The document covers various aspects of information security, including its history, key components, and security models, emphasizing the importance of protecting sensitive information and managing risks. It discusses government regulations, ethical considerations, and the need for structured planning and policies to safeguard data. Additionally, it outlines risk management strategies, disaster recovery, and continuous security practices to ensure organizational resilience against threats.

1. Information security:
• It protects sensitive information from unauthorised
activities
Security:
• The quality of being secure to be free from danger
Multiple layers of security:
1.Physical security(objects)
2.Personnel security (individual or group)
3.Operations security(series of activities)
4.communication security(media or content)
5.Network security(network &components)
6.Information security(data)

2. CIA triangle:
• Confidentiality-authorised
users only has the access to the
data
• Integrity- providing data
accuracy and consistency
• Availability-data access is
available to authorised users
whenever needed

3. History of Information Security:
• 1960s Offline sites security
• 1970s Evolution of PC’s and hackers
• 1980s Evolution of cybercrime
• 1990s Hacking becoming an organised crime
• 2000s cybercrime becoming a serious issue
• 2010s Information security

4. Critical characteristics of Info.
• Availability
• Accuracy
• Authenticity
• Confidentiality
• Integrity
• Utility
• Possession

5. NSTISSC Security model
• National security
telecommunications and
info.systems security committee
• CNSS (Committee on National
Security Systems is a three-
dimensional security model which
has now become a standard
security model for many of the
currently operating information
systems. The CNSS model has
three key goals of security:
Confidentiality, Integrity, and
Availability.

6. Components of an IS-Securing the components
• Software-Apps,OS
• Hardware-Physical security
• Data-database mgmt
• People
• Networks-LAN,open-wifi

7. Balancing Information security and access
• Data can be made available to
anyone,anywhere,anytime
• Such unrestricted access
posses danger to security.
• An imbalance can occur when
needs and users increase on
large scale which makes
focussing on protection harder.
• Encryption can balance such
activities

8. Need for security
Business Needs:
1.Protecting functionality of an organisation
2.Enabling safe operations of applications
3.Protecting data that organizations collect and use
4.Safeguarding technology assets in organisations

9. Systems development life cycle
• Investigation
• Analysis
• Logical design
• Physical design
• Implementation
• Maintenance and change

10. The security SDLC
1.Investigation/analysis phases
• Security categorisation
• Preliminary risk assessment

11. 2.Logical/Physical design phases
• Risk assessment
• Security functional requirements analysis
• Security assurance requirements analysis
• Cost considerations and reporting
• Security planning
• Security control development
• Developmental security test and evaluation
• Other planning components

12. 3.Implementation phase
• Inspection and acceptance
• Security certification
• Security accreditation

13. 4.Maintenace and change phase
• Configuration management and control
• Continuous monitoring
• Information preservation
• Media sanitization
• Hardware and software disposal

14. Need for security
• Information security defines protecting information and
information systems from unauthorized access, use,
acknowledgment, disruption, alteration or destruction.
Governments, military, financial institutions, hospitals, and
private businesses amass a big deal of confidential data
about their employees, users, products, research and
monetary status.

15. Business Needs
It performs four important functions for an organisation
1. Protecting functionality of an organisation
2. Enabling safe operation of applications
3. Protecting data that Organisations collect and use
4. Safeguarding technology assets in Organisations

16. Threats:
1.Compromises to intellectual property
2.Deviations in Quality of services
• Power irregularities
• Communication & other service providers
• Internet service issues
3.Deliberate of software attacks
4.Espionage
5.Forces of Nature
6.Human errors
7.Information Extortion(insider)
8.Hardware failures and errors
9.Software failures and errors

17. Attacks:
• Malicious code
• Hoaxes
• Back doors
• Password crack
• Brute Force(try every possible password)
• Dictionary
• DDOS
• Spoofing
• Man in the middle
• Spam
• Mail bombing

18. UNIT-II
Legal,Ethical and professional issues

19. Laws and Ethics in IS
Law and ethics play crucial roles in information security, ensuring that
individuals and organizations adhere to standards that protect data and privacy.
We need to follow:
1. Legal Frameworks
2. Intellectual Property Laws
3. Cybersecurity Laws
4. Ethical Considerations
5. Professional Codes of Conduct

20. Law Vs Policy
• Laws are rules and regulations
established by a governing authority, such
as a legislature or regulatory agency. They
are enforceable and binding, with legal
consequences for non-compliance.
• Laws are enforceable through the legal
system. Violating laws can lead to
penalties, such as fines, imprisonment, or
civil lawsuits.
• Policies are guidelines or principles
adopted by organizations, institutions, or
government agencies to achieve specific
goals. While policies may be influenced by
laws, they are not inherently enforceable in
the same way.
• Policies are typically not enforceable in
the same manner as laws. Instead,
compliance with policies is usually a
condition of employment, membership, or
participation in an organization or program.
Violating policies may result in disciplinary
action or consequences within the
organization, but not necessarily legal
penalties.

21. Policy:
• Dissemination(distribution)-hard or soft copy
• Review(reading)
• comprehension(understanding)
• compilance(agreement)
• Uniform enforcement

22. Types of Law:
• Civil law-governs nation or state
• Criminal Law-harmful to society
• Private law-family law,commercial law,labor law
• Public law-criminal,administrative and constitutional laws

23. U.S laws that apply to information security
• General computer crime laws(CFA & NIIP)
• Privacy
• Export and Espionage laws
• U.S copyright law
• Financial reporting
• Freedom of Information Act of 1966

24. International laws and legal bodies:
• Council of Europe Convention on Cybercrime
• Agreement on Trade related aspects of Intellectual
property rights
• Digital Millennium Copyright Act(DMCA)

25. Ethics and Information security
• Ethical differences across cultures
1.Software license infringement
2.Illicit use
3.Misuse of corporate resources
• Ethics and education

26. Causes of unethical and illegal behavior
1.Ignorance
2.Accident
3.Intent
How to overcome
1.Fear of penalty
2.Probability of being caught
3.Probability of penalty being administered

27. Risk management
• Information security risk management, or ISRM, is the process of
managing risks associated with the use of information technology.
It involves identifying, assessing, and treating risks to the
confidentiality, integrity, and availability of an organization's
assets.
• Types of risks
1.Project risks(budget,schedule,personnel)
2.Technical risks(implementation,interfacing,testing,maintenance
3.Business risks(budget,building resources that no one requires)

28. Overview of Risk management

29. Risk identification
• Plan and organise the process
• Asset Identification and inventory
• Classifying and prioritizing information assets
• Information asset valuation
• Identifying and prioritizing threats
• Vulnerability identification

30. Risk assessment
1.Likelihood
2.Risk determination
3.Identify possible controls
4.Documenting the results of risk assessment

31. Risk control strategies
• Defend
• Transfer
• Mitigate
1. Incident Response Plan
2. Disaster Recovery Plan
3. Business Continuity Plan
• Accept
• Terminate

32. Selecting a Risk Control Strategy
• Rules for selecting a Risk Control Strategy
1.Vulnerability exists
2.Vulnerability exploited
3.Potential gain
4.Potential loss

33. Cost Benefit Analysis(CBA)
• Organsiations must consider the economic feasibility of
implementing information security controls and
safeguards.
• Some of the items that effect cost of a control are:
1.Cost of development or acquisition (purchase cost)
2.Training fees
3.Cost of implementation
4.Service costs
5.Cost of maintenance

34. Cost Benefit Analysis Formula:
CBA=ALE(prior)-ALE(post)-ACS
ALE-Annual Loss Expectancy
ACS-Annual Cost of the Safeguard

35. Risk Control Cycle
• It involves identifying, assessing, and treating risks to the
confidentiality, integrity, and availability of an
organization's assets.
• The end goal of this process is to treat risks in
accordance with an organization's overall risk tolerance.
• There is no exit from this cycle,it is a process that
continues for as long as the organisation continues to
function.

36. Risk Control Cycle

37. Quantities versus Qualitative Risk control
Practices
• Qualitative risk analysis is quick but subjective.
• On the other hand, quantitative risk analysis is objective
and has more detail, contingency(possible events)
reserves and go/no go decisions, but it takes more time
and is more complex.
• Quantitative data are difficult to collect and can be
prohibitively expensive

38. Q Vs Q risk control practices
1.Benchmarking and best practices
2.Other feasibility studies

39. 1.Benchmarking and best practices
• Benchmarking is the process of seeking out and studying practices used in
other organisations that produce results you would like to duplicate in your
organisation.
• Metrics based measures:
1.Number of successful attacks
2.Staff-hours spent on system protection
3.Dollars spent on protection
4.Numbers of security personnel
5.Estimated value in dollars of info.lost in successful attacks
6.Loss in productivity hours associated with successful attacks

40. Problems with application of benchmarking and best
practices:
• The two organisations do not talk to each other
• No two organisations are identical
• Best practices are moving target
• Only research will not help a practitioner for what to do
next

41. 2.Other Feasibility studies
1. Organisational Feasibility
2. Operational feasibility
3. Technical feasibility
4. Political feasibility

42. Risk management discussion points
1.Risk appetite:
Risk appetite refers to the level of risk that an organization is willing to accept or tolerate in
pursuit of its objectives. It reflects the organization's willingness to take on risk in order to
achieve its goals, and it influences decision-making processes throughout the organization.
2.Residual risk:
Residual risk refers to the risk level after implementing control processes to mitigate the
inherent risk. The level of residual risk depends on the effectiveness of the implemented
controls. Consider the examples from before. The risk of choking on your breakfast is lessened
by chewing well.
3.Documenting results
Documenting results in risk assessment is crucial for ensuring clarity, accountability, and
effective decision-making within an organization.

43. Residual risk:

44. Recommended risk control practices
• By making ALE calculations
• By using control strategies
• By continuous monitoring
• By providing integrity and specific controls
• By port scanning to avvoid extrenal threats or attacks
• By using firewalls
• By protecting the assets and vulnerabilities

45. UNIT-III PLANNING FOR SECURITY

46. Planning for security
• Planning for information security involves a structured
approach to protecting sensitive data and systems from
unauthorized access, use, disclosure, disruption,
modification, or destruction.
• An organisations security efforts succeeds only it it
operates in conjunction with organisation’s information
security policy
• Security program begins with policy,standards and
practices which are foundation for information security
architecture and blueprint

47. Planning Vs Policy

48. Information security policy,standards and practices
• Information security policy, standards, and practices are key components of
an organization's overall approach to protecting its sensitive data and
systems.
• These three components work together to create a comprehensive
information security framework within an organization.
• The policy sets the overall direction and priorities, the standards provide
detailed requirements for implementation, and the practices ensure that
security measures are effectively executed and maintained over time.
• By integrating policy, standards, and practices, organizations can establish a
strong security posture to safeguard their critical assets from potential threats
and vulnerabilities.

49. Policies,standards and practices:

50. Criteria for effective security policy:
• Dissemination(distribution)
• Review(reading)
• Comprehension(understanding)
• Compilance(agreement)
• Uniform enforcement

51. Types of security policy
• Enterprise information security policies
• Issue specific security policies
• Systems-specific security policies

52. Policy mangement
• Policy management refers to the systematic process of
developing, implementing, communicating, enforcing, and
maintaining policies within an organization.
• Effective policy management is essential for ensuring
compliance with regulations, mitigating risks, and
promoting consistency in decision-making and behavior
across the organization.

53. Security Blueprint
• A security blueprint is a comprehensive plan or framework that
outlines an organization's approach to information security.
• It serves as a roadmap for designing, implementing, and
managing security measures to protect the organization's
sensitive data, systems, and assets from various threats and
vulnerabilities.
• By developing and implementing a comprehensive security
blueprint, organizations can better protect their information assets,
mitigate risks, and maintain the trust and confidence of
customers, partners, and stakeholders.

54. ISO 27000 series
• The ISO 27000 series is a set of international standards that
provide guidelines and best practices for information security
management systems (ISMS).
• These standards are developed and published by the
International Organization for Standardization (ISO) and the
International Electrotechnical Commission (IEC).
• The ISO 27000 series is designed to help organizations establish,
implement, maintain, and continually improve their information
security management systems to protect their sensitive
information and assets.

55. NIST security models
• The National Institute of Standards and Technology
(NIST) is a U.S. federal agency that develops and
promotes measurement standards.
• In the realm of cybersecurity, NIST has created several
security models and frameworks to help organizations
manage and improve their security posture.

56. • NIST Special Publication 800-14, titled "Generally Accepted Principles and
Practices for Securing Information Technology Systems," provides guidance
on fundamental security principles and practices for securing information
technology (IT) systems. Although it is an older publication, first released in
1996, many of its principles remain relevant today
• NIST Special Publication 800-18, titled "Guide for Developing Security Plans
for Federal Information Systems," provides guidance for federal agencies and
organizations in developing security plans to protect their information
systems

57. IETF security architecture
• The Internet Engineering Task Force (IETF) Security Architecture
encompasses various protocols, standards, and practices
designed to ensure the security and integrity of internet
communications and infrastructure
• RFC(Requests for comment)
• RFC 2196 is titled "Site Security Handbook." It's a document
published by the Internet Engineering Task Force (IETF) in
September 1997. The RFC is aimed at administrators and
managers responsible for the security of computer systems and
networks within organizations.

58. Baselining and best business practices
• Baselining refers to the process of establishing a standard or baseline
against which future measurements or comparisons can be made. This
concept is particularly relevant in the context of cybersecurity and business
practices
• Before implementing best business practices, it's crucial to establish
baselines to understand the current state of affairs. This could involve
assessing factors such as current security measures, employee productivity,
financial performance, customer satisfaction levels, and more.
• Federal agencies adhere to regulatory frameworks and standards mandated
by government bodies. These regulations often include requirements for data
protection, privacy, cybersecurity, and compliance with industry standards
such as NIST (National Institute of Standards and Technology) guidelines in
the United States.

59. Design of Security architecture
• Designing a security architecture involves creating a
structured framework of security controls, policies,
procedures, and technologies to protect an organization's
assets and information from unauthorized access, data
breaches, and other security threats.

60. SETA Program
• Security Education,Training and Awareness program
• Security Education Training and Awareness (SETA) is a
vital component of any organization's security strategy.
SETA aims to empower employees with the knowledge
and skills necessary to identify and mitigate security risks.
The primary objective of SETA is to create a security-
conscious culture within an organization

62. Continuity strategies
• Continuity strategies, often referred to as business
continuity strategies, are plans and procedures developed
to ensure that an organization can continue operating and
delivering its products or services in the event of
disruptive incidents or disasters. These strategies are
crucial for maintaining business resilience and minimizing
the impact of disruptions on operations.
• IR plan,DR plan,BC plan already discussed

63. Major steps in contingency palnning
• Contingency refers to a plan, strategy, or course of action put in place to
address potential unforeseen events or circumstances that may disrupt
normal operations or threaten the achievement of objectives. Contingency
planning involves identifying risks, developing responses, and establishing
protocols to mitigate the impact of unexpected events.
1.Business Impact Analysis
2.Incident Response Planning
3.DR Planning
4.Business continuity planning

64. .Business Impact Analysis
• Business Impact Analysis (BIA) is a systematic process used to assess the
potential impact of disruptions on an organization's critical business
functions, processes, and resources. The primary purpose of conducting a
BIA is to identify and prioritize business activities and resources that are
essential for the organization's continued operation and to develop strategies
for minimizing the impact of disruptions.
• Threat attack identification and prioritization
• Business unit analysis
• Attack success scenario development
• Potential damage assessment
• Sub ordinate plan classification

65. Incident response planning
• Incident response planning involves establishing procedures and protocols to
effectively detect, respond to, contain, and recover from security incidents or
breaches within an organization. The goal is to minimize the impact of
incidents on business operations, mitigate risks, and maintain the
confidentiality, integrity, and availability of critical systems and data
• Incident planning
• Incident detection
• Incident reaction
• Incident recovery

66. Disaster Recovery Planning
• A disaster recovery plan (DRP) in information security is a structured
approach to responding to and recovering from events that could potentially
disrupt or damage an organization's IT infrastructure, systems, or data. It's a
crucial component of an organization's overall business continuity strategy,
focused specifically on mitigating the impact of IT-related disasters.
• Plan for disaster recovery
• crisis management
• Recovery operations

67. Business continuity planning
Business continuity planning (BCP) is a proactive approach taken by
organizations to ensure that essential business functions can continue during
and after a disaster or disruptive event. Unlike disaster recovery planning, which
focuses primarily on IT systems and data, business continuity planning
encompasses a broader scope, including people, processes, facilities, and
external dependencies. The goal is to minimize the impact of disruptions on the
organization's operations, reputation, and ability to deliver products or services
to customers.
• Establish continuity strategies
• Plan for continuity of operations
• Continuity management

68. Security technology
Access control:
• Acess control is the method by which systems determine
whether and how to admit a user into a trusted area of
organistions such as restricted areas ..etc
• It can be achieved by means of a combination of
policies,programs,technologies
• It can be mandatory,disretionary,non-discretionary

69. Mandatory access control:
• In computer security, mandatory access control refers to a
type of access control by which the operating system or
database constrains the ability of a subject or initiator to
access or generally perform some sort of operation on an
object or target

70. Lattice-based access control (LBAC)
• Lattice-based access control
(LBAC) is a security model that
uses a hierarchical lattice structure
to define and enforce access rights.
The lattice structure sets varying
security levels for different
resources and users.

71. Apporaches to access controls
• Identification
• Authentication
• Authorization
• Accountability

72. Physical Design
Physical design is DBMS-specific whereas logical design by
contrast is DBMS-independent. Logical design is concerned
with the what; physical database design is concerned with
the how. In short, physical design is a process of
implementing a database on secondary storage with a
specific DBMS.
parts of physical design:
1.Security technologies
2.Physical security

73. Firewalls
• Firewalls are a fundamental
component of network security
systems designed to monitor and
control incoming and outgoing
network traffic based on
predetermined security rules.
• They act as a barrier between a
trusted internal network and
untrusted external networks,
such as the internet, to prevent
unauthorized access, data
breaches, and cyber attacks.

74. Firewall Processing Modes
• Packet filtering firewalls
• Application gateways
• Circuit gateways
• MAC layer firewalls
• Hybrid firewalls

75. Packet filtering firewalls
• A packet filtering firewall is the most basic type of firewall. It acts like a
management program that monitors network traffic and filters incoming
packets based on configured security rules. These firewalls are designed to
block network traffic IP protocols, an IP address, and a port number if a data
packet does not match the established rule-set.

76. Circuit-level gateways
• Circuit-level gateways are another simplified type of
firewall that can be easily configured to allow or block
traffic without consuming significant computing resources.
These types of firewalls typically operate at the session-
level of the OSI model by verifying TCP (Transmission
Control Protocol) connections and sessions. Circuit-level
gateways are designed to ensure that the established
sessions are protected.

77. Application-level Gateways
• Proxy firewalls operate at the application layer as an
intermediate device to filter incoming traffic between two
end systems (e.g., network and traffic systems). That is
why these firewalls are called 'Application-level
Gateways'.

78. MAC layer firewalls
• The MAC layer firewall, or what's known as the media
access control layer firewall, operates within one of two
sublayers within the second layer of the OSI model (the
data link layer). The two sublayers — logical link control
(LLC) and MAC — fall between the network and physical
layers of the OSI model.

80. Hybrid firewalls
• Hybrid firewalls consist of multiple firewalls, each
providing a specified set of functions. For instance, you
can use one firewall to execute packet filtering while
another firewall acts as a proxy.

81. Firewalls categorized by generation
• 1st generation
• 2nd generation
• 3rd generation
• 4th generation
• 5th generation

82. first-generation firewalls
• The first-generation firewalls were packet filter firewalls
that examined limited parameters, such as source and
destination network addresses, protocols, and port
numbers. Firewall rules used these attributes to define
which packets were allowed through.

83. The Second Generation
• The Second Generation are application level or proxy
servers i.e dedicated systems that are seperated from
filtering router and that provide intermediate services for
requestors

84. Third generation firewalls
• These are stateful inspection firewalls,which as described
monitors network connections between internal and
external systems using state tables

85. Fourth generation firewalls
• Also known as dynamic packet filtering firewalls,allow
only a particular packet with a particular
source,destination,and port address to enter
Fifth generation firewalls
• These include kernel proxy that works under Windows NT
executive which is kernal of windows NT(Windows New
Technology)

86. Firewalls categorised by structure
• Commercial grade firewall appliances
• Commercial grade firewall systems
• Small office/Home office firewall appliances
• Residential grade firewall software

87. Firewalls architecture
• Packet filtering routers
• Screened host firewalls
• Dual homed host firewalls
• Screened subnet firewalls

88. Packet filtering routers
• A packet-filtering router either blocks or passes packets
presented to it according to a set of filtering rules.
• Filtering rules are based on various features of the
service or protocols involved, including: the packet header
information, e.g. IP source and destination addresses.

89. Screened host firewalls
• A screened host firewall utilizes one screening router to
create two subnets.
• A third party would need to bypass the DMZ host only to
reach the internal network hosts, making it the less
secure alternative.

90. Dual homed host firewalls
• A dual-homed host is an application-based firewall and
first line of defense/protection technology between a
trusted network, such as a corporate network, and an
untrusted network, such as the Internet. Dual-homed host
is a common term used to describe any gateways,
firewalls or proxies that directly provide secure
applications and services to any untrusted network.

91. Screened subnet firewalls
• A screened subnet, or triple-homed firewall, refers to a
network architecture where a single firewall is used with
three network interfaces. It provides additional protection
from outside cyber attacks by adding a perimeter network
to isolate or separate the internal network from the public-
facing internet.
• A DMZ or demilitarized zone is a perimeter network that
protects and adds an extra layer of security to an
organization's internal local-area network from untrusted
traffic.

92. Selecting the right firewall
• Selecting the right firewall depends on several factors,
including your network architecture, security
requirements, budget, and scalability needs.
• Which type?
• What features?
• How easy to setup and configure?
• Can it be adaptable?

93. Configuring and managing firewalls
Access Control Policies:
Define and implement access control policies based on your organization's
security requirements.
Rule Configuration:
Create firewall rules that enforce your access control policies.
Network Zones:
Segment your network into zones based on trust levels (e.g., LAN, DMZ, WAN).
Apply different access control policies and firewall rules to each zone based on
its security requirements.

94. Logging and Monitoring:
Enable logging for firewall events and traffic.
Updates and Patches:
Keep the firewall firmware/software up to date with the latest security patches
and updates.
Intrusion Detection/Prevention:
Configure intrusion detection/prevention systems (IDS/IPS) to detect and block
suspicious or malicious network traffic.

95. VPN Configuration:
Configure virtual private network (VPN) connections to secure remote access
and site-to-site communications.
User Authentication and Authorization:
Implement user authentication mechanisms, such as user accounts logins

96. Protecting remote connections
• Use strong passwords. ...
• Update your software. ...
• Limit access using firewalls. ...
• Enable Network Level Verification. ...
• Limit users who can log in using remote desktop. ...
• Use two-factor authentication on highly sensitive systems.

97. VPN
• A virtual private network, or VPN, is an encrypted
connection over the Internet from a device to a network.
• The encrypted connection helps ensure that sensitive
data is safely transmitted.
• It prevents unauthorized people from eavesdropping on
the traffic and allows the user to conduct work remotely.

98. Transparent mode
• In transparent mode, the VPN operates without modifying the network traffic's
IP addresses or headers. It is also known as "bridge mode" or "NAT traversal
mode."
• The VPN gateway acts as an intermediary between two networks,
transparently encrypting and decrypting data as it passes through.
• Transparent mode is often used in scenarios where the VPN should integrate
seamlessly with existing network infrastructure without requiring changes to
IP addressing or routing configurations.
• It is commonly used in site-to-site VPN deployments where the VPN gateway
is placed at the network perimeter and encrypts traffic between two private
networks.

99. Tunnel mode
• In tunnel mode, the VPN encapsulates the entire IP packet within another
packet, adding an additional header that contains routing information and
encryption details.
• The original IP packet becomes the payload of the encapsulating packet,
making it invisible to intermediate network devices.
• Tunnel mode is typically used for remote access VPNs, where individual
users or devices establish secure connections to a central VPN gateway over
untrusted networks such as the internet.
• It provides end-to-end encryption and privacy for the entire communication
session between the client and the VPN gateway.

100. UNIT-IV
Security technology:Intrusion Detection,Access Control &
Other Security Tools

101. Intrusion Detection and Prevention Systems
• An intrusion detection and prevention system is defined
as a system that monitors a network and scans it for
possible threats to alert the administrator and prevent
potential attacks
Terminologies:
1.Alert(audible signals,email messages)
2.Evasion(changing format by an attacker)
3.False negative
4.False attack stimulus

102. 5.False positive
6.Noise
7.Site policy
8.Site policy awareness
9.True attack stimulus
10.Tuning
11.Confidence value
12.Alarm filtering
13.Alarm clustering and compaction

103. Types of Intrusion Detection Systems
1.Network intrusion detection system(NIDS)
2.Host based intrusion detection system(HIDS)
3.Perimeter intrusion detection system(PIDS)

104. IDPS detection methods
1.Signature based detection
2.Statistical anamoly based detection
3.Stateful protocol analysis detection

105. IDPS Response behaviour
1.IDPS response options
2.Reporting and archiving capabilities
3.Failsafe considerations for IDPS response

106. Selecting IDPS approaches and products
1.Technical and policy considerations
2.Organisational requirements and constraints
3.IDPSs product features and quality

107. Strengths of IDPS
• Monitoring and analysis of system
• Testing security states
• Baselining security state
• Recognizing patterns of system events
• Recognizing patterns of activity
• Managing OS audit & logging mechanisms
• Alerting appropriate staff
• Providing default info

108. Limitations of IDPS
• Compensating for weak or missing security mechanisms
such as firewalls
• Instantaneously detecting,reporting and responding to an
attack
• Detecting newly published attacks
• Automatically investigating attacks
• Compensating for problems
• Dealing effectively with switched networks

109. Deployment and implementation of an IDPS
• IDPS Control strategies
• IDPS Deployment

110. Measuring the effectiveness of IDPS
Four measures of comparative effectiveness:
• Thresholds
• Backlists and whitelists
• Alert settings
• Code viewing and editing

111. Scanning and analysis tools
Types of scanning and analysis tools:
1.Port scanners
2.Firewall analysis tools
3.Operating system detection tools
4.Vulnerability scanners
5.Packet sniffers
6.Wireless security tools

112. Biometric Access controls devices
• Biometric access control is based on the use of some
measurable human characteristic or trait to authenticate
identity of a proposed systems user
• Fingerprint
• Palm print
• Hand geometry
• Facial recognition
• Retinal print
• Iris pattern

113. Signature and Voice recognition technologies
• A biometric approach for electronic document signing,
which is the functional equivalent of a traditional
handwritten signature is signature recognition .
• Voice recognition uses a combination of voice recognition
and verification technology, public key encryption, and
symmetric key encryption.

114. Effectiveness of Biometrics
• False reject rate
Probability that the system fails to detect a match between the input fingerprint
template and a matching template in the database. It measures the percent of
valid inputs which are incorrectly rejected.
• False accept rate
False Accept Rate (FAR) is a statistical measure used to determine the
probability of a biometric security system allowing unauthorized user access.
• Crossover error rate
The crossover error rate describes the point where the false reject rate (FRR)
and false accept rate (FAR) are equal. CER is also known as the equal error
rate (EER). The crossover error rate describes the overall accuracy of a
biometric system.

115. Cryptography
• Cryptography is the process of hiding or coding
information so that only the person a message was
intended for can read it.
• Encryption (Encipher)-plain text to cipher text
• Decryption(Decipher)-cipher text to plain text
• Algorithm-programatic steps used to convert an
unencrypted message into encrypted sequence of bits
• Cipher text- encoded text
• Key- a series of bits used with algorithm