Basic of Information Security

What Is Security?
“The quality or state of being secure--to be free
from danger”
To be protected from adversaries
A successful organization should have multiple
layers of security in place:
Physical security
Personal security
Operations security
Communications security
Network security
What Is Information Security?
The protection of information and its critical
elements, including the systems and hardware that
use, store, and transmit that information
Tools, such as policy, awareness, training,
education, and technology are necessary
The C.I.A. triangle was the standard based on
confidentiality, integrity, and availability
The C.I.A. triangle has expanded into a list of
critical characteristics of information
Critical Characteristics Of Information
The value of information comes from the
characteristics it possesses.
Availability
Accuracy
Authenticity
Confidentiality
Integrity
Utility
Possession
 Components of an Information System

To fully understand the importance of information

security, you need to know the elements of an
information system

An Information System (IS) is much more than

computer hardware; it is the entire set of software,
hardware, data, people, and procedures necessary to
use information as a resource in the organization
Securing the Components
The computer can be either or both the subject of an
attack and/or the object of an attack
When a computer is
the subject of an attack, it is used as an active tool to
conduct the attack
the object of an attack, it is the entity being attacked
Figure 1-5 – Subject and Object of Attack

Principles of Information Security - Chapter 1

Aspects of Security
consider 3 aspects of information security:
security attack
security mechanism
security service
note terms

threat – a potential for violation of security

attack – an assault on system security, a deliberate
attempt to evade security services
 Security Attack
• Passive Attack
• attempts to learn or make use
of information from the system
but does not affect system
resources.
• Two types of passive attacks
are:
1. Release of message contents
2. Traffic analysis.
 Active Attack
• Active Attack
• modification of the data
stream or the creation of a
false stream
• Four types of active attacks
1. masquerade,
2. Replay
3. modification of messages,
4. denial of service.
IT’S A JUNGLE OUT THERE
Computer Viruses Network Worms

Trojan Horses Logic Bombs

Address Book theft Hijacked Home Pages

DNS Poisoning Denial of Service Attacks

Zombies, IP Spoofing Buffer Overruns

Password Grabbers Password Crackers

AND THE EVER POPULAR:
Hoaxes

Ploys

Pop-Ups

Scams

Spam
 DID YOU KNOW?
In 1980 a computer cracked a 3-character
password within one minute.

In 1999 a team of computers cracked a 56-

character password within one day.

In 2004 a computer virus infected 1

million computers within one hour.
 DEFINITIONS

A computer program

Tells a computer what to do and how to do it.

Computer viruses, network worms,

Trojan Horse
These are computer programs.
SALIENT DIFFERENCES
1) Computer Virus: •Needs a host file
•Copies itself
•Executable

2) Network Worm: •No host (self-contained)

•Copies itself
•Executable

3) Trojan Horse: • No host (self-contained)

•Does not copy itself
•Imposter Program
TYPICAL SYMPTOMS
File deletion

File corruption

Visual effects

Pop-Ups

Erratic (and unwanted) behavior

Computer crashes
BIOLOGICAL METAPHORS
1. Bacterial Infection Model:
•Single bacterium
•Replication
•Dispersal

2. Virus Infected Model:

•Viral DNA Fragment •Infected Cells
•Replication •Dispersal

A computer virus spreads similarly, hence the name

WHY DO WE HAVE THIS PROBLEM?

 Software companies rush

products to the consumer
market (“No program should go
online before its time…”)

 Recycling old code reduces

development time, but
perpetuates old flaws.
 AND A FEW MORE REASONS
Market share is more important than security

Interface design is more important than security

New feature designs are more important than

security
Ease of use is more
important than security
HACKER MOTIVATIONS

Attack the Evil Empire

(Microsoft)

Display of dominance

Showing off, revenge

Misdirected creativity

Embezzlement, greed

“Who knows what evil lurks in the hearts of men?”

 NETWORKED SYSTEMS VS
SECURED SYSTEMS
Some platforms are more secure than others

NETWORKS SECURITY

Open Closed
Communication Communication

Full Access Full Lockdown

Managers must strike a balance

POPULAR FALLACIES
If I never log off then my computer can
never get a virus

Companies create viruses so they can sell

anti-virus software
Microsoft will protect me

w ill
I SP
My ct me?
e
prot
AND A FEW MORE….
Igot this disc from my (mother, boss, friend) so it
must be okay
You cannot get a virus by opening an attachment
from someone you know

But I only downloaded one file

I am too smart to fall for a scam
You can catch a cold from a computer virus
My friend who knows a lot about computers
showed me this really cool site…
THINGS THE LIBRARY CAN DO
ACTION PLAN:

•Designate security support staff (and fund them)

•Make security awareness a corporate

priority (and educate your staff)
•Enable real-time protection
•Update all vendor security patches

•Subscribe to several security alert bulletins

•Periodically reboot or re-load all computers

•Control, limit or block all downloads and installs

•Install anti-virus software on computers

(keep it current)

“It takes a carpenter to build a house but

one jackass can knock it down”
(Variously attributed to Mark Twain, Harry Truman, Senator Sam Rayburn)
WHAT CAN THE LIBRARIAN DO?
Set bookmarks to authoritative:
•anti-virus Web pages • virus hoax Web pages
•public free anti-virus removal tools

Provide patrons with: up-to-date information about

viruses, etc.

Confirm:
that desktops have the latest anti-virus updates
 BACK IT UP
Offline copies: Grandfather/father/son
(monthly/weekly/daily)

Online copies: Shared network drive

Changes only: Incremental/differential
Do not back up a file on the same disc as the
original!
Assume every disc, CD, etc is suspect, no matter
who gave it to you

“Doveryay, No Proveryay” (Trust but Verify)

 MACHINE INFECTED?
ACTION PLAN:

1) Write down the error or alert message

verbatim
•inform your tech support team
•quarantine the machine

2) Look up the message in an

authoritative anti-virus site (demo)
•diagnose the problem
•take recommended remedial action
If appropriate:
• Download, install, run the anti-virus
removal tool (demo)
• Apply all missing critical security patches
(demo)

3) Reboot the machine

•Run a full system scan before
placing the machine back in
service
 THE HOAX STOPS HERE
IF THE MESSAGE:

•tells you to do something

•tells you to take immediate action

•cites a recognizable source to give itself

credibility (“Microsoft has warned that…”)

•does not originate from a valid computer vendor

 AND:
•lacks specific verifiable contact information

IF IN DOUBT, CHECK IT OUT

Confirm the hoax by checking it against
authoritative hoax sites

Inform other staff so the hoax does not propagate

POPULAR HOAXES INCLUDE:
JDBGMGR (teddy-bear icon) Tricks users into
deleting a file

NIGERIA
Money
scam

Pyramid
$800 FROM MICROSOFT scheme
STOPPING THE TROJAN HORSE
The Horse must be “invited in” ….

How does it get in? By:

Downloading a file
Installing a program
Opening an attachment

Opening bogus Web pages

Copying a file from someone else
MORE ON THE HORSE…….
A Trojan Horse exploits computer ports
letting its “friends” enter, and

“once a thief gets into your house he

opens a rear window for his partners”

Security patches often close computer ports and

vulnerabilities
NOTE #1
Search engines are NOT reliable sources of
virus information
Information may be inaccurate, incomplete or
out of date
Search engines generate huge numbers of
indiscriminate hits
Some anti-virus Web sites are scams
(or contain trojan Horses)
 Go directly to authoritative anti-virus sites
 NOTE #2
Computer companies are NOT reliable sources
of virus information

Computer companies:
Usually refer you to an anti-virus vendor
are not in the anti-virus business

themselves are victims!

Definitions
Malware:
Hostile, intrusive, or annoying software or program code
("malicious" + "software“)
Includes computer viruses, worms, trojan horses, bots,
spyware, adware, etc
Software is considered malware based on the intent of
the creator rather than any particular features
Definitions
Internet bot:
also known as web robots, are automated internet
applications controlled by software agents
These bots interact with network services intended for
people, carrying out monotonous tasks and behaving in a
humanlike manner (i.e., computer game bot)
Bots can gather information, reply to queries, provide
entertainment, and serve commercial purposes.
Botnet - a network of "zombie" computers used to do
automated tasks such as spamming or reversing
spamming
Definitions
Adware:
Advertising-supported software is any software
package which automatically plays, displays, or
downloads advertising material to a computer after the
software is installed on it or while the application is
being used.
Adware is software integrated into or bundled with a
program, typically as a way to recover programming
development costs through advertising income
Definitions
Spyware:
A broad category of software designed to intercept or
take partial control of a computer's operation without the
informed consent of that machine's owner or legitimate
user
In simpler terms, spyware is a type of program that
watches what users do with their computer and then
sends that information over the internet
Definitions
Spyware:
Spyware can collect many different types of information
about a user:
 Records the types of websites a user visits
 Records what is typed by the user to intercept passwords or credit
card numbers
 Used to launch “pop up” advertisements

Many legitimate companies incorporate forms of

spyware into their software for purposes of
advertisement(Adware)
Spyware Example
Spyware Example
(add-on toolbars)
Definitions
Spam:
Spamming is the abuse of electronic messaging systems
to send unsolicited, undesired bulk messages
Spam media includes:
 e-mail spam (most widely recognized form)
 instant messaging spam
 Usenet newsgroup spam
 Web search engine spam
 spam in blogs
 mobile phone messaging spam
Spam Example
Definitions
Phishing:
A criminal activity using social engineering techniques.
An attempt to acquire sensitive data, such as passwords
and credit card details, by masquerading as a trustworthy
person or business in an electronic communication.
Typically carried out using email or an instant message
Phishing Example

Points to “bad” IP
Address!
Definitions
Keystroke Logging:
Keystroke logging (often called keylogging) is a
diagnostic used in software development that captures
the user's keystrokes
 Useful to determine sources of error in computer programs
 Used to measure employee productivity on certain clerical tasks
Highly useful for law enforcement and espionage
 Obtain passwords or encryption keys and thus bypassing other
security measures
Widely available on the internet and can be used by
anyone for the same purposes
Definitions
Keystroke Logging:
Can be achieved by both hardware and software means
Hardware key loggers are commercially available
devices which come in three types:
 Inline devices that are attached to the keyboard cable
 Devices installed inside standard keyboards
 Keyboards that contain the key logger already built-in
Writing software applications for keylogging is trivial,
and like any computer program can be distributed as
malware (virus, trojan, etc.)
Keylogger Example

In-line hardware Keylogger

Viruses, Bots, and Phish,
Oh My!
Why is it Important?
 Over the last few years, the IT security threat landscape has
changed significantly.
 Traditional malware threats hit an apparent wall in 2005
 However new threats (bots, spam, phishing) have stepped
into the void.
 Remember the objective - the “CIA Triad” :
 Confidentiality
 Integrity
 Availability (Recoverability)
Viruses, Bots, and Phish,
Oh My!
Why is it Important?
 Unauthorized access (malware, spyware) limits our ability
to protect the confidentiality of the data
 Malicious programs can alter the data values, destroying
the integrity of the data
 Denial of Service (DoS) attacks can shut down a server
and/or network, making the system unavailable.
 Efforts to correct costs corporations time and money!
Viruses, Bots, and Phish,
Oh My!
Why is it Important?
 There were on average over eight million phishing
attempts per day during the latter half of 2005 (Symantec)
 The California legislature found that spam cost United
States organizations alone more than $10 billion in 2004,
including lost productivity and the additional equipment,
software, and manpower needed to combat the problem.
Viruses, Bots, and Phish,
Oh My!
Why is it Important?
 Regulatory Issues:
 HIPAA (electronic personal identifiable information)
 Sarbanes-Oxley Act (federal securities law focused on data
accuracy and integrity)
 PCI Security (Payment Card Industry security measures)

 Potential/Growing Issues:
 Liability for damage caused by bot-nets
 Loss of corporate confidential information (financials, personnel)
 Electronic Blackmail
Viruses, Bots, and Phish,
Oh My!
What Can We Do?
 Security Assessment
 Identify areas of risk
 Identify potential for security breaches, collapses
 Identify steps to mitigate

 Security Application
 Expert knowledge (train, hire, other)
 Multi-layered Approach (there is no single solution)
 Policies and Procedures
Viruses, Bots, and Phish,
Oh My!
What Can We Do?
 Security Awareness
 Not just for the geeks!
 Security Training at all levels (external and/or internal)
 Continuing education and awareness – not a one-time shot!
 Make it part of the culture
Types of Security?
 The quality or state of being secure—to be free from
danger”
 A successful organization should have multiple layers of
security in place:
Physical security
Personal security
Operations security
Communications security
Network security
Information security
 Characteristics of Information
 The value of information comes from the characteristics it
possesses:
Availability
Accuracy
Authenticity
Confidentiality
Integrity
Utility
Possession
 Firewalls
A software or hardware component that restricts network
communication between two computers or networks.
In buildings, a firewall is a fireproof wall that restricts the spread
of a fire.
Network firewall prevents threats from spreading from one
network to another
 Prevent specific types of information from moving between the
outside world (untrusted networks) and the inside world (trusted
networks)
 The firewall may be a separate computer system, a software
service running on an existing router all server, or a separate
network containing a number of supporting devices.
Internet Firewalls
The Internet Protocol Stack
 What Firewalls do
Protects the resources of an internal network.
- Restrict external access.
- Log Network activities.
-Intrusion detection
-DoS
- Act as intermediary
- Centralized Security Management
 Carefully administer one firewall to control internet traffic of
many machines.
 Internal machines can be administered with less care.