Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore

Published byLeslie Wilson Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore"— Presentation transcript:

1 Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com

2 Outline of Information Security Introduction Introduction Impact of information Impact of information Need of Information Security. Need of Information Security. Objectives of Information Security. Objectives of Information Security. Areas of Information Security. Areas of Information Security. Types of attackers Types of attackers Why attacks? Why attacks? Methods of Attacking on the Information Methods of Attacking on the Information Methods of Defending the Information Methods of Defending the Information Tips for the Information Security Tips for the Information Security

3 Introduction Information Security is a complicated area and can be addressed by well-trained and experienced Professionals. Information Security is a complicated area and can be addressed by well-trained and experienced Professionals. “When there is an attack on the system with the help of different threats, it means that our system is working very slowly, damaged and our information are unsecured” is called Information insecurity. This is a very big problem. “When there is an attack on the system with the help of different threats, it means that our system is working very slowly, damaged and our information are unsecured” is called Information insecurity. This is a very big problem. The Information Security is the solution for it. The Information Security is the solution for it.

4 Importance of Information Our work is based on records (information). Our work is based on records (information). We spend minimum half our day with documents We spend minimum half our day with documents 15% of Rs. spent managing documents. 15% of Rs. spent managing documents. Can’t work without data, record or information Can’t work without data, record or information

5 Need of Information Security To privacy of our Data/Information To privacy of our Data/Information To safely data saving To safely data saving Theft own Data/Information Theft own Data/Information To avoid bad use of our data To avoid bad use of our data Lack of time Lack of time Lack of money Lack of money Lack of human resources Lack of human resources

6 Objectives of Data/Inf. Security Objectives of Data/Info. security Integrity Confidentiality Authenticity Availability

7 Security Areas Basically three areas of security Basically three areas of security 1. Physical security 2. Network security 3. Database Security

8 Physical Security Keep the servers in locked room with network and power cables snipped off. Keep the servers in locked room with network and power cables snipped off. Security of other hardware and machinery Security of other hardware and machinery

9 Network Security Network security all entry points to a network should be guarded. Network security all entry points to a network should be guarded. Firewall Modem Internet Switch Scanner Workstation Printer Server Unprotected Network Protected LAN

10 Database Security Database Integrity Database Integrity User Authentication User Authentication Access Control Access Control Availability Availability

11 Types of Attackers Hackers Hackers Lone criminals Lone criminals Police Police Malicious insiders Malicious insiders Press/media Press/media Terrorists Terrorists Industrial espionage Industrial espionage National intelligence organizations National intelligence organizations Info warriors Info warriors

12 Hackers –Attacks for the challenge –Own subculture with names, lingo and rules –Stereotypically young, male and socially –Can have considerable expertise and passion for attacks

13 Lone criminals –Attack for financial gain –Cause the bulk of computer-related crimes –Usually target a single method for the attack

14 Malicious insiders –Already inside the system –Knows weaknesses and tendencies of the organization –Very difficult to catch

15 Press/media –Gather information for a story to sell papers/ commercial time Police –Lines are sometimes crossed when gathering information to pursue a case

16 T Terrorists –Goal is disruption and damage. –Most have few resources and skilled.

17 National Intelligence Organizations To investigation of different cases To investigation of different cases Industrial Espionage To discover a competitors strategic marketing To discover a competitors strategic marketing

18 Info warriors –Military based group targeting information or networking infrastructures –Lots of resources –Willing to take high risks for short term gain

19 Why attacks? To publicity To publicity To financial gain To financial gain Jealousness Jealousness To fun To fun To competition with the person of same field To competition with the person of same field

20 Specific types of attacks Engineering attacks Engineering attacks Physical attacks Physical attacks Environmental attacks Environmental attacks

21 Engineering attacks Viruses Viruses  String of computer code that attaches to other programs and replicates Worms Worms  Replicates itself to multiple systems  Rarely dangerous, mostly annoying Trojan Horses Trojan Horses  Collects information and sends to known site on the network  Also can allow external takeover of your system

22 Cont… Attacker Virus Our system colleague

23 Cont.. –Password sniffing  Collect first parts of data packet and look for login attempts –IP Spoofing  Fake packet to “hijack” a session and gain access -Port scanning -Port scanning  Automated process that looks for open networking ports  Logs positive hits for later exploits

24 Physical attacks Equipment failure arising from defective components. Equipment failure arising from defective components. Temperature and humidity. Temperature and humidity. Physical destruction of hardware and equipment Physical destruction of hardware and equipment Theft or sabotage. Theft or sabotage.

25 Environmental Attacks Natural Disasters Natural Disasters Fire, Earthquakes etc. Fire, Earthquakes etc. Man-Made Disasters Man-Made Disasters War, Chemical Leaks etc. War, Chemical Leaks etc.

26 Methods of Information Security Threats Backups Backups Antivirus Software Antivirus Software Cryptography Cryptography Biometrics Biometrics Honey pots Honey pots Firewalls Firewalls Burglar alarms Burglar alarms

27 Backups Backups allow us to restore damaged or destroyed data. Backups allow us to restore damaged or destroyed data. We can set up backup servers on the network. We can set up backup servers on the network. Backup media are- Floppy disks, external hard disks, ISP online backup. Backup media are- Floppy disks, external hard disks, ISP online backup.

28 Antivirus Antivirus is a program that we can install on our computer to detect and remove viruses. Antivirus is a program that we can install on our computer to detect and remove viruses. It is used to scan hard disks, floppy disks, CDs, for viruses and scan e-mail messages and individual files, downloads from the Net. It is used to scan hard disks, floppy disks, CDs, for viruses and scan e-mail messages and individual files, downloads from the Net.

29 Cryptography Cryptography is the art of converting info. Into a secret code that can be interpreted only by a person who knows how to decode it. Cryptography is the art of converting info. Into a secret code that can be interpreted only by a person who knows how to decode it. Cipher text Encrypted Decrypted Plain text

30 Example of Cryptography Original message Sender Original message Receiver Encrypted Decrypted

31 Bioinformatics The bioinformetics authentication process uses a person’s unique physical characteristics to authentically the identity. The bioinformetics authentication process uses a person’s unique physical characteristics to authentically the identity. Bioinformatics authentication method fingerprint recognition, voice authentication, face recognition, keystroke dynamics and retina. Bioinformatics authentication method fingerprint recognition, voice authentication, face recognition, keystroke dynamics and retina. Fingerprint Retina

32 Honey pots A honey pots is a tool used for detecting an intrusion attempt. A honey pots is a tool used for detecting an intrusion attempt. A honey pots simulates a vulnerable computer on a network. A honey pots simulates a vulnerable computer on a network. It contains no critical data or application but has enough data to lure an intruder. It contains no critical data or application but has enough data to lure an intruder.

33 Honey pots Intruder

34 Firewall A firewall is a tool for the network security that stand between trusted and entrusted networks and inspecting all traffic that flows between them. A firewall is a tool for the network security that stand between trusted and entrusted networks and inspecting all traffic that flows between them. In simple language firewall is a filter machine that monitors the type of traffic that flows in and out of the network. In simple language firewall is a filter machine that monitors the type of traffic that flows in and out of the network.

35 Private network Firewall Internet Firewall

36 Burglar alarms Traps set on specific networked objects that go off if accessed Traps set on specific networked objects that go off if accessed

37 Tips for information Security Use of strong password Use of strong password Adopt a security policy Adopt a security policy Use of anti-virus. Use of anti-virus. Information security officer Information security officer Use of firewalls Use of firewalls Use of bioinformatics Use of bioinformatics Beware to malicious insiders Beware to malicious insiders Security training Security training Use of other security tools Use of other security tools

38

Download ppt "Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore"

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.
GCSE ICT Networks & Security..

GCSE ICT Networks & Security..
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google