Internet security
Download
1 / 21

Internet Security - PowerPoint PPT Presentation


  • 59 Views
  • Uploaded on

Internet Security. Sunil Ji Garg GM, Software, UPTEC. Living in a World Of Hackers, Crackers, Thieves & Terrorists . Railway Tickets Fraud. Increase in site visits but decrease in business. Digit Site Redirected Internet British Lottery Fraud. Fake NASA Examination

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Internet Security' - graham-king


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Internet security

Internet Security

Sunil Ji Garg

GM, Software, UPTEC


Living in a world of hackers crackers thieves terrorists
Living in a World Of Hackers, Crackers, Thieves & Terrorists

  • Railway Tickets Fraud.

  • Increase in site visits but decrease in business.

  • Digit Site Redirected

  • Internet British Lottery Fraud.

  • Fake NASA Examination

  • Indian IT Hub-Bangalore under attack.


Remember
Remember Terrorists

  • It is not your computer when somebody else has a access to it.

  • It is not your server when it is serving someone you do not know.

  • Retaining a secret is possible only when the person you shared it with is in the heaven.


Sharing vs securing
Sharing Vs. Securing Terrorists

  • SHARING is NOT inversely proportional to SECURING.

  • INTER-NETWORKING makes it SHARABLE

  • SECURITY makes it RELIABLE

    Internetworking + Security

    = Win-Win Framework


Safe and secure inter networking
Safe and Secure Inter-networking Terrorists

  • Safety relates to Confidentiality and Integrity of information.

  • Security relates to Authentication and Non-repudiation.

    ALL FOUR REQUIREMENTS COME UNDER “SECURITY” IN THE PRESENT CONTEXT OF NETWORKING.


Devices are vulnerable
Devices are Vulnerable Terrorists

  • Client Computers

    • OS Loopholes, Soft password schemes, friendliness needs, Application Bugs, Virus attacks

  • Servers

    • Weak Standards, Casual Administration, Bugs, Virus Attacks

  • Intermediate Devices

    • Distributed Administration, Varying Standards


Mediums are vulnerable
Mediums are Vulnerable Terrorists

  • Wires

    • Fast, Moderately Secure, Economic

  • Fibres

    • Extemely Fast, Secure, Economic for bulk traffic

  • Wire-Less

    • Moderate Speed, Security Costs, Moderately priced, easy deployment


Protocols are vulnerable
Protocols are Vulnerable Terrorists

  • TCP/IP (Spoofing Possible by changing Source-Destination Addresses at packet level).

  • DNS (Recursive Domain Name Look-up is possible is getting a map of IP addresses and the services each IP station is running).

  • Open TCP ports can be spidered.

  • Internet Control Message Protocol (ICMP) message types can be changed.

  • Network can be flooded with junk.


Security fundamentals
Security Fundamentals Terrorists

  • Privacy Vs. Security.

  • What is to be protected?.

  • From whom it is to be protected?.

  • Motive of Intruders.

  • Threat Perception.

  • Security Methods.

  • Pre and Post-breach measures.


Privacy vs security
Privacy Vs. Security Terrorists

  • Privacy : Ability to maintain selective anonymity

  • Security : Information Integrity, Uninterrupted service, Information Secrecy.

    Security Increase may increase privacy or it may be reduced it due to other impacts.


What is to be protected
What is to be protected ? Terrorists

  • Computer Information from being damaged.

  • Computer Information from illegitimate usage.

  • Computer Access Information from mis-usage (Password, Digital Ids, Account No., Credit Card Nos. etc.)


From whom it is to be protected
From Whom it is to be protected? Terrorists

  • Deliberate Crackers/Hackers.

  • Money Makers of different varieties.

  • People who get allured with open locks.

  • Novice/Accidental error makers.

  • Middlemen.

  • Programmers/Administrators/Security verifiers.

  • Rule-Makers.

  • Previous Authorities.


Motive of intruders active passive
Motive of Intruders (Active/Passive) Terrorists

  • Theft (Financially rewarding)

  • Spying (Positive or negative)

  • Misrepresentation.

  • Revenge.

  • Ignorance (being unaware of implications.)

  • Damage (Sadist)

  • Prank (Just for Fun)

  • Respect (By proving special skills)

  • Analysis (Long term commercial gain)


Threat perception
Threat Perception Terrorists

  • Email : Primary Medium to Attack

  • Threat from Viruses (Programs that self-replicate to spread fast, damage information, hog resources or Deny service)

  • Spywares.

  • Impersonation.

  • Password Insecurity.

  • Sniffers (Programs that take information passively).

  • Alluring methods and Spams.

  • Data Modifiers.


Security methods
Security Methods Terrorists

  • Cryptography

  • Audits (Logs, sniffs, watches, event records)

  • Barriers (Firewalls, Proxies, network segmentation)


Cryptography
Cryptography Terrorists

  • Substitution & Transposition based on keys.

  • DES (Digital Encryption Standards).

  • Public/Private asymmetric-key methods .

  • RSA Algorithm.

  • One way Hashing.

  • Digital Signatures.

  • Certification Authorities (For authentic Public Keys: Certificates).


Digital signature authentication
Digital Signature Authentication Terrorists

One Way Hash

Pvt. Key Encryption

Plain Message

SEND

Message Digest

Digital Signature

Create New MD

Message Digest

Plain Message

RECV

Compare Message Digests to Authenticate

Digital Signature

Message Digest

Decrypt With Public Key


Security audits
Security Audits Terrorists

  • Sniffing

    • Hearing and recording Traffic for analysis

  • Logs

    • Recording Information headers

  • Watches

    • Put sniffers on specific traffic source/dest.

  • Event Recorders

    • Utilising OS features for analysis.


Security barriers
Security Barriers Terrorists

  • Firewalls

    • Packet level traffic selection

    • Application level selection.

  • Proxies

    • Remote Hosts see only the proxy, traffic behind is proxied by it.

  • Network Segmentation

    • Permitting Type specific traffic in segmeted local areas.


Sharing security experience extract
Sharing/Security Experience Extract Terrorists

  • Sharing wins customer delight.

  • Trust helps to make a secure design, Secure design brings more trust.

  • Most vulnerable security holes begin with human-beings.

  • Security is a continuous process.

  • Emergency measures for security breach shall be pre-planned.


Thank you
Thank-You Terrorists

  • More questions/discussions invited.

  • Follow-up discussions via

    • Email: [email protected]

    • Website: www.indyan.com


ad