Intrusion Detection System

• Intruder: A person who tries to gain unauthorised access

• Intrusion: Any unauthorised acees is Intrusion.
• IDS: is used for monitoring the network traffic for
performance problems, illegal or malicious activities and
attempts of unauthorised access.
• Two Types: Outside Intruder (Masquerader)
Inside Intruder (Misfeasor)
Outside Intruder: User with no authority to access the
network or system and try to penetrates the system as a
legitimate user.
Inside Intruder: User with permission to access limited
application. It is a legitimate user but misuses the
privileges.
 Information Assurance
• Information assurance defines and applies a collection
of policies, standards, methodologies, services, and
mechanisms to maintain mission integrity with respect to
people, process, technology, information, and
supporting infrastructure.
• Information assurance provides for confidentiality,
integrity, availability, possession, utility, authenticity,
nonrepudiation, authorized use, and privacy of
information in all forms and during all exchanges.
 IA Core Principles
• Confidentiality
– ensures the disclosure of information only
. Integrity
– ensures that information remains in its original form;
information remains true to the creators intention.
• Availability
– information or information resource is ready for use
within stated operational parameters
. Possession
– information or information resource remains in the
custody of authorized personnel
• Authenticity
– information or information resources conforms to reality;
it is not misrepresented as something it is not
Scope of IA
 Three dimension of IA model

• Information state
• Security services
• Security countermeasures
Information Assurance Model
 Information Assurance versus
Information Security
• Both involve people, processes, techniques, and
technology Information assurance and information
security are often used interchangeably.
• Information Security is focused on the confidentiality,
integrity, and availability of information (electronic and
non-electronic)
• IA has broader implications and explicitly includes
reliability, access control, and nonrepudiation as well as
a strong emphasis on strategic risk management
• ISO information security management standards (ISMS)
are more closely aligned with IA
 Cyber Security
• Cyber security is the protection of information
and information systems against the potential
threats on the internet
• Cyber security means securing the information
related to the use of internet
• Security on the internet must involve information
or information system.
• Specific measure to maintain cyber security
– Viruses and identity threat
– Protection of applications and individual privacy
– Protection from online Predators and cyberbullies
(cyberharassment)
 Principles of Cyber Security

• Data Confidentiality
• Data Integrity
• Authenticity
• Availability
• Non-repudiation
 Tools & Techniques in Cyber Security
• Authentication: Intends to verify the identity of user
based on the credentials stored in the security
domain of the system.
• Encryption: Encoding and decoding of data with
proper key.
• Digital Signatures: A digital signature is a
mathematical technique used to validate the
authenticity and integrity of a message, software or
digital document.
• Anti-virus: Prevents the installation of virus in system
and also scans the system for the viruses that had
already installed.
• Firewall: Hinder any attempt of unauthorized access
to a computer or network.
 Why is Cyber Security
Important?
• Governments, military, corporations, financial
institutions, hospitals and other businesses collect,
process and store a great deal of confidential
information on computers and transmit that data
across networks to other computers.
• With the growing volume and sophistication of
cyber attacks, ongoing attention is required to
protect sensitive business and personal
information, as well as safeguard national
security.
 Cyber Crime
• Cyber crime is criminal activity done using
computers and the internet. It may be downloading
illegal movies, music files, stealing from bank
accounts, creating viruses and many more.
• These crimes categorised into three broad areas:
• i) Attacks against computer hardware & softwares.
E.g Viruses, malware and network intrusion.
• ii) Financial crimes such as online fraud.
• iii) Abusing in the form of grooming and
exploitation.
 Types of Cyber Crimes
• Hacking: Uses a variety of software to enter a
person’s computer and access his personal or
sensitive information.
• Theft: Person violates copyrights and downloads
music, movies, games and softwares.
• Cyber Stalking: Kind of online harassment through
online messages and e-mails.
• Identity Theft: A criminal accesses data about a
person’s bank account, credit card or other details
and buy things in the victims name.
• Malicious Software: Internet based software or
programs that are used to disrupt a network.
 Categorization of Cyber Crimes
• Individual: Can be in the form of cyber stalking,
distributing pornography, trafficking and grooming.
Can be the victim of hacking, theft, identity theft and
malicious software.
• Property: Criminals can steal and rob in real world,
Just like cyber criminals can steal a person’s bank
details, misuse the credit card, run a scam to get
innocent people to part with their hard earned money.
• Government: Crimes against a government are
referred to as cyber terrorism. It can wreak havoc and
cause panic to civilians. Criminals can hack
government website, military websites or circulate
propaganda.
 Cyber bullies & Predators
• Cyber Bullying is the use of information technology to
repeatedly harm or harass other people in a deliberate
manner.
• Includes posting rumours, gossips or publishing
materials severely defaming & humiliating them.
• Forms of Cyber bullying includes:
• i) Flaming: Online fights.
• ii) Harassment: Direct hurtful messages.
• iii) Denigration: Harmful material posted
• iv) Outing: Sending or posting private damaging digital
material
• V)Trickery: Tricking someone into providing damaging
digital material that is then disseminated.
 Cyber bullies & Predators
• Vi) Exclusion: Excluding someone from an online
group.
• Vii) Cyber Stalking: Acts that generates fear.

• Cyber Predator: Uses the internet to hunt for victims to

take advantage of any way including emotionally,
psychologically, financially or sexually.
• Cyber predators know how to manipulate children,
creating trust and friendship where none should exist.
• Predators have easy and anonymous access to
children online where they can conceal their identity
and roam without limit.
 Security Risk Analysis
• Risk: a quantified measure of the likelihood of a threat being
realised.
• Risk Analysis involves the identification and assessment of
the levels of risk, calculated from
– Values of assets
– Threats to the assets
– Their vulnerabilities and likelihood of exploitation
• Risk Management involves the identification, selection and
adoption of security measures justified by
– The identified risks to assets
– The reduction of these risks to acceptable levels
 Security Risk Analysis
• Security risk analysis, otherwise known as risk
assessment, is fundamental to the security of any
organization. It is essential in ensuring that controls
and expenditure are fully commensurate with the
risks to which the organization is exposed.
 Goals of Risk Analysis
• All assets have been identified
• All threats have been identified
– Their impact on assets has been valued

• All vulnerabilities have been identified and

assessed
 Common Terminology of
Security risk analysis
• Assets
• Threats
• Vulnerabilities
• Countermeasures
• Expected losses
• impact
 Key elements of risk analysis
• Impact statement
• Effectiveness measure
• Recommended countermeasures
 Risk Assessment

Business Objectives:

• FOCUS on key assets

• PROTECT against likely threats
• PRIORITISE future actions
• BALANCE cost with benefits
• IDENTIFY / JUSTIFY appropriate
 Risk Impact

• Monetary losses
• Loss of personal privacy
• Loss of commercial confidentiality
• Legal actions
• Public embarrassment
• Danger to personal safety
 Security Risk Analysis Steps
• Step 1: Identify and evaluate assets.
To list all the things that could be affected by a security
problem not only monetary but also good will and
customer satisfaction.
• Step 2: Identify applicable threats.
Involves the identification and description of threats that
how often they are likely to occur.
• Step 3: Identify / Describe vulnerabilities
Level of risk is determined by analysing the
interrelationship of threats and vulnerabilities. The level
of vulnerabilities decreases as countermeasures
increases.
 Security Risk Analysis Steps
• Step 4: Pair threats and vulnerabilities
A threat is any action with the potential to cause a negative
impact. If there were no threats to computer systems,
there would be no need to be concerned about computer
system vulnerabilities.
• Step 5: Determine the impact of threat
occurence.
When the exploitation of vulnerability occurs, the asset
suffers a loss. Losses can be of any type like disclosure,
destruction and denial of service.
• Step 6: In-place counter measures
List the countermeasures in any risk analysis process.
 Security Risk Analysis Steps
• Step 7: Determine residual risks (conclusions)
Refers to the level of risk that remains after giving credit for
the in-place countermeasures.
• Step 8:Identify additional countermeasures
(recommendations)
To identify the most effective and least costly way to
reduce risk to an acceptable level.
• Step 9: Prepare a risk analysis report.
To identify the information assets at risk and attach a value
to the risks, after the analysis is complete, a report may
be prepared for documenting the risk assessment.
 Problems of Measuring Risk
Businesses normally wish to measure in money, but
• Many of the entities do not allow this
– Valuation of assets
• Value of data and in-house software - no market value
• Value of goodwill and customer confidence
– Likelihood of threats
• How relevant is past data to the calculation of future
probabilities?
– The nature of future attacks is unpredictable
– The actions of future attackers are unpredictable
– Measurement of benefit from security measures
• Problems with the difference of two approximate
quantities
– How does an extra security measure affect a ~10-5