1. IT Security

2. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and information from misuse by unauthorized parties Information assets of an organization are of three types: hardware, software and data.

3. Weaknesses Technology weaknesses - Inherent security weaknesses or vulnerabilities (hardware/software, OS) Configuration weaknesses - Insecure default settings (left the defaults), Misconfigured network equipment, Insecure user accounts/passwords Security policy weaknesses - Security administration is lax, including monitoring and auditing, Lack of a written security policy

4. Objectives Information security is intended to achieve three main objectives: – Confidentiality: protecting a firm’s data and information from disclosure to unauthorized persons – Availability: making sure that the firm's data and information is only available to those authorized to use it – Integrity: information systems should provide an accurate representation of the physical systems that they represent

5. Threats An information security threat is a person, organization, mechanism, or event that can potentially inflict harm on the firm's information resources Threats can be internal or external, accidental or intentional Unauthorized acts that present risks can be categorized into three types: 1.Unauthorized Use 2.Unauthorized Destruction and Denial of Service 3.Unauthorized Modification

6. Threats to Organizations

7. 7 Security Concerns Internet Viruses Denial of Service Information Theft Unauthorized Access Industrial Espionage Hacktivism Public Confidence Privacy Pornography

8. Access Control 1.User identification. Users first identify themselves by providing something that they know, such as a password 2.User authentication. Once initial identification has been accomplished, users verify their right to access by providing something that they have, such as a smart card or token, or an identification chip 3.User authorization. With the identification and authentication checks passed, a person can then be authorized certain levels or degrees of use. For example, one user might be authorized only to read from a file, whereas another might be authorized to make changes

9. Firewalls A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using a "wall of code" – Inspects each individual "packet" of data as it arrives at either side of the firewall – Inbound to or outbound from your computer – Determine whether it should be allowed to pass or be blocked

10. “Typical” corporate network Web Server Mail forwarding Mail server DNS (internal) DNS (DMZ) Internet File Server User machines Web Server Demilitarized Zone (DMZ) Intranet Firewall

11. Types of Firewalls Packet filtering firewalls - firewall examines each packet based on source and destination IP address Stateful packet inspection firewalls - Examines the contents of packets Hybrids – do both

12. Encryption Encryption: a process of encoding a message so that its meaning is not obvious. Decryption: the reverse process: transforming an encrypted message back into its normal form. – Symmetric key encryption: Encryption key and decryption key are the same. – Asymmetric key encryption: Encryption key and decryption key are different.

13. Models of Encryption and Decryption public/encryption key of Recipientsecret key/decryption key of Recipient e.g. RSA Symmetric Asymmetric

14. Intrusion detection Systems An Intrusion Detection System is required to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware Signature versus Anomaly detection