Information and network security

1. Network Security

2. Grading
 Mid Term=
 Assignments =
 Quizzes =
 Term Project/viva/presentation =
 Final Term =
PU Gujranwala

3. The art of war teaches us to rely not
on the likelihood of the enemy's not
coming, but on our own readiness to
receive him; not on the chance of his
not attacking, but rather on the fact
that we have made our position
unassailable.
PU Gujranwala
—The Art of War, Sun Tzu

4. Information Security
What is Information Security…?
PU Gujranwala

5. Information Security
 Information Security is the name given to the
preventive steps we take to guard our
Information and Information System.
 Measures adopted to prevent the
unauthorized access, misuse, modification,
disclosure or destruction.
PU Gujranwala

6. Critical Characteristics of
Information Security
 Confidentiality
 Integrity
 Availability
PU Gujranwala

7. Confidentiality
 Confidentiality is the property of preventing
disclosure of information to unauthorized individuals
or systems.
 Information is available only to people with rightful
access.
 Ensuring that only those with the rights and
privileges to access a particular set of information are
able to do so.
Methods:
Data Encryption
User IDs and Passwords
PU Gujranwala

8. Integrity
 Information can only be changed by authorized
personnel.
 The quality or state of being whole, complete and
uncorrupted is the integrity of information.
 Integrity can be violated by a virus or a user.
 Integrity check can be done through:
 File size
 Checksums for verification of data integrity
 File hashing
PU Gujranwala

9. Availability
 Enables users who need to access information to do
so without interference or obstruction and receive it
in required format.
 The information is available only to the authorized
users all the time.
 Backups and Recovery
 RAID
 Alternate Links
PU Gujranwala

10. Authenticity
 Authenticity of information is the quality or state of
being genuine or original, rather than a reproduction
or fabrication.
PU Gujranwala

11. Privacy
 Privacy-means different things to different people, is
the right to be left alone and right to be free of
unreasonable personal instructions.
 Information privacy – The right to determine when
and up to what extent information about oneself can
be shared with others
 Organizational privacy – Governments agencies,
corporations, and other organizations may desire to
keep their activities or secrets from being revealed to
other organizations or individuals.
PU Gujranwala

12. Components of an Information
System
 Software
 Hardware
 Data
 People
 Procedures
PU Gujranwala

13. Software
 Bugs, Weaknesses and Holes.
 An error or defect in software or hardware that causes a
program to malfunction
 Security Hole (something you need to fix now)
 Security Warning ( something you need to fix soon)
 Security Note (something you need to fix when you get
around to it, or just some information that you should
consider)
 Patches and Service Packs.
 A patch is a piece of software designed to fix problems or
update a computer program and its supporting data. This
includes fixing security vulnerabilities and other bugs.
 A service pack (in short SP) is a collection of updates, fixes
and/or enhancements to a software program delivered in
the form of a single installable package.
PU Gujranwala

14. Hardware
 It Houses and Executes a software.
 Stores and carries the data.
 Provides Interfaces for the entry and removal of
information from the system.
 Physical security policies deal with the H/W.
PU Gujranwala

15. Data
 The most important and valuable thing for any
organization.
 Main object of intentional attacks.
 Must be protected from unauthorized access.
PU Gujranwala

16. People
 All that interact with the System.
 Main threat to information security.
PU Gujranwala

17. Procedures
 Procedures are written instructions for accomplishing
a specific task.
 Mechanism adopted to achieve an objective.
PU Gujranwala

18. What is Network Security?
 Network Security is the protection of networking
components, connections and contents.
 Effort to create a secure computing platform, so
users or programs cannot perform actions that they
are not allowed to do.
PU Gujranwala

19. Network Security as a Continuous
Process
 Network security is a continuous process built around a
security policy.
 Step 1: Secure
 Step 2: Monitor
 Step 3: Test
 Step 4: Improve
PU Gujranwala

20. Step 1: Secure the Network
 Implement security solutions to prevent unauthorized
access and to protect information.
 Authentication
 Encryption
 Firewalls
 Vulnerability Patching
PU Gujranwala

21. Step 2: Monitor Security
 Detects violations to the security policy
 Involves system auditing and real-time intrusion
detection
 Validates the security implementation in
Step 1
PU Gujranwala

22. Step 3: Test Security
 Validates effectiveness of the security policy through
system auditing and network scanning
 Whether the system fulfills the security requirements
or not.
PU Gujranwala

23. Step 4: Improve Security
 Use information from the monitor and test phases to
make improvements to the security implementation.
 Adjust the security policy as security holes and risks
are identified.
PU Gujranwala

24. Terms related to Security
 Assets
 Threats
 Attack
 Vulnerability
 Risk Analysis
 Countermeasures
 Hacking
PU Gujranwala

25. Asset
 An asset is the organizational resource that is being
protected.
 It can be logical like website, information, data.
 It can be physical like computer system or other
tangible object.
PU Gujranwala

26.  Threat
 A person, thing, event or idea which poses some danger to an
asset (in terms of confidentiality, integrity, availability or legitimate
use).
 A possible means by which a security policy may be breached.
 An attack
 An assault against a computer system or network as a result of
deliberate, intelligent action; for example, denial of service attacks,
penetration and sabotage.
 It is a realization of a threat.
Threats and Attack
PU Gujranwala

27.  Vulnerability
 A weakness in the system that can be exploited to cause loss or
harm
 In computer security, the word vulnerability refers to a weakness in
a system allowing an attacker to violate the confidentiality,
integrity, availability ,access control, consistency or audit
mechanisms of the system or the data and applications it hosts
 Control, Countermeasure, safeguard
 An action, device, procedure or technique that removes or reduces
a vulnerability.
PU Gujranwala
Vulnerability and Countermeasure

28. Risk = Threat + Vulnerability
 Threats without vulnerabilities pose no risk.
 Likewise, vulnerabilities without threats pose no risk.
 Risk is the probability that something can happen.
 Risk analysis can be quantitative or qualitative.
PU Gujranwala

29. Cont…
 Risk can be qualitatively defined in three levels:
 Low- Action to remove the vulnerability should be taken if possible
 Medium- Action to remove the vulnerability is advisable
 High- Action should be taken immediately to remove this
vulnerability
PU Gujranwala

30. Hacking
 Can be defined positively and negatively:
 To write computer programs for enjoyment.
 To gain access to a computer illegally.
 A person who writes programs in assembly language or in system-
level languages, such as C. The term often refers to any
programmer, but its true meaning is someone with a strong
technical background who is "hacking away" at the bits and bytes.
 During the 1990s, the term "hacker" became synonymous with
"cracker," which is a person who performs some form of computer
sabotage. The association is understandable. In order to be an
effective cracker, you had to be a good hacker, thus the terms got
intertwined, and hacker won out in the popular press.
PU Gujranwala

31. Summary
What we have studied:
 What is Information Security?
 What is Network Security?
 Assets, Threats and Countermeasures.
PU Gujranwala