Information Security Information Security in Today’s World Abdalla Al-Ameen Assistant Prof. Computer Science and information Dept. College of Arts and.

Information SecurityInformation Security

Information Security in Today’s Information Security in Today’s WorldWorld

Abdalla Al-AmeenAssistant Prof.

Computer Science and information Dept. College of Arts and Science in WadiAddawasir

Salman Bin Abdulaziz UniversityK.S.A

Web site :http://faculty.sau.edu.sa/a.alameenEmail: [email protected]


Protecting Your PC, Privacy and SelfProtecting Your PC, Privacy and Self

““The minute you dial in to your Internet service The minute you dial in to your Internet service provider or connect to a DSL or cable modem, you provider or connect to a DSL or cable modem, you are casting your computer adrift in a sea of millions are casting your computer adrift in a sea of millions of other computers – all of which are sharing the of other computers – all of which are sharing the world's largest computer network, the Internet. world's largest computer network, the Internet. Most of those computers are cooperative and well Most of those computers are cooperative and well behaved, but some are downright nasty. behaved, but some are downright nasty. Only you Only you can make sure your computer is ready for the can make sure your computer is ready for the experience.”experience.”

Daniel Appleman, Daniel Appleman, Always Use Protection, A Teen's Always Use Protection, A Teen's Guide to Safe ComputingGuide to Safe Computing, (2004 – Apress), (2004 – Apress)

2


ObjectivesObjectives::this seminar aims to cover the following topicsthis seminar aims to cover the following topics

Computer Security definitionComputer Security definition Information Security Information Security Topic areasTopic areas Core Security ConceptsCore Security Concepts Why Study Computer Security?Why Study Computer Security? The Importance of Information SecurityThe Importance of Information Security Security ServicesSecurity Services ChallengesChallenges Latest TrendsLatest Trends Overview of Existing Security SystemsOverview of Existing Security Systems Protecting one ComputerProtecting one Computer Protecting a Wireless Local Area Network (WLAN)Protecting a Wireless Local Area Network (WLAN) What Can We Do?What Can We Do?


Information security Information security is definedis defined as methods and technologiesas methods and technologies

for deterrence (scaring away hackers), for deterrence (scaring away hackers), protection, detection, response, protection, detection, response,

recovery and extended functionalitiesrecovery and extended functionalities

IntroductionIntroduction

OR Process by which digital information assets are protected

4


Information AssuranceInformation Assurance

A broader category than computer security, A broader category than computer security, information security, etc.information security, etc.

Concerned with theConcerned with the• Security of information in systemSecurity of information in system• Quality/Reliability of information in systemQuality/Reliability of information in system

5


What Information Security What Information Security Topic areasTopic areas??

Policies and procedures,Policies and procedures, authentication,authentication, attacks,attacks, remote access, E-mail, Web, wireless,remote access, E-mail, Web, wireless, devices, media/medium, secure devices, media/medium, secure

architectures, IDSes/IPSes, operating architectures, IDSes/IPSes, operating systems, secure code, Cryptography,systems, secure code, Cryptography,

physical security,physical security, digital media analysis…digital media analysis…

6


Core Security ConceptsCore Security Concepts

Vulnerability, Exploit, ThreatVulnerability, Exploit, Threat• Vulnerability – a weakness in some aspect of a systemVulnerability – a weakness in some aspect of a system• Exploit – a known method for taking advantage of a Exploit – a known method for taking advantage of a

vulnerabilityvulnerability• Threat – the likelihood of some agent using an exploit to Threat – the likelihood of some agent using an exploit to

compromise securitycompromise security– Note: not all users/groups are equal threats to various Note: not all users/groups are equal threats to various

systemssystems• ““Hackers” more of a threat to popular web sites, businessesHackers” more of a threat to popular web sites, businesses• Disgruntled employees more of a threat to isolated businessesDisgruntled employees more of a threat to isolated businesses

7


Generic Security PrinciplesGeneric Security Principles

Deterrence(Scare away)Deterrence

(Scare away)RecoveryRecoveryResponseResponseDetectionDetectionProtectionProtection

Generic Security SystemGeneric Security System

Informationwhile in storage

Informationwhile in transmission

Hardware

Hacker

8


Why Study Computer Security?Why Study Computer Security?

Increasingly important issue for:Increasingly important issue for:• Computer system and network administratorsComputer system and network administrators• Application programmersApplication programmers

Security issues follow technologySecurity issues follow technology• Desktop systems, wireless networks, Desktop systems, wireless networks,

handheld deviceshandheld devicesSecurity issues affect software, laws, Security issues affect software, laws,

profits and businessesprofits and businesses

9


The Importance of Information SecurityThe Importance of Information Security

Prevents data theftPrevents data theftAvoids legal consequences of not Avoids legal consequences of not

securing informationsecuring informationMaintains productivityMaintains productivityFoils cyberterrorismFoils cyberterrorismThwarts identity theftThwarts identity theft

10


Security Services : ConfidentialitySecurity Services : Confidentiality

To keep a message To keep a message secret to secret to those that are not those that are not authorized authorized to read itto read it

ConfidentialityConfidentiality

AuthenticatioAuthenticationn Access ControlAccess Control Integrity Integrity

AvailabilityAvailability

Non-repudiationNon-repudiation

11


Security Services: AuthenticationSecurity Services: Authentication


AuthenticationAuthentication

Access ControlAccess Control Integrity Integrity



To verify the identity of To verify the identity of the user / computer the user / computer

12


Security Services: Access ControlSecurity Services: Access Control






To be able to tell who can do what with which resource

13


Security Services: IntegritySecurity Services: Integrity






To make sure that a To make sure that a message has not been message has not been changed while on changed while on Transfer, storage, etc Transfer, storage, etc

14


Security Services: Non-repudiationSecurity Services: Non-repudiation






To make sure that a To make sure that a user/server can’t deny user/server can’t deny later having participated later having participated in a transactionin a transaction

15


Security Services: AvailabilitySecurity Services: Availability





Non-repudiationNon-repudiationTo make sure that the To make sure that the services are always services are always available to users.available to users.

16


ChallengesChallenges

A number of trends illustrate why A number of trends illustrate why security is becoming increasingly security is becoming increasingly difficult:difficult:•Speed of attacksSpeed of attacks•Sophistication of attacksSophistication of attacks•Faster detection of weaknessesFaster detection of weaknesses•Distributed attacksDistributed attacks•Difficulties of patchingDifficulties of patching

17


Latest Trends - Identity TheftLatest Trends - Identity Theft

Crime of the 21Crime of the 21stst century century Involves using someone’s personal Involves using someone’s personal

information, such as social security numbers, information, such as social security numbers, to establish bank or credit card accounts that to establish bank or credit card accounts that are then left unpaid, leaving the victim with are then left unpaid, leaving the victim with the debts and the debts and destroy destroy their credit ratingtheir credit rating

National, state, and local legislation National, state, and local legislation continues to be enacted to deal with this continues to be enacted to deal with this growing problem.growing problem.

18


Latest Trends - Identity Theft - continuedLatest Trends - Identity Theft - continued

Phishing is a method used by identity Phishing is a method used by identity thieves to take financial information thieves to take financial information from a computer userfrom a computer user

The word “phishing” was made up by The word “phishing” was made up by hackers as a cute word to use for the hackers as a cute word to use for the concept of concept of fishing for informationfishing for information

One of the most profitable forms of One of the most profitable forms of spammingspamming

Often used in conjunction with spoofed Often used in conjunction with spoofed Web sitesWeb sites

19


Latest Trends - Latest Trends - MalMalicious Softicious Softwareware (Malware)(Malware)

Designed to operate without the Designed to operate without the computer user’s permissioncomputer user’s permission

May change or destroy dataMay change or destroy dataMay operate hardware without May operate hardware without

authorizationauthorizationCan hijack your Web browserCan hijack your Web browserMight steal information or otherwise Might steal information or otherwise

cheat a computer user or organizationcheat a computer user or organization

20


MalwareMalware: : • Includes computer viruses, worms, trojan Includes computer viruses, worms, trojan

horses, bots, spyware, adware, etchorses, bots, spyware, adware, etc

• Software is considered malware based on the Software is considered malware based on the intent of the creator rather than any intent of the creator rather than any particular featuresparticular features

21


Malware TrendsMalware Trends

SpywareSpywareKeyloggersKeyloggersRootkitsRootkitsMobile malwareMobile malwareCombined attack mechanismsCombined attack mechanisms

22


Malware Trends - SpywareMalware Trends - Spyware

Advertisement-focused applications that, Advertisement-focused applications that, much like computer worms, install much like computer worms, install themselves on systems with little or no themselves on systems with little or no user interactionuser interaction

While such an application may be legal, it While such an application may be legal, it is usually installed without the user’s is usually installed without the user’s knowledge or informed consentknowledge or informed consent

A user in an organization could download A user in an organization could download and install a useful (often “free”) and install a useful (often “free”) application from the Internet and in doing application from the Internet and in doing so, install a spyware componentso, install a spyware component

23


SpywareSpyware: :

• Spyware can collect many different types of Spyware can collect many different types of information about a user:information about a user:

– Records the types of websites a user visits Records the types of websites a user visits – Records what is typed by the user to intercept Records what is typed by the user to intercept

passwords or credit card numberspasswords or credit card numbers– Used to launch “pop up” advertisementsUsed to launch “pop up” advertisements

• Many legitimate companies incorporate forms Many legitimate companies incorporate forms of spyware into their software for purposes of of spyware into their software for purposes of advertisement(Adware)advertisement(Adware)

24


Spyware ExampleSpyware Example

25


Spyware ExampleSpyware Example

(add-on toolbars)(add-on toolbars)

26


Malware Trends - KeyloggersMalware Trends - Keyloggers

Used to capture user’s keystrokes:Used to capture user’s keystrokes:•Also known as Keystoke LoggingAlso known as Keystoke Logging

Hardware and software-basedHardware and software-basedUseful purposes:Useful purposes:

•Help determine sources of errors on Help determine sources of errors on systemsystem

•Measure employee productivity on Measure employee productivity on certain clerical taskscertain clerical tasks

27


Keystroke LoggingKeystroke Logging::• Can be achieved by both hardware and Can be achieved by both hardware and

software meanssoftware means

• Hardware key loggers are commercially Hardware key loggers are commercially available devices which come in three types:available devices which come in three types:

– Inline devices that are attached to the keyboard Inline devices that are attached to the keyboard cable cable

– Devices installed inside standard keyboards Devices installed inside standard keyboards

– Keyboards that contain the key logger already Keyboards that contain the key logger already built-inbuilt-in

• Writing software applications for keylogging Writing software applications for keylogging is trivial, and like any computer program can is trivial, and like any computer program can be distributed as malware (virus, trojan, be distributed as malware (virus, trojan, etc.)etc.)

28


Malware Trends - RootkitsMalware Trends - Rootkits

Is a set of software tools intended to hide Is a set of software tools intended to hide running processes, files or system data, running processes, files or system data, thereby helping an intruder to maintain thereby helping an intruder to maintain access to a system while avoiding detectionaccess to a system while avoiding detection

Often modify parts of the operating system Often modify parts of the operating system or install themselves as drivers or kernel or install themselves as drivers or kernel modulesmodules

Are known to exist for a variety of operating Are known to exist for a variety of operating systemssystems

Are difficult to detectAre difficult to detect

29


Malware Trends - Mobile MalwareMalware Trends - Mobile Malware

Increase in the number of mobile phone Increase in the number of mobile phone viruses being writtenviruses being written

But ,But , Insignificant compared to the much Insignificant compared to the much

larger number of viruses being written larger number of viruses being written which target Windows desktop which target Windows desktop computerscomputers

30


Malware Trends - Combined Attack Malware Trends - Combined Attack MechanismsMechanisms

SPAM with spoofed Web sitesSPAM with spoofed Web sitesTrojans installing bot softwareTrojans installing bot softwareTrojans installing backdoorsTrojans installing backdoors

آلي آلي برنامج برنامج

31


SpamSpam: : • Spamming is the abuse of electronic Spamming is the abuse of electronic

messaging systems to send unsolicited, messaging systems to send unsolicited, undesired bulk messagesundesired bulk messages

• Spam media includes:Spam media includes:– e-mail spam (most widely recognized form)e-mail spam (most widely recognized form)

– instant messaging spaminstant messaging spam

– Usenet newsgroup spamUsenet newsgroup spam

– Web search engine spamWeb search engine spam

– spam in blogsspam in blogs

– mobile phone messaging spammobile phone messaging spam

32


Spam ExampleSpam Example

33


PhishingPhishing::

• A criminal activity using social engineering A criminal activity using social engineering techniques. techniques.

• An attempt to acquire sensitive data, such as An attempt to acquire sensitive data, such as passwords and credit card details, by passwords and credit card details, by appearing as a trustworthy person or appearing as a trustworthy person or business in an electronic communication. business in an electronic communication.

• Typically carried out using email or an instant Typically carried out using email or an instant message message

34


Phishing ExamplePhishing Example

Points to “bad” IP Address!

35


Latest Trends - RansomwareLatest Trends - Ransomware

Type of malware that encrypts the Type of malware that encrypts the victim’s data, demanding ransom for its victim’s data, demanding ransom for its returning.returning.

Cryptovirology predates ransomwareCryptovirology predates ransomware

36


Overview of Existing Security Systems : Overview of Existing Security Systems : FirewallsFirewallsUsed even for Deterring (Scaring attackers)Used even for Deterring (Scaring attackers)

Firewalls Designed to prevent malicious packets from entering Software based Runs as a local program to protect one computer (personal firewall) or as a program on a separate computer (network firewall) to protect the networkHardware based separate devices that protect the entire network (network firewalls) 37


Overview of Existing Security Systems : Overview of Existing Security Systems : Detection -Detection -Intrusion Detection SystemsIntrusion Detection Systems

Intrusion Detection System (IDS) Examines the activity on a network Goal is to detect intrusions and take action

Two types of IDS:Host-based IDS Installed on a server or other computers (sometimes all)

Monitors traffic to and from that particular computerNetwork-based IDS Located behind the firewall and monitors all network traffic 38


Overview of Existing Security Overview of Existing Security Systems :Systems : Network Address Translation Network Address Translation (NAT)(NAT)

Network Address Translation (NAT) Systems Hides the IP address of network devices Located just behind the firewall. NAT device uses an alias IP address in place of the sending machine’s real one “You cannot attack what you can’t see” 39


Overview of Existing Security Systems :Overview of Existing Security Systems :

Proxy ServersProxy Servers

Proxy Server Operates similar to NAT, but also examines packets to look for malicious content Replaces the protected computer’s IP address with the proxy server’s address

Protected computers never have a direct connection outside the networkThe proxy server intercepts requests. Acts “on behalf of” the requesting client

40


Adding a Special Network called Demilitarized Adding a Special Network called Demilitarized Zone (DMZ)Zone (DMZ)

Demilitarized Zones (DMZ) Another network that sits outside the secure network perimeter. Outside users can access the DMZ, but not the secure network

Some DMZs use two firewalls. This prevents outside users from even accessing the internal firewall Provides an additional layer of security

41


Overview of Existing Security Systems :Overview of Existing Security Systems : Virtual PrivateVirtual Private Networks Networks (VPN)(VPN)

Virtual Private Networks (VPNs) Virtual Private Networks (VPNs) A secure A secure network connection over a public network network connection over a public network • Allows mobile users to securely access Allows mobile users to securely access

informationinformation• Sets up a unique connection called a tunnel Sets up a unique connection called a tunnel

42


Overview of Existing Security Systems :Overview of Existing Security Systems : Virtual Private Virtual Private Networks (VPN)Networks (VPN)

43


Overview of Existing Security Systems :Overview of Existing Security Systems : HoneypotsHoneypots

Honeypots Computer located in a DMZ and loaded with files and software that appear to be authentic, but are actually imitations

Intentionally configured with security holesGoals: Direct attacker’s attention away from real targets; Examine the techniques used by hackers

44


Overview of Existing Security Systems :Overview of Existing Security Systems : Secure Socket Secure Socket Layer (SSL)Layer (SSL)

SSL is used for securing communication between SSL is used for securing communication between clients and servers. It provid es mainly clients and servers. It provid es mainly confidentiality, integrity and authenticationconfidentiality, integrity and authentication

WWW ServerClient

Establish SSL connection - communication protected

45


Protecting one ComputerProtecting one Computer

Summary (continued)Summary (continued)

Operating system hardening is the process Operating system hardening is the process of making a PC operating system more of making a PC operating system more securesecure• Patch managementPatch management• Antivirus software – to protect your pc from Antivirus software – to protect your pc from

virusesviruses• Antispyware softwareAntispyware software• Firewalls – to deter (scare), protectFirewalls – to deter (scare), protect• Setting correct permissions for sharesSetting correct permissions for shares• Intrusion detection Systems – to detect Intrusion detection Systems – to detect

intrusionsintrusions• Cryptographic systemsCryptographic systems

46


Protecting a Wireless Local Area Network (WLAN)Protecting a Wireless Local Area Network (WLAN)

47


Security in a Wireless LANSecurity in a Wireless LAN

WLANs include a different set of WLANs include a different set of security issuessecurity issues

Steps to secure:Steps to secure:• Turn off broadcast informationTurn off broadcast information• MAC address filteringMAC address filtering• EncryptionEncryption• Password protect the access pointPassword protect the access point• Physically secure the access pointPhysically secure the access point• Use enhanced WLAN security standards Use enhanced WLAN security standards

whenever possiblewhenever possible• Use cryptographic systemsUse cryptographic systems

48


What Can We Do?What Can We Do? Security AssessmentSecurity Assessment

• Identify areas of riskIdentify areas of risk

• Identify potential for security holes, breakdownIdentify potential for security holes, breakdown

• Identify steps to mitigateIdentify steps to mitigate

Security ApplicationSecurity Application• Multi-layered Approach (there is no single solution)Multi-layered Approach (there is no single solution)

• Policies and ProceduresPolicies and Procedures

Security AwarenessSecurity Awareness• Not just for the geeks!Not just for the geeks!

• Security Training at all levels (external and/or Security Training at all levels (external and/or internal)internal)

• Continuing education and awareness – not a one-time Continuing education and awareness – not a one-time shot!shot!

• Make it part of the cultureMake it part of the culture49


What Can We Do?What Can We Do? Security AwarenessSecurity Awareness

• Not just for the geeks!Not just for the geeks!

• Security Training at all levels (external and/or Security Training at all levels (external and/or internal)internal)

• Continuing education and awareness – not a one-Continuing education and awareness – not a one-time shot!time shot!

• Make it part of the cultureMake it part of the culture

50


ReferencesReferences

1.1. http://en.wikipedia.org/wiki/Security visited at 14-11-2013http://en.wikipedia.org/wiki/Security visited at 14-11-2013

2.2. Allen, Julia, (2012) Allen, Julia, (2012) The CERT Guide to System and Network Security The CERT Guide to System and Network Security PracticesPractices, ,

3.3. Addison-Wesley, New YorkAddison-Wesley, New York

4.4. Ratzan, Lee, (2012) Ratzan, Lee, (2012) Understanding Information SystemsUnderstanding Information Systems, American , American Library Association, ChicagoLibrary Association, Chicago

5.5. The Information Security Process: Prevention,Detection and Response, The Information Security Process: Prevention,Detection and Response, James LaPiedra ,GIAC practical repository, SANS Institute, James LaPiedra ,GIAC practical repository, SANS Institute, http://www.giac.org/practical/gsec http://www.giac.org/practical/gsec visited at 14-11-2013visited at 14-11-2013

6.6. InformIT Reference Guides InformIT Reference Guides ,,http://www.informit.com/isapi/articles/index.asp, http://www.informit.com/isapi/articles/index.asp, visited at 15-11-visited at 15-11-20142014


Thank you for coming!!Thank you for coming!!

Information Security Information Security in Today’s World Abdalla Al-Ameen Assistant Prof. Computer Science and information Dept. College of Arts and.

Documents

system security of information

security threat

security issues

physical security

security note

study computer security

computer security definition

storage information