Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science...

download Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com

of 38

  • date post

    25-Dec-2015
  • Category

    Documents

  • view

    217
  • download

    3

Embed Size (px)

Transcript of Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science...

  • Slide 1
  • Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com
  • Slide 2
  • Outline of Information Security Introduction Introduction Impact of information Impact of information Need of Information Security. Need of Information Security. Objectives of Information Security. Objectives of Information Security. Areas of Information Security. Areas of Information Security. Types of attackers Types of attackers Why attacks? Why attacks? Methods of Attacking on the Information Methods of Attacking on the Information Methods of Defending the Information Methods of Defending the Information Tips for the Information Security Tips for the Information Security
  • Slide 3
  • Introduction Information Security is a complicated area and can be addressed by well-trained and experienced Professionals. Information Security is a complicated area and can be addressed by well-trained and experienced Professionals. When there is an attack on the system with the help of different threats, it means that our system is working very slowly, damaged and our information are unsecured is called Information insecurity. This is a very big problem. When there is an attack on the system with the help of different threats, it means that our system is working very slowly, damaged and our information are unsecured is called Information insecurity. This is a very big problem. The Information Security is the solution for it. The Information Security is the solution for it.
  • Slide 4
  • Importance of Information Our work is based on records (information). Our work is based on records (information). We spend minimum half our day with documents We spend minimum half our day with documents 15% of Rs. spent managing documents. 15% of Rs. spent managing documents. Cant work without data, record or information Cant work without data, record or information
  • Slide 5
  • Need of Information Security To privacy of our Data/Information To privacy of our Data/Information To safely data saving To safely data saving Theft own Data/Information Theft own Data/Information To avoid bad use of our data To avoid bad use of our data Lack of time Lack of time Lack of money Lack of money Lack of human resources Lack of human resources
  • Slide 6
  • Objectives of Data/Inf. Security Objectives of Data/Info. security Integrity Confidentiality Authenticity Availability
  • Slide 7
  • Security Areas Basically three areas of security Basically three areas of security 1. Physical security 2. Network security 3. Database Security
  • Slide 8
  • Physical Security Keep the servers in locked room with network and power cables snipped off. Keep the servers in locked room with network and power cables snipped off. Security of other hardware and machinery Security of other hardware and machinery
  • Slide 9
  • Network Security Network security all entry points to a network should be guarded. Network security all entry points to a network should be guarded. Firewall Modem Internet Switch Scanner Workstation Printer Server Unprotected Network Protected LAN
  • Slide 10
  • Database Security Database Integrity Database Integrity User Authentication User Authentication Access Control Access Control Availability Availability
  • Slide 11
  • Types of Attackers Hackers Hackers Lone criminals Lone criminals Police Police Malicious insiders Malicious insiders Press/media Press/media Terrorists Terrorists Industrial espionage Industrial espionage National intelligence organizations National intelligence organizations Info warriors Info warriors
  • Slide 12
  • Hackers Attacks for the challenge Own subculture with names, lingo and rules Stereotypically young, male and socially Can have considerable expertise and passion for attacks
  • Slide 13
  • Lone criminals Attack for financial gain Cause the bulk of computer-related crimes Usually target a single method for the attack
  • Slide 14
  • Malicious insiders Already inside the system Knows weaknesses and tendencies of the organization Very difficult to catch
  • Slide 15
  • Press/media Gather information for a story to sell papers/ commercial time Police Lines are sometimes crossed when gathering information to pursue a case
  • Slide 16
  • T Terrorists Goal is disruption and damage. Most have few resources and skilled.
  • Slide 17
  • National Intelligence Organizations To investigation of different cases To investigation of different cases Industrial Espionage To discover a competitors strategic marketing To discover a competitors strategic marketing
  • Slide 18
  • Info warriors Military based group targeting information or networking infrastructures Lots of resources Willing to take high risks for short term gain
  • Slide 19
  • Why attacks? To publicity To publicity To financial gain To financial gain Jealousness Jealousness To fun To fun To competition with the person of same field To competition with the person of same field
  • Slide 20
  • Specific types of attacks Engineering attacks Engineering attacks Physical attacks Physical attacks Environmental attacks Environmental attacks
  • Slide 21
  • Engineering attacks Viruses Viruses String of computer code that attaches to other programs and replicates Worms Worms Replicates itself to multiple systems Rarely dangerous, mostly annoying Trojan Horses Trojan Horses Collects information and sends to known site on the network Also can allow external takeover of your system
  • Slide 22
  • Cont Attacker Virus Our system colleague
  • Slide 23
  • Cont.. Password sniffing Collect first parts of data packet and look for login attempts IP Spoofing Fake packet to hijack a session and gain access -Port scanning -Port scanning Automated process that looks for open networking ports Logs positive hits for later exploits
  • Slide 24
  • Physical attacks Equipment failure arising from defective components. Equipment failure arising from defective components. Temperature and humidity. Temperature and humidity. Physical destruction of hardware and equipment Physical destruction of hardware and equipment Theft or sabotage. Theft or sabotage.
  • Slide 25
  • Environmental Attacks Natural Disasters Natural Disasters Fire, Earthquakes etc. Fire, Earthquakes etc. Man-Made Disasters Man-Made Disasters War, Chemical Leaks etc. War, Chemical Leaks etc.
  • Slide 26
  • Methods of Information Security Threats Backups Backups Antivirus Software Antivirus Software Cryptography Cryptography Biometrics Biometrics Honey pots Honey pots Firewalls Firewalls Burglar alarms Burglar alarms
  • Slide 27
  • Backups Backups allow us to restore damaged or destroyed data. Backups allow us to restore damaged or destroyed data. We can set up backup servers on the network. We can set up backup servers on the network. Backup media are- Floppy disks, external hard disks, ISP online backup. Backup media are- Floppy disks, external hard disks, ISP online backup.
  • Slide 28
  • Antivirus Antivirus is a program that we can install on our computer to detect and remove viruses. Antivirus is a program that we can install on our computer to detect and remove viruses. It is used to scan hard disks, floppy disks, CDs, for viruses and scan e-mail messages and individual files, downloads from the Net. It is used to scan hard disks, floppy disks, CDs, for viruses and scan e-mail messages and individual files, downloads from the Net.
  • Slide 29
  • Cryptography Cryptography is the art of converting info. Into a secret code that can be interpreted only by a person who knows how to decode it. Cryptography is the art of converting info. Into a secret code that can be interpreted only by a person who knows how to decode it. Cipher text Encrypted Decrypted Plain text
  • Slide 30
  • Example of Cryptography Original message Sender Original message Receiver Encrypted Decrypted
  • Slide 31
  • Bioinformatics The bioinformetics authentication process uses a persons unique physical characteristics to authentically the identity. The bioinformetics authentication process uses a persons unique physical characteristics to authentically the identity. Bioinformatics authentication method fingerprint recognition, voice authentication, face recognition, keystroke dynamics and retina. Bioinformatics authentication method fingerprint recognition, voice authentication, face recognition, keystroke dynamics and retina. Fingerprint Retina
  • Slide 32
  • Honey pots A honey pots is a tool used for detecting an intrusion attempt. A honey pots is a tool used for detecting an intrusion attempt. A honey pots simulates a vulnerable computer on a network. A honey pots simulates a vulnerable computer on a network. It contains no critical data or application but has enough data to lure an intruder. It contains no critical data or application but has enough data to lure an intruder.
  • Slide 33
  • Honey pots Intruder
  • Slide 34
  • Firewall A firewall is a tool for the network security that stand between trusted and entrusted networks and inspectin