The document discusses the need for network security. It notes that more information is being created and shared digitally, creating vulnerabilities. The objectives are to understand security services like confidentiality and integrity, be aware of threats like viruses and hacking, and realize why comprehensive security programs are necessary. Such programs include elements like strong passwords, antivirus software, firewalls, backups, auditing, and user training. Cryptography and firewalls are discussed as important security countermeasures. The goal is to protect systems and data from increasing security risks on interconnected networks.

1. THE NEED FORTHE NEED FOR
NETWORK SECURITYNETWORK SECURITY
Thanos Hatziapostolou

2. The Need for Web Security 2
PRESENTATIONPRESENTATION
OBJECTIVESOBJECTIVES
 Understand information security services
 Be aware of vulnerabilities and threats
 Realize why network security is necessary
 What are the elements of a comprehensive
security program

3. The Need for Web Security 3
TRENDS FORTRENDS FOR
INFORMATIONINFORMATION
 More information is being created, stored, processed and
communicated using computers and networks
 Computers are increasingly interconnected, creating new
pathways to information assets
 The threats to information are becoming more widespread
and more sophisticated
 Productivity, competitiveness, are tied to the first two trends
 Third trend makes it inevitable that we are increasingly vulnerable
to the corruption or exploitation of information
INFORMATION IS THE MOST VALUABLE ASSETINFORMATION IS THE MOST VALUABLE ASSET

4. The Need for Web Security 4
Information SecurityInformation Security
ServicesServices
 Confidentiality
 Integrity
 Authentication
 Nonrepudiation
 Access Control
 Availability

5. The Need for Web Security 5
Information Security
Services
 Confidentiality
 Maintaining the privacy of data
 Integrity
 Detecting that the data is not tampered with
 Authentication
 Establishing proof of identity
 Nonrepudiation
 Ability to prove that the sender actually sent the data
 Access Control
 Access to information resources are regulated
 Availability
 Computer assets are available to authorized parties when
needed
SERVICES

6. The Need for Web Security 6
Collection of networks that communicate
 with a common set of protocols (TCP/IP)
Collection of networks with
 no central control
 no central authority
 no common legal oversight or
regulations
 no standard acceptable use policy
“wild west” atmosphere
What Is The Internet?What Is The Internet?

7. The Need for Web Security 7
Why Is Internet SecurityWhy Is Internet Security
a Problem?a Problem?
 Security not a design
consideration
 Implementing change is
difficult
 Openness makes
machines easy targets
 Increasing complexity

8. The Need for Web Security 8
Common NetworkCommon Network
Security ProblemsSecurity Problems
 Network eavesdropping
 Malicious Data Modification
 Address spoofing
(impersonation)
 ‘Man in the Middle’ (interception)
 Denial of Service attacks
 Application layer attacks

9. The Need for Web Security 9
Security Incidents are IncreasingSecurity Incidents are Increasing
Sophistication
of Hacker Tools
19901980
Technical
Knowledge
Required
High
Low 2000 -from Cisco Systems

10. The Need for Web Security 10
HACKED WWW HOMEPAGESHACKED WWW HOMEPAGES
11/29/96
CIA
HOMEPAGE
DOJ
HOMEPAGE
USAF HOMEPAGE

11. The Need for Web Security 11
Problem is WorseningProblem is Worsening
6000
0
5000
0
4000
0
3000
0
2000
0
1000
0
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
InternetSecurityViolations
Jerusalem
Tequila
Michelangelo
Good Times
Melissa &
ILOVEYO
U
Anna Kournikova
Code Red
Nimba
Badtrans
Source: CERT®
Coordination Center
Carnegie Mellon

12. The Need for Web Security 12
VIRUSESVIRUSES
Risk Threat Discovered Protection
TROJ_SIRCAM.A New !!
Latest DAT
W32.Navidad 11/03/2000 11/06/2000
W95.MTX 8/17/2000
8/28/2000 W32.HLLW.QAZ.A 7/16/2000
7/18/2000 VBS.Stages.A 6/16/2000
6/16/2000 VBS.LoveLetter 5/04/2000
5/05/2000 VBS.Network 2/18/2000
2/18/2000 Wscript.KakWorm 12/27/1999
12/27/1999 W32.Funlove.4099 11/08/1999
11/11/1999 PrettyPark.Worm 6/04/1999
6/04/1999 Happy99.Worm 1/28/1999
1/28/1999

13. The Need for Web Security 13
Consider that…Consider that…
 90% of companies detected computer
security breaches in the last 12
months
 59% cited the Internet as the most
frequent origin of attack
 74% acknowledged financial losses
due to computer breaches
 85% detected computer viruses
Source: Computer Security Institute

14. The Need for Web Security 14
WHO ARE THE
OPPONENTS?
 49% are inside employees on
the internal network
 17% come from dial-up (still
inside people)
 34% are from Internet or an
external connection to another
company of some sort
HACKERS

15. The Need for Web Security 15
HACKER MOTIVATIONSHACKER MOTIVATIONS
 Money, profit
 Access to additional resources
 Experimentation and desire to
learn
 “Gang” mentality
 Psychological needs
 Self-gratification
 Personal vengeance
 Emotional issues
 Desire to embarrass the target

16. The Need for Web Security 16
Internet Security?Internet Security?
Malicious Code
Malicious Code
VirusesWorms
Buffer Overflows
Buffer Overflows
Session Hijacking
Port Scanning
Trojans
Denial of
ServiceSpoofingSpoofing
Replay Attack
Man-in-the-middle

17. The Need for Web Security 17
What Do People Do When
They Hear All These?
 Take the risks!
 But there are solutions
 Ignoring the situation is not
one of them

18. The Need for Web Security 18
THE MOST COMMONTHE MOST COMMON
EXCUSESEXCUSES
 So many people are on the
Internet, I'm just a face in the
crowd. No one would pick
me out.
 I'm busy. I can't become a
security expert--I don't have
time, and it's not important
enough
 No one could possibly be interested in my information
 Anti-virus software slows down my processor speed too much.
 I don't use anti-virus software because I never open viruses or e-mail attachments from
people I don't know.

19. The Need for Web Security 19
SANS Five Worst SecuritySANS Five Worst Security
Mistakes End Users MakeMistakes End Users Make
1. Opening unsolicited e-mail attachments without
verifying their source and checking their content
first.
2. Failing to install security patches-especially for
Microsoft Office, Microsoft Internet Explorer, and
Netscape.
3. Installing screen savers or games from unknown
sources.
4. Not making and testing backups.
5. Using a modem while connected through a local
area network.

20. The Need for Web Security 20
SECURITYSECURITY
COUNTERMEASURESCOUNTERMEASURES
THREE PHASE APPROACH
PROTECTION
DETECTION
RESPONSE

21. The Need for Web Security 21
ELEMENTS OF AELEMENTS OF A
COMPREHENSIVE SECURITYCOMPREHENSIVE SECURITY
PROGRAMPROGRAM
Have Good Passwords
Use Good Antiviral Products
Use Good Cryptography
Have Good Firewalls
Have a Backup System
Audit and Monitor Systems and Networks
Have Training and Awareness Programs
Test Your Security Frequently
Principles

22. The Need for Web Security 22
CRYPTOGRAPHYCRYPTOGRAPHY
Necessity is the mother of invention, and
computer networks are the mother of modern
cryptography.
Ronald L. Rivest
 Symmetric Key Cryptography
 Public Key Cryptography
 Digital Signatures

23. The Need for Web Security 23
FirewallFirewall
Visible
IP
Address
Internal
Network
PC Servers
Host
A system or group of systems that enforces an access
control policy between two networks.

24. The Need for Web Security 24

25. The Need for Web Security 25
THANK YOUTHANK YOU
I have
questions…