technologies Lack of management understanding New & mutating attacks Inherent product weaknesses

16 Internal Threats Unrestricted access to internal systems Bad security practices Ignorant users Lack of management understanding New & mutating attacks Inherent product weaknesses

17 Protection mechanisms

18 Data Lifecycle – Creation – Storage – Movement – Destruction

19 Key security elements – Security Policy – Identity management – Robust Perimeter Security – Storage Security – Secure Transmission of data – Good Security Practices

20 Identity Accurate and positive identification of network users, hosts, applications, services, and resources. Standard technologies – Kerberos – one-time password Technologies used – digital certificates – smart cards – directory services (e.g. LDAP, ADS)

21 Perimeter Security Deals with controlling data that is passed between LAN and public internet Perimeter is controlled by – Routers and switches – Firewalls – IDS / IPS – Antivirus – URL Filters – Network Traffic Analyzers

22 Secure transmission The ability to provide authenticated, confidential communication between systems Data privacy is achieved by – Layer 2 Tunneling Protocol (L2TP) – IPsec – Data Encryption – PGP

23 Layered Security 23

24 Security Standards / Laws BS7799 / IS17799 Data Protection Act HIPAA SOX IT Act (Indian cyberlaws)

25 BS7799, ISO 9000 & BS 15000 ISO 9001 (QMS) Standard Process Approach [P-D-C-A] ISO 9001 (QMS) Standard Process Approach [P-D-C-A] BS 15000 BS 7799  BS 7799-certified companies are automatically Compliant with security section of BS 15000  BS 15000 & BS 7799 adopt the P-D-C-A Process Approach of ISO 9001: 2000 QMS Standard

26 Policy Management Defining a clear security objective Articulating clear policy Implemented by suitable procedures Audited regularly to ensure compliance Training users Improvising the procedures

27 Good Security Practices

28 Proactive measures

29 Testing methods – Vulnerability assessment – Penetration testing – Detection measures – Response measures

30 Best Practices Understanding of the business needs A security mission statement Identification & Risk Analysis on Data A strong commitment from upper management to allocate necessary resources Clearly defined implemented and documented security policies and procedures

31 Best Practices A suite of host and network based security auditing and improvement tools A security awareness program that reaches everyone in the organization A dedicated team of trained security professionals and consultants to make it all happen

32 To conclude No technology used to protect your organization is 100% hackerproof Good policies drive good implementation Best policies without necessary awareness among personnel is in vain Security is not a one-size-fits-all solution. Security of organization assets is everyone’s responsibility.

33 Prudenté Solution Pvt Ltd Phone: 080 - 30667171 email: srimathi@prudente.co.in

Download ppt "Security and Systems. Three tenets of security Confidentiality Integrity Availability."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam.

SECURITY EVALUATION OF AN ORGANIZATION TA Md Morshedul Islam.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Security Controls – What Works

Security Controls – What Works
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Similar presentations

Ads by Google