Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:[email protected].

Information Security Information Security

ByBy

Bhupendra Ratha, LecturerBhupendra Ratha, LecturerSchool of Library & Information ScienceSchool of Library & Information Science

D.A.V.V., IndoreD.A.V.V., IndoreE-mail:[email protected]:[email protected]

Outline of Information SecurityOutline of Information Security IntroductionIntroduction Impact of informationImpact of information Need of Information Security.Need of Information Security. Objectives of Information Security.Objectives of Information Security. Areas of Information Security. Areas of Information Security. Types of attackersTypes of attackers Why attacks?Why attacks? Methods of Attacking on the InformationMethods of Attacking on the Information Methods of Defending the InformationMethods of Defending the Information Tips for the Information SecurityTips for the Information Security

IntroductionIntroduction

Information Security is a complicated area and can Information Security is a complicated area and can be addressed by well-trained and experienced be addressed by well-trained and experienced Professionals.Professionals.

““When there is an attack on the system with the When there is an attack on the system with the help of different threats, it means that our system help of different threats, it means that our system is working very slowly, damaged and our is working very slowly, damaged and our information are unsecured” is called Information information are unsecured” is called Information insecurity. This is a very big problem. insecurity. This is a very big problem.

The The Information SecurityInformation Security is the solution for it. is the solution for it.

Importance of InformationImportance of Information Our work is based on records (information).Our work is based on records (information). We spend minimum half our day with documentsWe spend minimum half our day with documents 15% of Rs. spent managing documents.15% of Rs. spent managing documents. Can’t work without data, record or informationCan’t work without data, record or information

Need of Information SecurityNeed of Information Security To privacy of our Data/InformationTo privacy of our Data/Information To safely data savingTo safely data saving Theft own Data/InformationTheft own Data/Information To avoid bad use of our dataTo avoid bad use of our data Lack of time Lack of time Lack of moneyLack of money Lack of human resourcesLack of human resources

Objectives of Data/Inf. SecurityObjectives of Data/Inf. Security

Objectives of Data/Info. security

Integrity

Confidentiality

Authenticity

Availability

Security AreasSecurity Areas

Basically three areas of securityBasically three areas of security

1.1. Physical securityPhysical security

2.2. Network securityNetwork security

3.3. Database SecurityDatabase Security

Physical SecurityPhysical Security Keep the servers in locked room with network and Keep the servers in locked room with network and

power cables snipped off.power cables snipped off. Security of other hardware and machinery Security of other hardware and machinery

Network SecurityNetwork Security Network security all entry points to a network should be guarded.Network security all entry points to a network should be guarded.

FirewallModem

Internet

Switch

Scanner

Workstation

Printer

ServerUnprotected Network

Protected LAN

Database SecurityDatabase Security

Database IntegrityDatabase Integrity User AuthenticationUser Authentication Access ControlAccess Control AvailabilityAvailability

Types of AttackersTypes of Attackers

HackersHackers Lone criminalsLone criminals PolicePolice Malicious insidersMalicious insiders Press/mediaPress/media TerroristsTerrorists Industrial espionage Industrial espionage National intelligence organizationsNational intelligence organizations Info warriorsInfo warriors

HackersHackers

– Attacks for the challengeAttacks for the challenge

– Own subculture with names, lingo and rulesOwn subculture with names, lingo and rules

– Stereotypically young, male and socially Stereotypically young, male and socially

– Can have considerable expertise and passion for Can have considerable expertise and passion for attacksattacks

Lone criminalsLone criminals

– Attack for financial gainAttack for financial gain

– Cause the bulk of computer-related crimesCause the bulk of computer-related crimes

– Usually target a single method for the attackUsually target a single method for the attack

Malicious insidersMalicious insiders

– Already inside the systemAlready inside the system

– Knows weaknesses and tendencies of the Knows weaknesses and tendencies of the organizationorganization

– Very difficult to catchVery difficult to catch

Press/mediaPress/media

– Gather information for a story to sell papers/ Gather information for a story to sell papers/ commercial timecommercial time

PolicePolice–Lines are sometimes crossed when gathering information Lines are sometimes crossed when gathering information to pursue a caseto pursue a case

TTerrorists

–Goal is disruption and damage. Goal is disruption and damage.

–Most have few resources and skilled.Most have few resources and skilled.

National Intelligence OrganizationsNational Intelligence Organizations

To investigation of different casesTo investigation of different cases

Industrial EspionageIndustrial Espionage

• To discover a competitors strategic marketingTo discover a competitors strategic marketing

Info warriorsInfo warriors– Military based group targeting information or Military based group targeting information or

networking infrastructuresnetworking infrastructures

– Lots of resourcesLots of resources

– Willing to take high risks for short term gainWilling to take high risks for short term gain

Why attacks?Why attacks?

To publicity To publicity To financial gainTo financial gain JealousnessJealousness To funTo fun To competition with the person of same fieldTo competition with the person of same field

Specific types of attacksSpecific types of attacks

Engineering attacksEngineering attacks Physical attacksPhysical attacks Environmental attacksEnvironmental attacks

Engineering attacksEngineering attacks VirusesViruses

String of computer code that attaches to other programs and replicatesString of computer code that attaches to other programs and replicates

WormsWorms Replicates itself to multiple systemsReplicates itself to multiple systems Rarely dangerous, mostly annoyingRarely dangerous, mostly annoying

Trojan HorsesTrojan Horses Collects information and sends to known site on the networkCollects information and sends to known site on the network Also can allow external takeover of your systemAlso can allow external takeover of your system

Cont…Cont…

Attacker

Virus

Our system

colleague

Cont..Cont..– Password sniffingPassword sniffing

Collect first parts of data packet and look for login Collect first parts of data packet and look for login attemptsattempts

– IP Spoofing IP Spoofing Fake packet to “hijack” a session and gain accessFake packet to “hijack” a session and gain access

-Port scanning-Port scanning Automated process that looks for open networking portsAutomated process that looks for open networking ports Logs positive hits for later exploitsLogs positive hits for later exploits

Physical attacksPhysical attacks

Equipment failure arising from defective Equipment failure arising from defective components.components.

Temperature and humidity.Temperature and humidity. Physical destruction of hardware and equipmentPhysical destruction of hardware and equipment Theft or sabotage.Theft or sabotage.

Environmental AttacksEnvironmental Attacks

Natural DisastersNatural Disasters

Fire, Earthquakes etc.Fire, Earthquakes etc.

Man-Made DisastersMan-Made Disasters

War, Chemical Leaks etc.War, Chemical Leaks etc.

Methods of Information Security ThreatsMethods of Information Security Threats

BackupsBackups Antivirus SoftwareAntivirus Software CryptographyCryptography BiometricsBiometrics Honey potsHoney pots Firewalls Firewalls Burglar alarmsBurglar alarms

Backups Backups

Backups allow us to restore damaged or Backups allow us to restore damaged or destroyed data.destroyed data.

We can set up backup servers on the network.We can set up backup servers on the network. Backup media are- Floppy disks, external hard Backup media are- Floppy disks, external hard

disks, ISP online backup.disks, ISP online backup.

AntivirusAntivirus

Antivirus is a program that we can install on Antivirus is a program that we can install on our computer to detect and remove viruses.our computer to detect and remove viruses.

It is used to scan hard disks, floppy disks, It is used to scan hard disks, floppy disks, CDs, for viruses and scan e-mail messages and CDs, for viruses and scan e-mail messages and individual files, downloads from the Net.individual files, downloads from the Net.

CryptographyCryptography

Cryptography is the art of converting info. Into a Cryptography is the art of converting info. Into a secret code that can be interpreted only by a person secret code that can be interpreted only by a person who knows how to decode it.who knows how to decode it.

Cipher text

Encrypted

Decrypted

Plain text

Example of CryptographyExample of Cryptography

Original message Sender

Original message Receiver

Encrypted Decrypted

BioinformaticsBioinformatics

The bioinformetics authentication process uses a The bioinformetics authentication process uses a person’s unique physical characteristics to person’s unique physical characteristics to authentically the identity.authentically the identity.

Bioinformatics authentication method fingerprint Bioinformatics authentication method fingerprint recognition, voice authentication, face recognition, recognition, voice authentication, face recognition, keystroke dynamics and retina.keystroke dynamics and retina.

FingerprintFingerprint RetinaRetina

Honey potsHoney pots

A honey pots is a tool used for detecting an A honey pots is a tool used for detecting an intrusion attempt.intrusion attempt.

A honey pots simulates a vulnerable computer A honey pots simulates a vulnerable computer on a network.on a network.

It contains no critical data or application but has It contains no critical data or application but has enough data to lure an intruder.enough data to lure an intruder.

Honey potsHoney pots

Honey potsIntruder

FirewallFirewall

A firewall is a tool for the network security A firewall is a tool for the network security that stand between trusted and entrusted that stand between trusted and entrusted networks and inspecting all traffic that flows networks and inspecting all traffic that flows between them.between them.

In simple language firewall is a filter In simple language firewall is a filter machine that monitors the type of traffic that machine that monitors the type of traffic that flows in and out of the network.flows in and out of the network.

Private network

FirewallFirewall

Internet

FirewallFirewall

Burglar alarmsBurglar alarms Traps set on specific networked objects that Traps set on specific networked objects that

go off if accessedgo off if accessed

Tips for information SecurityTips for information Security Use of strong passwordUse of strong password Adopt a security policy Adopt a security policy Use of anti-virus.Use of anti-virus. Information security officerInformation security officer Use of firewallsUse of firewalls Use of bioinformaticsUse of bioinformatics Beware to malicious insidersBeware to malicious insiders Security training Security training Use of other security toolsUse of other security tools