Professional Documents
Culture Documents
Confidentiality Availability
Integrity Authenticity
Security Areas
1. Physical security
2. Network security
3. Database Security
Physical Security
◼ Keep the servers in locked room with network and
power cables snipped off.
◼ Security of other hardware and machinery
Network Security
◼ Network security all entry points to a network should be guarded.
Internet
Printer
Workstation
Firewall
Modem
Scanner
Protected LAN
Database Security
◼ Database Integrity
◼ User Authentication
◼ Access Control
◼ Availability
Types of Attackers
◼ Hackers
◼ Lone criminals
◼ Police
◼ Malicious insiders
◼ Press/media
◼ Terrorists
◼ Industrial espionage
◼ National intelligence organizations
◼ Info warriors
Hackers
– Attacks for the challenge
– Own subculture with names, lingo and rules
– Stereotypically young, male and socially
– Can have considerable expertise and passion for
attacks
Lone criminals
– Attack for financial gain
– Cause the bulk of computer-related crimes
– Usually target a single method for the attack
Malicious insiders
– Already inside the system
– Knows weaknesses and tendencies of the
organization
– Very difficult to catch
Press/media
– Gather information for a story to sell papers/
commercial time
Police
–Lines are sometimes crossed when gathering information
to pursue a case
Terrorists
–Goal is disruption and damage.
–Most have few resources and skilled.
National Intelligence Organizations
◼ To investigation of different cases
Industrial Espionage
◼ Engineering attacks
◼ Physical attacks
◼ Environmental attacks
Engineering attacks
◼ Viruses
▪ String of computer code that attaches to other programs and replicates
◼ Worms
▪ Replicates itself to multiple systems
▪ Rarely dangerous, mostly annoying
◼ Trojan Horses
▪ Collects information and sends to known site on the network
▪ Also can allow external takeover of your system
Cont…
colleague
Attacker
Virus
Our system
Cont..
– Password sniffing
▪ Collect first parts of data packet and look for login
attempts
– IP Spoofing
▪ Fake packet to “hijack” a session and gain access
-Port scanning
▪ Automated process that looks for open networking ports
▪ Logs positive hits for later exploits
Physical attacks
◼ Equipment failure arising from defective
components.
◼ Temperature and humidity.
◼ Physical destruction of hardware and equipment
◼ Theft or sabotage.
Environmental Attacks
◼ Natural Disasters
Fire, Earthquakes etc.
◼ Man-Made Disasters
War, Chemical Leaks etc.
Methods of Information Security Threats
◼ Backups
◼ Antivirus Software
◼ Cryptography
◼ Biometrics
◼ Honey pots
◼ Firewalls
◼ Burglar alarms
Backups
◼ Backups allow us to restore damaged or
destroyed data.
◼ We can set up backup servers on the network.
◼ Backup media are- Floppy disks, external hard
disks, ISP online backup.
Antivirus
◼ Antivirus is a program that we can install on
our computer to detect and remove viruses.
◼ It is used to scan hard disks, floppy disks,
CDs, for viruses and scan e-mail messages and
individual files, downloads from the Net.
Cryptography
◼ Cryptography is the art of converting info. Into a
secret code that can be interpreted only by a person
who knows how to decode it.
Encrypted
Decrypted
Example of Cryptography
Encrypted Decrypted
Bioinformatics
◼ The bioinformetics authentication process uses a
person’s unique physical characteristics to
authentically the identity.
◼ Bioinformatics authentication method fingerprint
recognition, voice authentication, face recognition,
keystroke dynamics and retina.
Fingerprint Retina
Honey pots
◼ A honey pots is a tool used for detecting an
intrusion attempt.
◼ A honey pots simulates a vulnerable computer
on a network.
◼ It contains no critical data or application but has
enough data to lure an intruder.
Honey pots
Honey pots
Intruder
Firewall
◼ A firewall is a tool for the network security
that stand between trusted and entrusted
networks and inspecting all traffic that flows
between them.
◼ In simple language firewall is a filter
machine that monitors the type of traffic that
flows in and out of the network.
Firewall
Private network
Firewall
Internet
Burglar alarms
◼ Traps set on specific networked objects that
go off if accessed
Tips for information Security
◼ Use of strong password
◼ Adopt a security policy
◼ Use of anti-virus.
◼ Information security officer
◼ Use of firewalls
◼ Use of bioinformatics
◼ Beware to malicious insiders
◼ Security training
◼ Use of other security tools