Information Security

Information Security
• What is Information Security?
• Why is it Important?
• What Can We Do?
What Is Information Security?
• Protection of information systems against
unauthorized access to or modification of
information, whether in storage, processing or
transit, and against the denial of service to
authorized users or the provision of service to
unauthorized users, including those measures
necessary to detect, document, and counter such
threats.
• Deals with several different "trust" aspects of
information and its protection
What Is Information Security?

• Three widely accepted elements or areas of

focus (referred to as the “CIA Triad”):
– Confidentiality
– Integrity
– Availability (Recoverability)
• Includes Physical Security as well as Electronic
 Malware
• Hostile, intrusive, or annoying software or
program code ("malicious" + "software“)
• Includes computer viruses, worms, Trojan
horses, bots, spyware, adware, etc
• Software is considered malware based on the
intent of the creator rather than any
particular features
 Internet bot
• also known as web robots, are automated internet
applications controlled by software agents
• These bots interact with network services intended
for people, carrying out monotonous tasks and
behaving in a humanlike manner (i.e., computer
game bot)
• Botnet - a network of "zombie" computers used to
do automated tasks such as spamming or reversing
spamming
 Adware
• Advertising-supported software is any software
package which automatically plays, displays, or
downloads advertising material to a computer after
the software is installed on it or while the
application is being used.
• Adware is software integrated into or bundled with
a program, typically as a way to recover
programming development costs through
advertising income
 Spyware
• A broad category of software designed to
intercept or take partial control of a
computer's operation without the informed
consent of that machine's owner or
legitimate user
• In simpler terms, spyware is a type of
program that watches what users do with
their computer and then sends that
information over the internet
 Spyware (2)
• Spyware can collect many different types of
information about a user:
• Records the types of websites a user visits
• Records what is typed by the user to
intercept passwords or credit card numbers
• Used to launch “pop up” advertisements
• Many legitimate companies incorporate
forms of spyware into their software for
purposes of advertisement(Adware)
Spyware Example
Spyware Example
(add-on toolbars)
 Spam
• Spamming is the abuse of electronic messaging
systems to send unsolicited, undesired bulk
messages
• e-mail spam
• instant messaging spam
• Usenet newsgroup spam
• Web search engine spam
• spam in blogs
• mobile phone messaging spam
Spam Example
 Phishing
• A criminal activity using social engineering
techniques.
• An attempt to acquire sensitive data, such as
passwords and credit card details, by
masquerading as a trustworthy person or
business in an electronic communication.
• Typically carried out using email or an instant
message
Phishing Example

Points to “bad” IP
Address!
 Keystroke logging
• Often called key logging is a diagnostic used in
software development that captures the user's
keystrokes
• Useful to determine sources of error in computer
programs
• Used to measure employee productivity on certain
clerical tasks
• Highly useful for law enforcement and espionage
• Obtain passwords or encryption keys and thus
bypassing other security measures
 Keystroke Logging
• Can be achieved by both hardware and software
means
• Hardware key loggers are commercially
available devices which come in three types:
– Inline devices that are attached to the keyboard cable
– Devices installed inside standard keyboards
– Keyboards that contain the key logger already
built-in
 Why is it Important?
• Over the last two years, the IT security threat landscape
has changed significantly.
• Traditional malware threats hit an apparent wall in 2005
• However new threats (bots, spam, phishing) have
stepped into the void.
• Remember the objective - the “CIA Triad” :
– Confidentiality
– Integrity
– Availability (Recoverability)
 Why is it Important?

• Unauthorized access (malware, spyware) limits

our ability to protect the confidentiality of the
data
• Malicious programs can alter the data values,
destroying the integrity of the data
• Denial of Service (DoS) attacks can shut down a
server and/or network, making the system
unavailable.
 What Can We Do?
• Security Assessment
– Identify areas of risk
– Identify potential for security breaches,
collapses
• Security Application
– Expert knowledge (train, hire, other)
– Multi-layered Approach (there is no single
solution)
 What Can We Do?

• Security Awareness
– Not just for the geeks!
– Security Training at all levels (external and/or
internal)
– Continuing education and awareness – not a
one-time shot!
– Make it part of the culture
 IT’S A JUNGLE OUT THERE

Computer Viruses Network

Worms
Trojan Horses Logic Bombs

Address Book theft Hijacked Home Pages

DNS Poisoning Denial of Service Attacks

Zombies, IP Spoofing Buffer Overruns

Password Grabbers Password Crackers

 Virus is a computer program

A computer program

Tells a computer what to do and how to do it.

Computer viruses, network worms,

Trojan Horse

These are computer programs.

 SALIENT DIFFERENCES
Computer Virus: •Needs a host file
•Copies itself
•Executable

Network Worm: •No host (self-contained)

•Copies itself
•Executable

Trojan • No host (self-contained)

Horse •Does not copy itself
•Imposter Program
 TYPICAL SYMPTOMS

• File deletion
• File corruption
• Visual effects
• Pop-Ups
• Erratic (and unwanted) behavior
• Computer crashes
 WHAT CAN WE DO?
Set bookmarks to authoritative:
•anti-virus Web pages • virus hoax Web pages
•public free anti-virus removal tools
Provide patrons with: up-to-date information about viruses,
etc.

Confirm:
that desktops have the latest anti-virus updates
 BACK IT UP

• Offline copies: Grandfather/father/son

(monthly/weekly/daily)
• Online copies: Shared network drive
• Do not back up a file on the same disc as the
original!
• Assume every disc, CD, etc is suspect, no
matter who gave it to you