Unit 4 e security
-
Upload
dr-cv-suresh-babu -
Category
Education
-
view
874 -
download
0
description
Transcript of Unit 4 e security
![Page 1: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/1.jpg)
1
E-Security
![Page 2: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/2.jpg)
2
According to an FBI study, 90% of US
companies suffered a cyber security
incident in 2005
![Page 3: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/3.jpg)
3
The FBI estimates that cyber crime cost US
companies an average of $24,000 last year,
down from $56,000 in 2004
![Page 4: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/4.jpg)
4
However, they also estimate that the total cost of cyber
crime to the US was over $400 billion in
2005 alone
![Page 5: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/5.jpg)
5
THE INTERNET
![Page 6: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/6.jpg)
6
The Internet (ARPANET), was started in ’60s, established its first
connection in ’69, was spread across the US by ’71, and reached Europe
by ’73
![Page 7: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/7.jpg)
7
ARPANET’s Legacy
• It all starts with a handshake– Transmission Control Protocol
(TCP) & Internet Protocol (IP)
• Well designed with many different paths to a destination, where routers constantly monitor the integrity and select the best path, making it robust in the face of severe physical damage
![Page 8: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/8.jpg)
8
Despite its apparent good design, the Internet was not
originally conceived with internal security in
mind, making it vulnerable to cyber
attacks
![Page 9: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/9.jpg)
9
Network Traffic
![Page 10: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/10.jpg)
10
CYBER CRIME
![Page 11: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/11.jpg)
11
“Criminal acts using computers and networks
as tools or targets”
“Traditional crimes conducted through the
use of computers”
![Page 12: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/12.jpg)
12
Modern Computer Crimes
• Can be based on malicious code such as a virus, email virus, worm or Trojan horse.– a.k.a. Passive Attacks
• Or actively perpetrated by
knowledgeable individuals,
who attempt to exploit network,
computer, and software flaws– a.k.a. Active Attacks
![Page 13: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/13.jpg)
13
Traditional Crimes• Pre-existing crimes facilitated by
the Internet or those which have found newlife on the Internet
– Theft, theft of information,financial crimes, fraud, copyrightinfringement, child pornography, scams, harassment, and terrorism
![Page 14: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/14.jpg)
14
A Brief Word On “Phishing”
![Page 15: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/15.jpg)
15
WHAT ARE WE UP AGAINST?
![Page 16: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/16.jpg)
16
FIRST
We are faced with weak underlying technology
and inherently vulnerable software
![Page 17: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/17.jpg)
17
Also improperly configured Internet
servers, firewalls and routers, and relying
primarily on firewalls for protection without
intrusion detection and prevention systems
![Page 18: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/18.jpg)
18
SECOND
Issues such as users anonymity coupled with uninformed, misguided,
and malicious users contribute to the
problem
![Page 19: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/19.jpg)
19
FINALLY
Weak or non-existent legal, regulatory, and
policy environments limit many countries’ ability to
tackle cyber crimes
![Page 20: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/20.jpg)
20
CYBER CRIMINALS
![Page 21: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/21.jpg)
21
Cyber criminals come in many forms. Most
harmful can be malicious insiders, and
disgruntled or uninformed employees
![Page 22: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/22.jpg)
22
The Internet has its share of professional criminals like hackers, organized crime and pedophiles,
who make a living off of their well honed skills and
criminal endeavours
![Page 23: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/23.jpg)
23
Competing businesses,
governments and terrorists will also
turn to the internet to undermine the
“competition” or further their cause
![Page 24: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/24.jpg)
24
CAN ANYTHING BE DONE?
![Page 25: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/25.jpg)
25
There is no one solution, be it technological or otherwise, to address
cyber crime. It exists for a multitude of reasons and requires a multifaceted
approach to combat
![Page 26: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/26.jpg)
26
HUMAN FACTORS
Industry, government and educators must first
address human behaviour that allows cyber crime to thrive and/or undermine
security efforts
![Page 27: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/27.jpg)
27
A significant number of security breaches are in part caused by human
actions, whether intentional or otherwise
![Page 28: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/28.jpg)
28
Examples include:Use of weak passwords
Divulging passwordsUse of unauthorised software
Opening of unknown emailUnauthorised use of network
![Page 29: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/29.jpg)
29
Breaches are not limited to novice or
inexperienced users. Incidents have been caused by network
administrators
![Page 30: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/30.jpg)
30
Outlining acceptable network use, authorised
software, along with awareness campaigns and training, can help
mitigate against human errors
![Page 31: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/31.jpg)
31
TECHNOLOGY FACTORS
Technology plays a key role in securing
computers and networks, but only if properly
deployed and maintained
![Page 32: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/32.jpg)
32
There is a panoply of security tools at your
disposal. If used properly they will shield your
organization from many common cyber attacks
![Page 33: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/33.jpg)
33
Security ranges from the basics like limiting access
to the network, forcing users to change
passwords at regular intervals, to physically
limiting access to certain computers
![Page 34: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/34.jpg)
34
A step up would involve virus scanners that
inspect incoming files for viruses, to firewalls,
which limit incoming and outgoing network traffic
![Page 35: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/35.jpg)
35
To sophisticated tools like intrusion detection systems,
which constantly analyze network traffic and send out alerts or shut off access in
the event of anomalies
![Page 36: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/36.jpg)
36
If information must be sent over the Internet, encryption technology
can shield sensitive data when it must be
transmitted
![Page 37: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/37.jpg)
37
POLICY FACTORS
Ensure laws, regulations and policies provide the necessary
support and focus that can complement cyber security
endeavours
![Page 38: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/38.jpg)
38
It must also ensure that countries are able to
investigate, arrest and prosecute cyber
criminals
![Page 39: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/39.jpg)
39
A strong legal framework sends a message that cyber
crime will be dealt with seriously and that limits on online conduct will be
imposed
![Page 40: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/40.jpg)
40
A well articulated regulatory scheme will ensure that key players
such as TSPs, government and industry understand their roles in ensuring a
secure environment
![Page 41: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/41.jpg)
41
Well articulated policies that outline the roles, responsibilities and
commitments of users, TSP and governments will
bring all this together
![Page 42: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/42.jpg)
42
A FEW WORDS ABOUT SECURITY POLICIES
![Page 43: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/43.jpg)
43
INDUSTRY POLICIES
Should address acceptable usage, minimum security
standards, and commitments by
organisation to educate and support users
![Page 44: Unit 4 e security](https://reader035.fdocuments.in/reader035/viewer/2022062614/547b29edb4af9faa158b4dd0/html5/thumbnails/44.jpg)
44
GOVERNMENT POLICIES
Identify short and mid term security objectives, support to key players, investments in security technology and training, and awareness
initiatives