Information Security Concerns Software Vulnerabilties Network Security and Authentication Open Discussion Information Security Sukant Kole Advanced Centre for Informatics & Innovative Learning Indira Gandhi National Open University, New Delhi August 24, 2010 Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Information Security
Sukant Kole
Advanced Centre for Informatics & Innovative LearningIndira Gandhi National Open University, New Delhi
August 24, 2010
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
What is Information Security ?
Definition
Information Security means protection of information andinformation system from unauthorized access, modification andmisuse of information or destruction.
Impact of Weather Forecasting & Flight Scheduling System
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
What is Information Security ?
Definition
Information Security means protection of information andinformation system from unauthorized access, modification andmisuse of information or destruction.
Impact of Weather Forecasting & Flight Scheduling System
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Integrity
Confidentiality
Availability
Security
Privacy
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Integrity
Confidentiality
Availability
Security
Privacy
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Integrity
Confidentiality
Availability
Security
Privacy
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Integrity
Confidentiality
Availability
Security
Privacy
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Integrity
Confidentiality
Availability
Security
Privacy
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical
(Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical
(Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical (Malicious insiders, Careless Employees)
Network
Application
(Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical (Malicious insiders, Careless Employees)
Network
Application
(Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical (Malicious insiders, Careless Employees)
Network
Application
(Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices
Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices
Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Access restriction to datacentre, Security surveillance,Disaster Recovery
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
What is encryption ?
Definition
“....In cryptography, encryption is the process of transforminginformation (referred to as plaintext) using an algorithm (calledcipher) to make it unreadable to anyone except those possessingspecial knowledge, usually referred to as a key. The result of theprocess is encrypted information (in cryptography, referred to asciphertext....” (Source: Wikipedia)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
User Policies
(Password, Resource Access)
IT Policies (Backup, firewall, IDS & IPS)
General (Service License Agreement, Business Continuity)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
User Policies
(Password, Resource Access)
IT Policies (Backup, firewall, IDS & IPS)
General (Service License Agreement, Business Continuity)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
User Policies (Password, Resource Access)
IT Policies
(Backup, firewall, IDS & IPS)
General (Service License Agreement, Business Continuity)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
User Policies (Password, Resource Access)
IT Policies
(Backup, firewall, IDS & IPS)
General (Service License Agreement, Business Continuity)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
User Policies (Password, Resource Access)
IT Policies (Backup, firewall, IDS & IPS)
General
(Service License Agreement, Business Continuity)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
User Policies (Password, Resource Access)
IT Policies (Backup, firewall, IDS & IPS)
General
(Service License Agreement, Business Continuity)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
IntroductionAttributes of Information SecurityType of threatsTypes of security measuresEncryptionSecurity Policies
User Policies (Password, Resource Access)
IT Policies (Backup, firewall, IDS & IPS)
General (Service License Agreement, Business Continuity)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Introduction
Infection process
Viruses
Worm
(Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Introduction
Infection process
Viruses
Worm
(Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
What is network securityThreats to network securityTools of network securitySecure network devices
Definition
“....In the field of networking, the specialist area of networksecurity consists of the provisions and policies adopted by thenetwork administrator to prevent and monitor unauthorized access,misuse, modification, or denial of the computer network andnetwork-accessible resources....” (Source: Wikipedia)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
What is network securityThreats to network securityTools of network securitySecure network devices
Denial of Service (ARP Posioning, DNS Cache Poisoning,Packet flooding)
Unauthorized access to resources (unsecured LAN /WLANnetwork points)
MAC Spoofing, Man-in-the-middle attack
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
What is network securityThreats to network securityTools of network securitySecure network devices
Denial of Service (ARP Posioning, DNS Cache Poisoning,Packet flooding)
Unauthorized access to resources (unsecured LAN /WLANnetwork points)
MAC Spoofing, Man-in-the-middle attack
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
What is network securityThreats to network securityTools of network securitySecure network devices
Denial of Service (ARP Posioning, DNS Cache Poisoning,Packet flooding)
Unauthorized access to resources (unsecured LAN /WLANnetwork points)
MAC Spoofing, Man-in-the-middle attack
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
What is network securityThreats to network securityTools of network securitySecure network devices
Denial of Service (ARP Posioning, DNS Cache Poisoning,Packet flooding)
Unauthorized access to resources (unsecured LAN /WLANnetwork points)
MAC Spoofing, Man-in-the-middle attack
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
What is network securityThreats to network securityTools of network securitySecure network devices
Denial of Service (ARP Posioning, DNS Cache Poisoning,Packet flooding)
Unauthorized access to resources (unsecured LAN /WLANnetwork points)
MAC Spoofing, Man-in-the-middle attack
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting
Information Security ConcernsSoftware Vulnerabilties
Network Security and AuthenticationOpen Discussion
What is network securityThreats to network securityTools of network securitySecure network devices