Top Banner

of 29

ch_1_Intro

Oct 15, 2014

ReportDownload

Documents

akash-shah

Information Security

Course Curriculum: Subjects Offered

Information Security

2

Teaching Scheme

Sr. No. 1

Subject

Teaching Scheme (Hours) Theory Tutorial 2 Practical 0

Credits

Major Elective-I Information Security

3

4

Information Security

3

Evaluation Scheme : Examination

Information Security

4

Syllabus : Unit-I

Cryptography and Data Security Information assurance issues Threats to authentication, privacy and integrity, Generating MD5 hash collisions Approaches to cryptography Symmetric vs. asymmetric ciphers Issues for secret key encryption Public key fixes to secret key problems Hashing and digital signatures Generating and exchanging keys Authentication via key ownership Non-repudiation using digital signatures Digital signatures in the real world Key distribution and management E-voting

Information Security

5

Syllabus : Unit-II

Intrusion Detection Overview Host based intrusion detection systems Network based intrusion detection systems IDS as part of the overall Security System IDS Signatures and Analysis Schemes for Intrusion Detection Systems Anomaly detection Expert Systems Tools for packet analysis and intrusion detection Some intrusion detection tools (Snort, Windump, Ethereal etc.) Case Reports of various attack strategies Implementation Issues Future directions

Information Security

6

Reference Books

1. Intrusion Detection & Prevention by Carl Endorf, Eugene Schultz, Jim Mellander, Jack Kozio. Mcgraw Hill publication 2. Network Intrusion Detection (3Edition) by Stephen Northcutt and Judy Novak ISBN 0735712654 3. Snort 2.1 Intrusion Detection (Book with CD-ROM) by Jay Beale, Caswell syngress. 4. William Stallings; Cryptography and Network Security, Pearson publication, 4 edition, 2004 5 . William Stallings; Network Secuirty Essentials, Pearson publication, 2005. 6. A. Menezes, P. van Oorschot, and S. Vanstone; Handbook of Applied Cryptography, CRC Press, 1996 -www.cacr.math.uwaterloo.ca/hac

Information Security

7

Reference Books

Cryptography and Network Security by William Stallings; Pearson publication, 4 edition, 2004 Ch-1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12.1, 12.2, 13 Information Security-Theory and Practice by Dhiren R. Patel, PHI. Assessing network security-Microsoft, PHI, By-Kevin lan, David le blane Ch-24, 25, 26, 27 Network security Bible Ch-13,17(pp 568 to 572)

Information Security

8

Practical Work

Implementation of all classical ciphers study of Linux security and Linux commands Algorithm implementation(MD5) Study of NetBIOS and net commands Study of PGP utility URL scan Study of Ethereal (Wire shark) Study of SNORT and SNORT db Study of windump

Information Security

9

Introduction

Information is the most critical resource for many organizations so it must be protected. Due to the growth of networked data, security attacks have become a dominant problem in practically all information infrastructures. Computer Security: generic name for the collection of tools designed to protect data and to thwart hackers Network Security: measures to protect data during their transmission Internet Security: measures to protect data during their transmission over a collection of interconnected networks

Information Security

10

Introduction (Conti)

Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, and entity/data origin authentication. A Cryptosystem is a general term referring to a set of cryptographic primitives used to provide information security services. Cryptanalysis is the study of mathematical techniques for attempting to defeat cryptographic techniques that provide information security services. Cryptology is the study of cryptography and cryptanalysis. The name cryptology is a combination of the Greek words cruptos(=hidden) and logos(=study, science). So, the word cryptology literally means the science of secret writing.

Information Security

11

Security Attacks

Any action that compromises the security of information owned by an organization Information security is about how to prevent attacks, or failing that, to detect attacks on information-based systems Two types of attacks are there

Passive attack Active attack

Information Security

12

Security Attacks (Cont)

Information Security

13

Security Attacks (Cont)

Passive attackUnauthorized reading of a message of a file Traffic analysis

Information Security

14

Security Attacks (Cont)

Passive attacks are very difficult to detect because they do not involve any alternation of the data Typically, the message traffic is sent and received in an apparently normal fashion and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern However, it is feasible to prevent the success of these attacks, usually by means of encryption Thus, the emphasis in dealing with passive attacks is on prevention rather than detection

Information Security

15

Security Attacks (Cont)

Active attacksActive attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: Masquerade Replay Modification of messages Denial of service

Information Security

16

Security Attacks (Cont)

A masquerade takes place when one entity pretends to be a different entity For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.

Information Security

17

Security Attacks (Cont)

Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect

Information Security

18

Security Attacks (Cont)

Modification of message simply means that some portion of a legitimate message is altered, or that message are delayed or reordered, to produce an unauthorized effect The denial of service prevents or inhibits the normal use or management of communications facilities This attack may have a specific target; for example, an entity may suppress all messages directed to a particular destination Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance

Information Security

19

Security Attacks (Cont)

Active attacks present the opposite characteristic of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely, because of the wide variety of potential physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delay caused by them. If the detection has a deterrent effect, it may also contribute to prevention.

Information Security

20

Information Security Objectives

Confidentiality or privacyKeeping information secret from all but those who are authorized to see it Privacy involves protecting data from unauthorized individuals while in transit or in the store When data travels across a network, especially the internet, it may travel through many intermediate organizations and their devices, such as routers During this process, data packets may be intercepted intentionally or accidentally, or misdirected, and privacy can be lost.

Data integrityEnsuring that information has not been altered by unauthorized or unknown means. Data integrity provides protection against alteration in an unauthorized manner since the time it was created, transmitted, or stored by an authorized source.

Information Security

21

Information Security Objectives (Conti)

Ensuring the integrity of information requires being able to detect corruption or change to even a single bit of transferred or stored data

Entity authentication or identificationConformation of the identity of an entity. Authentication deals with the confirmation of the identity of a user or devices, such as an employee, customer, partner, or a smart card before allowing access to a system or permitting the completion of a transaction.

Non-repudiationPreventing the denial of previous commitments or actions. Non-repudiation requires mechanisms similar to a personal signature on a cheque or contract to prevent the denial of previous commitments or actions.

Information Security

22

Information Security Objectives (Conti)

Additional Information security objectives are: Message authentication: validation of the source of information; also known as data origin authentication Authorization: Transference to another entity of official sanction, to do or be something. Validation: A means to provide timeliness of authorization to use or manipulate information or resources. Access Control: restricting access to resources to privileged entities.

Information Security

23

Information Security Objectives (Conti)

Certification: Endorsement of information by trusted entity. Time-stamping: Recording the time of creation or existence of information. Witnessing: Verifying the creation of existence of information by an entity other than the creator. Rec