2. Information Security
2
Information security means protecting information and information
systems from unauthorized access, use, disclosure, disruption,
modification, perusal, inspection, recording or destruction.
Information security = confidentiality + integrity + availability +
authentication.
well-informed sense of assurance that the information risks and
controls are in balance.
The terms information security, computer security and information
assurance are frequently incorrectly used interchangeably.
3. Contd.
3
Information security is concerned with the confidentiality, integrity
and availability of data regardless of the form the data may take:
electronic, print, or other forms.
Computer security can focus on ensuring the availability and correct
operation of a computer system without concern for the information
stored or processed by the computer.
Information security offers many areas for specialization including:
securing network(s) and allied infrastructure,
securing applications and databases, security testing, information
systems auditing, business continuity planning and digital forensics
4. Basic Security Terminology(concepts)
4
Network security terms are the foundation for any discussion of
network security and are the elements used to measure the security
of a network.
Some of these terms or concepts include:-
1. Identification:- is simply the process of identifying one's self to
another entity or determining the identity of the individual or entity
with whom you are communicating.
2. Authentication:- is the assurance that the communicating entity is
the one that it claims to be.
Authentication serves as proof that you are who you say you are
or what you claim to be.
Authentication is required when communicating over a network or
5. Contd.
5
When communicating over a network you should ask yourself
two questions:
1) With whom am I communicating?
2) Why do I believe this person or entity is who he, she, or it
claims to be?
When logging onto a network, three basic schemes are used
for authentication:
Something you know
Something you have
Something you are
6. Contd.
6
3. Access Control(Authorization):- refers to the ability to control the
level of access that individuals or entities have to a network or
system and how much information they can receive.
Your level of authorization basically determines what you're allowed
to do once you are authenticated and allowed access to a network,
system, or some other resource such as data or information.
Access control is the determination of the level of authorization to a
system, network, or information (i.e., classified, secret, or top-
secret).
7. Contd.
7
4. Confidentiality:- can also be called privacy or secrecy and
refers to the protection of information from unauthorized
disclosure.
Usually achieved either by restricting access to the
information or by encrypting the information so that it is not
meaningful to unauthorized individuals or entities.
5. Availability:- refers to whether the network, system,
hardware, and software are reliable and can recover quickly
and completely in the event of an interruption in service.
Ideally, these elements should not be susceptible to denial
8. Contd.
8
6. Data Integrity:- refers to the assurance of data received are exactly as
sent by an authorized entity.
Data integrity is achieved by preventing unauthorized or improper
changes to data, ensuring internal and external consistency, and
ensuring that other data attributes (such as timeliness and
completeness) are consistent with requirements.
7. Accountability:- refers to the ability to track or audit what an individual
or entity is doing on a network or system.
Does the system maintain a record of functions performed, files
9. Contd.
9
8. Non-Repudiation:- refers to the ability to prevent individuals or
entities from denying (repudiating) that information, data, or files
were sent or received or that information or files were accessed
or altered, when in fact they were.
is crucial to e-commerce.
10. Contd.
10
8. Non-Repudiation:- refers to the ability to prevent individuals or
entities from denying (repudiating) that information, data, or files
were sent or received or that information or files were accessed
or altered, when in fact they were.
is crucial to e-commerce.
11. Computer Security
While computer systems today have some of the best security systems ever,
they are more vulnerable than ever before.
Computer and network security comes in many forms, including encryption
algorithms, access to facilities, digital signatures, and using fingerprints and
face scans as passwords.
The OSI security architecture provides a systematic frame work for defining
security attacks, mechanisms and services.
The OSI security architecture focuses on security attacks, mechanisms and
services.
Security attack:- Any action that compromises the security of information
owned by an organization.
Security mechanism:- A process (or a device incorporating such a
process) that is designed to detect, prevent, or recover from a security
attack.
Security service:- A processing or communication service that enhances
11
12. Contd.
Computer Security:- generic name for the collection of tools
designed to protect data and to hackers from attacking the
organizational assets.
“The protection afforded to an automated information system in order
to attain the applicable objectives of preserving the integrity,
availability, and confidentiality of information system resources
(includes hardware, software, firmware, information/data, and
12
13. Contd.
13
Network Security:- measures to protect data during their
transmission over the network.
Internet Security:- measures to protect data during their
transmission over a collection of interconnected networks(network of
networks)
14. Why Is Computer and Network Security Important?
14
1. To protect company assets:- One of the primary goals of computer and
network security is the protection of company assets (hardware, software
and/or information).
2. To gain a competitive advantage:- Developing and maintaining effective
security measures can provide an organization with a competitive
advantage over its competition
3. To comply with regulatory requirements and fiduciary
responsibilities:- organizations that rely on computers for their continuing
operation must develop policies and procedures that address
organizational security requirements.
Such policies and procedures are necessary not only to protect
company assets but also to protect the organization from liability
15. 15
Vulnerabilities(Attack Surface)
are weak points or loopholes in security that an attacker can
exploit in order to gain access to the network or to resources
on the network.
The vulnerability is not the attack, but rather the weak point
that is exploited.
Vulnerability is the intersection of three elements:
1. A system susceptibility or flaw,
2. attacker access to the flaw, and
3. attacker capability to exploit the flaw
To be vulnerable, an attacker must have at least one
applicable tool or technique that can connect to a system
weakness.
A security risk may be classified as a vulnerability. But there
16. Contd.
16
A vulnerability with one or more known instances of working
and fully-implemented attacks is classified as an exploitable
vulnerability, a vulnerability for which an exploit exists.
Fig Threat agents, attack vectors, weakness, controls, IT asset and
business impact
17. Vulnerability Classification
17
Vulnerabilities are classified according to the asset class
they related to:
1. Hardware
susceptibility to humidity
susceptibility to dust
susceptibility to soiling
susceptibility to unprotected storage
2. Software
insufficient testing
lack of audit trail
18. Contd.
18
3. Network
Unprotected communication lines
Insecure network architecture
4. Personnel
inadequate recruiting process
inadequate security awareness
5. Site
area subject to flood
unreliable power source
6. Organizational
lack of regular audits
lack of continuity plans
19. Vulnerabilities in Common Network Access Procedures &
Protocols
19
The primary protocol used in operating systems today is the TCP/IP
protocol stack.
The wide use of this protocol helps to integrate different operating
system architectures such as Microsoft and UNIX.
Many organizations make use of this interoperability and use
various TCP/IP utilities to run programs, transfer information, and
reveal information.
Due to the nature of these utilities, various security risks and threats
exist.
Users often use the same passwords for mixed environments.
Sometimes, passwords are automatically synchronized.
If hackers can crack the password on systems other than Microsoft
systems, they could also use that password to logon to a Microsoft
20. Telnet
20
The Telnet protocol allows a user to log onto a system over the network
and use that system as though the user was sitting at a terminal that was
directly connected.
The telnet command provides a user interface to a remote system.
When using the Microsoft telnet client to log on to the Microsoft Windows
2000 Telnet service, it uses the NTLM(NT LAN Manager) protocol to log
the client on.
In a Windows network, NTLM is a suite of Microsoft security protocols
that provides authentication, integrity, and confidentiality to users
Problems arise when integrating Microsoft systems and UNIX systems.
When logging on to a system from a Microsoft telnet client to UNIX
TELNET daemon service or vice versa, the user name and password are
sent over the network in plain text.
21. File Transfer Protocol(FTP)
21
It allows users to connect to remote systems and transfer files
back and forth.
As part of establishing a connection to a remote computer, FTP
relies on a user name and password combination for
authentication.
Use of FTP poses a security problem similar to use of the Telnet
protocol because passwords typed to FTP are transmitted over
the network in plain text, one character per packet. These
packets can be intercepted.
Another problem area for FTP is anonymous FTP.
Anonymous FTP allows users who do not have an account on a
computer to transfer files to and from a specific directory.
22. Contd.
22
To use anonymous FTP, a user passes a remote computer
name as an argument to FTP and then specifies "anonymous"
as a user name.
Problems with anonymous FTP are:
There is often no record of who has requested what information.
The threat of denial-of-service attacks. That is, For deliberate or
accidental denial-of-service attacks, authorized users may be
denied access to a system if too many file transfers are initiated
simultaneously.
It is important to securely set up the anonymous FTP account
on the server because everyone on the network will have
potential access.
23. Trivial File Transfer Protocol(TFTP)
23
It is a file transfer program that is frequently used to allow
diskless hosts to boot over the network.
Microsoft Windows 2000 implements a client utility to make
use of TFTP services on UNIX flavors.
Because TFTP has no user authentication, it may be possible
for unwanted file transfer to occur.
The use of TFTP to steal password files is a significant threat.
24. Commands Revealing User Information
24
It is not uncommon to find interoperability between
Microsoft products and various flavors of UNIX.
Commands that reveal user and system information
pose a threat because crackers can use that information
to break into a system.
Some of these commands whose output makes a
system vulnerable to break-ins include:
Finger
Rexec
25. Finger
25
The finger client utility on Windows NT and Windows 2000 can
be used to connect to a finger daemon service running on a
UNIX-based computer to display information about users.
When the finger client utility is invoked with a name argument,
the password file is searched on a UNIX server.
Every user with a first name, last name, or user name that
matches the name argument is returned.
When the finger program is run with no arguments, information
for every user currently logged on to the system is displayed.
User information can be displayed for remote computers as well
as for the local computer.
26. Contd.
26
The output of finger typically includes logon name, full name,
home directory, last logon time, and in some cases when the
user received mail and/or read mail.
Personal information, such as telephone numbers, is often
stored in the password file so that this information is available
to other users.
Making personal information about users available poses a
security threat because a password cracker can make use of
this information.
In addition, finger can reveal logon activity.
27. Rexec
27
The rexec utility is provided as a client on Microsoft Windows NT
and Windows 2000.
The rexec client utility allows remote execution on UNIX-based
systems running the rexecd service.
A client transmits a message specifying the user name, the
password, and the name of a command to execute.
The rexecd program is susceptible to abuse because it can be
used to probe a system for the names of valid accounts.
In addition, passwords are transmitted unencrypted over the
network.
28. Protocol Design
28
Communication protocols sometimes have weak points.
Attackers use these to gain information and eventually gain
access to systems. Some known issues are:
TCP/IP:- The TCP/IP protocol stack has some weak points
that allows:
IP address spoofing
TCP connection request (SYN) attacks
ATM:- Security can be compromised by what is referred to as
"manhole manipulation“, direct access to network cables and
connections in underground parking garages and elevator
shafts.
29. Weak Password
29
Password selection will always be a contentious point as long as
users have to select one.
Users usually select commonly used passwords because they are
easy to remember, like anything from birthday to the names of
loved ones. This creates a vulnerability.
A password is the key to a computer, a key much sought-after by
hackers, as a means of getting a foothold into a system.
A weak password may give a hacker access not only to a computer,
but to the entire network to which the computer is connected.
Users should treat their passwords like the keys to their homes.
Switches and routers are easily managed by an HTTP Web
interface or through a command line interface.
Coupled to the use of weak passwords it allows anybody with some
technical knowledge to take control of the device.
30. Modem
30
If a computer has a modem connected to the Internet, the user
needs to take appropriate precautions because modem
connections can be a significant vulnerability.
Hackers commonly use a tool known as a "war dialer" to identify
the modems at a target organization.
A war dialer is a computer program that automatically dials phone
numbers within a specified range of numbers.
Most organizations have a block of sequential phone numbers.
By dialing all numbers within the targeted range, the war dialer
identifies which numbers are for computer modems and determines
certain characteristics of those modems.
The hacker then uses other tools to attack the modem to gain
access to the computer network.
Anyone can download effective war dialers from the Internet at no
31. Network Security In Action
31
Client
Configuration
DNS Network Services FTP/Telnet SMTP/POP Web Server
IP & Port
Scanning
Web Server
Exploit
Email Exploit DoS Attack Trojan Attack
Sniffing
Traffic
KeyStroke
Logging
Password
Cracking
MITM Attack
Hardening
Host
AntiVirus
Applications
Using
Firewall
Using
GPG/PGP
Using SSH
Using
Certificate
Using IPSec
System Log
Analysis
Intrusion
Detection
System
HoneyPot
Spyware
Detection and
Removal
Backup and
Restore
Finding
Hidden Data
NETWORK
PREVENT
DETECTION
VULNERABILITAS
32. Contd.
32
External
attacker
A network security design protects assets from threats and
vulnerabilities in an organized manner
To design security, analyze risks to your assets and create responses
Corporate Assets
Internal
attacker
Incorrect
permissionsVirus