The Need for Security

Computer Security - the collection of tools designed

to prevent To detect & To recover from a security attack.

Network security or internet securitysecurity measures needed to protect data during their transmission

Introduction
The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. The Art of War, Sun Tzu

SECURITY MEASURES:
o A Token
o Smart-card o Biometric Authorization o Firewalls o Intrusion Detection System o Antivirus and Antispyware software

o Digital Signature

SECURITY MEASURES:
In addition, users have to practice safe computing
Not downloading from unsafe websites Not opening attachments Not trusting what you see on websites Avoiding Scams

BIOMETRIC SECURITY:

Voice verification, Finger-prints, Hand

It exploits humans unique physical or behavioral traits in order to authenticate people.

geometry, Signature dynamics, Keystroke analysis, Retina scanning, Face recognition Special-purpose-Sensors

What is a Firewall?
a choke point of control and monitoring interconnects networks with differing trust imposes restrictions on network services
only authorized traffic is allowed It controls incoming and outgoing traffic Acts as a gatekeeper, identifies names, IP addresses. It checks it with access rules It is a combination of hardware and software.

Firewalls Packet Filters

Crypto
Cryptology The art and science of making and breaking secret codes Cryptography making secret codes Cryptanalysis breaking secret codes Crypto all of the above (and more)

Basic Terminology
plaintext - original message ciphertext - coded message cipher - algorithm for transforming plaintext to ciphertext key - info used in cipher known only to sender/receiver encipher (encrypt) - converting plaintext to ciphertext decipher (decrypt) - recovering ciphertext from plaintext cryptography - study of encryption principles/methods cryptanalysis (codebreaking) - study of principles/ methods of deciphering ciphertext without knowing key cryptology - field of both cryptography and cryptanalysis

Crypto as Black Box

key key

plaintext

encrypt ciphertext

decrypt

plaintext

A generic view of symmetric key crypto

https://

ACTION PLAN: Designate security support staff (and fund them) Make security awareness a corporate priority (and educate your staff) Enable real-time protection Update all vendor security patches Subscribe to several security alert bulletins Periodically reboot or re-load all computers Control, limit or block all downloads and installs Install anti-virus software on computers (keep it current)

Access Control - Physical

Follow Security Procedures Wear Identity Cards and Badges Ask unauthorized visitor his credentials Attend visitors in Reception and Conference Room only

Bring visitors permission

in

operations

area

without

prior

Bring hazardous and combustible material in secure area Practice Piggybacking Bring and use pen drives, zip drives, ipods, other storage devices unless and otherwise authorized to do so

Password Guidelines
Always use at least 8 character password with combination of alphabets, numbers and special characters (*, %, @, #, $, ^) Use passwords that can be easily remembered by you Change password regularly as per policy Use password that is significantly different from earlier passwords

Use passwords which reveals your personal information or words found in dictionary Write down or Store passwords Share passwords over phone or Email Use passwords which do not match above complexity criteria

Internet Usage
Use internet services for business purposes only
Do not access internet through dial-up connectivity Do not use internet for viewing, storing or transmitting obscene or pornographic material Do not use internet for accessing auction sites Do not use internet for hacking other computer systems Do not use internet to download / upload commercial software / copyrighted material Technology Department is continuously monitoring Internet Usage. Any illegal use of internet and other assets shall call for Disciplinary Action.

E-mail Usage
Use official mail for business purposes only Follow the mail storage guidelines to avoid blocking of E-mails If you come across any junk / spam mail, do the following a) Remove the mail. b) Inform the security help desk c) Inform the same to server administrator d) Inform the sender that such mails are undesired

Do not use official ID for any personal subscription purpose Do not send unsolicited mails of any type like chain letters or E-mail Hoax Do not send mails to client unless you are authorized to do so Do not post non-business related information to large number of users Do not open the mail or attachment which is suspected to be virus or received from an unidentified sender