Unit 1 Ics1
Unit 1 Ics1
Security Basics
CONTENT
1. INTRODUCTION
2. SECURITY
3. ELEMENTS OF INFORMATION SECURITY
4. SECURITY POLICY
5. SECURITY TECHNIQUES
6. STEPS FOR BETTER SECURITY
7. CATEGORY OF COMPUTER SECURITY
8. THE OPERATIONAL MODEL OF N/W
SECURITY
9. SECURITY SERVICES
10. BASIC N/W SECURITY TERMINOLOGY
11. SECURITY ATTACKS
How safe is your information?
•Recent events show that commercial, personal and
sensitive information is very hard to keep secure, and
some estimates point to 2007 as being the worst year on
record for data loss.
PROTECTION
1.Unahorized Access by intentionally or
unintentionally.
To protect the operation of any
organization
1.Physical Security:- Access control to physical
device
E.g:- Pen drive, Hard drive, CD/DVD,
Computer,
2. Private Security :- Individual or group
3. Project Security :- Design , Code operation
security
Introduction
Information:- Computers, Networks, Internet,
Mobile.
Security:-trying to understand how to
protect.
The various dangers & pitfalls when we use
technology.
The consequences of not setting up the right
Security Policies
Security Framework
Security Technology
Why is Security Required?
Business & different types of transactions r
is a requirement.
Information Security
Protecting information and information
systems from unauthorized access, use,
disclosure, disruption, modification, or
destruction.
Background
Throughout history, confidentiality of
information has always played a key role
in military conflict.
In Past No or little security.
The Need for Security(Current Scenario)
Now a days Importance of data was truly
realized.
Financial & Personal data
Therefore various areas in security began to
gain prominence.
Typical Examples of Basic Security
Mechanism:
Authenticate a User->id, pw
Encode->DB->Not Visible to user who do not
have the right permission.
Organization employed their own mechanism.
The Need for Security In Modern Life
Internet took the world by storm.
Technology Improved
Communication Infrastructure became
extremely mature.
Newer & newer applications begins to
developed for various user demands & need.
Soon peoples realized that basic security
measures were not quite enough.
Information traveling from a client to a
server over the internet.
Some real time attacks
Russian Attacker Maxim actually manage to
intruder into a merchant Internet site & obtained
300,000 credit card numbers from its DB.
He then attempted extortion by demanding
protection money($100,000) from the merchant.
The merchant refused to oblige.
Following this, the attacker published about
25,000 of the credit card numbers on the
internet!
Some banks reissued all the credit cards at a
cost of $20 per card & others forewarned
their customers about unusual entries in
their statements.
Consequences of Attack
Great Losses-both in terms of finance &
goodwill.
Cost of attack $20*300000=$6M
Another Example:-
1999 Swedish hacker broke into Microsoft’s
Hotmail Website & created a mirror site.
This allowed anyone to enter any Hotmail
user’s email id & read their emails.
2005 survey about the losses that occur due
to successful attacks on security.
$455,848,000
Next year this figure reduced to
Modern Nature Of Attack
1. Automating Attacks:-
Traditional Attack: Produce Coins using
machinery & Bring them into circulation.
Modern Attack: Steal half a dollar from million
accounts in a few minutes time digitally.
2. Privacy Concern:-Every Company are collecting
& processing lots of information about us.
Without we
realizing when & how it is going to be used.
3. Distance does not matter:- Attack Can be
launched from the distance.
E.g:- In 1995, a Russian hacker broke into
Citibank’s computer remotely, stealing $12M.
Although the attacker was traced, it was very
difficult to get extradited him for the court case.
1.2 ELEMENTS OF INFORMATION
SECURITY
This will Help us understand the attacks
better & also help us in thinking about the
possible solution to tackle it.
Information Security provide services to user.
Principle/Goals Of Security
These r the 4 chief principles of security.
1. Confidentiality:- Is msg seen by someone else?
2. Authentication:- Do u trust the sender of msg?
3. Integrity:- Is the meg changed during transmit?
4. Non-repudiation:- Can sender refute the msg?
Above principles r related to a particular message.
There r 2 more linked to overall system as a
whole.
5. Access Control:- Who can Access what? [ACL]
6. Availability:- Information should be available
timely.
Confidentiality
Confidentiality is the process of
preventing disclosure of information to
unauthorized individuals or systems.