The art of war teaches us not to rely on the likelihood of the enemy’s not coming , but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have make our own position unassailable. The Art of War
The art of war teaches us not to rely on the likelihood of the enemy’s not coming , but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have make our own position unassailable. The Art of War Sun Tzu. RELEVANCE OF - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The art of war teaches us not to rely on the likelihood of the enemy’s not coming , but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have make our own position unassailable.
The Art of WarSun Tzu
RELEVANCE OF
CYBER SECURITY
THE I T ROAD MAPTHE I T ROAD MAPTHE I T ROAD MAPTHE I T ROAD MAP
ORG RESTRUCTURINGOF ARMY : PHASE II
IW- OFFENSIVE
ORG & INFO DISSEMINATION SYSTEMS
ORG RESTRUCTURINGOF ARMY : PHASE I
IW- DFENSIVE
CIDSS – TEST BED
LOGISTIC NWCOMD ITI (CITI)
SETTING UP AIIT
ASTROID PHASE - I
IW- PROTECTIVE
IW – AWARENESS DRIVE
M/S – ARMY WIDE
BACK BONE IIFOR INFO SUPER HIGHWAY
FULL ITLITERACY
ARTRAN
MIS – ALL CORPS
BACK BONE IFOR INFO SUPER HIGHWAY
ASTROID
IT IN CIVIC ACTION
MIS – CORPS PILOT PROJECT
ARMY INTRANET UP TO COMD HQ
IT ROAD MAP : 2008
2006
2002
1998
2008
2004
2000
TO GIVE YOU AN OVERVIEW OF TO GIVE YOU AN OVERVIEW OF
CYBER SECURITYAND ACQUAINT YOU CYBER SECURITYAND ACQUAINT YOU
WITH CYBER SECURITY INITIATIVES WITH CYBER SECURITY INITIATIVES
AT DIFFERENT LEVELSAT DIFFERENT LEVELS
TO GIVE YOU AN OVERVIEW OF TO GIVE YOU AN OVERVIEW OF
CYBER SECURITYAND ACQUAINT YOU CYBER SECURITYAND ACQUAINT YOU
WITH CYBER SECURITY INITIATIVES WITH CYBER SECURITY INITIATIVES
AT DIFFERENT LEVELSAT DIFFERENT LEVELS
• THREATS AND TARGETS
• FUNDAMENTALS AND TECHNIQUES
• INITIATIVES
• NATIONAL AND ARMY
• MCTE
• UNIT LEVEL
• IMPLEMENTATION OF CYBER SECURITY
CYBER SECURITY
CYBER SECURITY INTEGRATES & COORD POLICIES & PROCEDURES, OPS, PERS & TECHNOLOGY, TO PROTECT & DEFEND INFO & INFO SYS.
ELECTRONIC INFO IS VULNERABLEELECTRONIC INFO IS VULNERABLE
EVESDROPPING MANIPULATION
STEALING DESTRUCTION
DENIAL
CHARACTERISTICS OF CYBER THREATS
• No international boundaries
• Low cost
• Detection avoidance
• Inadequate laws
SECURITY THREATS
SECURITY “THREAT” IS :- PASSIVE (DISCLOSURE OF INFO)
OR ACTIVE (DESTRUCTION, CORRUPTION OF
RESOURCE, INTERRUPTION OF SERVICE) eg. FILE REMOVED OR FILE REPLACED BY JUNK
PASSIVE THREATS
Hi! ?
Hi!
Network
Hi!
Sender
Recipient
IntruderHi!
SOURCE
ATTACKER
DESTINATION
ACTIVE THREATS
ACTIVE THREATSACTIVE THREATSThe unauthorised use of a device attached to
a communication facility to alter transmitting data or control signals or to generate spurious data or control signals
Modification, Removal Of Data
Denial of Message Service
Masquerade
Comn Centres
AccountingDistribution
OPERATIONS, COMNSPLANNING , COMD AND CONTROL
NETWORKS & SUPPORT PROCESSES
SYSTEMS & PEOPLE
COMPONENTS& SOFTWARE
The
“Attackers”
Aiming Points
The
“Attackers”
Targets
Targets in the Cyber Environment
Business Planning
APPLICATIONSAPPLICATIONS
DATABASESDATABASES
OPERATING SYSTEMSOPERATING SYSTEMS
NETWORK SERVICESNETWORK SERVICES
The IT Infrastructure – Weak Points
Security Breaches
… Some Statistics
“Insider” Breaches
Installation/use of unauthorized software
Infection of company equipment
Use of company computing resources for illegal or illicit communications
Abuse of computer access controls
Physical theft, sabotage or intentional destruction of computing equipment
Fraud
% of respondents experiencing these breaches in the past 12 months
0% 10% 20% 30% 40% 50% 60% 70% 80%
Survey2000Information Security
73%
70%
63%
58%
42%
13%
“Outsider” Breaches
Viruses/Trojans/Worms
Denial-of-service
Exploits related to active program scripting
Attacks related to protocol weaknesses
Attacks related to insecure passwords
Attacks on bugs in Web servers
% of respondents experiencing these breaches in the past 12 months
0% 10% 20% 30% 40% 50% 60% 70% 80%
73%
37%
26%
25%
37%
24%
Survey2000Information Security
Recent Security Breaches
US Office of Surface Mining Hewlett Packard Company Cruise Missile Command and Control programs (US
Navy) Arab Academy for science and technology and
Maritime Transport Panasonic Fax Machines UK Nokia Corporation NEC Corporation (Japan) Compaq Computer Corporation
• Joins networks spread over a geographical expanse.
• Provides a data tunnel through a public network.
• Ensures the data which passes through it is encrypted.
• Effective means of confidentiality through Internet.
Virtual Private Networks
DATADATAENCRYPTIONENCRYPTION
TUNNELTUNNEL
P K I
Security RequirementsSecurity Requirements
NON REPUDIATION
AUTHENTICATION
CONFIDENTIALITY
INTEGRITY
Replace letterhead
& signature on original document
Replace Envelope
Ref:Ref:Sub: Sub: Sir,Sir, This is with yourThis is with your
Ref vide -------Ref vide -----------------------------------------------
XYZSignatureSignature
Cryptographic digital signature
Encryption
Symmetric Cryptography
Algorithm
+
Requires a shared key between the two parties
+Algorithm
Encryption Decryption
Key Key
Asymmetric Cryptography
Algorithm
+
Requires a key pair between the two parties
+Algorithm
Encryption Decryption
Public Key Private Key
Common e-Security Technologies
Authentication
Confidentiality
Integrity Non-repudiation
Anti-virus
Firewalls
AccessControl
Encryption
Public KeyInfrastructure
BCP - v1.0 - 04/99
CERTIFYING AUTHS - FOR LICENCING, CERTIFYING &
MONITORING USE OF DIGITAL SIGNATURES
CYBER REGULATIONS ADVISORY COMMITTEE
PENALTIES & ADJUDICATION
TO CURB CMPTR CRIMES
ADJUDICATING OFFRS
CYBER REGULATIONS APPELLATE TRIBUNAL (HEADED BY
HIGH COURT JUDGE)
INFORMATION TECHNOLOGY ACT
NATIONAL LEVEL
Covers all types of computer systems in the army
Safeguarding of Classified and Sensitive Unclassified Info
Networking of Info Stores
Nomination and duties of System Security Administrator
Periodic review of Safeguards
Internet access
Dial up access
Security of WAP
Use of commercially available off the shelf security software
Backups
Handling of TOP SECRET software
SALIENT FEATURES : CYBER SECURITY POLICY
ARMY LEVEL
INITIATIVES
TASKS
Knowledge centre on Cyber Security and Converging Technologies
Undertake pilot studies and projects Adaptation of technology Monitoring of outsourced pilot projects Advice on evaluation, induction, testing & R&D Interaction with trade, industry, academia & other
agencies
• Physical Security – Hardware / Software• Anti Virus • Consciousness of staff using e-Media• Storage of classified data• Accounting procedures for print outs• Procedures for copying data• Password protection • Shared folders in LAN environment
7 Top Management Errors that Lead to Computer Security Vulnerabilities
Number 1: Assign untrained people to maintain security and
provide neither the training nor the time to make it possible to do the job.
Number 2: Fail to understand the relationship of information
security to the business problem -- they understand physical security but do not see the consequences of poor information security.
Number 3: Fail to deal with the operational aspects of security:
make a few fixes and then not allow the follow through necessary to ensure the problems stay fixed.
Source: SANS Institute
Resources
…7 Top Management Errors that Lead to Computer Security Vulnerabilities
Number 4: Rely primarily on a firewall.
Number 5: Fail to realize how much money their information and
organizational reputations are worth
Number 6: Authorize reactive, short-term fixes so problems re-
emerge rapidly
Number 7: Pretend the problem will go away if they ignore itSource: SANS
Institute Resources
Mistakes People Make that Lead to Security Breaches
The Five Worst Security Mistakes End Users
Opening unsolicited e-mail attachments without verifying their source and checking their content first.
Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape.
Installing screen savers or games from unknown sources.
Not making and testing backups.
Using a modem while connected through a local area network.