300 likes | 518 Views
Internet Security. Internet Security. The Internet is connecting an estimated 820 million computers in 260 countries on every continent
E N D
Internet Security • The Internet is connecting an estimated 820 million computers in 260 countries on every continent • The Internet is not a single network, but a vast array of loosely connected networks situated all over the world, easily accessible by individual computer hosts in a variety of ways. • Today, the Internet uses gateways, routers, dial-up connections, and Internet service providers (ISP's) to make itself readily available at all times. • Individuals and organizations worldwide can reach any point on the network without regard to national or geographic boundaries or time of day.
Internet Security • While using the Internet, along with the convenience and speed of access to information come new risks. • Among them are the risks that valuable information will be lost, stolen, corrupted, or misused and that the computer systems will be corrupted. • If information is recorded electronically and is available on networked computers, it is more vulnerable than if the same information is printed on paper and locked in a file cabinet. • Intruders do not need to enter an office or home, and may not even be in the same country.
Internet Security • They can steal or tamper with information without touching a piece of paper or a photocopier. • They can create new electronic files, run their own programs, and even hide all evidence of their unauthorized activity.
Internet Security Basic Internet security concepts: • The three basic security concepts important to information on the Internet are: • Confidentiality. • Integrity. • Availability. • Concepts related to people using this information are authentication, authorization, and nonrepudiation. • When information is read or copied by someone not authorized to do so, the result is known as loss of confidentiality. • For some types of information, confidentiality is a very important attribute.
Internet Security • Examples include research data, medical and insurance records, new product specifications, and corporate investment strategies. In some locations, there may be a legal obligation to protect the privacy of individuals. • This is particularly true for most banks and loan companies, debt collecting agencies, businesses that offer credit to their customers or issue credit cards, hospitals, doctors' offices, and medical testing laboratories, individuals or agencies that offer services such as psychological counseling or drug treatment and agencies that collect any form of taxes.
Internet Security • Information can be corrupted when it is available on an insecure network. • When information is modified in unexpected ways, the result is known as loss of integrity. • This means that unauthorized changes are made to information, whether by human error or intentional tampering. • Integrity is particularly important for critical safety and financial data used for activities such as electronic funds transfers, air traffic control, and financial accounting.
Internet Security • Information can be erased or become inaccessible, resulting in loss of availability. • This means that people who are authorized to get information cannot get what they need. • Availability is often the most important attribute in service-oriented businesses that depend on information (e.g., airline schedules and online inventory systems). • Availability of the network itself is important to anyone whose business or education relies on a network connection. • When a user cannot get access to the network or specific services provided on the network, they experience a denial of service.
Internet Security • To make information available to those who need it and who can be trusted with it, organizations use authentication and authorization. • Authentication is proving that a user is whom he or she claims to be. • That proof may involve something the user knows (such as a password), something the user has (such as a "smartcard"), or something about the user that proves the person's identity (such as a fingerprint). • Authorization is the act of determining whether a particular user (or computer system) has the right to carry out a certain activity, such as reading a file or running a program.
Internet Security • Authentication and authorization go hand in hand. Users must be authenticated before carrying out the activity they are authorized to perform. • Security is strong when the means of authentication cannot later be refuted - the user cannot later deny that he or she performed the activity. This is known as nonrepudiation.
Why should we be concerned about Internet security ? • It is remarkably easy to gain unauthorized access to information in an insecure networked environment, and it is hard to catch the intruders. • Even if users have nothing stored on their computer that they consider important, that computer can be a "weak link", allowing unauthorized access to the organization's systems and information. • Seemingly safe information can expose a computer system to compromise. • Information that intruders find useful includes which hardware and software are being used, system configuration, type of network connections, phone numbers, and access and authentication procedures.
Why should we be concerned about Internet security ? • Security-related information can enable unauthorized individuals to get access to important files and programs, thus compromising the security of the whole system. Examples of important information are passwords, access control files and keys, personnel information, and encryption algorithms. • Internet security abuse is often reported in the media. Nobody on the Internet is fully or completely immune to a security breach. Those affected include banks and financial companies, insurance companies, brokerage houses, consultants, government contractors, government agencies, hospitals and medical laboratories, network service providers, utility companies, the textile industry, universities, and wholesale and retail trades. • The consequences of a break-in cover a broad range of possibilities: • a minor loss of time in recovering from the problem, • a decrease in productivity, • a significant loss of money or staff-hours, • a devastating loss of credibility or market opportunity, • a business no longer able to compete, • legal liability, and the loss of life.
Security Breaches • A threat is an unwanted planned or accidental event that may result in harm to an asset. • Often, a threat is utilizing a known vulnerability. • A threat to the computer network is described as any potential adverse occurrence that can do harm, interrupt the systems using the network, or cause a financial loss to the organization. • Threats are also extended to include the individual user's computer assets and resources. • Information is presented on the threat categories of: • security and privacy threats, • integrity threats, • delay and denial threats, • intellectual property threats.
Security Breaches • To counter these threats, awareness is required to identify those vulnerabilities that are susceptible to some malicious activity. • It should be noted that vulnerability that is the absence or weakness of a safeguard in some asset or resource. • This absence or shortcoming makes a threat or attack potentially more harmful or costly and more likely to occur. • As intruders continue to create more creative methods for penetrating the network, administrators and individual users must take a comprehensive approach to security.
Security Breaches • The use of anti-virus programs, anti-spyware, anti-adware, firewalls, and the triple-A techniques are a good start; however, much more is required to ensure network security. • Attackers use a number of methods to gather information about network users and the organizations they represent. • Countermeasures include policies, procedures, plus software and hardware that can detect and prevent computer networking security threats. • Various countermeasures, when used in a coordinated effort, can help protect against system integrity, security, and blocking attacks.
Security Breaches THREATS • A threat is an unwanted deliberate or accidental explicit or implicit message event that may result in harm to an asset. • Threat can come from an individual, a group of individuals, or an organization. It is regarded as a possible danger or menace and can be very expensive if not countered by some form of protection. • A threat to a computing device is defined as any potential occurrence, either accidental or malicious, that can have an undesirable effect of the assets and resources of the individual or organization.
Security Breaches • A threat to a computing device is defined as any potential occurrence, either accidental or malicious, that can have an undesirable effect of the assets and resources of the individual or organization. • A threat is significant from a security viewpoint because the computer security goal is to provide insights, methodologies, and techniques that can be employed to mitigate threats. • These goals can be achieved by recommendations that provide guidance to computer and network system administrators, designers, developers, and users toward the avoidance of undesirable system characteristics called vulnerabilities.
Security Breaches • There are many opportunities for threats to occur in the computer, Internet, and networking environment. This is particularly true in the internet working environment, where attackers, crackers, and hackers abound. • A hacker is someone who enjoys exploring and learning about computer systems. It is often confused with cracker, which refers to a person who has a mischievous attitude and often attempts to break into computer systems. • A threat from these individuals can have a potentially adverse effect on the assets and resources of users and organizations
Security Breaches • Threats usually involve fraud, theft of data, destruction of data, blockage of access, and so on. • It is essential to identify the various threats and rank them as to their importance and impact. • These assignments can be made on the basis of: • dollar loss, • embarrassment created, • monetary liability, • probability of occurrence.
Security Breaches • The most common threats to an individual or organization include the following: • Virus / Trojan / worm . • Predator. • Device failure. • Internal hacker. • Equipment theft. • External hacker. • Natural disaster. • Industrial espionage. • Terrorist.
Security Breaches • Surveys have shown that the most common network security problem today is the virus. • This type of threat is often communicated via e-mail. The relative importance of a threat to the user usually depends on the type of transmission. • For example, an educational institution or financial organization might be a frequent victim of an attack, whereas a fast-food store might be secure. It should be noted, however, that an attacker might feel more secure in attacking a small network or an individual's laptop. • A survey conducted by CBS News revealed Internet users at home are not nearly as safe online as they believe, according to a nationwide inspection by researchers.
Security Breaches • They found most consumers have no firewall protection, outdated anti-virus software, and dozens of spyware programs secretly running on their computers. • Not all breaks in security are malicious; however, the result can be just as damaging. Some may stem from a purposeful interruption of a system's operation or may be accidental, such as a hardware failure or a software abnormality caused by a lack of controls. • Security breaches must be minimized, whether they are malicious or accidental. The overall goal is to protect the network and computer system from any attack and to prevent theft, destruction, and corruption of the resources of the individual user or organization.
Security Breaches THREATS TARGETS • There is information resident on the Internet that explains how to attack almost any type of computer, protocol, operating system, application, device, or hardware environment. • From the previous discussions, it should be obvious that threats require a considerable amount of observation. After identifying the various threats, the next step is to identify the various computer and networking components that compose the threat environment.
Security Breaches • These include any hardware device or software component that might be assessable to the threats previously identified. Potential candidates include the following: • Computers, servers, PCs, administrative workstations, laptops, and personal digital assistants (PDA s). • Communication circuits (DSL and cable). • Cell phones, BlackBerrys, iphones, and other smart phones. • Network devices such as routers, gateways, and switches. • Local area network devices such as hubs, repeaters, and bridges. • Communication devices such as modems, data service units (DSUs), and splitters. • Front-end processors, communication controllers, and multiplexers. • Network and operating system software. • Application software. • Power and air-conditioning systems.
Security Breaches • The major categories of threats include: • Integrity • Denial of service • Disclosure Integrity Threat • Integrity of digital resources includes the assurance that information has been created, amended, or deleted only by the intended authorized means. • An integrity threat is any unauthorized change to data stored on a network resources or in transit between resources.
Security Breaches • A system is compromised when the integrity of the data has been maliciously or otherwise altered. • Integrity of the network resource can be compromised by both authorized and unauthorized modifications. • Administrative and operational incidents can, and often do, affect the integrity of the computer and network resources. • Advance preparation can reduce the severity of the integrity compromise, if there is a backup or duplicate copy of data.
Security Breaches • Loss of stored critical information can be disastrous, particularly when health or national security issues are involved (vs loss a personal database). • A system modification can compromise the integerity of a network resource. • A modification can occur when an unauthorized party tampers with an asset. • Changes can be made to database files, operating systems, application software, and even hardware devices. • It is, therefore, essential that assets to be modified by authorized parties or only in authorized ways.
Security Breaches • Modification include creating, changing, deleting, and writing information to a network resource. • There are techniques available that provide fro an audit trail involving these activates on a database. Denial of Service Threat • Denial of service (DoS) is defined as an attack that attempts to deny computer and network resources to legitimate users. • This situation arises when there is an intentional blockage as a result of some malicious action by user.
Security Breaches • This occurs when a legitimate user requires access to a resource and another user prevents this access by some malicious activity. • This situation can be either a temporary or permanent blockage for the legitimate user. • Common examples of DoS attacks involve users overloading shared resources such as processors or printers so that other users cannot access them. • An example of such an attack would involve a number of users transmitting numerous to a computer port (such a port 80) on a server, thus making this port unavailable for legitimate users.
Security Breaches • If this network resource was part of a mission critical system, the impact could be severe. • Educational institutions are often victims of such attacks as students see an opportunity to harass competitors.