Internet Security Management

SUBMITTED BY : Abhishek Mitra Joohee Pandey Shilpa Gupta Ankit Shubham Saqib Iqbal

The Internet = A World of Opportunities

Look whats at your fingertips

A way to communicate with friends, family, colleagues

Access to information and entertainment A means to learn, meet people, and explore

www.microsoft.com/protect

Online Security Versus Online Safety

Security: We must secure our computers with technology in the same way that we secure the doors to our homes. Safety: We must act in ways that help protect us against the risks that come with Internet use.

www.microsoft.com/protect

Internet security
Internet security is a branch of computer security specifically related to the Internet . Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. Different methods have been used to protect the transfer of data, including encryption.

Types of security
Network layer security IPSec Protocol Electronic mail security (E-mail)

What do we need to protect

Data and information Resources Reputation

Security Objectives
Identification Authentication Authorization Access Control Data Integrity Confidentiality Non-repudiation

Information Security meaning

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers.

TRENDS FOR INFORMATION

More information is being created, stored, processed and communicated using computers and networks Computers are increasingly interconnected, creating new pathways to information assets The threats to information are becoming more widespread and more sophisticated

Productivity, competitiveness, are tied to the first two trends Third trend makes it inevitable that we are increasingly vulnerable to the corruption or exploitation of information

INFORMATION IS THE MOST VALUABLE ASSET

The Need for Web Security 9

WHO ARE THE OPPONENTS?

49% are inside employees on the internal network 17% come from dial-up (still inside people)

34% are from Internet or an external connection to another company of some sort

HACKERS

The Need for Web Security

10

THE MOST COMMON EXCUSES

No one could possibly be interested in my information Anti-virus software slows down my processor speed too much. I don't use anti-virus software because I never open viruses or e-mail attachments from people I don't know.

So many people are on the Internet, I'm just a face in the crowd. No one would pick me out. I'm busy. I can't become a security expert--I don't have time, and it's not important enough

The Need for Web Security

11

Worst Security Mistakes End Users Make

1. 2. Opening unsolicited e-mail attachments without verifying their source and checking their content first. Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape. Installing screen savers or games from unknown sources. Not making and testing backups.

3.
4.

The Need for Web Security

12

ELEMENTS OF A COMPREHENSIVE SECURITY PROGRAM

Have Good Passwords Use Good Antiviral Products Use Good Cryptography Have Good Firewalls Have a Backup System Audit and Monitor Systems and Networks Have Training and Awareness Programs Test Your Security Frequently
The Need for Web Security 13

Security Threats

Natural Disasters
Floods Fires Earthquakes Hurricanes, etc.

Should have disaster recovery plans and contingency plans in place.

Human Disasters
MALICIOUS THREATS : consist of inside attacks by disgruntled or malicious employees and outside attacks by non-malicious employees just looking to harm and disrupt an organization. People often refer to these individuals as "crackers" or "hackers." The definition of "hacker" has changed over the years. This individual was respected as a source of information for local computer users, someone referred to as a "guru" or "wizard."

NON-MALICIOUS THREATS :

Usually come from employees who are untrained in computers and are unaware of security threats and vulnerabilities. Users, data entry clerks, system operators, and programmers frequently make unintentional errors that contribute to security problems

VIRUS
A small piece of software that piggybacks on real programs.

Why do they do it !!
Thrill of watching things blow up. Bragging Rights

E Mail Virus

Worms
A worm is a computer program that has the ability to copy itself from machine to machine. Worms use up computer time and network bandwidth when they replicate, and often carry payloads that do considerable damage.

TROJANS

How to Protect Your Computer from Viruses

Run a more secure operating system like UNIX. If you are using an unsecured operating system, then buying virus protection software. Avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs You should never double-click on an e-mail attachment that contains an executable.

How does anti-virus software work?

Virus Dictionary Approach Suspicious Behavior Approach

Firewalls
Computer security borrows this term from firefighting.

A firewall, working closely with a router program, filtering each network packet to determine whether to forward it toward its destination.
Firewalls are customizable. Filters :- 1. IP address 2. Domain Names 3. Protocols (IP -Internet Protocol, TCP -Transmission Control Protocol, )

Phishing

AXIS BANK HOOKED UP IN A PISHING ATTACK

Ahmedabad-based Axis Bank Information entered by the user was sent to mailform.cz (the phisher's database). PC Svet, which is a part of the Czech company PES Consulting.

E - FENCING

System Vulnerability & Abuse

Why Systems Are Vulnerable

 Complexity Familiarity Connectivity Password management flaws Fundamental operating system Internet Website Browsing Software bugs Unchecked user input

THREATS TO INFORMATION SYSTEMS

SOFTWARE FAILURE, ELECTRICAL PROBLEMS PERSONNEL ACTIONS, USER ERRORS ACCESS PENETRATION, PROGRAM HARDWARE FAILURE, FIRE CHANGES THEFT OF DATA, SERVICES, EQUIPMENT TELECOMMUNICATIONS PROBLEMS

Cyber attacks on India cyber attack led to IGI airport's technical problems in June Cyber attacks cost India Inc Rs 58 lakh China mounts cyber attack on india