• Save
IS Security Presentation
Upcoming SlideShare
Loading in...5
×
 

IS Security Presentation

on

  • 2,242 views

This is created for a presentation in IS Security. Hope this will helpful for you also.

This is created for a presentation in IS Security. Hope this will helpful for you also.

Regards
Renjith , CISA CISSP

Statistics

Views

Total Views
2,242
Views on SlideShare
2,232
Embed Views
10

Actions

Likes
9
Downloads
0
Comments
0

3 Embeds 10

http://www.techgig.com 5
http://www.securit.in 3
http://www.slideshare.net 2

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

IS Security Presentation IS Security Presentation Presentation Transcript

  • Information Security
    • Basics , Attacks , Prevention & Practices
    • By Renjith K P , CISA , CISSP
  • From History
    • 19 Yr Old Russian hacker stole up to 300,000 credit card numbers from CD Universe customers in 1999 for $100000
    • Another Russian hacker stole more than 55,000 credit card numbers from CreditCards.com
    • In September 2000, Western Union shut down its web site for five days after hackers stole more than 15,000 customer credit card numbers
    • Amazon.com - credit card information of more than 98,000 customers was compromised 2001
    • April 2002, the Bank of the State of California found out that 265,000 state employees had their personal information stolen by a hacker
    • In August 2002, Daewoo Securities found out that $21.7 million in stock was illegally sold.
    • March 2005, hackers obtained 1.4 million credit card numbers by carrying out an attack on DSW Shoe Warehouse’s database.
    • Yahoo cautioned that the http://mail.yahoo.com/ address must include the trailing slash after the yahoo.com in 2006
    • Yahoo indicated that http://www.yahoo.com:login&mode=secure&i=b35
    • 870c196e2fd4a&q=1@16909060 is a bogus URL
    • During the Persian Gulf War in 1991, it was reported that hackers from the Netherlands penetrated 34 American military sites that supported Operation Desert Storm activities.
    • during the 1999 Kosovo Air Campaign, false messages were injected into Yugoslavia’s computer-integrated air defense systems to point the weapons at false targets.
    • In February 2004, Wells Fargo Bank suffered its second theft of a laptop computer that contained confidential information 200000 users
  • What Does This Mean to Us?
    • Good security does not begin and end with erecting a firewall and installing antivirus software.
    • Good security should be planned, designed, implemented, maintained.
  • CIA Triad
    • Confidentiality
    • Integrity
    • Availability
  • Password Attack
    • Password Guessing
    • Dictionary Attack
    • Social Engineering
    • Dumpster Diving
  • TCP Segment Format
  • 3 Way Handshaking
    • Host A sends a TCP SYN packet to Host B
    • Host B receives A's SYN Host B sends a SYN - ACK (Initial Sequence Number (ISN) )
    • Host A receives B's SYN-ACK Host A sends ACK
    • Host B receives ACK . TCP connection is ESTABLISHED.
  • Denial of Service Attacks
    • SYN Flood
  • Similar Attacks
    • Ack Flood
    • Reset (RST) Attack ( Calculate seq
    • then RST) – Occurs at the middle of connection
    • FIN Attack – At the End state of connection
  • Spoofing
  • Denial of Service Attacks
    • Smurf
  • Denial of Service Attacks
    • Teardrop
  • Detecting IP spoofing
    • An incoming packet cannot have a source address that belongs to the internal network.
    • An outgoing packet cannot have a source address that does not belong to the internal network.
    • A packet leaving or entering through a firewall cannot have the same source and destination address.
  • Denial of Service Attacks
    • DNS Poisoning – Hacking in to registrar account
    • Ping of Death - ICMP packet is 65,536 bytes .What if the packet size is more
  •  
  • Firewall Architecture
  • Masquerading Attacks
    • IP Spoofing
    • Session Hijacking
  • Other Threats
    • Virus - Malicious code.
    • Worms- Code spread automatically, usually via the Internet
    • Trojan - code hidden on a system to usually gain back door access.
    • Phishing
    • Spam
    • Spy / Ad Ware
  • Mitigation
    • Up-to-date Patches
    • Antivirus Softwares
    • Antispam Antiphishing
    • Training
    • Physical Security
    • Logging and Auditing
    • Need to know privileges
  • Incident Response
    • Unplug the network
    • Don't turn the computer off.
    • Backup the system and keep the Back-ups.
    • Investigate the cause
    • Always, re-build
    • Perform forensics on a backup
    • Keep documentation and evidence
  • Elements of Risks
  • Symmetric Cryptography
  • Symmetric examples
    • DES (56)
    • 3DES
    • IDEA (128)
    • Blowfish (32 to 448)
    • Skipjack (80 bits , for US Government)
    • AES (128:9 , 192:11,256:13)
  • Asymmetric
  • Asymmetric
    • RSA - 1088 bits
    • DSA – 1024 Bits
    • EL Gamel
    • Elliptic Curve – 160 bits
  • Comparison
  • PKI – Public Key Infrastructure
    • Certificate ( Serial , Issuer,Validity,Name , Public Key
    • CA – Verisign , Thawte etc
  • SSL
    • Credibility of the website
    • Encrypted communication
    • SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.
  • Hash Functions
    • Unique output value derived from the content of the message
    • SHA1 , MD4 , MD5
  • Digital Signature
    • The message truly came from the claimed Sender
    • Message was not altered while in
    • transit between the sender and recipient
  • Digital Signatures
  • VPN
    • Point-to-Point Tunneling Protocol (PPTP)
    • Layer 2 Tunneling Protocol (L2TP)
    • IPsec
  • Architecture - Protocols
    • Authentication header (AH): access control, integrity, data origin authentication, confidentiality
    • Encapsulating Security Payload (ESP): access control, confidentiality, traffic flow, confidentiality
    • Key management protocols: IKE = OAKLEY + ISAKMP, . . .
  • Cryptographic Algorithms for IPSec
    • HMAC - SHA1 for integrity protection
    • Triple DES - for confidentiality
    • AES for confidentiality.
  • Crypto Attacks
    • Man in the Middle
    • Birthday Attack : substitute a digitally signed communication a different message that produces the same message digest
    • Replay Attack : Same as 1 st one , use the captured session at later time
    • Brute Force Attack
  • Man In The Middle
    • A and B Wants to Communicate each other and C is sniffing the communication.
    • What if C captures both public keys and send C’s public key to A & B ?
  • Birthday Attack
    • Suppose A wants to cheat B while signing the contract
    • A prepare 2 contracts C and C’(Fraud)
    • F(C’) = F(C) while Hashing the contracts
    • B signs the Contract C
    • A put the Digital signature of the contract to C’ and can prove that B signed the C’
  • Brute Force Attack
    • How long can the key be?
    • How many possible values can each component of the key have?
    • How long will it take to attempt each key?
  • Attack Tools
    • dsniff - A tool for SSH and SSL MITM attacks
    • Cain - A Windows GUI tool which can perform MITM attacks, along with sniffing and ARP poisoning
    • Ettercap - A tool for LAN based MITM attacks
    • Karma - A tool that uses 802.11 Evil Twin attacks to perform MITM attacks
    • AirJack - A tool that demonstrates 802.11 based MITM attacks
    • wsniff - A tool for 802.11 HTTP / HTTPS based MITM attacks
  • Email Security
    • Secure Multipurpose Internet Mail Extensions (S/MIME)
    • Secure Electronic Transaction (SET) RSA & DES
    • Privacy Enhanced Mail (PEM) protocol and uses RSA,DES, and X.509
    • Pretty Good Privacy (PGP) - IDEA
  • Decoy Techniques
    • Honey Pots
    • Pseudo-Flaws
    • Monitoring & Logging
    • Traffic Analysis and trend Analysis
    • Sniffing
    • Ethical Hacking
  • Operations Security
    • Backup
    • Need to Know and Least Privilege
    • Trusted Recovery
    • Media management
    • Job rotation
  • BCP & Disaster Recovery
    • Business Impact Assessment
    • Risk Assessment
    • Risk Acceptance
    • Risk Mitigation
    • Cold,Warm,Hot Sites
  • Terms
    • Policies
    • Standards
    • Baselines
    • Guidelines
    • Procedures