IT SECURITY AWARENESS CAS - SUR

Hardware (Physical Assets) Software System interfaces (e.g., internal and externa

l connectivity) Data and information Persons who support and use the IT system System mission (e.g., the processes perform

ed by the IT system) System and data criticality (e.g., the system’

s value or importance to an organization) System and data sensitivity

NIST SP 800-30

Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected

ISO/IEC17799: 2000

Business Requirements Client / customer / stakeholder Marketing Trustworthy Internal management tool

Legal Requirements Revenue Department Stock Exchange of Thailand Copyright, patents, ….

Information security protects information from wide range of threats in order toEnsure Business ContinuityMinimize Business DamageMaximize ROI and Business Opportunities

Business : Stable service to customer Education : Availability of resources and integrity of

information e.g. grade, profile, etc. ISO/IEC17799: 2000 page iii, Introduction

Security is preservation of confidentiality, integrity and availability of information

Confidentiality Ensuring that information is accessible only to those

authorized to have access Integrity

Safeguarding the accuracy and completeness of information and processing methods

Availability Ensuring that authorized users have access to

information and associated assets when required BS7799-2: 2002 page3, 3.1, 3.2, 3.3

Policy/Process/PocedureClearCoverageCompliance – Legal, Standard, guideline etc.

PeopleAwareness (e.g. Password on screen) Discipline

TechnologyEnablersManagement Tools

Could be anything that harm your system e.g.UserHacker/ crackerVirusSpamEtc.

Non-Computerized systemMasqueradeSocial EngineeringTheftSystem malfunction (disaster, power

interruption) IT Network Threat

Network LevelApplication Level

Denial of ServicesServices has been disable by excessive

workload. Information sniffing

Information has been tapped and viewed by unauthorized person

Unauthorized accessLow level worker can access to critical

information.

Snooping

- - - - - - - - -m y p a s s w o r d

Telnet 203.152.145.121username:daengpassword:

203.152.145.121

202.104.10.5

3-way handshake

SYN REQ

SYN ACK

ACK

DATA TRANSFER

WWW

- 3 way handshake

SYN attack

WWWInternet

203.152.145.121

Attacker

SYN REQ D=203.152.145.121 S=202.104.10.5

202.104.10.5SYN ACK D=202.104.10.5 S=203.152.145.121

WAIT

1

2

Smurf Attack

192.168.1.0

1921681255 2031521492ICMP REQ D= . . . S= . . .

2031521491 19216811ICMP REPLY D= . . . S= . . .

2031521491 19216812ICMP REPLY D= . . . S= . . .

2031521491 19216813ICMP REPLY D= . . . S= . . .

2031521491 19216815ICMP REPLY D= . . . S= . . .

2031521491 19216814ICMP REPLY D= . . . S= . . .

2031521491 19216816ICMP REPLY D= . . . S= . . .

2031521491 19216817

2031521491 19216818ICMP REPLY D= . . . S= . . .

203.152.149.1

Internet

Virus vs Worms..? Virus

Viruses are computer programs that are designed to spread themselves from one file to another on a single computer.

A virus might rapidly infect every application file on an individual computer, or slowly infect the documents on that computer,

but it does not intentionally try to spread itself from that computer to other computers.

Worms Worms, on the other hand, are insidious because they rely less (or not at all) upon human

behavior in order to spread themselves from one computer to others.

The computer worm is a program that is designed to copy itself from one computer to another over a network (e.g. by using e-mail).

E-mail spoofingPretend to be someone e.g.

bill_gate@microsoft.com, Spam Mail

Unsolicited or unwanted e-mail or Phising

Desktop Threat Viruses, worms, Trojan, Backdoor Cookies Java Script and Java Applet Zombies network Key logger (Game-Online)

We need “control” which are Policy & Process security control to provide

guideline and framework People to control user behaviorTechnology will be a tool in order to

enforced Policy throughout the organization effectively.

Policy Compliance ISO 17799

Compliance CheckingCobiT Audit Tools

NIST security standard guidelineNIST – 800 series

Organization ControlBusiness Continuity Plan

Security Awareness Training Security Learning Continuum

Awareness, Training, Education Responsibility Control

Need to know basis

Computer Security is the process of preventing and detecting unauthorized use of your computer

Prevention measures help you to stop unauthorized users (intruders) from accessing any part of you computer network

Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.

Network and Host Based Security Security Devices (Hardware) or Security Software

Firewall (Access control) IDS/IPS VPN & SSL VPN (Data Encryption) Anti-Spam (preventing un-wanted email) QoS (Quality of Services - Bandwidth

Management) Web Content Filtering IM & P2P

Web Traffic— customers, partners, employees

Email Traffic

Applications/Web Services Traffic partners, customers, internal

VPN Trafficremote and mobile users

Internal security threatContractors/disgruntled employees

Remote user

Type of firewallPacket filteringApplication FirewallStateful Inspection

Type of implementationPacket FilterScreened host Dual home HostScreen Subnet (DMZ)

References: CISSP Certification

Packet Filter

Screened Host

Dual home Host

Screened Subnet

Known

Attacks DOS/DDOS

Zero-day

Attacks

Laptop Desktop Server Core Edge Branch Office

Host IPS Network IPS

Detection & Prevention System Signature & Behavior & Anomaly based

Encryption & Decryption Public Key & Private Key Encryption Technology

DES3DESAES

Source: Symantec/ Brightmail

Why do they spam?0.0005$ vs 1.21$ -> 0.02B vs 48.4B1/100,000 count as success

How much does spam is? <spamcorp.net>~6 e-mail/sec 360 e-mail/min 21,600

e-mail/hr How do they get my e-mail?

Webboard, forum, etc. Does spam legal? How to Protect yourself from getting

spam?

Cracks and Hacks Tools WebsiteSpyware, Trojan, Virus, etc.

Banner & AdvertisingAdware, Toolbar, Spam – Subscribe, Credit

card no., etc. Drugs, Gambling, Weapon, etc. Pornography, Nude, Adult Materials Shopping Online (Credit card issues)

Anti – Virus VPN - Client Personal Firewall IDS Web-Filtering

Small group, Home used, Computer Laboratory, etc.

IMVirusExploitVoice Chat

P2PBandwidth UsageSpywareBackDoor

Questions