IS Security Presentation

1,491 views

Published on

This is created for a presentation in IS Security. Hope this will helpful for you also.

Regards
Renjith , CISA CISSP

Published in: Career, Technology, Education

IS Security Presentation

  1. 1. Information Security <ul><li>Basics , Attacks , Prevention & Practices </li></ul><ul><li>By Renjith K P , CISA , CISSP </li></ul>
  2. 2. From History <ul><li>19 Yr Old Russian hacker stole up to 300,000 credit card numbers from CD Universe customers in 1999 for $100000 </li></ul><ul><li>Another Russian hacker stole more than 55,000 credit card numbers from CreditCards.com </li></ul><ul><li>In September 2000, Western Union shut down its web site for five days after hackers stole more than 15,000 customer credit card numbers </li></ul>
  3. 3. <ul><li>Amazon.com - credit card information of more than 98,000 customers was compromised 2001 </li></ul><ul><li>April 2002, the Bank of the State of California found out that 265,000 state employees had their personal information stolen by a hacker </li></ul><ul><li>In August 2002, Daewoo Securities found out that $21.7 million in stock was illegally sold. </li></ul><ul><li>March 2005, hackers obtained 1.4 million credit card numbers by carrying out an attack on DSW Shoe Warehouse’s database. </li></ul><ul><li>Yahoo cautioned that the http://mail.yahoo.com/ address must include the trailing slash after the yahoo.com in 2006 </li></ul><ul><li>Yahoo indicated that http://www.yahoo.com:login&mode=secure&i=b35 </li></ul><ul><li>870c196e2fd4a&q=1@16909060 is a bogus URL </li></ul>
  4. 4. <ul><li>During the Persian Gulf War in 1991, it was reported that hackers from the Netherlands penetrated 34 American military sites that supported Operation Desert Storm activities. </li></ul><ul><li>during the 1999 Kosovo Air Campaign, false messages were injected into Yugoslavia’s computer-integrated air defense systems to point the weapons at false targets. </li></ul><ul><li>In February 2004, Wells Fargo Bank suffered its second theft of a laptop computer that contained confidential information 200000 users </li></ul>
  5. 5. What Does This Mean to Us? <ul><li>Good security does not begin and end with erecting a firewall and installing antivirus software. </li></ul><ul><li>Good security should be planned, designed, implemented, maintained. </li></ul>
  6. 6. CIA Triad <ul><li>Confidentiality </li></ul><ul><li>Integrity </li></ul><ul><li>Availability </li></ul>
  7. 7. Password Attack <ul><li>Password Guessing </li></ul><ul><li>Dictionary Attack </li></ul><ul><li>Social Engineering </li></ul><ul><li>Dumpster Diving </li></ul>
  8. 8. TCP Segment Format
  9. 9. 3 Way Handshaking <ul><li>Host A sends a TCP SYN packet to Host B </li></ul><ul><li>Host B receives A's SYN Host B sends a SYN - ACK (Initial Sequence Number (ISN) ) </li></ul><ul><li>Host A receives B's SYN-ACK Host A sends ACK </li></ul><ul><li>Host B receives ACK . TCP connection is ESTABLISHED. </li></ul>
  10. 10. Denial of Service Attacks <ul><li>SYN Flood </li></ul>
  11. 11. Similar Attacks <ul><li>Ack Flood </li></ul><ul><li>Reset (RST) Attack ( Calculate seq </li></ul><ul><li>then RST) – Occurs at the middle of connection </li></ul><ul><li>FIN Attack – At the End state of connection </li></ul>
  12. 12. Spoofing
  13. 13. Denial of Service Attacks <ul><li>Smurf </li></ul>
  14. 14. Denial of Service Attacks <ul><li>Teardrop </li></ul>
  15. 15. Detecting IP spoofing <ul><li>An incoming packet cannot have a source address that belongs to the internal network. </li></ul><ul><li>An outgoing packet cannot have a source address that does not belong to the internal network. </li></ul><ul><li>A packet leaving or entering through a firewall cannot have the same source and destination address. </li></ul>
  16. 16. Denial of Service Attacks <ul><li>DNS Poisoning – Hacking in to registrar account </li></ul><ul><li>Ping of Death - ICMP packet is 65,536 bytes .What if the packet size is more </li></ul>
  17. 18. Firewall Architecture
  18. 19. Masquerading Attacks <ul><li>IP Spoofing </li></ul><ul><li>Session Hijacking </li></ul>
  19. 20. Other Threats <ul><li>Virus - Malicious code. </li></ul><ul><li>Worms- Code spread automatically, usually via the Internet </li></ul><ul><li>Trojan - code hidden on a system to usually gain back door access. </li></ul><ul><li>Phishing </li></ul><ul><li>Spam </li></ul><ul><li>Spy / Ad Ware </li></ul>
  20. 21. Mitigation <ul><li>Up-to-date Patches </li></ul><ul><li>Antivirus Softwares </li></ul><ul><li>Antispam Antiphishing </li></ul><ul><li>Training </li></ul><ul><li>Physical Security </li></ul><ul><li>Logging and Auditing </li></ul><ul><li>Need to know privileges </li></ul>
  21. 22. Incident Response <ul><li>Unplug the network </li></ul><ul><li>Don't turn the computer off. </li></ul><ul><li>Backup the system and keep the Back-ups. </li></ul><ul><li>Investigate the cause </li></ul><ul><li>Always, re-build </li></ul><ul><li>Perform forensics on a backup </li></ul><ul><li>Keep documentation and evidence </li></ul>
  22. 23. Elements of Risks
  23. 24. Symmetric Cryptography
  24. 25. Symmetric examples <ul><li>DES (56) </li></ul><ul><li>3DES </li></ul><ul><li>IDEA (128) </li></ul><ul><li>Blowfish (32 to 448) </li></ul><ul><li>Skipjack (80 bits , for US Government) </li></ul><ul><li>AES (128:9 , 192:11,256:13) </li></ul>
  25. 26. Asymmetric
  26. 27. Asymmetric <ul><li>RSA - 1088 bits </li></ul><ul><li>DSA – 1024 Bits </li></ul><ul><li>EL Gamel </li></ul><ul><li>Elliptic Curve – 160 bits </li></ul>
  27. 28. Comparison
  28. 29. PKI – Public Key Infrastructure <ul><li>Certificate ( Serial , Issuer,Validity,Name , Public Key </li></ul><ul><li>CA – Verisign , Thawte etc </li></ul>
  29. 30. SSL <ul><li>Credibility of the website </li></ul><ul><li>Encrypted communication </li></ul><ul><li>SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate. </li></ul>
  30. 31. Hash Functions <ul><li>Unique output value derived from the content of the message </li></ul><ul><li>SHA1 , MD4 , MD5 </li></ul>
  31. 32. Digital Signature <ul><li>The message truly came from the claimed Sender </li></ul><ul><li>Message was not altered while in </li></ul><ul><li>transit between the sender and recipient </li></ul>
  32. 33. Digital Signatures
  33. 34. VPN <ul><li>Point-to-Point Tunneling Protocol (PPTP) </li></ul><ul><li>Layer 2 Tunneling Protocol (L2TP) </li></ul><ul><li>IPsec </li></ul>
  34. 35. Architecture - Protocols <ul><li>Authentication header (AH): access control, integrity, data origin authentication, confidentiality </li></ul><ul><li>Encapsulating Security Payload (ESP): access control, confidentiality, traffic flow, confidentiality </li></ul><ul><li>Key management protocols: IKE = OAKLEY + ISAKMP, . . . </li></ul>
  35. 36. Cryptographic Algorithms for IPSec <ul><li>HMAC - SHA1 for integrity protection </li></ul><ul><li>Triple DES - for confidentiality </li></ul><ul><li>AES for confidentiality. </li></ul>
  36. 37. Crypto Attacks <ul><li>Man in the Middle </li></ul><ul><li>Birthday Attack : substitute a digitally signed communication a different message that produces the same message digest </li></ul><ul><li>Replay Attack : Same as 1 st one , use the captured session at later time </li></ul><ul><li>Brute Force Attack </li></ul>
  37. 38. Man In The Middle <ul><li>A and B Wants to Communicate each other and C is sniffing the communication. </li></ul><ul><li>What if C captures both public keys and send C’s public key to A & B ? </li></ul>
  38. 39. Birthday Attack <ul><li>Suppose A wants to cheat B while signing the contract </li></ul><ul><li>A prepare 2 contracts C and C’(Fraud) </li></ul><ul><li>F(C’) = F(C) while Hashing the contracts </li></ul><ul><li>B signs the Contract C </li></ul><ul><li>A put the Digital signature of the contract to C’ and can prove that B signed the C’ </li></ul>
  39. 40. Brute Force Attack <ul><li>How long can the key be? </li></ul><ul><li>How many possible values can each component of the key have? </li></ul><ul><li>How long will it take to attempt each key? </li></ul>
  40. 41. Attack Tools <ul><li>dsniff - A tool for SSH and SSL MITM attacks </li></ul><ul><li>Cain - A Windows GUI tool which can perform MITM attacks, along with sniffing and ARP poisoning </li></ul><ul><li>Ettercap - A tool for LAN based MITM attacks </li></ul><ul><li>Karma - A tool that uses 802.11 Evil Twin attacks to perform MITM attacks </li></ul><ul><li>AirJack - A tool that demonstrates 802.11 based MITM attacks </li></ul><ul><li>wsniff - A tool for 802.11 HTTP / HTTPS based MITM attacks </li></ul>
  41. 42. Email Security <ul><li>Secure Multipurpose Internet Mail Extensions (S/MIME) </li></ul><ul><li>Secure Electronic Transaction (SET) RSA & DES </li></ul><ul><li>Privacy Enhanced Mail (PEM) protocol and uses RSA,DES, and X.509 </li></ul><ul><li>Pretty Good Privacy (PGP) - IDEA </li></ul>
  42. 43. Decoy Techniques <ul><li>Honey Pots </li></ul><ul><li>Pseudo-Flaws </li></ul><ul><li>Monitoring & Logging </li></ul><ul><li>Traffic Analysis and trend Analysis </li></ul><ul><li>Sniffing </li></ul><ul><li>Ethical Hacking </li></ul>
  43. 44. Operations Security <ul><li>Backup </li></ul><ul><li>Need to Know and Least Privilege </li></ul><ul><li>Trusted Recovery </li></ul><ul><li>Media management </li></ul><ul><li>Job rotation </li></ul>
  44. 45. BCP & Disaster Recovery <ul><li>Business Impact Assessment </li></ul><ul><li>Risk Assessment </li></ul><ul><li>Risk Acceptance </li></ul><ul><li>Risk Mitigation </li></ul><ul><li>Cold,Warm,Hot Sites </li></ul>
  45. 46. Terms <ul><li>Policies </li></ul><ul><li>Standards </li></ul><ul><li>Baselines </li></ul><ul><li>Guidelines </li></ul><ul><li>Procedures </li></ul>

×