INTRODUCTION TO

INFORMATION SECURITY
1

CHAPTER 1
 Learning Outcomes
2

 The student should be able to:

 Understand Information Security
 Areas in information security
 Goals of information security
 Roles of information security organization

 Understand the issues of online security

 Issues related internet services
 Terminologies in information security
 Security threats
 What is Security?

 “The quality or state of being secure—to be free from

danger”
 A successful organization should have multiple layers
of security in place:
 Physical security
 Personal security
 Operational security
 Communications security
 Network security
 Information security
 Management and Policies
 Challenges in Information Security
4

 Challenge of keeping networks and

computers secure has never been greater
 A number of trends illustrate why security is
becoming increasingly difficult
 Many trends have resulted in security attacks
growing at an alarming rate
 Challenges in Information Security (Cont)
5

 Computer Emergency Response Team

(CERT) security organization compiles
statistics regarding number of reported
attacks, including:
 Speed of attacks
 Sophistication of attacks
 Faster detection of weaknesses
 Distributed attacks
 Difficulties of patching
 What is Information Security?
6

 Information security:
1. Tasks of guarding digital information,
which is typically processed by a computer
(such as a personal computer), stored on a
magnetic or optical storage device (such
as a hard drive or DVD), and transmitted
over a network spacing
 What is Information Security? (Cont)
7

2. Ensures that protective measures

are properly implemented
3. Is intended to protect information
4. Involves more than protecting the
information itself
What is Information Security? (Cont)
8
 What is Information Security? (Cont)
9

 Center of diagram shows what needs to be

protected (information)
 Information security achieved through a
combination of three entities
 Securing Components

 Computer can be subject of an attack and/or the

object of an attack

 When the subject of an attack, computer is used

as an active tool to conduct attack

 When the object of an attack, computer is the

entity being attacked
Figure 1-5 – Subject and Object of Attack
 Areas in Information Security
12

 Physical Security
 Operational Security
 Management and Policies
 Physical Security
13

 Physical security is the protection of personnel,

hardware, software, networks and data from physical
actions and events that could cause serious loss or
damage to an enterprise, agency or institution.
 This includes protection from fire, flood, natural
disasters, burglary, theft, vandalism and terrorism.
 Operational Security
14
 Three primary information security areas
 Authentication and authorization
 Something the user has such as a smart card or token
 Something that is part of the user such as a fingerprint or voice
signature
 Prevention and resistance
 Content filtering
 Encryption
 Firewalls

 Detection and response

 If prevention and resistance strategies fail and there is a security breach,
an organization can use detection and response technologies to mitigate
the damage
 Antivirus software is the most common type of detection and response
technology
 Management & Policies
15

 Develop the information security policies

 Communicate the information security policies
 Identify critical information assets and risks
 Firewall – hardware and/or software that guards a private
network by analyzing the information leaving and entering
the network
 Intrusion detection software (IDS) – searches out patterns
in network traffic to indicate attacks and quickly respond to
prevent harm
 Test and reevaluate risks
 Obtain stakeholder support
 Q&A
16

Explain areas in Information Security.

a) Physical security
to protect the physical items, objects, or areas of an organization from
unauthorized access and misuse.
b) Operational security
to protect the details of a particular operation or series of activities.
(Information Security Officer)
c) Management and Policies
- security policies are the backbone to any enterprise security
program, as they provide a framework and support mechanism for
managing technologies, maintaining order and achieving
organizational goals.
- to minimize threats, prevent security breaches and can assist
employees in effectively managing risks.
 Information Security Goals
17

1. Confidentiality CIA
 Protection of data from unauthorized
disclosure to a third party
2. Integrity
 Assurance that data is not altered or destroyed
in an unauthorized manner
3. Availability
 Continuous operation of computing systems
 Information Security Organisation
18

 CERT/CC
 US-CERT
 SANS Institute
 ISC2
 Common Criteria
 FIPS
 ICSA
 CERT/CC
19

 The CERT Coordination Center (CERT/CC) is a reporting center for

Internet security issues.

 The CERT/CC plays a major role in coordinating responses to

Internet security threats

 handling computer security incidents

 US-CERT
20

 The United States Computer Emergency Readiness Team

(US-CERT) is a partnership between the Department of
Homeland Security and the public and private sectors.

 to protect the nation’s Internet infrastructure by

coordinating defense against and responses to Internet
security threats
 SANS INSTITUTE
21

 The SysAdmin, Audit, Network, Security (SANS) Institute

was established in 1989 as a cooperative research and
education organization.

 The SANS Institute develops and maintains research

documents about various aspects of information security.

 specializes in internet security training – GIAC Certification

 ISC2
22

 The International Information Systems Security

Certification Consortium, Inc.
 (ISC2) is a nonprofit organization that maintains a
collection of industry best practices for information
security.
 specializes in information security education and
certifications
 COMMON CRITERIA
23

 The Common Criteria is an international standard for

evaluating IT security.

 It was developed by a consortium of 14 countries to

replace a number of existing country-specific security
assessments and was intended to establish a single
high-quality standard for international use.
 FIPS
24

 The Federal Information Processing Standard (FIPS) 140 is

a U.S. and Canadian government standard that specifies
security requirements for cryptographic modules
(computer system).

 FIPS 140 has four levels of assurance: Level 1 is the lowest,

and Level 4 is the most stringent.

 Each level builds upon the one below it, so a Level 2

certification means that a product meets the requirements
for both Level 1 and Level 2.
 ICSA
25

 ICSA Labs tests firewalls against a standard set of

functional and assurance criteria elements.

 ICSA Labs is presently testing firewalls and VPN devices on

security measures.

 ICSA certification exists to provide a set of measurable,

public-domain standards for commercial security products.

 mission was to increase awareness of the need for

computer security and to provide education about various
security products and technologies
 Security Issues in Information Security
26

 Electronic mail and news

 Ways for people to exchange information with each other
without requiring an immediate, interactive response.
 File transfer
 Transmitting files over a computer network or the Internet (the
simplest way to exchange files).
 Remote Access to Host
 The ability to log onto a network from a distant location (eg;
TELNET or SSH)
 Real time conferencing services
 Designed for interactive use by on-line participants (video
conference).
 Attack Definition
27

Information Theft:
 Attacks that allow an attacker to get data without ever having to directly use
your computers.
 How:
 dumpster diving
- What people throw in the trash
(i) Personal information
(ii) Passwords
(iii) Good doughnuts
***Many enterprises now shred all white paper trash
 steal your e-mail
 Used for:
 to access bank account
 to make loans (car, real estate)
 Attack Definition (Cont)
28

Unauthorised disclosure :
 An organization suspects some of its employees
of leaking confidential information to its
competitor.
 It is also usually believed that its competitor
actually planted spies within the organization in
order to target and steal new product plan.
 How:
 planting virus, trojan horse

 snooping software
 Attack Definition (Cont)
29

Information warfare:
 Is the use and management of information in
pursuit of a competitive advantage over an
opponent.
 Remotely disabling target using software (e.g.;
television and radio disinformation)
 Disinformation: false or inaccurate information
that is spread deliberately.
 Attack Definition (Cont)
30

Accidental data loss:

 Most common data loss cause, simply
accidentally deleting a file that wasn't supposed
to be deleted.
 Caused by a careless employee or an untrained
employee who did not know better
 Security Threats
31

Categories::
Data disclosure:
 Exposure of data to third parties. Key point to consider is
whether the disclosure is relevant and necessary.
Data modification:
• A modification attack is an attempt to modify information
that an attacker is not authorized to modify.
Data availability:
 Describe products and services that continues to be available
at a required level of performance in situations ranging from
normal through "disastrous."
 Security Threats (Cont)
32

Activities:
Hacking: (solution)
 showing computer expertise
 Black Hats – the Bad Guys
 White Hats – Professional Security Experts

Cracking: (malicious)
 breaching security on software or systems
 Security Threats (Cont)
33

Spoofing:
 A method of attacking a computer program, in
which the program is modified so as to appear to be
working normally when in reality it has been
modified with the purpose to circumvent security
mechanisms.
 34

 Spoofing is an active security attack which involves

masking the IP address of a certain computer system.
By hiding or faking a computer’s IP address, it is
difficult for other systems to determine where the
computer is transmitting data from.
 Because IP spoofing makes it difficult to track the
source of a transmission, it is often used in denial-of-
service attacks that overload a server. This may cause
the server to either crash or become unresponsive to
legitimate requests.
 Spoofing
David is that you?

Yes I’m here!

Aaron Tom David

 Security Threats (Cont)
36

Sniffing:
 A method that a network device, like the Nintendo
DS, uses to identify available wireless networks in
the area.
 37

 Packet sniffing captures network traffic at the

Ethernet frame level. Such a network attack starts
with a tool such as Wireshark.
 Wireshark allows you to capture and examine data
that is flowing across your network. Any data that is
not encrypted is readable, and unfortunately, many
types of traffic on your network are passed as
unencrypted data — even passwords and other
sensitive data.
 Sniffing
login:

dgame

passwd:

########

SNIFFER
 Summary
39

 The challenge of keeping computers secure is

becoming increasingly difficult
 Attacks can be launched without human
intervention and infect millions of computers in a
few hours
 Information security protects the integrity,
confidentiality, and availability of information on
the devices that store, manipulate, and transmit
the information through products, people, and
procedures
 Q&A
40

 Define Information Security.

 Explain areas in Information Security.
 Discuss goals of Information Security.
 Identify the roles of the Information Security
organizations.
 Describe the internet services and the current issues.
 Q&A
41

 Describe the following terminologies:

a. Information theft
b. Unauthorized disclosure
c. Information warfare
d. Accidental data loss
 Identify security threats Categories

Activities
42