SECURITY IN INFORMATION

TECHNOLOGY

By:- Mithun.k
Mtech TM

08/07/2010
Overview

What is security?
Why do we need security?
Who is vulnerable?
2 lines of defense
3 security areas
Common security threats, attacks and
countermeasures
What is “Security”?

Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear;
confidence.
3. Something that gives or assures safety, as:
1. A group or department of private guards: Call
building security if a visitor acts suspicious.
2. Measures adopted by a government to prevent
espionage, sabotage, or attack.
3. Measures adopted, as by a business or
homeowner, to prevent a crime such as burglary or
assault:
What is “Information Security”?

Protect information, systems & hardware

that uses, stores and process that
information from misuse or theft
By Insider or outsider
Intentionally or Unintentionally

For the protection of Information, we need

tools such as policy, awareness, training &
education.
Why do we need Security?
1. Protects the organisations ability to function
2. Enables the safe operation of applications
3. Protects the data, the organisation collects
&uses
4. Safeguards the technology assets in use at
the organisation.
Who is vulnerable?

Financial institutions and banks

Internet service providers
Pharmaceutical companies
Government and defense agencies
Contractors to various government agencies
Multinational corporations
ANYONE ON THE NETWORK
Information security plan

Develop policies
Communicate
Identify
Test system
Obtain support
2 lines of defense

People Technology
 st
People:1 line of defense

Security breaches due to people within the

organization
Social engineering
Dumpster diving is a way that hackers get
the information
 nd
Technology : 2 line of defense

Without some type of defense, technology is

vulnerable to breaches

There are many different types of

technologies available to keep the
information safe
3 Security areas

1. Authentication & Authorization

1. Prevention & Resistance

1. Detection & Response

1) Authentication & Authorization

includes –
1. something user knows
Eg:- ID or Password
2. something user has
Eg:- Smartcard or Token
3. something that is part of user
Eg:- Fingerprint or Voice signature
2) Prevention & Resistance

To keep the information safe

Prevent the intruders to get into the data
Methods:-
Firewall
Cryptography
Content filtering etc…
3) Detection & Response

Antivirus softwares can be used to protect

the system…

It will respond to the intrusion of the

malicious codes like viruses, worms,
trojan horses etc…
Threats

Threat is an object or person or other entity

that represents a constant danger to an
asset or organization
Different groups of threats:-
1. Inadvertent acts
2. Deliberate acts
3. Acts of God
4. Technical failure
5. Management Failure
a) Inadvertent acts

i) Acts of human error of failure:-

Accidents, employee mistakes

Reasons:-
Inexperience
Improper training
Incorrect assumtions
Effects:-
Entry of erroneous data
Accidental deletion or modification of data
Storage of data in unprotected areas
a) Inadvertent acts con…

ii) Deviations in QoS by service provider:-

Situations in which product or service is not

delivered to organization as expected.
Eg:-
~ Internet service issues in stock market,
~ communication & other service provider issues
~ power irregularities
b) Deliberate acts

People or organisation engage in purposeful

acts designed to harm others.
i) Deliberate acts of espionage or trespass:-
An unauthorised individual gains access to the
information an organisation is trying to protect
eg:- hacking, cracking etc….
b) Deliberate acts
i) Deliberate acts of espionage or trespass:- con…….

Hacker:-
People who use and create computer software to
gain access to the information illegally.
Enjoys programming
Seeks further knowledge
Shows a positive approach to the system
Two types:-
Expert
Novice
b) Deliberate acts
i) Deliberate acts of espionage or trespass:- con…….

Cracker:-
Who cracks or removes an application software
protection that is designed to prevent unauthorized
duplication (copyright protected).
They’ll destroy vital data, deny legitimate user service
etc…
Negative approach to system
Phreaker:-
Hacks the public telephone network to make free
calls and to disrupt the services
b) Deliberate acts con…

ii) Deliberate acts of information extortion:-

It is the possibility of an attacker or formerly trusted
insider stealing information from a computer system &
demanding compensation for its return.

iii) Deliberate acts of sabotage:-

To deliberately sabotage the operation of a business
to destroy an asset or damage the image of the
organisation.
b) Deliberate acts con…

iv) Deliberate act of theft:-

Threat within organization is constant problem
It can be physical, electronic or intellectual.
v) Deliberate software attacks:-
Individual or group develop or designs software to
attack an unsuspecting system.
Softwares are called MALWARE or MALICIOUS
CODE or MALICIOUS SOFTWARE.
eg:- Denial of services attacks conducted by
MAFIABOY on Amazon.com, Dell.com, etc…
b) Deliberate acts
v) Deliberate software attacks :- con…….

Types of Malwares:-
Virus:-
A piece of self-replicating code attached to some other
code or program
A program that infects other programs by modifying
them
Propagates itself:- a copy of this program can go and
infect other progams. It consists of intrusion codes to
make specific copies to itself.
Opening an e-mail or by other data transmission causes
virus infection
Types:-
macro virus
boot virus etc…
b) Deliberate acts
v) Deliberate software attacks :- con…

Worms:-
Malicious programs that replicate themselves without
infecting the program
Programs that spread from one system to the other
network connection
Doesn’t exists in a particular system but affects the file
in that system
Types:-
Morris Worm
Code Red
Nimda
b) Deliberate acts
v) Deliberate software attacks :- con…

Trojan Horses:-

Software programs that hide their true nature and

reveal their designed behaviour only when activated.

Arrives via e-mail or application software

Activated when software or attachment is executed

Installs backdoor that allows hacker to have access to

the system
c) Threats of God

Fire
Flood
Earthquake
Lightening
Landslide
Tornado
Hurricane
Tsunami
Dust contamination
d) Technical failures

Hardware:-
Technical hardware failures or errors occur when a
manufacturer distributes to users equipment
containing a known or unknown flaw.

Software:-
Threats come from purchasing software with
unknown hidden faults.
e) Management failures

Threat come from managements potential lack of

sufficient planning and foresight to anticipate the
technology needed for evolving buisness requirements

Managements strategic planning should always include

an analysis of technology current in the organisation
Attacks

An attack is the deliberate act that exploits vulnerability

It is accomplished by a threat agent
Types:-
Malicious code
Hoaxes
Back door
Password crack
Brute force
Dictionary
Denial of service
Spoofing
Man in the middle / TCP attacks
Spam
Mail bombing
Sniffers
Social engineering
Attacks con…

Malicious codes:-
Individual or group develop or designs software to
attack an unsuspecting system

Hoaxes:-
Warning about the latest viruses & worms
Transmitting a virus hoax, with a real virus attached

Back doors / Trap door:-

Secret entry point into a program
Allows those who commonly know access bypassing
usual security procedures
Very hard to block in OS
Attacks con…

Password crack:-
Attempt to reverse calculate a password is called cracking
Used when a copy of Security Account Manager (SAM) data
file can be obtained.
SAM file contains Hashed representation of password.

Brute force:-
Try every possible combination of passwords

Dictionary attacks:-
Uses a list of commonly
used passwords (dictionary),
to guess instead of random
combination.
Attacks con…

Spoofing:-
Intruder sends message to computer with an IP address
indicating true host
Hacker first findout IP address of true host.
Once Connection was established, hacker got access to the
system

Spam:-
Unsolicited commercial e-mail
Considered as nuisance rather than an attack.

Mail bombing:-
Attacker router large number of unsolicited e-mail to the
target.
Target e-mail address is buried under unwanted e-mails.
Attacks con…

Sniffer:-
Program or device that can monitor data travelling over
network.
Unauthorized sniffers are extremely dangerous to
network.
Packet sniffers- they can work on TCP/IP n/w

Social engineering:-
Process of using social skills to convince people to
reveal the credentials and other valuable informations.
Attacks con…

Denial of Service(Dos):-
Purpose: Make a network service unusable,
usually by overloading the server or network

Many different kinds of DoS attacks

SYN flooding
SMURF
Distributed attacks
Attacks con…

Denial of service:-
Attacks con…

Denial of service:-

SMURF:-
Source IP address of a broadcast ping is forged
Large number of machines respond back to victim,
overloading it
Attacks con…

Denial of service:-
Attacks con…

Distributed denial of service:-

Same techniques as regular DoS, but on a much larger

scale

Mini Case Study – CodeRed

July 19, 2001: over 359,000 computers infected with
Code-Red in less than 14 hours
Used a recently known buffer exploit in Microsoft IIS
Damages estimated in excess of $2.6 billion
Attacks con…

TCP attacks / Man in the middle :-

Attacker sniffs packets into the network, modifies them
& inserts it back into the network.
Using IP spoofing
If an attacker learns the associated TCP state for the
connection, then the connection can be hijacked!
Attacker can insert malicious data into the TCP stream,
and the recipient will believe it came from the original
source
Eg:- Instead of downloading and running new program,
you download a virus and execute it.
Attacks con…

TCP attacks:-
Say hello to Alice, Bob and Mr. Big Ears
Attacks con…

TCP attacks:-
Alice and Bob have an established TCP connection
Attacks con…

TCP attacks:-
Mr. Big Ears lies on the path between Alice and
Bob on the network
He can intercept all of their packets
Attacks con…

TCP attacks:-
First, Mr. Big Ears must drop all of Alice’s packets
since they must not be delivered to Bob (why?)

Packet
s
The
Void
Attacks con…

TCP attacks:-

Then, Mr. Big Ears sends his malicious packet with

the next ISN (sniffed from the network)
Counter measures

Firewalls
Intrusion detection system
Cryptography
Counter filters
Scanning and analysis tools
Firewalls

Any device or software which prevents a specific

type of information moving between outside and
inside world, ie untrusted and trusted netwoks.
A firewall is like a castle with a drawbridge
Only one point of access into the network
This can be good or bad
Firewalls

Internet DMZ
Web server, email
F server, web proxy, F
ir etc ir
e e
w w
a a
ll ll
Intranet
Firewalls

Used to filter packets based on a

combination of features
These are called packet filtering firewalls
There are other types too, but they will not be
discussed
Ex. Drop packets with destination port of 23 (Telnet)
Can use any combination of IP/UDP/TCP header
information
Intrusion detection system

Works on the basis of previously set condition, if there

violation from this rule it will not allow the process to
continue.

Types:-
Host based IDS
Network based IDS
Signature based IDS
Statistical anomaly based IDS
Cryptography

Data is initially encrypted to a coded form.

The decoding mechanism can be done only with
knowledge about its initial coding,
Authorized hosts are provided with decoding algorithms
So the hacking can be minimised.
Conclusions

The Internet works only because we

implicitly trust one another
It is very easy to exploit this trust
The same holds true for software
The security breach in the IT can be limited
to an extent by our careful and updated
knowledge in terms of technology and
management
Reference

Principles of Information & Technology

Michel E. Whitman & Herbert J. Mattord

Youtube / Information technology & security

Secure computing

www.Wikipedia.org
Thank you…!