SlideShare a Scribd company logo

information security (Audit mechanism, intrusion detection, password management, and security))

Download as PPTX, PDF
Z
Zara Nawaz

this slides contains the contents of Audit mechanism, intrusion detection, password management, general principals of system security and IP security

Education
1 of 35
Information Security Audit mechanism, intrusion detection, password management, General principles of system security, IP security
Types of Security Audits • Our security services can be executed in various different approaches that are intended to meet the business requirements of different companies and market segments. Each approach has its own benefits and drawbacks and the right approach for any particular organization depends on their objective for carrying out the audit along with their key concerns and risk areas.
Black Box Security Audit • In the Black Box Security Audit, our team will only have access to publicly accessible information about the target environment. This type of test aims to simulate the real-world scenario of external attackers targeting and attempting to compromise your systems. • Black Box testing has the benefit of perfectly simulating a motivated external attacker that has zero-knowledge of your operations and IT infrastructure. It gives you an insight of the robustness of your information security controls when under targeted attack by malicious intruders.
White Box Security Audit • In this approach our team would have as much information as possible about the target environment, such as an actual employee would possess. This approach is designed to prepare for a worst-case-scenario where an attacker has in-depth information about your infrastructure. • White Box testing allows you to prepare for scenarios such as insider threats or an attacker that has obtained detailed internal information. This process usually reveals more vulnerabilities and is much faster since the audit team has transparent access to key information and details required for attacking the organization. Additionally, it extends the testing boundaries to areas such as source code audit, application design review etc. which are not usually covered by a traditional black-box audit.
Grey Box Security Audit • In a Grey Box Security Audit our team would be given partial information about the target environment, such that could be identified by a motivated attacker. Documents provided could include policy documents, network diagrams and other valuable information. This approach aims to deliver a cost-effective audit while focusing on areas that are important to your organization. • Grey Box testing allows you to accurately simulate the threat from an attacker that has been able to gain partial information about your infrastructure. The audit prepares you for a scenario where certain details or information have been leaked by social engineering or other offline threats.
Intrusion Detection System (IDS) • An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. It is a software application that scans a network or a system for harmful activity or policy breaching. Any malicious venture or violation is normally reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system integrates outputs from multiple sources and uses alarm filtering techniques to differentiate malicious activity from false alarms. • Although intrusion detection systems monitor networks for potentially malicious activity, they are also disposed to false alarms. Hence, organizations need to fine-tune their IDS products when they first install them. It means properly setting up the intrusion detection systems to recognize what normal traffic on the network looks like as compared to malicious activity.
Classification of Intrusion Detection System: IDS are classified into 5 types: • Network Intrusion Detection System (NIDS): Network intrusion detection systems (NIDS) are set up at a planned point within the network to examine traffic from all devices on the network. It performs an observation of passing traffic on the entire subnet and matches the traffic that is passed on the subnets to the collection of known attacks. Once an attack is identified or abnormal behavior is observed, the alert can be sent to the administrator. An example of an NIDS is installing it on the subnet where firewalls are located in order to see if someone is trying crack the firewall.
Classification of Intrusion Detection System: • Host Intrusion Detection System (HIDS): Host intrusion detection systems (HIDS) run on independent hosts or devices on the network. A HIDS monitors the incoming and outgoing packets from the device only and will alert the administrator if suspicious or malicious activity is detected. It takes a snapshot of existing system files and compares it with the previous snapshot. If the analytical system files were edited or deleted, an alert is sent to the administrator to investigate. An example of HIDS usage can be seen on mission critical machines, which are not expected to change their layout. •
Classification of Intrusion Detection System: • Protocol-based Intrusion Detection System (PIDS): Protocol-based intrusion detection system (PIDS) comprises of a system or agent that would consistently resides at the front end of a server, controlling and interpreting the protocol between a user/device and the server. It is trying to secure the web server by regularly monitoring the HTTPS protocol stream and accept the related HTTP protocol. As HTTPS is un-encrypted and before instantly entering its web presentation layer then this system would need to reside in this interface, between to use the HTTPS.
Classification of Intrusion Detection System: • Application Protocol-based Intrusion Detection System (APIDS): Application Protocol-based Intrusion Detection System (APIDS) is a system or agent that generally resides within a group of servers. It identifies the intrusions by monitoring and interpreting the communication on application specific protocols. For example, this would monitor the SQL protocol explicit to the middleware as it transacts with the database in the web server.
Classification of Intrusion Detection System: • Hybrid Intrusion Detection System : Hybrid intrusion detection system is made by the combination of two or more approaches of the intrusion detection system. In the hybrid intrusion detection system, host agent or system data is combined with network information to develop a complete view of the network system. Hybrid intrusion detection system is more effective in comparison to the other intrusion detection system. Prelude is an example of Hybrid IDS.
Detection Method of IDS: • Signature-based Method: Signature-based IDS detects the attacks on the basis of the specific patterns such as number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects on the basis of the already known malicious instruction sequence that is used by the malware. The detected patterns in the IDS are known as signatures.Signature-based IDS can easily detect the attacks whose pattern (signature) already exists in system but it is quite difficult to detect the new malware attacks as their pattern (signature) is not known.
Detection Method of IDS: • Anomaly-based Method: Anomaly-based IDS was introduced to detect the unknown malware attacks as new malware are developed rapidly. In anomaly-based IDS there is use of machine learning to create a trustful activity model and anything coming is compared with that model and it is declared suspicious if it is not found in model. Machine learning based method has a better generalized property in comparison to signature-based IDS as these models can be trained according to the applications and hardware configurations.
Comparison of IDS with Firewalls: IDS and firewall both are related to the network security but an IDS differs from a firewall as a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls restrict access between networks to prevent intrusion and if an attack is from inside the network it don’t signal. An IDS describes a suspected intrusion once it has happened and then signals an alarm.
password management • Passwords are a set of strings provided by users at the authentication prompts of web accounts. Although passwords still remain as one of the most secure methods of authentication available to date, they are subjected to a number of security threats when mishandled. The role of password management comes in handy there. Password management is a set of principles and best practices to be followed by users while storing and managing passwords in an efficient manner to secure passwords as much as they can to prevent unauthorized access.
What are the challenges in password management? • There are many challenges in securing passwords in this digital era. When the number of web services used by individuals are increasing year-over-year on one end, the number of cyber crimes is also skyrocketing on the other end. Here are a few common threats to protecting our passwords: • Login spoofing - Passwords are illegally collected through a fake login page by cybercriminals. • Sniffing attack - Passwords are stolen using illegal network access and with tools like key loggers. • Shoulder surfing attack - Stealing passwords when someone types them, at times using a micro-camera and gaining access to user data. • Brute force attack - Stealing passwords with the help of automated tools and gaining access to user data. • Data breach - Stealing login credentials and other confidential data directly from the website database. • All of these threats create an opportunity for attackers to steal user passwords and enjoy unlimited access benefits. Let's take a look at how individuals and businesses typically manage their passwords.
Traditional methods of password management • Writing down passwords on sticky notes, post-its, etc. • Sharing them via spreadsheets, email, telephone, etc. • Using simple and easy to guess passwords • Reusing them for all web applications • Often forgetting passwords and seeking the help of 'Forgot Password' option
How to manage passwords • Use strong and unique passwords for all websites and applications • Reset passwords at regular intervals • Configure two-factor authentication for all accounts • Securely share passwords with friends, family, and colleagues • Store all enterprise passwords in one place and enforce secure password policies within the business environment • Periodically review the violations and take necessary actions.
Basic principles of system security • Security is a constant worry when it comes to information technology. Data theft, hacking, malware and a host of other threats are enough to keep any IT professional up at night. In this article, we’ll look at the basic principles and best practices that IT professionals use to keep their systems safe.
The Goal of Information Security • Information security follows three overarching principles: • Confidentiality: This means that information is only being seen or used by people who are authorized to access it. • Integrity: This means that any changes to the information by an unauthorized user are impossible (or at least detected), and changes by authorized users are tracked. • Availability: This means that the information is accessible when authorized users need it.
Basic Principals of system Security • Information security in today’s data-centric world is centered on the “CIA triad” to ensure the safe and smooth storage, flow, and utilization of information. The CIA triad refers to the core principles of information security, which include Confidentiality, Integrity, and Availability (CIA) – nothing to do with the clandestine federal spy agency brilliantly shown in the amazing recent movie of American Assassin. • The CIA triad primarily comprises four information security layers. These layers represent how systems make communication and how data flows within the systems.
• Application Access • The layer of application access indicates that access to user applications must be restricted on a need-to-know basis. • Infrastructure Access • The layer of infrastructure access indicates that access to various components of the information infrastructure (such as servers) must be restricted on a need-to-know basis. • Physical Access • The layer of physical access indicates that physical access to systems, servers, data centers, or other physical objects that store vital information must be restricted on a need-to-know basis. • Data-in-Motion • The layer of data-in-motion indicates that data access must be restricted while it is in the process of transfer (or in motion).
First Principle: Confidentiality • The principle of confidentiality says that information must remain out of bounds or hidden from individuals or organizations that do not have the authorization to access it. This principle essentially dictates that information must solely be accessed by people with legitimate privileges. It not only takes science, but also art to ensure the sanctity of this principle. • The challenge is that it is easy to breach confidentiality, particularly in larger organizations. Therefore, all employees of a company or members of an organization must be made aware of their duty and responsibility to maintain confidentiality regarding the information shared with them as part of their work. • Confidentiality is sanctimonious, and easy to breach. For example, if an employee in an organization allows someone to have a glimpse of his computer screen, which may at the moment be displaying some confidential information, he may have already committed a confidentiality breach. A former secretary of state knows all about classified email breaches but we will not dive into that!
Second Principle: Integrity • The second principle involves the integrity of information. The information or data must have a level of integrity that prevents it from getting easily breached. • Data Encryption • Encryption is a widely established method of protecting data in motion (transit), but now it is also increasingly accepted as a way to preserve the integrity of the data at rest as well. The process of encryption involves altering the data present in the files into bits of unreadable character that cannot be deciphered unless a decode key is provided. • In the manual encryption process, the user employs a software program to initiate the data encryption. In case of transparent encryption, the data gets encrypted automatically with no intervention from the user. • The symmetric encryption process takes place by substituting characters with a key that becomes the only means to decrypt the bits of data. Conversely, the process of symmetric encryption is employed when two keys are involved: a private key and a public key.
How to Preserve Information Integrity Effectively? • Follow these five essential tips to preserve data integrity: • • Encrypt your data: If you ensure data encryption, a third party will be unable to read or use it, even if the data becomes available to them. • Use two-factor authentication: If access to your data requires two-factor authentication, it will bolster the safety of your confidential information and reduce the risk of data leaks. • Encrypt interactions: As a first step, you must configure your communication program or IM to use TSL or SSL. Secondly, disable the feature that allows logging into conversation history. Thirdly, create encryption for your Internet traffic because it could be intercepted. • Protect your keys: Safeguard your keys with a foolproof system in place. In many cases, access to your keys can be equal to access to your data. • Create information backup and ensure it is safe: Data backup should be available and accessible, but in encrypted form and stored away in a secure location.
Third Principle: Availability • The third guiding principle relates to information availability and underscores the importance of securing information in a location where unauthorized entities cannot access it, and data breaches can be minimized. • Some of the typical ways in which confidential information gets leaked relate to the faulty handling of the available information. These ways may include: • • Theft of physical equipment, such as a PC, laptop, mobile device, or paper. • Incorrect disposal of paper or digitally stored data. • Unauthorized or negligent disclosure of access controls or authentication keys. • Information leak due to poor understanding of a legal agreement of confidentiality. • Misplacing information due to negligence. • Hacking or illegal data security breach.
How to Ensure Information Access is Secure? • • Create Firewalls: Firewalls could include both hardware and software based defenses that are created to block unsolicited protocols, connections, unauthorized network activity and other malicious attempts while you are linked to an external network (typically the Internet). • Install Proxy Servers: A proxy server is designed to control what the outside world sees of your network. This is a type of smoke screen that can disguise your actual network and present a minimal Internet connection. • Use Routers: Control network through routers, which like a firewall, could include an access list to deny or permit access into your network. • Implement Network Controls: This implementation is done at the local level, and includes authentication in the form of login and password. • Install Software Controls: These can block any malware from penetrating your equipment. If a malware enters the system, these controls will work to eliminate the infection and restore the system to its pre-infestation condition. • Use Data Encryption
How to Ensure Information Access is Secure? • The fundamental CIA principles remain unchanged over time, but the compliance methodologies to follow these guiding principles of information security continually change with the evolution of technology and the constant development of new vulnerabilities and threats. Continuous efforts are essential to ensure adherence to the principles of confidentiality, integrity, and availability of information at all times.
IP security (IPSec) • The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality. It also defines the encrypted, decrypted and authenticated packets. The protocols needed for secure key exchange and key management are defined in it.
Uses of IP Security – IPsec can be used to do the following things: • To encrypt application layer data. • To provide security for routers sending routing data across the public internet. • To provide authentication without encryption, like to authenticate that the data originates from a known sender. • To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection.
Components of IP Security – • It has the following components: • Encapsulating Security Payload (ESP) – It provides data integrity, encryption, authentication and anti replay. It also provides authentication for payload. • Authentication Header (AH) – It also provides data integrity, authentication and anti replay and it does not provide encryption. The anti replay protection, protects against unauthorized transmission of packets. It does not protect data’s confidentiality. •
Components of IP Security – • Internet Key Exchange (IKE) – • It is a network security protocol designed to dynamically exchange encryption keys and find a way over Security Association (SA) between 2 devices. The Security Association (SA) establishes shared security attributes between 2 network entities to support secure communication. The Key Management Protocol (ISAKMP) and Internet Security Association which provides a framework for authentication and key exchange. ISAKMP tells how the set up of the Security Associations (SAs) and how direct connections between two hosts that are using IPsec.Internet Key Exchange (IKE) provides message content protection and also an open frame for implementing standard algorithms such as SHA and MD5. The algorithm’s IP sec users produces a unique identifier for each packet. This identifier then allows a device to determine whether a packet has been correct or not. Packets which are not authorized are discarded and not given to receiver.
Working of IP Security – • The host checks if the packet should be transmitted using IPsec or not. These packet traffic triggers the security policy for themselves. This is done when the system sending the packet apply an appropriate encryption. The incoming packets are also checked by the host that they are encrypted properly or not. • Then the IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate themselves to each other to start a secure channel. It has 2 modes. The Main mode which provides the greater security and the Aggressive mode which enables the host to establish an IPsec circuit more quickly. • The channel created in the last step is then used to securely negotiate the way the IP circuit will encrypt data accross the IP circuit.
Working of IP Security – • Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts negotiate the type of cryptographic algorithms to use on the session and agreeing on secret keying material to be used with those algorithms. • Then the data is exchanged across the newly created IPsec encrypted tunnel. These packets are encrypted and decrypted by the hosts using IPsec SAs. • When the communication between the hosts is completed or the session times out then the IPsec tunnel is terminated by discarding the keys by both the hosts.

Recommended

information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
Enterprise IT Security Audit | Cyber Security Services
Enterprise IT Security Audit | Cyber Security ServicesEnterprise IT Security Audit | Cyber Security Services
Enterprise IT Security Audit | Cyber Security Services
Akshay Kurhade
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
Alan Holyoke
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
Piyush Jain
 

Recommended

information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
Enterprise IT Security Audit | Cyber Security Services
Enterprise IT Security Audit | Cyber Security ServicesEnterprise IT Security Audit | Cyber Security Services
Enterprise IT Security Audit | Cyber Security Services
Akshay Kurhade
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
Alan Holyoke
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
Piyush Jain
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklistbackdoor
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Network Security: Physical security
Network Security: Physical security Network Security: Physical security
Network Security: Physical security
lalithambiga kamaraj
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG Report
Priyanka Aash
 
Security and management
Security and managementSecurity and management
Security and management
ArtiSolanki5
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.
Computer engineering company
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
Satya P. Joshi
 
Security technologies
Security technologiesSecurity technologies
Security technologies
Dhani Ahmad
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
KATHEESKUMAR S
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
joevest
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
CloudIDSummit
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)
Zara Nawaz
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer13
 
Unit4 next
Unit4 nextUnit4 next
Unit4 next
Integral university, India
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commerce
hidivin652
 

More Related Content

What's hot

Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklistbackdoor
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Network Security: Physical security
Network Security: Physical security Network Security: Physical security
Network Security: Physical security
lalithambiga kamaraj
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG Report
Priyanka Aash
 
Security and management
Security and managementSecurity and management
Security and management
ArtiSolanki5
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.
Computer engineering company
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
Satya P. Joshi
 
Security technologies
Security technologiesSecurity technologies
Security technologies
Dhani Ahmad
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
KATHEESKUMAR S
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
joevest
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
CloudIDSummit
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)
Zara Nawaz
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer13
 

What's hot (20)

Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
Network Security: Physical security
Network Security: Physical security Network Security: Physical security
Network Security: Physical security
 
Information security management
Information security managementInformation security management
Information security management
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG Report
 
Security and management
Security and managementSecurity and management
Security and management
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
 
Security technologies
Security technologiesSecurity technologies
Security technologies
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
CIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control ConvergenceCIS14: Physical and Logical Access Control Convergence
CIS14: Physical and Logical Access Control Convergence
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet Security
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
Unit4 next
Unit4 nextUnit4 next
Unit4 next
 

Similar to information security (Audit mechanism, intrusion detection, password management, and security))

Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commerce
hidivin652
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
SriK49
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
FumikageTokoyami4
 
Network and web security
Network and web securityNetwork and web security
Network and web security
Nitesh Saitwal
 
idps
idpsidps
idps
iskrene
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptx
DrRajapraveen
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
TikdiPatel
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention
MohammedAlmuhaimeed
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
thilakrajc
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
IDS (intrusion detection system)
IDS (intrusion detection system)IDS (intrusion detection system)
IDS (intrusion detection system)
Netwax Lab
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
SAurabh PRajapati
 
Intrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemIntrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention system
salutiontechnology
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
RoyBokhiriya
 
Presentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptxPresentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptx
Yash Sharma
 
Ids
IdsIds
Ids
Savyasachi14
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
useonlyfortech140
 
IDS VS IPS.pptx
IDS VS IPS.pptxIDS VS IPS.pptx
IDS VS IPS.pptx
Tapan Khilar
 

Similar to information security (Audit mechanism, intrusion detection, password management, and security)) (20)

Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
Securing E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-CommerceSecuring E-commerce networks in MIS and E-Commerce
Securing E-commerce networks in MIS and E-Commerce
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
idps
idpsidps
idps
 
Information Security.pptx
Information Security.pptxInformation Security.pptx
Information Security.pptx
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
 
The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention The way of network intrusion and their detection and prevention
The way of network intrusion and their detection and prevention
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdfFALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
FALLSEM2023-24_CSE3501_ETH_VL2023240102981_2023-09-04_Reference-Material-I.pdf
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
IDS (intrusion detection system)
IDS (intrusion detection system)IDS (intrusion detection system)
IDS (intrusion detection system)
 
IDS n IPS
IDS n IPSIDS n IPS
IDS n IPS
 
Intrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemIntrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention system
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
 
Presentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptxPresentation (3) cybersecurity wd imp.pptx
Presentation (3) cybersecurity wd imp.pptx
 
Ids
IdsIds
Ids
 
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.pptFALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
FALLSEM2023-24_BCSE353E_ETH_VL2023240100871_2023-05-25_Reference-Material-I.ppt
 
IDS VS IPS.pptx
IDS VS IPS.pptxIDS VS IPS.pptx
IDS VS IPS.pptx
 

More from Zara Nawaz

Translation Look Aside buffer
Translation Look Aside buffer Translation Look Aside buffer
Translation Look Aside buffer
Zara Nawaz
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
Zara Nawaz
 
information security(Public key encryption its characteristics and weakness, ...
information security(Public key encryption its characteristics and weakness, ...information security(Public key encryption its characteristics and weakness, ...
information security(Public key encryption its characteristics and weakness, ...
Zara Nawaz
 
information security(Feistal Cipher)
information security(Feistal Cipher)information security(Feistal Cipher)
information security(Feistal Cipher)
Zara Nawaz
 
Information security (Symmetric encryption, cryptography, crypto-analysis)
Information security (Symmetric encryption, cryptography, crypto-analysis)Information security (Symmetric encryption, cryptography, crypto-analysis)
Information security (Symmetric encryption, cryptography, crypto-analysis)
Zara Nawaz
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)
Zara Nawaz
 
Lecture01 algorithm analysis
Lecture01 algorithm analysisLecture01 algorithm analysis
Lecture01 algorithm analysis
Zara Nawaz
 
Information Security (Digital Signatures)
Information Security (Digital Signatures)Information Security (Digital Signatures)
Information Security (Digital Signatures)
Zara Nawaz
 

More from Zara Nawaz (8)

Translation Look Aside buffer
Translation Look Aside buffer Translation Look Aside buffer
Translation Look Aside buffer
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
information security(Public key encryption its characteristics and weakness, ...
information security(Public key encryption its characteristics and weakness, ...information security(Public key encryption its characteristics and weakness, ...
information security(Public key encryption its characteristics and weakness, ...
 
information security(Feistal Cipher)
information security(Feistal Cipher)information security(Feistal Cipher)
information security(Feistal Cipher)
 
Information security (Symmetric encryption, cryptography, crypto-analysis)
Information security (Symmetric encryption, cryptography, crypto-analysis)Information security (Symmetric encryption, cryptography, crypto-analysis)
Information security (Symmetric encryption, cryptography, crypto-analysis)
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)
 
Lecture01 algorithm analysis
Lecture01 algorithm analysisLecture01 algorithm analysis
Lecture01 algorithm analysis
 
Information Security (Digital Signatures)
Information Security (Digital Signatures)Information Security (Digital Signatures)
Information Security (Digital Signatures)
 

Recently uploaded

Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
Excellence Foundation for South Sudan
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
PedroFerreira53928
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
Steve Thomason
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
Col Mukteshwar Prasad
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 

Recently uploaded (20)

Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 

information security (Audit mechanism, intrusion detection, password management, and security))

  • 1. Information Security Audit mechanism, intrusion detection, password management, General principles of system security, IP security
  • 2. Types of Security Audits • Our security services can be executed in various different approaches that are intended to meet the business requirements of different companies and market segments. Each approach has its own benefits and drawbacks and the right approach for any particular organization depends on their objective for carrying out the audit along with their key concerns and risk areas.
  • 3. Black Box Security Audit • In the Black Box Security Audit, our team will only have access to publicly accessible information about the target environment. This type of test aims to simulate the real-world scenario of external attackers targeting and attempting to compromise your systems. • Black Box testing has the benefit of perfectly simulating a motivated external attacker that has zero-knowledge of your operations and IT infrastructure. It gives you an insight of the robustness of your information security controls when under targeted attack by malicious intruders.
  • 4. White Box Security Audit • In this approach our team would have as much information as possible about the target environment, such as an actual employee would possess. This approach is designed to prepare for a worst-case-scenario where an attacker has in-depth information about your infrastructure. • White Box testing allows you to prepare for scenarios such as insider threats or an attacker that has obtained detailed internal information. This process usually reveals more vulnerabilities and is much faster since the audit team has transparent access to key information and details required for attacking the organization. Additionally, it extends the testing boundaries to areas such as source code audit, application design review etc. which are not usually covered by a traditional black-box audit.
  • 5. Grey Box Security Audit • In a Grey Box Security Audit our team would be given partial information about the target environment, such that could be identified by a motivated attacker. Documents provided could include policy documents, network diagrams and other valuable information. This approach aims to deliver a cost-effective audit while focusing on areas that are important to your organization. • Grey Box testing allows you to accurately simulate the threat from an attacker that has been able to gain partial information about your infrastructure. The audit prepares you for a scenario where certain details or information have been leaked by social engineering or other offline threats.
  • 6. Intrusion Detection System (IDS) • An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. It is a software application that scans a network or a system for harmful activity or policy breaching. Any malicious venture or violation is normally reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system integrates outputs from multiple sources and uses alarm filtering techniques to differentiate malicious activity from false alarms. • Although intrusion detection systems monitor networks for potentially malicious activity, they are also disposed to false alarms. Hence, organizations need to fine-tune their IDS products when they first install them. It means properly setting up the intrusion detection systems to recognize what normal traffic on the network looks like as compared to malicious activity.
  • 7. Classification of Intrusion Detection System: IDS are classified into 5 types: • Network Intrusion Detection System (NIDS): Network intrusion detection systems (NIDS) are set up at a planned point within the network to examine traffic from all devices on the network. It performs an observation of passing traffic on the entire subnet and matches the traffic that is passed on the subnets to the collection of known attacks. Once an attack is identified or abnormal behavior is observed, the alert can be sent to the administrator. An example of an NIDS is installing it on the subnet where firewalls are located in order to see if someone is trying crack the firewall.
  • 8. Classification of Intrusion Detection System: • Host Intrusion Detection System (HIDS): Host intrusion detection systems (HIDS) run on independent hosts or devices on the network. A HIDS monitors the incoming and outgoing packets from the device only and will alert the administrator if suspicious or malicious activity is detected. It takes a snapshot of existing system files and compares it with the previous snapshot. If the analytical system files were edited or deleted, an alert is sent to the administrator to investigate. An example of HIDS usage can be seen on mission critical machines, which are not expected to change their layout. •
  • 9. Classification of Intrusion Detection System: • Protocol-based Intrusion Detection System (PIDS): Protocol-based intrusion detection system (PIDS) comprises of a system or agent that would consistently resides at the front end of a server, controlling and interpreting the protocol between a user/device and the server. It is trying to secure the web server by regularly monitoring the HTTPS protocol stream and accept the related HTTP protocol. As HTTPS is un-encrypted and before instantly entering its web presentation layer then this system would need to reside in this interface, between to use the HTTPS.
  • 10. Classification of Intrusion Detection System: • Application Protocol-based Intrusion Detection System (APIDS): Application Protocol-based Intrusion Detection System (APIDS) is a system or agent that generally resides within a group of servers. It identifies the intrusions by monitoring and interpreting the communication on application specific protocols. For example, this would monitor the SQL protocol explicit to the middleware as it transacts with the database in the web server.
  • 11. Classification of Intrusion Detection System: • Hybrid Intrusion Detection System : Hybrid intrusion detection system is made by the combination of two or more approaches of the intrusion detection system. In the hybrid intrusion detection system, host agent or system data is combined with network information to develop a complete view of the network system. Hybrid intrusion detection system is more effective in comparison to the other intrusion detection system. Prelude is an example of Hybrid IDS.
  • 12. Detection Method of IDS: • Signature-based Method: Signature-based IDS detects the attacks on the basis of the specific patterns such as number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects on the basis of the already known malicious instruction sequence that is used by the malware. The detected patterns in the IDS are known as signatures.Signature-based IDS can easily detect the attacks whose pattern (signature) already exists in system but it is quite difficult to detect the new malware attacks as their pattern (signature) is not known.
  • 13. Detection Method of IDS: • Anomaly-based Method: Anomaly-based IDS was introduced to detect the unknown malware attacks as new malware are developed rapidly. In anomaly-based IDS there is use of machine learning to create a trustful activity model and anything coming is compared with that model and it is declared suspicious if it is not found in model. Machine learning based method has a better generalized property in comparison to signature-based IDS as these models can be trained according to the applications and hardware configurations.
  • 14. Comparison of IDS with Firewalls: IDS and firewall both are related to the network security but an IDS differs from a firewall as a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls restrict access between networks to prevent intrusion and if an attack is from inside the network it don’t signal. An IDS describes a suspected intrusion once it has happened and then signals an alarm.
  • 15. password management • Passwords are a set of strings provided by users at the authentication prompts of web accounts. Although passwords still remain as one of the most secure methods of authentication available to date, they are subjected to a number of security threats when mishandled. The role of password management comes in handy there. Password management is a set of principles and best practices to be followed by users while storing and managing passwords in an efficient manner to secure passwords as much as they can to prevent unauthorized access.
  • 16. What are the challenges in password management? • There are many challenges in securing passwords in this digital era. When the number of web services used by individuals are increasing year-over-year on one end, the number of cyber crimes is also skyrocketing on the other end. Here are a few common threats to protecting our passwords: • Login spoofing - Passwords are illegally collected through a fake login page by cybercriminals. • Sniffing attack - Passwords are stolen using illegal network access and with tools like key loggers. • Shoulder surfing attack - Stealing passwords when someone types them, at times using a micro-camera and gaining access to user data. • Brute force attack - Stealing passwords with the help of automated tools and gaining access to user data. • Data breach - Stealing login credentials and other confidential data directly from the website database. • All of these threats create an opportunity for attackers to steal user passwords and enjoy unlimited access benefits. Let's take a look at how individuals and businesses typically manage their passwords.
  • 17. Traditional methods of password management • Writing down passwords on sticky notes, post-its, etc. • Sharing them via spreadsheets, email, telephone, etc. • Using simple and easy to guess passwords • Reusing them for all web applications • Often forgetting passwords and seeking the help of 'Forgot Password' option
  • 18. How to manage passwords • Use strong and unique passwords for all websites and applications • Reset passwords at regular intervals • Configure two-factor authentication for all accounts • Securely share passwords with friends, family, and colleagues • Store all enterprise passwords in one place and enforce secure password policies within the business environment • Periodically review the violations and take necessary actions.
  • 19. Basic principles of system security • Security is a constant worry when it comes to information technology. Data theft, hacking, malware and a host of other threats are enough to keep any IT professional up at night. In this article, we’ll look at the basic principles and best practices that IT professionals use to keep their systems safe.
  • 20. The Goal of Information Security • Information security follows three overarching principles: • Confidentiality: This means that information is only being seen or used by people who are authorized to access it. • Integrity: This means that any changes to the information by an unauthorized user are impossible (or at least detected), and changes by authorized users are tracked. • Availability: This means that the information is accessible when authorized users need it.
  • 21.
  • 22. Basic Principals of system Security • Information security in today’s data-centric world is centered on the “CIA triad” to ensure the safe and smooth storage, flow, and utilization of information. The CIA triad refers to the core principles of information security, which include Confidentiality, Integrity, and Availability (CIA) – nothing to do with the clandestine federal spy agency brilliantly shown in the amazing recent movie of American Assassin. • The CIA triad primarily comprises four information security layers. These layers represent how systems make communication and how data flows within the systems.
  • 23. • Application Access • The layer of application access indicates that access to user applications must be restricted on a need-to-know basis. • Infrastructure Access • The layer of infrastructure access indicates that access to various components of the information infrastructure (such as servers) must be restricted on a need-to-know basis. • Physical Access • The layer of physical access indicates that physical access to systems, servers, data centers, or other physical objects that store vital information must be restricted on a need-to-know basis. • Data-in-Motion • The layer of data-in-motion indicates that data access must be restricted while it is in the process of transfer (or in motion).
  • 24. First Principle: Confidentiality • The principle of confidentiality says that information must remain out of bounds or hidden from individuals or organizations that do not have the authorization to access it. This principle essentially dictates that information must solely be accessed by people with legitimate privileges. It not only takes science, but also art to ensure the sanctity of this principle. • The challenge is that it is easy to breach confidentiality, particularly in larger organizations. Therefore, all employees of a company or members of an organization must be made aware of their duty and responsibility to maintain confidentiality regarding the information shared with them as part of their work. • Confidentiality is sanctimonious, and easy to breach. For example, if an employee in an organization allows someone to have a glimpse of his computer screen, which may at the moment be displaying some confidential information, he may have already committed a confidentiality breach. A former secretary of state knows all about classified email breaches but we will not dive into that!
  • 25. Second Principle: Integrity • The second principle involves the integrity of information. The information or data must have a level of integrity that prevents it from getting easily breached. • Data Encryption • Encryption is a widely established method of protecting data in motion (transit), but now it is also increasingly accepted as a way to preserve the integrity of the data at rest as well. The process of encryption involves altering the data present in the files into bits of unreadable character that cannot be deciphered unless a decode key is provided. • In the manual encryption process, the user employs a software program to initiate the data encryption. In case of transparent encryption, the data gets encrypted automatically with no intervention from the user. • The symmetric encryption process takes place by substituting characters with a key that becomes the only means to decrypt the bits of data. Conversely, the process of symmetric encryption is employed when two keys are involved: a private key and a public key.
  • 26. How to Preserve Information Integrity Effectively? • Follow these five essential tips to preserve data integrity: • • Encrypt your data: If you ensure data encryption, a third party will be unable to read or use it, even if the data becomes available to them. • Use two-factor authentication: If access to your data requires two-factor authentication, it will bolster the safety of your confidential information and reduce the risk of data leaks. • Encrypt interactions: As a first step, you must configure your communication program or IM to use TSL or SSL. Secondly, disable the feature that allows logging into conversation history. Thirdly, create encryption for your Internet traffic because it could be intercepted. • Protect your keys: Safeguard your keys with a foolproof system in place. In many cases, access to your keys can be equal to access to your data. • Create information backup and ensure it is safe: Data backup should be available and accessible, but in encrypted form and stored away in a secure location.
  • 27. Third Principle: Availability • The third guiding principle relates to information availability and underscores the importance of securing information in a location where unauthorized entities cannot access it, and data breaches can be minimized. • Some of the typical ways in which confidential information gets leaked relate to the faulty handling of the available information. These ways may include: • • Theft of physical equipment, such as a PC, laptop, mobile device, or paper. • Incorrect disposal of paper or digitally stored data. • Unauthorized or negligent disclosure of access controls or authentication keys. • Information leak due to poor understanding of a legal agreement of confidentiality. • Misplacing information due to negligence. • Hacking or illegal data security breach.
  • 28. How to Ensure Information Access is Secure? • • Create Firewalls: Firewalls could include both hardware and software based defenses that are created to block unsolicited protocols, connections, unauthorized network activity and other malicious attempts while you are linked to an external network (typically the Internet). • Install Proxy Servers: A proxy server is designed to control what the outside world sees of your network. This is a type of smoke screen that can disguise your actual network and present a minimal Internet connection. • Use Routers: Control network through routers, which like a firewall, could include an access list to deny or permit access into your network. • Implement Network Controls: This implementation is done at the local level, and includes authentication in the form of login and password. • Install Software Controls: These can block any malware from penetrating your equipment. If a malware enters the system, these controls will work to eliminate the infection and restore the system to its pre-infestation condition. • Use Data Encryption
  • 29. How to Ensure Information Access is Secure? • The fundamental CIA principles remain unchanged over time, but the compliance methodologies to follow these guiding principles of information security continually change with the evolution of technology and the constant development of new vulnerabilities and threats. Continuous efforts are essential to ensure adherence to the principles of confidentiality, integrity, and availability of information at all times.
  • 30. IP security (IPSec) • The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols between 2 communication points across the IP network that provide data authentication, integrity, and confidentiality. It also defines the encrypted, decrypted and authenticated packets. The protocols needed for secure key exchange and key management are defined in it.
  • 31. Uses of IP Security – IPsec can be used to do the following things: • To encrypt application layer data. • To provide security for routers sending routing data across the public internet. • To provide authentication without encryption, like to authenticate that the data originates from a known sender. • To protect network data by setting up circuits using IPsec tunneling in which all data is being sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection.
  • 32. Components of IP Security – • It has the following components: • Encapsulating Security Payload (ESP) – It provides data integrity, encryption, authentication and anti replay. It also provides authentication for payload. • Authentication Header (AH) – It also provides data integrity, authentication and anti replay and it does not provide encryption. The anti replay protection, protects against unauthorized transmission of packets. It does not protect data’s confidentiality. •
  • 33. Components of IP Security – • Internet Key Exchange (IKE) – • It is a network security protocol designed to dynamically exchange encryption keys and find a way over Security Association (SA) between 2 devices. The Security Association (SA) establishes shared security attributes between 2 network entities to support secure communication. The Key Management Protocol (ISAKMP) and Internet Security Association which provides a framework for authentication and key exchange. ISAKMP tells how the set up of the Security Associations (SAs) and how direct connections between two hosts that are using IPsec.Internet Key Exchange (IKE) provides message content protection and also an open frame for implementing standard algorithms such as SHA and MD5. The algorithm’s IP sec users produces a unique identifier for each packet. This identifier then allows a device to determine whether a packet has been correct or not. Packets which are not authorized are discarded and not given to receiver.
  • 34. Working of IP Security – • The host checks if the packet should be transmitted using IPsec or not. These packet traffic triggers the security policy for themselves. This is done when the system sending the packet apply an appropriate encryption. The incoming packets are also checked by the host that they are encrypted properly or not. • Then the IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate themselves to each other to start a secure channel. It has 2 modes. The Main mode which provides the greater security and the Aggressive mode which enables the host to establish an IPsec circuit more quickly. • The channel created in the last step is then used to securely negotiate the way the IP circuit will encrypt data accross the IP circuit.
  • 35. Working of IP Security – • Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts negotiate the type of cryptographic algorithms to use on the session and agreeing on secret keying material to be used with those algorithms. • Then the data is exchanged across the newly created IPsec encrypted tunnel. These packets are encrypted and decrypted by the hosts using IPsec SAs. • When the communication between the hosts is completed or the session times out then the IPsec tunnel is terminated by discarding the keys by both the hosts.