8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 1/16

 1

INFORMATION SECURITY 

1.INTRODUCTION: As of January 2008, the internet connected an estimated 541.7

million computers in more than 250 countries on every continent, even Antarctica . The internet

is not a single network, but a worldwide collection of loosely connected networks that are

accessible by individual computer hosts, in a variety of ways, to anyone with a computer

and a network connection. Thus, individuals and organizations can reach any point on the

internet without regard to national or geographic boundaries or time of day.

However, along with the convenience and easy access to

information come risks. Among them are the risks that valuable information will be lost, stolen,

changed, or misused. If information is recorded electronically and is available on networked

computers, it is more vulnerable than if the same information is printed on paper and locked in a

file cabinet. Intruders do not need to enter an office or home; they may not even be in the same

country. They can steal or tamper with information without touching a piece of paper or a

photocopier. They can also create new electronic files, run their own programs, and hide

evidence of their unauthorized activity.

2.What is Information Security (IS) about? Everyone: 

Information Security has three primary goals, known as the security triad:

Confidentiality :

Making sure that those who should not see your information, can not see it.

Integrity :

Making sure the information has not been changed from how it was intended to be.

Availability :Making sure that the information is available for use when you need it.

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 2/16

 2

As you can see, the security triad can be remembered as the letters CIA. These principals are

simplistic when broken down, but when you think about it more in depth, all steps taken within

security are to help complete one or more of these three security goals.

When most people think about Information Security, they will generally

only think of the first item, Confidentiality, and for good reason, since that's all the media seems to think

security is about. Confidentiality is also, ironically, the one of the three goals you most often do not

need. A public web-site does not want to be confidential, it would defeat the point of being public. In

order to promote Confidentiality, you have several tools at your disposal, depending on the nature of 

the information. Encryption is the most commonly thought of method used to promote Confidentiality,

but other methods include Access Control Lists (ACLs) that keep people from having access to

information, using smart cards plus pin numbers to prevent unauthorized people into your building and

looking around, or even explaining to your employees what information about the company they can

and can not disclose over the phone .

Integrity is the part of the triad that affects the most people in the IT

world, but few seem to notice it, and fewer still think of it as a security issue. The files on your

operating system must maintain a high level of integrity, but worms ,viruses and trojans are a

major issue in IT, and can also be a way that an attacker can get information out of your network,

or inject his own information into it. And integrity is not just about malicious parties, it also

covers items such as disk errors, or accidental changes made to files by unauthorized users.

Access control lists (ACLs), physical security, and regular backups all fall under integrity .

Availability is the part of the triad most administrators have to

worry about at work, and with good reason. It's the most common, and most visible, part of the

security triad and it is part of the job duties of just about every administrator, even non-security

based ones. It's mostly about system uptime for them, but it can also cover subjects such as

accidentally denying a user access to a resource they should have, having a user locked out of the

front door because the biometrics does not recognize his fingerprints (False negative), or even

major issues such as natural disasters, and how the company should recover in case of one.

3. How do I protect my information?

 Now that you know the goals of security, you may ask: “how do I apply them?” Well, first, you

must decide what needs protected. In other words, you need audit all of your assets, from

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 3/16

 3

information stored on servers to physical items such as staplers, if your duties call for it. Since

most people reading this are applying the principals here just to information security, we will

first focuson information classifications. There are many different ways of classifying

information, but many of them follow the same basic principals.

According to Microsoft's view of information, there are four types of information:

● Public 

● Internal 

● Confidential 

● Secret 

While it may not be as cool as remembering CIA, the word PICS should help you remember

these four data types. But remember, while Microsoft and others use these classifications of data,

not all groups follow this as a standard. In other words, it's just not as wide spread as the talk 

about the CIA model, and some companies may use their own models.

Depending on the type of data, security is compromised just by exposing the

information to others. With other types of data, however, damage is only done if the data was

altered or unavailable. Here is a more in-depth explanation of the four major data types:

PUBLIC INFORMATION:

Public data is designed to be shown, so there is no

reason to protect it from being seen, and thus confidentiality is not a concern. If Public data is

changed or destroyed, however, you lose something you can remember by the letters PTR,or

PoinTeR: Prestige, Trust, and Revenue. Public data needs to be accessible, but only a few users

or machines should be able to change it.

Examples of Public data for businesses may be information on your company web site or any

documentation sent to all consumers of your product or services. For home users it may be your

personal homepage, or something akin to a myspace page. While it would do no harm for this

data to be seen by others, if this data was changed in transit, the results could be disastrous.And

funny. Must mostly disastrous.

INTERNAL INFORMATION:

Internal data, also called Private data, is data that company workers

generally know, but outsiders should not know.It's items such as PINs (Personal Identification

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 4/16

 4

Numbers) for doors if everyone shares the same pin, the location of some rooms within the

building (such as server rooms or wiring cabinets), or internal procedures of the company. It’s

information that most company workers can find out, or may even need to know. Discovering

this information is normally not a risk in itself, but it allows for better attacks. The main risk is

modification, either by an outside force such as an attacker, or most cases, accidentally by an

internal user . Security breaches of this type of information will generally affect the operations of 

a business, and not much else. Most files on your OS would actually fall under this, as damage to

them will only affect operations. Keep in mind, however, that internal data can also be a stepping

stone to launch attacks on other, more secure, forms of data. On the flip side removing internal

data from the view of workers can cause damages to business operations, performing a form of 

Denial of Service (DoS) attack. For a home user, Private data could be where you store your

keys, security codes for home security systems, to even less obvious items.

CONFIDENTIAL INFORMATION:

Confidential data is the data used by a limited

number of internal users, and should not be known to the majority of workers. This is the class

Human Resources (HR) data and payroll information falls under. Read access to this data is

limited to a few users, and write access is generally restricted even more. If this becomes public

internally, Operations and Internal Trusts are at stake, while if reviled externally, you once again

lose PTR, along with Operations and Internal Trusts. OS files dealing with security also fall intothis area in most cases. Confidential data is just a few steps away from Secret data, and like

Secret, it needs to be protected. For a home user this could be some emails you've wrote, your

browser history, or a folder containing pictures and movies the rest of the household wouldn't

approve of.

SECRET INFORMATION:

Secret data is the data most people think of when they hear about

breaches in information. This data is your trade secrets, intellectual property, and External

Secrets, such as info held in trust for others (partner company's, or customers). Loss of this data

may cause critical damage to the company, and could very well be the downfall of it. Besides the

PTR loss, and maybe loss of operations, there's fines and legal actions to think of in most cases.

While this may seem like only businesses would have data that fall in these four classes, all

information can be placed inside them, sometimes into more then one class. As stated before,

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 5/16

 5

most of the files used by your operating system would fall under Internal data. It’s not something

that needs to be kept secret so much as needs to be kept from being changed. Music files on your

machine? They have an effect on the operation of how you run your life, and so fall under

operations. Credit card information could be considered secret data as well.

4. COMMON ATTACKS: 

Without security measures and controls in place, your data might be subjected to an attack. Some

attacks are passive, meaning information is monitored; others are active, meaning the

information is altered with intent to corrupt or destroy the data or the network itself.

Your networks and data are vulnerable to any of the following types of attacks if you do not have

a security plan in place.

Access Attack

Access Attack is the act of secretly listening to the private conversation of others without their

consent. This attack can also be done over telephone lines, email, instant messaging, and other

methods of communication considered private

Modification:

Modification attack is an attempt to modify information that an attacker is not authorized to

modify.

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 6/16

 6

Repudiation Attack: 

Repudiation or masquerading is a technique that hides an entire address space, usually consisting

of private network addresses

Denial of service

Unlike a password-based attack, the denial-of-service attack prevents normal use of your

computer or network by valid users.

After gaining access to your network, the attacker can do any of the following:

  Randomize the attention of your internal Information Systems staff so that they do not

see the intrusion immediately, which allows the attacker to make more attacks during the

diversion.

  Send invalid data to applications or network services, which causes abormal termination

or behavior of the applications or services.

  Flood a computer or the entire network with traffic until a shutdown occurs because of 

the overload.

  Block traffic, which results in a loss of access to network resources by authorized users.

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 7/16

 7

5.TOOLS:

Viruses:

Computer viruses are software programs deliberately designed to: interfere with computer

operation; record, corrupt, or delete data; or spread themselves to other computers and

throughout the Internet, often slowing things down and causing other problems in the process.

How do viruses work?

Basic viruses typically require unwary computer users to inadvertently share or send them.

Some viruses that are more sophisticated, such as worms, can replicate and send themselves

automatically to other computers by controlling other software programs, such as an e-mail

sharing application. Certain viruses, called Trojans (named after the fabled Trojan horse), can

falsely appear as a beneficial program to coax users into downloading them. Some Trojans can

even provide expected results while quietly damaging your system or other networked

computers at the same time.

How Can I Protect My Computer From Viruses?

Install an antivirus program and keep it updated. University Technology Services has purchased

a volume license for antivirus software and made it available for download by students, staff and

faculty.

Keeping antivirus programs updated is imperative. Because new viruses are released every day,

there's always some risk that your computer will be infected by a virus that your antivirusprogram does not "know" about. Unless a rapidly-spreading virus is released, you should be

reasonably safe if you update your antivirus program weekly.

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 8/16

 8

How Do I Know If My Computer Is Infected By A Virus?

In a perfect world, your antivirus software will warn you of an infection. However, that may not

happen if you have not been downloading updates or if your antivirus software stops functioning

for some reason. (For example, some viruses attack antivirus software).

There's no single symptom for virus infections. Some viruses inform you themselves by

displaying messages like, "Ha, ha, you're infected by whatever." Others just usurp system and

network resources to do things like send e-mail messages or propagate themselves over the

network. Still others delete or corrupt critical files. If your computer starts performing differently

for no apparent reason, it may be infected by a virus.

Worms:

Worms? What are they?

Worms are programs that make copies of themselves in different places on a computer. The

objective of this type of malware is usually to saturate computers and networks, preventing them

from being used. Unlike viruses, worms don’t infect files. 

What do they do?

The main objective of worms is to spread and infect as many computers as possible. They do this

by creating copies of themselves on infected computers, which then spread to other computers by

several channels including email, P2P programs and instant messaging, among others.

Worms often use social engineering techniques. To do so, malware creators use attractive names

to camouflage the malicious files. Most of these names relate to sex, famous people, pirate

software, current affairs or generally try to appeal to people’s morbid curiosity. 

The use of these techniques significantly increases around dates such as Valentine’s Day,

Christmas and Halloween.

Evolution of Worms:

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 9/16

 9

Worms have also been adapted to fit the new malware dynamic. Previously, worms were

designed largely to achieve notoriety for the creators, and were therefore programmed to spread

massively and infect computers around the world.

Now, however, worms are more geared towards generating financial gain. They are used to

create massive botnets which control thousands of computers around the world. Cyber-crooks

then send commands to these computers (zombies) to send spam, launch denial of service

attacks, download malicious files, etc. Conficker or The Gaobot or Sdbot  families are just a few

examples of this type of worm. In the following statistics you can chack out the importance of 

this type of malware nowadays:

At present, there are thousands upon thousands of  computers being used as zombies without their

owners realizing. These compromised computers can still be used normally, and so often the

only indication of the infection is reduced performance.

How can you protect yourself from Worms?

There are a series of basic measures that users can take to ensure that computers are

protected against worms:

  Scanning any potentially suspicious files with an antivirus solution.

  Keeping antivirus programs up-to-date and, if you don’t have an antivirus, you can

install any of  Panda Security’s antivirus solutions to give you full protection against

these and other threats.

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 10/16

 10

  Running a free antivirus scan of your computer to check whether it is worm-free.

TROJANS:The effects of the Trojans can be very dangerous, taking into account their evolution in the last

years. Here you can find all the information regarding them.

Trojans? What are they?

The main objective of this type of malware is to install other applications on the infected  

computer, so it can be controlled from other computers.

Trojans do not spread by themselves, and as their name suggests, like the astute Greeks in their

attack on Troy, these malicious codes reach computers in the guise of an apparently harmless  

program, which, in many cases, when executed releases a second program, the Trojan itself.

Currently, the percentage of malware traffic represented by the Trojans worldwide

is: Worm: 14.04%

What do they do?

The effects of Trojans can be highly dangerous. Like viruses, they can destroy files orinformation on hard disks. They can also capture and resend confidential data to an external

address or open communication ports, allowing an intruder to control the computer remotely.

Additionally, they can capture keystrokes or record passwords entered by users. Given all these

characteristics, they are frequently used by cyber-crooks, for example, to steal confidential

banking information.

Evolution

Trojans were designed initially to cause as much damage as possible on the compromised

computer. They were designed to format disks or eliminate system files, although they were not

widely noticed, as at that time malware creators were looking to cause widespread epidemics,

and Trojans could not spread by themselves. One such example was Autorooter.

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 11/16

 11

In recent years, thanks to the massive uptake of the Internet, the trend has changed and cyber-

crooks have seen the use of this type of malware for stealing bank details, usernames and

passwords, personal information, etc. In fact, this has led to the creation of new categories of 

malware: Banker Trojans and Spyware. 

Within the banker Trojan category, one example which has been highly active recently is

Trj/Sinowal, a kit sold on some Russian forums which allows the buyer to create bespoke banker

Trojans to launch an attack.

At PandaLabs we have observed a worrying increase in the production of banker Trojans, as

illustrated in the following graph. Trojans currently account for 70% of all malware we receive at

the laboratory.

How can you protect yourself?

To protect yourself against this ubiquitous type of malware, we offer a series of practical tips:

  Don’t download content from dubious or unknown websites. 

  Keep a close eye on downloads made over P2P networks.

  Keep antivirus programs up-to-date and, if you don’t have an antivirus, you can install any of 

Panda Security’s antivirus solutions to give you full protection against these and other 

threats.

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 12/16

 12

  Run a free antivirus scan of  

5.SECURITY MECHANISMS: 

Firewalls:

Firewalls are computer security systems that protect your office/home PCs or

your network from intruders, hackers & malicious code. Firewalls protect you from

offensive software that may come to reside on your systems or from prying hackers. In a

day and age when online security concerns are the top priority of the computer users,

Firewalls provide you with the necessary safety and protection. 

WHAT EXACTLY THEY WORK?

Firewalls are software programs or hardware devices that filter the traffic that flows into you PC

or your network through a internet connection. They sift through the data flow & block that

which they deem (based on how & for what you have tuned the firewall) harmful to your

network or computer system.

When connected to the internet, even a standalone PC or a network of interconnected computers

make easy targets for malicious software & unscrupulous hackers. A firewall can offer the

security that makes you less vulnerable and also protect your data from being compromised or

your computers being taken hostage.

How do they work?

Firewalls are setup at every connection to the Internet, therefore subjecting all data flow to

careful monitoring. Firewalls can also be tuned to follow "rules". These Rules are simply

security rules that can be set up by yourself or by the network administrators to allow traffic to

their web servers, FTP servers, Telnet servers, thereby giving the computer

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 13/16

 13

owners/administrators immense control over the traffic that flows in & out of their systems or

networks.

Rules will decide who can connect to the internet, what kind of connections can be made, which

or what kind of files can be transmitted in out. Basically all traffic in & out can be watched and

controlled thus giving the firewall installer a high level of security & protection.

Types of Firewall 

  Software firewalls

New generation Operating systems come with built in firewalls or you canbuy a firewall software for the computer that accesses the internet or acts as the gateway

to your home network.

  Hardware firewalls

Hardware firewalls are usually routers with a built in Ethernet card and

hub. Your computer or computers on your network connect to this router & access the

web.

CRYPTOGRAPHY:

What Is Cryptography?

Cryptography is the science of providing security for information. It has been

used historically as a means of providing secure communication between individuals,

government agencies, and military forces. Today, cryptography is a cornerstone of the modern

security technologies used to protect information and resources on both open and closed

networks.

Basic Components of Modern Cryptography

Modern electronic cryptosystems use complex mathematical algorithms and other techniques and

mechanisms to provide network and information security. Cryptography-based security

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 14/16

 14

technologies commonly use one or more of the following basic components to provide security

functions:

  Encryption algorithms

  Message digest functions

  Hashed Message Authentication Code (HMAC) functions

  Secret key exchange algorithms

  Digital signatures

Risk Factors for Cryptography Systems

There is no simple formula for determining how safe a specific cryptosystem is from attacks and

potential security compromises. However, the following factors affect the risk of successful

attacks on cryptosystems:

  Symmetric key length

  Public key length

  Key lifetimes

  Amount of plaintext known to attackers

  Strength of the security technology implementation

  Randomness of generated key

  Strength of the security protocols

AUTHENTICATION:

  Proving that you are who you say you are, where you say you are, at the time you say it

is.

  Authentication may be obtained by the provision of a password or a scan of your retina.

Authentication is the process of determining whether someone or something is, in fact,

who or what it is declared to be. To access most technology services of Indiana

University, you must provide such proof of identity. 

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 15/16

 15

INTRUSION DETECTION SYSTEM(IDS):

Intrusion detection system is a device or software application that

monitors network and/or system activities for malicious activities or policy violations and

produces reports to a Management Station. Some systems may attempt to stop an intrusion

attempt but this is neither required nor expected of a monitoring system Intrusion detection and

prevention systems (IDPS) are primarily focused on identifying possible incidents, logging

information about them, and reporting attempts. In addition, organizations use IDPSes for other

purposes, such as identifying problems with security policies, documenting existing threats, and

deterring individuals from violating security policies. IDPSes have become a necessary addition

to the security infrastructure of nearly every organization. 

Types:For the purpose of dealing with IT, there are two main types of IDS:

Network intrusion detection system (NIDS)

It is an independent platform that identifies intrusions by examining network traffic and

monitors multiple hosts. Network intrusion detection systems gain access to network 

traffic by connecting to anetwork hub, network switch configured for port mirroring, 

or network tap. In a NIDS, sensors are located at choke points in the network to be

monitored, often in the demilitarized zone (DMZ) or at network borders. Sensors capture

all network traffic and analyzes the content of individual packets for malicious traffic. An

example of a NIDS is Snort. 

Host-based intrusion detection system (HIDS)

It consists of an agent on a host that identifies intrusions by analyzing system calls,

application logs, file-system modifications (binaries, password files, capability

databases, Access control lists, etc.) and other host activities and state. In a HIDS, sensors

usually consist of a software agent. Some application-based IDS are also part of this

category. An example of a HIDS is OSSEC. 

Stack-based intrusion detection system (SIDS)

This type of system consists of an evolution to the HIDS systems. The packets are

examined as they go through the TCP/IP stack and, therefore, it is not necessary for them

to work with the network interface in promiscuous mode. This fact makes its

implementation to be dependent on the Operating System that is being used.

8/2/2019 Sri Lath A

http://slidepdf.com/reader/full/sri-lath-a 16/16

 16

Intrusion detection systems can also be system-specific using custom tools and honeypots. 

CONCLUSIONS:

Information security is the ongoing process of exercising due care and due diligence to protect

information, and information systems, from unauthorized access, use, disclosure, destruction,

modification, or disruption or distribution. The never ending process of information security

involves ongoing training, assessment, protection, monitoring & detection, incident response &

repair, documentation, and review. This makes information security an indispensable part of all

the business operations across different domains.