Essentials Of Security
-
date post
19-Oct-2014 -
Category
Technology
-
view
2.664 -
download
0
description
Transcript of Essentials Of Security
S. Vamshidhar BabuCCNA, MCSE, CEH, CHFI, GNIIT
Team LeadAppLabs
Agenda
Security Fallacies What is Security? How to Secure? Layers of Security Operation model of Computer Security Security Principles Security Concerns Poor Security = Challenges When Implementing Security Threat Modeling Overview of Security technology
Security Fallacies
We have antivirus software, so we are secure We have a firewall, so we are secure The most serious threats come from the
outside I don’t care about security because I backup
my data daily Responsibility for security rests with IT security
Staff.
What is Security?
Its an technique for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization.
How to Secure?
What assets are you trying to protect? What are the risks to those assets? How are you trying to protect them? How well does your solution work? What other risks does your solution introduce?
Layers of Security
Physical Security Host Security Network Security Web Application Security
Physical Security Physical security consists of all mechanisms
used to ensure that physical access to the computer system and networks is restricted to only authorized users.Access Controls, physical barriers, etc…
Host security takes a granular view of security by focusing on protecting each computer and device individually instead of addressing protection of the network as a whole.Authentication and Logging MechanismsHost based IDSFile Integrity Checkers
Host Security
Network Security
In network security, an emphasis is placed on controlling access to internal computers from external entities.FirewallsIntrusion Detection Systems (IDS)Access Controls on network devicesVulnerability Scanners
Web Application Security
A Web application is an application, generally comprised of a collection of scripts, that reside on a Web server and interact with databases or other sources of dynamic content. Examples of Web applications include search
engines, Webmail, shopping carts and portal systems
Web Application Security Application attacks are the latest trend when it comes
to hacking. On average, 90% of all dynamic content sites have
vulnerabilities associated with them. No single web server and
database server combination has been found to be immune!
“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer -
Gartner
Basic Security Terminology
CIAConfidentialityIntegrityAvailability
Conf
iden
tialit
y
Integrity
Availability
AAA Authorization Access Control Authentication
Basic Terminology of Attacks
Vulnerability: A weakness that may lead to undesirable consequences.
Threat: The danger that a vulnerability will actually occur.
Risk: A potential problem (Vulnerability + Threat + Extent of the
consequences) Example. Buffer overflow is the vulnerability, where the threat would be transmission of
a TCP/IP packet to cause buffer overflow and System crash is Risk.
Operational model of Computer Security
the focus of security was on prevention. If we could prevent somebody from gaining access to our computer systems and networks, then we assumed that we had obtained security. Protection was thus equated with prevention.
Protection = Prevention + (Detection + Response)
Security Model
Prevention
1.Access controls
2.Firewall
3.Encryption
Detection
1.Audit Logs
2.Intrusion Detection System
3.Honeypots
Response
1.Backups
2.Incident Response teams
3.Computer Forensics
Security Principles
Three ways to an organization to choose to address the protection of its network:Ignore Security IssuesProvide Host SecurityApproach security at a network level
Only last two Host and Network security, have prevention as well as detection and response components.
Security Concerns
Security concerns:Application reliance on the Internet Hacking, Cracking, Phreaking, Script kiddies Internal Security attacksExternal Security attacksViruses and Worms
Common Types of Attacks
Connection Fails
OrganizationalAttacks
Restricted Data
Accidental BreachesIn Security
AutomatedAttacks
Attackers
Viruses, Trojan Horses,
and Worms
Denial of Service (DoS)
DoS
Lay
ers
- Dan
gers
Examples of Security intrusions
CodeRed I & II ILoveYou Nimda Sniffing Spoofing Trojans Backdoors DDos
Attacker
Virus
Trojans
Poor Security = Serious damage
Website Deface System downtime Lost productivity Damage to business reputation Lost consumer confidence Severe financial losses due to lost revenue
Challenges When Implementing Security
Attacker needs to understand only one vulnerability
Defender needs to secure all entry points
Attackers have unlimited time
Defender works with time and cost constraintsAttackers vs. Defenders
Security vs. Usability
Secure systems are more difficult to use
Complex and strong passwords are difficult to remember
Users prefer simple passwords
Do I need security
…
Security As an Afterthought
Developers and management think that security does not add any business value
Addressing vulnerabilities just before a product is released is very expensive
Threat Modeling
Threat modeling is:A security-based analysis of an applicationA crucial part of the design process
Threat modeling: Reduces the cost of securing an applicationProvides a logical, efficient processHelps the development team:○ Identify where the application is most vulnerable○ Determine which threats require mitigation and how to
address those threats
Overview of Security Technology
EncryptionSecure communication FirewallsIDSVirus Protection
Encryption
Encryption is the process of encoding dataTo protect a user’s identity or data from being readTo protect data from being alteredTo verify that data originates from a particular user
Encryption can be:AsymmetricSymmetric
Symmetric vs. Asymmetric Encryption
Algorithm Type Description
Symmetric
Uses one key to:Encrypt the dataDecrypt the data
Is fast and efficient
Asymmetric
Uses two mathematically related keys:Public key to encrypt the dataPrivate key to decrypt the data
Is more secure than symmetric encryptionIs slower than symmetric encryption
Secure Communication How SSL Works
The user browses to a secure Web server by using HTTPS
The browser creates a unique session key and encrypts it by using the Web server’s public key, which is generated from the root certificate
The Web server receives the session key and decrypts it by using the server’s private key
After the connection is established, all communication between the browser and Web server is secure
1
2
3
4
Web ServerRoot Certificate
Message
Secure Web Server
HTTPSHTTPS
Secure Browser
1
2
34
Firewalls Firewalls can provide:
Secure gateway to the Internet for internal clients
Packet filteringApplication filtering
A system or group of systems that enforce a network access control policy
Filters data packet in and out of intended target Will mitigate the following attacks:
Denial of Services (DoS) Attacks Unauthorized Access Port-scanning and Probing
Intrusion Detection System (IDS) IDS is an application which detects attacks on
computer systems and / or networks. Network-based Intrusion Detection
Monitors real-time network traffic for malicious activitySimilar to a network snifferSends alarms for network traffic that meets certain attack
patterns or signatures Host-based Intrusion-Detection
Monitors computer or server files for anomoliesSends alarms for network traffic that meets a
predetermined attack signature
Virus Protection Software should be installed on all network servers,
as well as computers. Shall include the latest version, as well as signature
files (detected viruses) Should screen all software coming into your
computer or network system (files, attachments, programs, etc.)
Secure from:Viruses and WormsMalicious Code and Trojans
Questions ?
Thanks