INFORMATION SECURITY:

The protection of information and its elements including systems, hardware that use, store
and transmit the information.
Information Security Goals in an Organization:
There are three main objectives protected by information security, collectively known as
CIA:
Confidentiality—prevents unauthorized users from accessing information to protect the
privacy of information content. Confidentiality is maintained through access restrictions.
Breaches of confidentiality can occur due to human error, intentional sharing, or malicious
entry.
Integrity—ensures the authenticity and accuracy of information. Integrity is maintained by
restricting permissions for editing or the ability to modify information. Loss of integrity can
occur when analog information is not protected from environmental conditions, digital
information is not transferred properly, or when users make unapproved changes.
Availability—ensures that authorized users can reliably access information. Availability is
maintained through continuity of access procedures, backup or duplication of information,
and maintenance of hardware and network connections. Loss of availability can occur when
networks are attacked due to natural disasters, or when client devices fail.
Data Types:
Public, Private / Internal, Confidential, Secret.
Public: Data is shown to all the end users.
Private/Internal: A group of company peoples only know, but outside peoples should not
know like Personal Identification Number (PIN).
Confidential: Data is used by limited number of private users, and should not be known to
the majority of workers.
Secret: Data is known by the very high authority persons only. Lose of this data may cause
critical damage to the company.
SECURITY TYPES:
Physical Security: Physical security is the protection of personnel, hardware, software,
networks and data from physical actions and events that could cause serious loss or damage
to an enterprise, agency or institution.
Personal Security: To protect the individual or group of individuals who are authorized.
Operation Security: To protect the details of a particular operation or activities. It is a risk
management process that encourages managers to view operations from the perspective of
an adversary in order to protect sensitive information from falling into the wrong hands.
Communication Security: Communications security (COMSEC) is the prevention of
unauthorized access to telecommunications traffic, or to any written information that is
transmitted or transferred.
Network Security: Network security is used to prevent unauthorized or malicious users from
getting inside your network. This ensures that usability, reliability, and integrity are
uncompromised. This type of security is necessary to prevent a hacker from accessing data
inside the network.
Information Security: Information Security refers to the processes and methodologies
which are designed and implemented to protect print, electronic, or any other form of
confidential, private and sensitive information or data from unauthorized access, use,
misuse, disclosure, destruction, modification, or disruption.
Security Mechanisms: Vulnerability, Attack, Threat, Network Security Mechanisms.
Vulnerability: Vulnerabilities are weak points or loopholes in security that an attacker
exploits in order to gain access to the network or to resources on the network.
Attack: Attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized
access to or make unauthorized use of an asset.
Two types of attack are: Passive Attack, Active Attack.
Passive Attack: A passive attack is a network attack in which a system is monitored and
sometimes scanned for open ports and vulnerabilities.
Active Attack: An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data en route to the target.
Masquerade – Masquerade attack takes place when one entity pretends to be different
entity. A Masquerade attack involves one of the other form of active attacks.
Modification of messages – It means that some portion of a message is altered or that
message is delayed or reordered to produce an unauthorized effect. For example, a message
meaning “Allow JOHN to read confidential file X” is modified as “Allow Smith to read
confidential file X”.
Threat: In computer security, a threat is a potential negative action or event facilitated by a
vulnerability that results in an unwanted impact to a computer system or application.
Network Security Mechanism: A mechanism that is designed to detect, prevent, or recover
from a security attack.
Different types of security Mechanisms are:
Routing control, Traffic padding, Encipherment, Access Control, Digital Signatures, Data
Integrity.
Routing Control: It Enables selection of particular physically secure routes for certain data
and allows routing changes, especially when a breach of security is suspected.
Traffic Padding: Traffic padding may be used to hide the traffic pattern, which means to
insert dummy traffic into the network and present to the intruder a different traffic pattern.
Encipherment: Encipherment is the process of making data unreadable to unauthorized
entities by applying a cryptographic algorithm (an encryption algorithm). Cryptography
technique is used for enciphering.
Cryptography: Cryptography is the science of keeping information secure by transforming it
into form that unintended recipients cannot understand.
Symmetric Key Cryptography
An encryption system in which the sender and receiver of a message share a single,
common key that is used to encrypt and decrypt the message. The most popular
symmetric–key system is the Data Encryption Standard (DES).
Asymmetric Key Encryption (or Public Key Cryptography)
The encryption process where different keys are used for encrypting and decrypting the
information. Keys are different but are mathematically related, such that retrieving the plain
text by decrypting cipher text is feasible.
Digital Signature: A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software or digital document.
Access Control: It uses methods to prove that a user has access rights to the data or
resources owned by a system. E.g. Passwords and Pins.
Data Integrity: Data integrity refers to maintaining and assuring the accuracy and
consistency of data. A variety of mechanisms used to assure the integrity of a data unit or
stream of data units.
Methods of Data Integrity:
A check digit is an extra digit added to a number so that, if a number is changed, the error
will be detected.
Method

 Starting from the right, multiply the first digit by 1, the second by 2 etc.
 Add the results together
 Use the last digit of the result and add to end of number.
Example: 56037 becomes 560372
Example: 50637 becomes 506376
Symmetric encryption:
In symmetric encryption, you use the same key for both encryption and decryption of your
data or message. Taking the example I gave above, sending a secure message to your
granny, both of you need to have the same key in order to encrypt and decrypt the
messages that you may exchange with each other.

Asymmetric encryption:
Asymmetric encryption is quite the opposite to the symmetric encryption as it uses not one
key but a pair of keys: a private one and a public one.
You use one to encrypt your data, which is called public key, and the other to decrypt the
encrypted message, which is called the private key.
When you encrypt your message using, let’s say, your granny’s public key, that same
message can only be decrypted using her private key.

Voice over Internet Protocol (VoIP)

Voice over Internet Protocol (VoIP), is a technology that allowing you to make voice calls
over a broadband Internet connection instead of a analog (regular) phone line. Some VoIP
services allow you to call people using the same service, but others may allow you to call
anyone. They can have a telephone number – including local, long distance, mobile, and
international numbers or not. Some VoIP services only work over your computer or a special
VoIP phone while other services allow you to use a traditional phone connected to a VoIP
adapter.

How VoIP / Internet Voice Works –

Voice are converted into a digital signal by VoIP services that travel over the Internet. If
regular phone number is called, the signal is converted to a regular telephone signal i.e. an
analog signal before it reaches the destination. VoIP can allow you to make a call directly
from a computer having a special VoIP phone, or a traditional phone connected to a special
adapter. Wireless hot spots in locations such as airports, hospitals, cafes etc allow you to
connect to the Internet and can enable you to use VoIP service wirelessly.
Advantages of VoIP –
 Some VoIP services offer features and services that are not available with a
traditional phone, or are available but only for an additional fee.
 Paying for both a broadband connection and a traditional telephone line can be
avoided.
 Smoother connection than an analog signal can be provided.
Disadvantages of VoIP –
 Some VoIP services don’t work during power outages and the service provider may
not offer backup power.
 Not all VoIP services connect directly to emergency services through emergency
service numbers.
  VoIP providers may or may not offer directory assistance.
System administration Security: A security systems administrator handles all aspects of
information security and protects the virtual data resources of a company. Provides for
securing administration of Enterprise infrastructure, Security infrastructure.
Secure system administration is the foundation for enterprise security measures.
Reasons for targeting system administration:
Consolidation in IT:
Now a day’s system administrator controls thousands of computers, often from a single
console.
System administration security is poor:
Systems administration technology is relatively immature with few built-in checks and
balances to detect malicious activity or prevent in the first place.
System administration Goals and Objectives:
Goal: To protect the enterprise's administrative channels from being used by adversary.
Objectives: Preventive (make it harder for the attackers to get system control)
Detective: (detect attacks on system administration channels or malicious systems
administration activity when it occurs)
Forensics: (focus on creating detailed audit logs of all privileged systems administration
activities).
SA: Threat Vectors:

 Keeping attackers from conducting malicious systems administration activities in the

enterprise.
 Compromise credentials of system administrator
 Compromise the computer of system administrator
 Compromise the computing infrastructure (virtualization, storage etc.) and use the
computing capabilities to take control of systems
 Compromise systems administration infrastructure (computer mangt. Patch
 magt. Or other systems to take control of the enterprise
 Compromise monitoring systems that have administrative access
 Use local computer administrative accounts to move from one personal computer
to another with administrative rights
SA: Capabilities: SA capabilities help

 Isolate command and control networks and protocols

 Provide cryptographic protection for systems administration
 Allow for auditing of systems administration activities to detect attacks
In this functional area, it is good to have redundancy in protection.

 For example, using network isolation along with strong authentication helps ensure
that the breach of one protection mechanism alone will not be disastrous.
SA capabilities:

 Bastion hosts
 Out-of-Band (OOB) management
 Network isolation
 Integrated Lights-Out (ILO), Keyboard Video Mouse (KVM), and power controls
 Virtualization and Storage Area Network (SAN) management
 Segregation of administration from services
 Multi-factor authentication for Systems Administrators (SAs)
 Administrator audit trail(s)
 Command logging and analytics
Network Security:
Purpose: To protect the enterprise network from unauthorized access
Needs to be considered in terms of the following security controls

 Preventive control (firewall and separate sections of the network from each other)
 Detective control (detect attacker activity that cannot be blocked)
 Monitoring control (capture activity that is input to correlation engines that support
forensics.)
NS: Goals and Objectives:
Block malicious traffic, Monitor and analyze network traffic, Log information about network
traffic.
NS: Threat Vectors:

 Attackers enter the enterprise through outbound network connections from servers
or clients on the internal network.
 Attackers enter the enterprise through the network connections of Internet-facing
servers.
 Attackers use internal networks to move laterally between computers inside the
enterprise.
 Attackers use enterprise networks to extract data and remove it from the Enterprise.
 Attackers take control of network infrastructure components and then leverage
them to gain entry to the enterprise or to bypass other security measures.
NS: Capabilities:
Switches and routers, Software Defined Networking (SDN), Domain Name System (DNS) and
Dynamic Host Configuration Protocol (DHCP), Network Time Protocol (NTP), Network
service management, Firewall and virtual machine firewall, Network Intrusion
Detection/Network Intrusion Prevention System (IDS/IPS), Wireless networking (Wi-Fi),
Packet intercept and capture, Secure Sockets Layer (SSL) intercept, Network Access Control
(NAC), Virtual Private Networking (VPN) and Internet Protocol Security (IPSec), Network
Traffic Analysis (NTA)
Application Security:
Application security involves security measures that are specific to certain applications or
protocols running over the network.
By this simple definition, application security technologies and capabilities include

 e-mail security
 application-aware firewall features
 database gateways
 forward web proxies.
Application security operates alongside network security.
AS: Goal and objectives:
Goal: to protect the enterprise applications from use or attack
Objective:

 The preventive objective is to block exploitation of applications and application

communications protocols for malicious use.
 The detective objective is to detect compromises of applications and attempts to
exploit them for malicious purposes.
 The forensic objective is to log data about application activity that can be used for
audits and investigations of incidents.
 The audit objective is for auditors to be able to collect evidence and artifacts that
suggest that applications are safe and not being used or manipulated by attackers.
AS: Threat Vectors:
Initial entry by leveraging email to send malicious messages to users.

 For gaining control of end user, servers, mobile device

Leverage vulnerabilities in web browsers and web-plugins

 For gaining control

Exploiting vulnerabilities in enterprise server applications.

 For gaining control

 During the development of an application the attacker may find and then exploit the
flaw of software for gaining control
AS: Capabilities:
E-mail security, Web-shell detection, Application firewalls, Database firewalls, Forward
proxy and web filters, Reverse proxy, Data Leakage Protection (DLP), Secure application and
database software development, Software code vulnerability analysis (including source code
verification and bug tracking).