Professional Documents
Culture Documents
Basics of Information Security
Basics of Information Security
RINI SEN
CHANDRAJYOTI
Information security
Information security means protecting information & information systems from unauthorized access, use, disclosure, disruption, modification or destruction. Information security is concerned with confidentiality, integrity & availability of data regardless of the form the data may take electronic, print or other forms.
Need of security
Reduce the risk of systems & organizations ceasing operations. Maintaining information confidentiality.
Basics principles
Confidentiality
Integrity Availability Authenticity Non-repudiation
TYPES OF ATTACKS
1.
EAVESDROPPING: The majority of network communication occur in an unsecured or cleartext form, which allows an attacker who has gained access to data paths in network to listen in or interpret the traffic. without strong encryption services data can be read by others as it traverses the network. IDENTITY SPOOFING: most network use the IP address of a computer to identify the valid entry. An attacker may also use special program to construct IP address that appear to originate from valid addresses inside the corporate intranet , and can modify , reroute or delete data.
2.
EAVESDROPPING
SPOOFING
3. PASSWORD BASED ATTACK: A common denominator of most operating system and network security plans is password based access control. This means access rights to a computer and network resources are determined by identity i.e, user name and password.
4. DENIAL OF SERVICE ATTACK: Unlike a password-based attack, the denial-of-service attack prevents normal use of your computer or network by valid users.
After gaining access to your network, the attacker can do any of the following:
Block traffic
DENIAL OF SERVICE
SNIFFING
by deliberately causing a fault in a servers operating system or application .This result in the attacker gaining the ability to bypass normal access control.
8.COMPROMISED-KEY
ATTACK:
A key is a secret code or number necessary to interpret secured information. Although obtaining a key is a difficult and resourceintensive process for an attacker, it is possible. After an attacker obtains a key, that key is referred to as a compromised key.
An attacker uses the compromised key to gain access to a secured communication without the sender or receiver being aware of the attack. With the compromised key, the attacker can decrypt or modify data, and try to use the compromised key to compute additional keys, which might allow the attacker access to other secured communications.
VIRUSES
A virus is computer program that can copy itself and infect a computer without the permission or knowledge of the owner.
Infection strategies
Viruses can be divided into two types based on their behavior when they are executed :
Slow infectors
Virus Control
User Apathy Insufficient security control Misuse of available security features Weaknesses in operating system Unauthorized use Anonymity of networks
Training seminars Security experts Monitoring user and network activity Emergency policies Limited sharing External storage policy
Fast infection of viruses Slow scan Ineffective for hidden Viruses Complexity False Alarm
Hacker
Hacker is a term used by some to mean "a clever programmer" and by others, especially those in popular media, to mean "someone who tries to break into computer systems."
Types of hackers
Professional hackers
Black Hats the Bad Guys White Hats Professional Security Experts
Script kiddies
Mostly kids/students User tools created by black hats,
To get free stuff Impress their peers Not get caught
Types of Hackers
Ideological Hackers
hack as a mechanism to promote some political or ideological purpose Usually coincide with political events
Criminal Hackers
Real criminals, are in it for whatever they can get no matter who it hurts
Corporate Spies
Are relatively rare
Disgruntled Employees
Most dangerous to an enterprise as they are insiders Since many companies subcontract their network services a disgruntled
vendor could be very dangerous to the host enterprise
Traditional offences
Intimidation Criminal Harassment and Threats of all Kinds Identity Theft Internet Sales Fraud Telemarketing
Spamming
Spyware
Pop-up ads Cookies