Internet Security Sunil Ji Garg GM, Software, UPTEC.
-
Upload
marybeth-rich -
Category
Documents
-
view
217 -
download
0
Transcript of Internet Security Sunil Ji Garg GM, Software, UPTEC.
Living in a World Of Hackers, Crackers, Thieves & Terrorists
Railway Tickets Fraud. Increase in site visits but
decrease in business. Digit Site Redirected Internet British Lottery
Fraud. Fake NASA Examination Indian IT Hub-Bangalore
under attack.
Remember
It is not your computer when somebody else has a access to it.
It is not your server when it is serving someone you do not know.
Retaining a secret is possible only when the person you shared it with is in the heaven.
Sharing Vs. Securing
SHARING is NOT inversely proportional to SECURING.
INTER-NETWORKING makes it SHARABLE
SECURITY makes it RELIABLE
Internetworking + Security
= Win-Win Framework
Safe and Secure Inter-networking
Safety relates to Confidentiality and Integrity of information.
Security relates to Authentication and Non-repudiation.
ALL FOUR REQUIREMENTS
COME UNDER “SECURITY” IN THE PRESENT CONTEXT OF NETWORKING.
Devices are Vulnerable
Client Computers OS Loopholes, Soft password schemes,
friendliness needs, Application Bugs, Virus attacks
Servers Weak Standards, Casual Administration,
Bugs, Virus Attacks Intermediate Devices
Distributed Administration, Varying Standards
Mediums are Vulnerable
Wires Fast, Moderately Secure, Economic
Fibres Extemely Fast, Secure, Economic for bulk
traffic Wire-Less
Moderate Speed, Security Costs, Moderately priced, easy deployment
Protocols are Vulnerable
TCP/IP (Spoofing Possible by changing Source-Destination Addresses at packet level).
DNS (Recursive Domain Name Look-up is possible is getting a map of IP addresses and the services each IP station is running).
Open TCP ports can be spidered. Internet Control Message Protocol (ICMP)
message types can be changed. Network can be flooded with junk.
Security Fundamentals
Privacy Vs. Security. What is to be
protected?. From whom it is to be
protected?. Motive of Intruders. Threat Perception. Security Methods. Pre and Post-breach
measures.
Privacy Vs. Security
Privacy : Ability to maintain selective anonymity
Security : Information Integrity, Uninterrupted service, Information Secrecy.
Security Increase may increase privacy or it may be reduced it due to other
impacts.
What is to be protected ?
Computer Information from being damaged.
Computer Information from illegitimate usage.
Computer Access Information from mis-usage (Password, Digital Ids, Account No., Credit Card Nos. etc.)
From Whom it is to be protected?
Deliberate Crackers/Hackers. Money Makers of different varieties. People who get allured with open locks. Novice/Accidental error makers. Middlemen. Programmers/Administrators/Security
verifiers. Rule-Makers. Previous Authorities.
Motive of Intruders (Active/Passive)
Theft (Financially rewarding) Spying (Positive or negative) Misrepresentation. Revenge. Ignorance (being unaware of implications.) Damage (Sadist) Prank (Just for Fun) Respect (By proving special skills) Analysis (Long term commercial gain)
Threat Perception
Email : Primary Medium to Attack Threat from Viruses (Programs that self-replicate to
spread fast, damage information, hog resources or Deny service)
Spywares. Impersonation. Password Insecurity. Sniffers (Programs that take information passively). Alluring methods and Spams. Data Modifiers.
Security Methods
Cryptography Audits (Logs, sniffs,
watches, event records)
Barriers (Firewalls, Proxies, network segmentation)
Cryptography
Substitution & Transposition based on keys.
DES (Digital Encryption Standards).
Public/Private asymmetric-key methods .
RSA Algorithm. One way Hashing. Digital Signatures. Certification Authorities (For
authentic Public Keys: Certificates).
Digital Signature Authentication
One Way Hash
Pvt. Key EncryptionPlain
MessageMessage Digest
Digital Signature
Plain Message
Digital Signature
Message Digest
Message Digest
Create New MD
Decrypt With Public Key
Compare Message Digests to Authenticate
SEND
RECV
Security Audits
Sniffing Hearing and recording Traffic for analysis
Logs Recording Information headers
Watches Put sniffers on specific traffic source/dest.
Event Recorders Utilising OS features for analysis.
Security Barriers
Firewalls Packet level traffic selection Application level selection.
Proxies Remote Hosts see only the proxy, traffic
behind is proxied by it. Network Segmentation
Permitting Type specific traffic in segmeted local areas.
Sharing/Security Experience Extract
Sharing wins customer delight. Trust helps to make a secure design, Secure
design brings more trust. Most vulnerable security holes begin with
human-beings. Security is a continuous process. Emergency measures for security breach
shall be pre-planned.
Thank-You
More questions/discussions invited. Follow-up discussions via
Email: [email protected] Website: www.indyan.com