Module v Security Management

8/12/2019 Module v Security Management

1/20

Module V: Security Management

Topics: The Information Security.

System Vulnerability and Abuse.

System Threats(Malicious Software, Hacking etc..) and counter measure.

Antivirus, Firewalls, Anti-spyware.

Security Audit.

Security Managementis a broad field ofmanagementrelated toasset

management,physical securityandhuman resourcesafety functions. It

entails the identification of an organization's information assets and the

development, documentation and implementation of policies, standards,

procedures and guidelines.

Innetwork managementit is the set of functions that

protectstelecommunications networksand systems from

unauthorizedaccessby persons, acts, or influences and that includes

many subfunctions, such as creating, deleting, and

controlling securityservices and mechanisms; distributing security-

relevantinformation;reporting security-relevant events; controlling the

distribution of cryptographic keying material; and

authorizingsubscriberaccess, rights, and privileges.

Management tools such as information classification,risk

assessmentandrisk analysisare used to identify threats, classify

assets and to rate system vulnerabilities so that effective control can be

implemented.
http://en.wikipedia.org/wiki/Managementhttp://en.wikipedia.org/wiki/Managementhttp://en.wikipedia.org/wiki/Managementhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Human_resourceshttp://en.wikipedia.org/wiki/Human_resourceshttp://en.wikipedia.org/wiki/Human_resourceshttp://en.wikipedia.org/wiki/Network_managementhttp://en.wikipedia.org/wiki/Network_managementhttp://en.wikipedia.org/wiki/Network_managementhttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/Subscriberhttp://en.wikipedia.org/wiki/Subscriberhttp://en.wikipedia.org/wiki/Subscriberhttp://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Risk_analysis_(engineering)http://en.wikipedia.org/wiki/Risk_analysis_(engineering)http://en.wikipedia.org/wiki/Risk_analysis_(engineering)http://en.wikipedia.org/wiki/Risk_analysis_(engineering)http://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Risk_assessmenthttp://en.wikipedia.org/wiki/Subscriberhttp://en.wikipedia.org/wiki/Informationhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Access_controlhttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Network_managementhttp://en.wikipedia.org/wiki/Human_resourceshttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Asset_managementhttp://en.wikipedia.org/wiki/Management


2/20

The Information Security:Information securitymeans protecting

information and systems from unauthorized access, use, disclosure,

disruption, modification, perusal, inspection, recording or destruction.

The terms information security,computer securityand assurance arefrequently used interchangeably. These fields are interrelated often and share

the common goals of protecting theconfidentiality,integrityand availability of

information; however, there are some subtle differences between them.

These differences lie primarily in the approach to the subject, the

methodologies used, and the areas of concentration. Information security is

concerned with the confidentiality, integrity and availability ofdataregardless

of the form the data may take: electronic, print, or other forms. Computer

security can focus on ensuring the availability and correct operation of

acomputer systemwithout concern for the information stored or processed by

the computer. Information assurance focuses on the reasons for assurance

that information is protected, and is thus reasoning about information security.

Governments,military,corporations,financial institutions,hospitals,and

privatebusinessesamass a great deal of confidential information about their

employees, customers, products, research, and financial status. Most of this

information is now collected, processed and stored on electronic computersand transmitted acrossnetworksto other computers.

Basic principles:-

Confidentiality

Confidentialityis the term used to prevent the disclosure of information to

unauthorized individuals or systems. For example, acredit cardtransactionon

the Internet requires thecredit card numberto be transmitted from the buyer

to the merchant and from the merchant to atransaction processingnetwork.

The system attempts to enforce confidentiality by encrypting the card number

during transmission, by limiting the places where it might appear (in

databases, log files, backups, printed receipts, and so on), and by restricting
http://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Computer_systemhttp://en.wikipedia.org/wiki/Computer_systemhttp://en.wikipedia.org/wiki/Computer_systemhttp://en.wikipedia.org/wiki/Governmentshttp://en.wikipedia.org/wiki/Governmentshttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Corporationshttp://en.wikipedia.org/wiki/Corporationshttp://en.wikipedia.org/wiki/Corporationshttp://en.wikipedia.org/wiki/Financial_institutionshttp://en.wikipedia.org/wiki/Financial_institutionshttp://en.wikipedia.org/wiki/Financial_institutionshttp://en.wikipedia.org/wiki/Hospitalshttp://en.wikipedia.org/wiki/Hospitalshttp://en.wikipedia.org/wiki/Hospitalshttp://en.wikipedia.org/wiki/Businesseshttp://en.wikipedia.org/wiki/Businesseshttp://en.wikipedia.org/wiki/Businesseshttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Financial_transactionhttp://en.wikipedia.org/wiki/Financial_transactionhttp://en.wikipedia.org/wiki/Financial_transactionhttp://en.wikipedia.org/wiki/Credit_card_numberhttp://en.wikipedia.org/wiki/Credit_card_numberhttp://en.wikipedia.org/wiki/Credit_card_numberhttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Credit_card_numberhttp://en.wikipedia.org/wiki/Financial_transactionhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Businesseshttp://en.wikipedia.org/wiki/Hospitalshttp://en.wikipedia.org/wiki/Financial_institutionshttp://en.wikipedia.org/wiki/Corporationshttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Governmentshttp://en.wikipedia.org/wiki/Computer_systemhttp://en.wikipedia.org/wiki/Datahttp://en.wikipedia.org/wiki/Data_integrityhttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Computer_security


3/20

access to the places where it is stored. If an unauthorized party obtains the

card number in any way, a breach of confidentiality has occurred.

Confidentiality is necessary (but not sufficient) for maintaining theprivacyof

the people whose personal information a system holds.

Integrity

In information security, integrity means that data cannot be modified

undetectably. This is not the same thing asreferential integrityindatabases,

although it can be viewed as a special case of Consistency as understood in

the classicACIDmodel oftransaction processing.Integrity is violated when a

message is actively modified in transit. Information security systems typically

provide message integrity in addition to data confidentiality.Availability

For any information system to serve its purpose, the information must

beavailablewhen it is needed. This means that the computing systems used

to store and process the information, thesecurity controlsused to protect it,

and the communication channels used to access it must be functioning

correctly.High availabilitysystems aim to remain available at all times,

preventing service disruptions due to power outages, hardware failures, and

system upgrades. Ensuring availability also involves preventingdenial-of-

service attacks.

Authenticity

In computing,e-Business,and information security, it is necessary to ensure

that the data, transactions, communications or documents (electronic or

physical) are genuine. It is also important for authenticity to validate that both

parties involved are who they claim to be.

Non-repudiation

In law,non-repudiationimplies one's intention to fulfill their obligations to a

contract. It also implies that one party of a transaction cannot deny having

received a transaction nor can the other party deny having sent a transaction.
http://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Privacyhttp://en.wikipedia.org/wiki/Referential_integrityhttp://en.wikipedia.org/wiki/Referential_integrityhttp://en.wikipedia.org/wiki/Referential_integrityhttp://en.wikipedia.org/wiki/Databaseshttp://en.wikipedia.org/wiki/Databaseshttp://en.wikipedia.org/wiki/Databaseshttp://en.wikipedia.org/wiki/ACIDhttp://en.wikipedia.org/wiki/ACIDhttp://en.wikipedia.org/wiki/ACIDhttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Security_controlshttp://en.wikipedia.org/wiki/Security_controlshttp://en.wikipedia.org/wiki/Security_controlshttp://en.wikipedia.org/wiki/High_availabilityhttp://en.wikipedia.org/wiki/High_availabilityhttp://en.wikipedia.org/wiki/High_availabilityhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/E-Businesshttp://en.wikipedia.org/wiki/E-Businesshttp://en.wikipedia.org/wiki/E-Businesshttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/Non-repudiationhttp://en.wikipedia.org/wiki/E-Businesshttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/High_availabilityhttp://en.wikipedia.org/wiki/Security_controlshttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Transaction_processinghttp://en.wikipedia.org/wiki/ACIDhttp://en.wikipedia.org/wiki/Databaseshttp://en.wikipedia.org/wiki/Referential_integrityhttp://en.wikipedia.org/wiki/Privacy


4/20

Electronic commerceuses technology such asdigital signaturesandpublic

key encryptionto establish authenticity and non-repudiation.

System Vulnerability and Abuse

When data are stored in digital form, they are more vulnerable thanwhen they exist in manual form.

Security refers to the policies, procedures, and technical measuresused to prevent unauthorized access, alteration, theft, or physicaldamage to information systems.

Controlsconsist of all the methods, policies, and organizationalprocedures that ensure the safety of the organization's assets; theaccuracy and reliability of its accounting records; and operationaladherence to management standards.

Threats to computerized information systems include hardware andsoftware failure; user errors; physical disasters such as fire orpower failure; theft of data, services, and equipment; unauthorizeduse of data; and telecommunications disruptions. On-line systems

and telecommunications are especially vulnerable because data andfiles can be immediately and directly accessed through computerterminals or at points in the telecommunications network.
http://en.wikipedia.org/wiki/Electronic_commercehttp://en.wikipedia.org/wiki/Electronic_commercehttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Public_key_encryptionhttp://en.wikipedia.org/wiki/Public_key_encryptionhttp://en.wikipedia.org/wiki/Public_key_encryptionhttp://en.wikipedia.org/wiki/Public_key_encryptionhttp://pop_win%28%27controls.htm%27%29/http://pop_win%28%27controls.htm%27%29/http://pop_win%28%27controls.htm%27%29/http://en.wikipedia.org/wiki/Public_key_encryptionhttp://en.wikipedia.org/wiki/Public_key_encryptionhttp://en.wikipedia.org/wiki/Digital_signaturehttp://en.wikipedia.org/wiki/Electronic_commerce


5/20

Figure 8-1

FIGURE 8-1 CONTEMPORARY SECURITY CHALLENGES ANDVULNERABILITIESThe architecture of a Web-based application typically includes a Web client, a

server, and corporate information systems linked to databases. Each of these

components presents security challenges and vulnerabilities. Floods, fires,

power failures, and other electrical problems can cause disruptions at any point

in the network.

The Internet poses additional problems because it was explicitly designed to be easily accessed

by people on different computer systems. Information traveling over unsecured media can beintercepted and misused. Fixed IP addresses serve as fixed targets for hackers, and Internet

software has become a means for introducing viruses and malicious software to otherwise securenetworks.

Wireless networks are even more vulnerable because radio frequency bands are easy to scan.LANs that use the Wi-Fi (802.11b) standard can be easily penetrated by outsiders with laptops,

wireless cards, external antennae, and freeware hacking software. Service set identifiers (SSID)

identifying access points in a Wi-Fi network are broadcast multiple times and can be picked up

fairly easily by sniffer programs. Inwar driving,eavesdroppers drive by buildings or parkoutside and try to intercept wireless network traffic. The initial security standard developed for

Wi-Fi, called Wired Equivalent Privacy (WEP), is not very effective. WEP is built into allstandard 802.11 products, but users must turn it on, and many neglect to do so, leaving many

access points unprotected.

Figure 8-2
http://pop_win%28%27war_driving.htm%27%29/http://pop_win%28%27war_driving.htm%27%29/http://pop_win%28%27war_driving.htm%27%29/http://pop_win%28%27war_driving.htm%27%29/


6/20

FIGURE 8-2 WI-FI SECURITY CHALLENGES

Many Wi-Fi networks can be penetrated easily by intruders using snifferprograms to obtain an address to access the resources of a network without

authorization.

Malicious software, ormalware,includes threats such ascomputer virusesand worms,and Trojan horses. A computer virus is rogue software that attaches itself to other programs or

data files in order to be executed, and may be highly destructive to files, computer memory, and

hard drives. Viruses are typically designed to spread from computer to computer through e-mail

attachments or copied files.

Wormsare independent computer programs that copy themselves to computers over a networkindependently from other computer programs or files, and therefore spread more rapidly.

ATrojan horseis an apparently benign program that actually performs some hidden actionsuch as installing malicious code or compromising the security of a computer.

Spyware can also act as malicious software by obtaining information about users' buying habits

and infringing on privacy.Keyloggersrecord keystrokes made on a computer to discoversteal serial numbers for software and passwords.
http://pop_win%28%27malware.htm%27%29/http://pop_win%28%27malware.htm%27%29/http://pop_win%28%27malware.htm%27%29/http://pop_win%28%27comp_virses.htm%27%29/http://pop_win%28%27comp_virses.htm%27%29/http://pop_win%28%27comp_virses.htm%27%29/http://pop_win%28%27worms.htm%27%29/http://pop_win%28%27worms.htm%27%29/http://pop_win%28%27trojan_horse.htm%27%29/http://pop_win%28%27trojan_horse.htm%27%29/http://pop_win%28%27trojan_horse.htm%27%29/http://pop_win%28%27keyloggers.htm%27%29/http://pop_win%28%27keyloggers.htm%27%29/http://pop_win%28%27keyloggers.htm%27%29/http://pop_win%28%27keyloggers.htm%27%29/http://pop_win%28%27trojan_horse.htm%27%29/http://pop_win%28%27worms.htm%27%29/http://pop_win%28%27comp_virses.htm%27%29/http://pop_win%28%27malware.htm%27%29/


7/20

Ahackeris an individual who intends to gain unauthorized access to a computer system. Thetermcrackeris typically used for hackers with criminal intent. Hackers spoof, or misrepresentthemselves, by using fake e-mail addresses or masquerading as someone else. Hacker activities

include:

Theft of goods and services

System damage

Cyber vandalism: The intentional disruption, defacement, oreven destruction of a Web site or corporate informationsystem.

Spoofing: Hiding of the hackers true identities or emailaddresses, or redirecting a Web link to a different web site that

benefits the hacker.

Theft of proprietary information: A=0is an eavesdroppingprogram that monitors network information and can enablehackers to steal proprietary information transmitting over thenetwork.Denial of service (DoS) attacks: Flooding a network or serverwith thousands of false communications to crash or disrupt thenetwork. A0attack uses hundreds or even thousands of

computers to inundate and overwhelm the network fromnumerous launch points. Hackers can infect thousands ofunsuspecting users' computers with malicious software to formabotnetof resources for launching a DDoS.

Figure 8-3
http://pop_win%28%27hacker.htm%27%29/http://pop_win%28%27hacker.htm%27%29/http://pop_win%28%27hacker.htm%27%29/http://pop_win%28%27cracker.htm%27%29/http://pop_win%28%27cracker.htm%27%29/http://pop_win%28%27cracker.htm%27%29/http://pop_win%28%27cybervandalism.htm%27%29/http://pop_win%28%27sniffer.htm%27%29/http://pop_win%28%27sniffer.htm%27%29/http://pop_win%28%27dos.htm%27%29/http://pop_win%28%27ddos.htm%27%29/http://pop_win%28%27ddos.htm%27%29/http://pop_win%28%27ddos.htm%27%29/http://pop_win1%28%27botnet.htm%27%29/http://pop_win1%28%27botnet.htm%27%29/http://pop_win1%28%27botnet.htm%27%29/http://pop_win1%28%27botnet.htm%27%29/http://pop_win%28%27ddos.htm%27%29/http://pop_win%28%27dos.htm%27%29/http://pop_win%28%27sniffer.htm%27%29/http://pop_win%28%27cybervandalism.htm%27%29/http://pop_win%28%27cracker.htm%27%29/http://pop_win%28%27hacker.htm%27%29/


8/20

FIGURE 8-3 WORLDWIDE DAMAGE FROM DIGITAL ATTACKSThis chart shows estimates of the average annual worldwide damage from

hacking, malware, and spam since 1999. These data are based on figures from

mi2G and the authors.

In computer crime, the computer can be either the target of or the instrument of a crime. Themost economically damaging kinds of computer crime are DoS attacks, introducing viruses, theft

of services, and disruption of computer systems.

Other examples of computer crime include:

Identity theft: In identity theft, an impostor obtains key piecesof personal information to impersonate someone else andobtain credit, merchandise, or false credentials.

Phishing: Setting up fake Web sites or sending e-mailmessages that appear legitimate in order to coerce users forconfidential data. Other phishing techniques includeevil

twins(wireless networks masquerading as legitimate Internethotspots, used to capture personal information) andpharming,redirecting users bogus Web sites posing as legitimate Websites.
http://pop_win%28%27i_theft.htm%27%29/http://pop_win%28%27phishing.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27pharming.htm%27%29/http://pop_win%28%27pharming.htm%27%29/http://pop_win%28%27pharming.htm%27%29/http://pop_win%28%27pharming.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27evil%20twins.htm%27%29/http://pop_win%28%27phishing.htm%27%29/http://pop_win%28%27i_theft.htm%27%29/


9/20

Click fraudoccurs when an individual or computer program fraudulently clickson an online ad without any intention of learning more about the advertiser or

making a purchase. Click fraud can also be perpetrated with software programsdoing the clicking, and bot networks are often used for this purpose.

The U.S. Congress responded to the threat of computer crime in 1986 with the

Computer Fraud and Abuse Act. This act makes it illegal to access a computer

system without authorization. Most U.S. states and European nations have similar

legislation. Congress also passed the National Information Infrastructure ProtectionAct in 1996 to make virus distribution and hacker attacks to disable Web sites

federal crimes.

One concern is that terrorists or foreign intelligence services could exploit network

or Internet vulnerabilities to commit cyber terrorism or cyber warfare and cripple

networks controlling essential services such as electrical grids and air trafficcontrol systems.

The largest financial threats to businesses actually come from insiders, either

through theft and hacking or through lack of knowledge. Malicious intruders maysometimes trick employees into revealing passwords and network access data

throughsocial engineering.Employees can also introduce faulty data orimproperly process data.

Software errors are also a threat to information systems and cause untold losses in

productivity. Hidden bugs or program code defects, unintentionally overlooked byprogrammers working with thousands of line of programming code, can cause

performance issues and security vulnerabilities. Software vendors create lines ofcode calledpatchesto repair flaws without disrupting the software's operation.

Technologies and Tools for Security and Control

Various tools and technologies used to help protect against ormonitor intrusion include authentication tools, firewalls, intrusion

detection systems, and antivirus and encryption software.

Access controlconsists of all the policies and procedures a companyuses to prevent improper access to systems by unauthorizedinsiders and outsiders.Authenticationrefers to the ability to knowthat a person is who he or she claims to be. Access control softwareis designed to allow only authorized persons to use systems or to
http://pop_win%28%27click_fraud.htm%27%29/http://pop_win%28%27click_fraud.htm%27%29/http://pop_win%28%27s_engineering.htm%27%29/http://pop_win%28%27s_engineering.htm%27%29/http://pop_win%28%27s_engineering.htm%27%29/http://pop_win%28%27patches.htm%27%29/http://pop_win%28%27patches.htm%27%29/http://pop_win%28%27patches.htm%27%29/http://pop_win%28%27access_control.htm%27%29/http://pop_win%28%27access_control.htm%27%29/http://pop_win%28%27authentication.htm%27%29/http://pop_win%28%27authentication.htm%27%29/http://pop_win%28%27authentication.htm%27%29/http://pop_win%28%27authentication.htm%27%29/http://pop_win%28%27access_control.htm%27%29/http://pop_win%28%27patches.htm%27%29/http://pop_win%28%27s_engineering.htm%27%29/http://pop_win%28%27click_fraud.htm%27%29/


10/20

access data using some method for authentication. Newauthentication technologies include:

Token:A physical device similar to an identification card that isdesigned to prove the identity of a single user.

Smart card: A device about the size of a credit card thatcontains a chip formatted with access permission and otherdata.

Biometric authentication: Compares a person's uniquecharacteristics, such as fingerprints, face, or retinal image,against a stored set profile.

A firewall is a combination of hardware and software that controlsthe flow of incoming and outgoing network traffic and preventsunauthorized communication into and out of the network. Thefirewall identifies names, Internet Protocol (IP) addresses,applications, and other characteristics of incoming traffic. It checksthis information against the access rules programmed into thesystem by the network administrator. There are a number offirewall screening technologies:

Packet filteringexamines fields in the headers of data packets

flowing between the network and the Internet, examiningindividual packets in isolation.

Stateful inspectiondetermines whether packets are part of anongoing dialogue between a sender and a receiver.

Network Address Translation (NAT)conceals the IP addresses ofthe organization's internal host computer(s) to protect againstsniffer programs outside the firewall.

Application proxy filteringexamines the application content ofpackets. A proxy server stops data packets originating outsidethe organization, inspects them, and passes a proxy to theother side of the firewall. If a user outside the company wantsto communicate with a user inside the organization, the
http://pop_win%28%27token.htm%27%29/http://pop_win%28%27token.htm%27%29/http://pop_win%28%27smart_card.htm%27%29/http://pop_win%28%27b_aunthentication.htm%27%29/http://pop_win%28%27pocket_filtering.htm%27%29/http://pop_win%28%27pocket_filtering.htm%27%29/http://pop_win%28%27stateful.htm%27%29/http://pop_win1%28%27nat.htm%27%29/http://pop_win1%28%27proxi_filtering.htm%27%29/http://pop_win1%28%27proxi_filtering.htm%27%29/http://pop_win1%28%27proxi_filtering.htm%27%29/http://pop_win1%28%27nat.htm%27%29/http://pop_win%28%27stateful.htm%27%29/http://pop_win%28%27pocket_filtering.htm%27%29/http://pop_win%28%27b_aunthentication.htm%27%29/http://pop_win%28%27smart_card.htm%27%29/http://pop_win%28%27token.htm%27%29/


11/20

outside user first "talks" to the proxy application and the proxyapplication communicates with the firm's internal computer.

Figure 8-6

FIGURE 8-6 A CORPORATE FIREWALLThe firewall is placed between the firms private network and the public Internet

or another distrusted network to protect against unauthorized traffic.

Intrusion detection systemsfeature full-time monitoring tools placedat the most vulnerable points of corporate networks to detect and

deter intruders continually. Scanning software looks for patternsindicative of known methods of computer attacks, such as badpasswords, checks to see if important files have been removed ormodified, and sends warnings of vandalism or systemadministration errors.

Antivirus softwareis designed to check computer systems and drivesfor the presence of computer viruses. However, to remain effective,the antivirus software must be continually updated.

Vendors of Wi-Fi equipment have developed stronger securitystandards. The Wi-Fi Alliance industry trade group's 802.11ispecification tightens security for wireless LAN products.

Many organizations use encryption to protect sensitive informationtransmitted over networks.Encryptionis the coding and scramblingof messages to prevent their access by unauthorized individuals.

Two methods for encrypting network traffic on the Web are:

Secure Sockets Layer (SSL): SSL and its successorTransportLayer Security (TLS)enable client and server computers toestablish a secure connection session and manage encryptionand decryption activities.
http://pop_win%28%27ids.htm%27%29/http://pop_win%28%27ids.htm%27%29/http://pop_win%28%27antivirus.htm%27%29/http://pop_win%28%27encryption.htm%27%29/http://pop_win%28%27encryption.htm%27%29/http://pop_win%28%27encryption.htm%27%29/http://pop_win%28%27ssl.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27tls.htm%27%29/http://pop_win%28%27ssl.htm%27%29/http://pop_win%28%27encryption.htm%27%29/http://pop_win%28%27antivirus.htm%27%29/http://pop_win%28%27ids.htm%27%29/


12/20

Secure Hypertext Transfer Protocol (S-HTTP)is another protocolused for encrypting data flowing over the Internet, but it islimited to individual messages.

Data is encrypted by applying a secret numerical code, called anencryption key, so that the data are transmitted as a scrambled setof characters. To be read, the message must be decrypted(unscrambled) with a matching key. There are two alternativemethods of encryption:

Symmetric key encryption:The sender and receiver createa single encryption key that is shared.

Public key encryption:A more secure encryption method

that uses two different keys, one private and one public.

Figure 8-7

PUBLIC KEY ENCRYPTIONA public key encryption system can be viewed as a series of public and private

keys that lock data when they are transmitted and unlock the data when they

are received. The sender locates the recipients public key in a directory anduses it to encrypt a message. The message is sent in encrypted form over the

Internet or a private network. When the encrypted message arrives, the

recipient uses his or her private key to decrypt the data and read the message.

Digital signatures and digital certificates help with authentication.Adigital signatureis a digital code attached to an electronicallytransmitted message that is used to verify the origin and contentsof a message.Digital certificatesare data files used to establish theidentity of users and electronic assets for protection of onlinetransactions. A digital certificate system uses a trusted third partyknown as a certificate authority (CA) to validate a user's identity.The digital certificate system would enable, for example, a creditcard user and a merchant to validate that their digital certificateswere issued by an authorized and trusted third party before theyexchange data.Public key infrastructure (PKI),the use of public key
http://pop_win%28%27http.htm%27%29/http://pop_win%28%27http.htm%27%29/http://pop_win%28%27ds.htm%27%29/http://pop_win%28%27ds.htm%27%29/http://pop_win%28%27ds.htm%27%29/http://pop_win%28%27dc.htm%27%29/http://pop_win%28%27dc.htm%27%29/http://pop_win%28%27pki.htm%27%29/http://pop_win%28%27pki.htm%27%29/http://pop_win%28%27pki.htm%27%29/http://pop_win%28%27pki.htm%27%29/http://pop_win%28%27dc.htm%27%29/http://pop_win%28%27ds.htm%27%29/http://pop_win%28%27http.htm%27%29/


13/20

cryptography working with a certificate authority, is a principaltechnology for providing secure authentication of identity online.

Figure 8-8

FIGURE 8-8 DIGITAL CERTIFICATESDigital certificates help establish the identity of people or electronic assets. They

protect online transactions by providing secure, encrypted, online

communication.


14/20

System Threats(Malicious Software, Hacking etc..) and counter

measure.

Threat:-Incomputer securitya threatis a possible danger that might exploit

avulnerabilityto breach security and thus cause possible harm.

A threat can be either "intentional"(i.e., intelligent; e.g., an individual cracker

or a criminal organization) or "accidental"(e.g., the possibility of a computer

malfunctioning, or the possibility of an "act of God" such as anearthquake,

afire,or atornado)or otherwise a circumstance, capability, action, or event.

Sources of Threats

A person, a group of people, or even some phenomena unrelated to

human activity can serve as an information security threat. Following

from this, all threat sources break down into three groups:

The human factor. This group of threats concerns the actions of people

with authorized or unauthorized access to information. Threats in thisgroup can be divided into:

External, including cyber criminals, hackers, internet scams, unprincipled

partners, and criminal structures.

Internal, including actions of company staff and users of home PCs.

Actions taken by this group could be deliberate or accidental.

The technological factor. This threat group is connected with technical

problems - equipment used becoming obsolete and poor-quality software

and hardware for processing information. This all leads to equipment

failure and often to data loss.

The natural-disaster factor. This threat group includes any number of

events brought on by nature and other events independent of human

activity.
http://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Intentionhttp://en.wikipedia.org/wiki/Intentionhttp://en.wikipedia.org/wiki/Intentionhttp://en.wikipedia.org/wiki/Accidenthttp://en.wikipedia.org/wiki/Accidenthttp://en.wikipedia.org/wiki/Accidenthttp://en.wikipedia.org/wiki/Earthquakehttp://en.wikipedia.org/wiki/Earthquakehttp://en.wikipedia.org/wiki/Earthquakehttp://en.wikipedia.org/wiki/Firehttp://en.wikipedia.org/wiki/Firehttp://en.wikipedia.org/wiki/Firehttp://en.wikipedia.org/wiki/Tornadohttp://en.wikipedia.org/wiki/Tornadohttp://en.wikipedia.org/wiki/Tornadohttp://en.wikipedia.org/wiki/Tornadohttp://en.wikipedia.org/wiki/Firehttp://en.wikipedia.org/wiki/Earthquakehttp://en.wikipedia.org/wiki/Accidenthttp://en.wikipedia.org/wiki/Intentionhttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Computer_security


15/20

Types of ThreatsWorms

This malicious program category largely exploits operating system

vulnerabilities to spread itself. The class was named for the way the

worms crawl from computer to computer, using networks and e-mail.

This feature gives many worms a rather high speed in spreading

themselves.

Viruses

Programs that infected other programs, adding their own code to them to

gain control of the infected files when they are opened. This simple

definition explains the fundamental action performed by a virus -

infection.

Trojans

Programs that carry out unauthorized actions on computers, such as

deleting information on drives, making the system hang, stealing

confidential information, etc. This class of malicious program is not a

virus in the traditional sense of the word (meaning it does not infect other

computers or data). Trojans cannot break into computers on their own

and are spread by hackers, who disguise them as regular software. Thedamage that they incur can exceed that done by traditional virus attacks

by several fold.

Spyware

Software that collects information about a particular user or organization

without their knowledge. You might never guess that you have spyware

installed on your computer.

Risk ware

Potentially dangerous applications include software that has not malicious

features but could form part of the development environment for

malicious programs or could be used by hackers as auxiliary components

for malicious programs.


16/20

Rootkits

Utilities used to conceal malicious activity. They mask malicious programs

to keep anti-virus programs from detecting them. Rootkits modify the

operating system on the computer and alter its basic functions to hide its

own existence and actions that the hacker undertakes on the infected

computer.

How threats spread

As modern computer technology and communications tools develop,

hackers have more opportunities for spreading threats. Let's take a closer

look at them:

The Internet

The Internet is unique, since it is no one's property and has no

geographical borders. In many ways, this has promoted development of

countless web resources and the exchange of information. Today, anyone

can access data on the Internet or create their own webpage.

However, these very features of the worldwide web give hackers the

ability to commit crimes on the Internet, making them difficult to detect

and punish as they go.

USB flash drives

USB flash drives are widely used for storing and transmitting

information.

When you use a USB disk that has malicious programs on it, you candamage data stored on your computer and spread the virus to your

computer's other drives or other computers on the network.


17/20

Tips to protect yourself from malware

Be mindful of what you are clicking on

Many websites that hosts harmful content will use banners and pop up

advertisements, pretending to be an error messages or offering you a

prize. When you visit these sites harmful content is downloaded into your

computer. Avoid being tempted in the first place.

Be aware of what you are downloading

Don't download software from a website that's full of advertisements, or

listings of 'free' programs, these are often fake files. Be cautious and

question them, scan them with security software prior to opening or only

download programs from reputable or corporate websites.

Purchase security software

Many users are not aware that using pirated software can not protect

user's computer against threats and the pirated software from

unauthorized third parties may contain viruses.

Be careful before you open your removable media

Many malicious programs attack your computers and spread via USBstorage. USB Disk Security can protect your computer against any threats

via removable media.

Update Windows when prompted

Microsoft release updates for Windows regularly. They include important

security patches and tools. Install them when prompted to patch up

security gaps in your operating system, browser or third party software.

Take extra care when using Peer-To-Peer programs

Since files shared on P2P networks are not policed. Anyone can release

anything they want via this medium. As such get into the habit of

scanning the files you downloaded before running/executing them.


18/20

Accept incoming files when you expect them and from people that

you know

Some threats have the ability to infect machines and automatically send

copies of themselves to that user's contact list. It may appear that your

friend is sending you a file but it may turn out to be a malicious program

propagating itself.

Know your File Formats

Images usually come in .jpg .jpeg .png .bmp .gif .tif formats. Executables

come in .exe .bat .com .dll formats. If someone says they are sending

you a photo but the file ends with .exe or .com, please do not open it.

They're obviously mistaken or potentially endangering you.

Be aware of what's happening

There are various places to seek for help and learn more about your

computer. It pays to be knowledgeable on your computer, as malicious

threats often take advantage of those who are unaware of what's

happening.

Antivirus, Firewalls, Anti-spyware.

Antivirusor anti-virus softwareissoftwareused to prevent, detect and

removemalware, such as:computer viruses,adware,backdoors,

maliciousBHOs,dialers,fraud tools,hijackers,key loggers,

maliciousLSPs,root kits,spyware,Trojan horsesandworms.Computer

security,including protection fromsocial engineeringtechniques, is commonlyoffered in products and services of antivirus software companies. This page

discusses the software used for the prevention and removal of

malwarethreats,rather than computer security implemented by software

methods.
http://en.wikipedia.org/wiki/Softwarehttp://en.wikipedia.org/wiki/Softwarehttp://en.wikipedia.org/wiki/Softwarehttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Browser_Helper_Objecthttp://en.wikipedia.org/wiki/Browser_Helper_Objecthttp://en.wikipedia.org/wiki/Browser_Helper_Objecthttp://en.wikipedia.org/wiki/Dialerhttp://en.wikipedia.org/wiki/Dialerhttp://en.wikipedia.org/wiki/Dialerhttp://en.wikipedia.org/wiki/Fraudtoolhttp://en.wikipedia.org/wiki/Fraudtoolhttp://en.wikipedia.org/wiki/Fraudtoolhttp://en.wikipedia.org/wiki/Browser_hijackinghttp://en.wikipedia.org/wiki/Browser_hijackinghttp://en.wikipedia.org/wiki/Browser_hijackinghttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Layered_Service_Providerhttp://en.wikipedia.org/wiki/Layered_Service_Providerhttp://en.wikipedia.org/wiki/Layered_Service_Providerhttp://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Spywarehttp://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Layered_Service_Providerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Browser_hijackinghttp://en.wikipedia.org/wiki/Fraudtoolhttp://en.wikipedia.org/wiki/Dialerhttp://en.wikipedia.org/wiki/Browser_Helper_Objecthttp://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Adwarehttp://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Malwarehttp://en.wikipedia.org/wiki/Software


19/20

A firewallcan either be software-based or hardware-based and is used to

help keep a network secure. Its primary objective is to control the incoming

and outgoing network traffic by analyzing the data packets and determining

whether it should be allowed through or not, based on a predetermined rule

set. A network's firewall builds a bridge between an internal network that isassumed to be secure and trusted, and another network, usually an external

(inter)network, such as the Internet, that is not assumed to be secure and

trusted.

Spywareis a type of malicious program installed oncomputersthatcollects information about users without their knowledge. The presence of

spyware is typically hidden from the user and can be difficult to detect. Some

spyware, such askey loggers,may be installed by the owner of a shared,

corporate, orpublic computerintentionally in order to monitor users.

While the term spywaresuggests software that monitors a user's computing,

the functions of spyware can extend beyond simple monitoring. Spyware can

collect almost any type of data, includingpersonal informationlikeInternet

surfinghabits, user logins, and bank or credit account information. Spyware

can also interfere with user control of a computer by installing additional

software or redirectingWeb browsers.Some spyware can change computersettings, which can result in slow Internet connection speeds, un-authorized

changes in browser settings, or changes to software settings.
http://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Public_computerhttp://en.wikipedia.org/wiki/Public_computerhttp://en.wikipedia.org/wiki/Public_computerhttp://en.wikipedia.org/wiki/Personally_identifiable_informationhttp://en.wikipedia.org/wiki/Personally_identifiable_informationhttp://en.wikipedia.org/wiki/Personally_identifiable_informationhttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Internet_surfinghttp://en.wikipedia.org/wiki/Personally_identifiable_informationhttp://en.wikipedia.org/wiki/Public_computerhttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Computer


20/20

Anti-spyware programs

Anti-spyware programs can combat spyware in two ways:

1. They can provide real-time protection in a manner similar to that ofanti-

virusprotection: they scan all incomingnetworkdata for spyware and

blocks any threats it detects.

2. Anti-spyware software programs can be used solely for detection and

removal of spyware software that has already been installed onto the

computer. This kind of anti-spyware can often be set to scan on a

regular schedule.

Security audit:-A computer security auditis a manual or systematicmeasurable technical assessment of a system or application. Manual

assessments include interviewing staff, performing security vulnerability

scans, reviewing application and operating system access controls, and

analyzing physical access to the systems. Automated assessments,

orCAAT's, include system generated audit reports or using software to

monitor and report changes to files and settings on a system. Systems can

include personal computers, servers, mainframes, network routers, switches.

Applications can include Web Services, Microsoft Project Central, OracleDatabase. (examples only).
http://en.wikipedia.org/wiki/Anti_virushttp://en.wikipedia.org/wiki/Anti_virushttp://en.wikipedia.org/wiki/Anti_virushttp://en.wikipedia.org/wiki/Anti_virushttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Computer_Assisted_Auditing_Techniqueshttp://en.wikipedia.org/wiki/Computer_Assisted_Auditing_Techniqueshttp://en.wikipedia.org/wiki/Computer_Assisted_Auditing_Techniqueshttp://en.wikipedia.org/wiki/Computer_Assisted_Auditing_Techniqueshttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Anti_virushttp://en.wikipedia.org/wiki/Anti_virus

Module v Security Management

Documents

Transcript of Module v Security Management