Professional Documents
Culture Documents
The Need For Network Security: Thanos Hatziapostolou
The Need For Network Security: Thanos Hatziapostolou
Thanos Hatziapostolou
PRESENTATION OBJECTIVES
Understand information security services
Be aware of vulnerabilities and threats
More information is being created, stored, processed and communicated using computers and networks Computers are increasingly interconnected, creating new pathways to information assets The threats to information are becoming more widespread and more sophisticated
Productivity, competitiveness, are tied to the first two trends Third trend makes it inevitable that we are increasingly vulnerable to the corruption or exploitation of information INFORMATION IS THE MOST VALUABLE ASSET
The Need for Web Security 3
Integrity
Detecting that the data is not tampered with
Authentication
Establishing proof of identity
Nonrepudiation
Ability to prove that the sender actually sent the data
Access Control
Access to information resources are regulated
Availability
Computer assets are available to authorized parties when needed
The Need for Web Security 5
2000
CIA HOMEPAGE
DOJ HOMEPAGE
USAF
The Need for Web Security
HOMEPAGE
10
11/29/96
Problem is Worsening
Code Red
30000
10000
Source: CERT Coordination Center Carnegie Mellon
1990
1994
1998
1988
1989
1991
1992
1993
1995
1996
1997
1999
2000
2001
11
VIRUSES
Risk Threat TROJ_SIRCAM.A W32.Navidad W95.MTX W32.HLLW.QAZ.A VBS.Stages.A VBS.LoveLetter VBS.Network Wscript.KakWorm W32.Funlove.4099 PrettyPark.Worm Happy99.Worm Discovered New !! 11/03/2000 8/17/2000 7/16/2000 6/16/2000 5/04/2000 2/18/2000 12/27/1999 11/08/1999 6/04/1999 1/28/1999
The Need for Web Security
Protection Latest DAT 11/06/2000 8/28/2000 7/18/2000 6/16/2000 5/05/2000 2/18/2000 12/27/1999 11/11/1999 6/04/1999 1/28/1999
12
Consider that
90% of companies detected computer security breaches in the last 12 months 59% cited the Internet as the most frequent origin of attack
13
34% are from Internet or an external connection to another company of some sort
HACKERS
The Need for Web Security 14
HACKER MOTIVATIONS
Money, profit Access to additional resources Experimentation and desire to learn Gang mentality Psychological needs Self-gratification Personal vengeance Emotional issues Desire to embarrass the target
The Need for Web Security 15
Internet Security?
Replay Attack
Spoofing
The Need for Web Security 16
3.
4. 5.
SECURITY COUNTERMEASURES
THREE PHASE APPROACH PROTECTION
DETECTION RESPONSE
The Need for Web Security 20
CRYPTOGRAPHY
Necessity is the mother of invention, and computer networks are the mother of modern cryptography.
Ronald L. Rivest
Firewall
A system or group of systems that enforces an access control policy between two networks.
PC Servers
Visible IP Address
Internal Network
Host
23
24
THANK YOU
I have questions
25