1 / 59

RELEVANCE OF CYBER SECURITY

The art of war teaches us not to rely on the likelihood of the enemy’s not coming , but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have make our own position unassailable. The Art of War Sun Tzu. RELEVANCE OF

laksha
Download Presentation

RELEVANCE OF CYBER SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The art of war teaches us not to rely on the likelihood of the enemy’s not coming , but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have make our own position unassailable. The Art of War Sun Tzu

  2. RELEVANCE OF CYBER SECURITY

  3. THE I T ROAD MAP IT ROAD MAP : 2008 IW- OFFENSIVE M/S – ARMY WIDE ORG RESTRUCTURING OF ARMY : PHASE II BACK BONE II FOR INFO SUPER HIGHWAY FULL IT LITERACY BACK BONE I FOR INFO SUPER HIGHWAY IW- DFENSIVE ORG RESTRUCTURING OF ARMY : PHASE I ARTRAN MIS – ALL CORPS CIDSS – TEST BED ASTROID IT IN CIVIC ACTION LOGISTIC NW COMD ITI (CITI) 2008 1998 2006 2002 2004 2000 ORG & INFO DISSEMINATION SYSTEMS SETTING UP AIIT ASTROID PHASE - I MIS – CORPS PILOT PROJECT IW- PROTECTIVE ARMY INTRANET UP TO COMD HQ IW – AWARENESS DRIVE

  4. AIM TO GIVE YOU AN OVERVIEW OF CYBER SECURITYAND ACQUAINT YOU WITH CYBER SECURITY INITIATIVES AT DIFFERENT LEVELS

  5. SCOPE • THREATS AND TARGETS • FUNDAMENTALS AND TECHNIQUES • INITIATIVES • NATIONAL AND ARMY • MCTE • UNIT LEVEL • IMPLEMENTATION OF CYBER SECURITY

  6. CYBER SECURITY CYBER SECURITY INTEGRATES & COORD POLICIES & PROCEDURES, OPS, PERS & TECHNOLOGY, TO PROTECT & DEFEND INFO & INFO SYS.

  7. PROTECTION OF INFO ASSETS ELECTRONIC INFO IS VULNERABLE EVESDROPPING MANIPULATION STEALING DESTRUCTION DENIAL

  8. THREATS & TARGETS

  9. CHARACTERISTICS OF CYBER THREATS • No international boundaries • Low cost • Detection avoidance • Inadequate laws

  10. SECURITY THREATS • SECURITY “THREAT” IS :- • PASSIVE (DISCLOSURE OF INFO) OR • ACTIVE(DESTRUCTION, CORRUPTION OF RESOURCE, INTERRUPTION OF SERVICE) eg. FILE REMOVED OR FILE REPLACED BY JUNK

  11. Intruder ? PASSIVE THREATS Hi! Hi! Hi! Sender Network Hi! Recipient

  12. ACTIVE THREATS SOURCE DESTINATION ATTACKER

  13. ACTIVE THREATS The unauthorised use of a device attached to a communication facility to alter transmitting data or control signals or to generate spurious data or control signals Modification, Removal Of Data Denial of Message Service Masquerade

  14. Targets in the Cyber Environment OPERATIONS, COMNS PLANNING , COMD AND CONTROL Comn Centres The “Attackers” Targets Accounting Distribution Business Planning NETWORKS & SUPPORT PROCESSES The “Attackers” Aiming Points SYSTEMS & PEOPLE COMPONENTS & SOFTWARE

  15. APPLICATIONS DATABASES OPERATING SYSTEMS NETWORK SERVICES The IT Infrastructure – Weak Points

  16. Security Breaches … Some Statistics

  17. Survey2000 Information Security “Insider” Breaches % of respondents experiencingthese breaches in the past 12months 0% 10% 20% 30% 40% 50% 60%70% 80% 73% Installation/use of unauthorized software 70% Infection of company equipment 63% Use of company computing resources forillegal or illicit communications 58% Abuse of computer access controls 42% Physical theft, sabotage or intentionaldestruction of computing equipment 13% Fraud

  18. Survey2000 Information Security “Outsider” Breaches % of respondents experiencingthese breaches in the past 12months 0% 10% 20% 30% 40% 50% 60%70% 80% 73% Viruses/Trojans/Worms 37% Denial-of-service 37% Exploits related to active program scripting 26% Attacks related to protocol weaknesses 25% Attacks related to insecure passwords 24% Attacks on bugs in Web servers

  19. Recent Security Breaches Sites hit in March 2001 • US Office of Surface Mining • Hewlett Packard Company • Cruise Missile Command and Control programs (US Navy) • Arab Academy for science and technology and Maritime Transport • Panasonic Fax Machines UK • Nokia Corporation • NEC Corporation (Japan) • Compaq Computer Corporation 937breaches (…just the ones which were reported…) Source : www.attrition.org

  20. …And this is what they did US NAVY SITE COMPAQ SITE PANASONIC SITE

  21. CYBER SECURITY OFFENSIVE TOOLS AND TECHNOLOGIES

  22. CYBER TOOLS FOR ATTACK • Hacking / Cracking tools • Virus Programs • Sniffers , Trojan horses • Auditing Tools (SATAN)

  23. Hacking Tools • L0PHT-Crack • Back Orifice 2000 • Netbus • NetScan Pro • Jack the Ripper • Happy Hacker Suite INTERNET

  24. The Problem How to carry the trust which we have in the paper based world into the realm of cyber space ?

  25. Security in Paper Media…1 • In the paper based society, we ; • Write a letter on letter head and sign it. AUTHENTICATION WHICH ENSURES the identity of an individual or application

  26. Ref: Sub: Sir, This is with your Ref vide ------- -------------------- XYZ Signature Security in Paper Media…2 • We sign in front of the witness INTEGRITY WHICH ENSURES that information cannot be manipulated

  27. Security in Paper Media…3 • Put the letter in an envelope and seal it CONFIDENTIALITY WHICH ENSURES that information is kept private and intact

  28. Security in Paper Media…4 • Send information by Certified mail NON REPUDIATION WHICH ENSURES that information can not be disowned

  29. CYBER SECURITY DEFENSIVE TOOLS AND TECHNOLOGIES • FIREWALLS • ANTI VIRUS • IDS • VPN • PKI

  30. ELEMENTS OF CYBER SECURITY AUTHENTICATION Verification of originator NONREPUDIATION Undeniable proof of participation AVAILABILITY Assured access by authorised users RESTORATION Protection, Detection & Reaction capabilities CONFIDENTIALITY Protection from unauthorised disclosure INTEGRITY Protection from unauthorised change

  31. What Is A Firewall • Device that connects networks (internal and/or external with varying levels of trust) • Used to implement and enforce a Security Policy regarding communication between those networks Untrusted Networks & Servers Firewall Trusted Networks Untrusted Users Internet Router Intranet Server Segment Public Accessible Servers & Networks Trusted Users

  32. FIREWALL WAN / INTRANET Placing a Firewall MOBILE USER ROUTER ROUTER SWITCH PCs HQ ABC CORPS HQ XYZ CORPS SERVERS

  33. ANTI VIRUS WAN ……Virus Protection MOBILE USER FIREWALL ROUTER ROUTER SWITCH HQ ABC CORPS PCs HQ XYZ CORPS SERVERS

  34. WAN IDS Intrusion Detection Systems MOBILE USER FIREWALL ANTI VIRUS ROUTER ROUTER SWITCH PCs HQ XYZ CORPS SERVERS OFFICE 2

  35. REAL TIME WATCHDOG INTERNAL ATTACK RECONFIGURE FIREWALL/ ROUTER ALERT EXTERNAL ATTACK ALERT! ATTACK DETECTED RECORD SESSION SEND EMAIL LOG SESSION EMAIL/ LOG/REPORT EMAIL/ LOG/REPORT ALERT! ATTACK DETECTED TERMINATE SESSION RECORD SESSION

  36. Virtual Private Networks • Joins networks spread over a geographical expanse. • Provides a data tunnel through a public network. • Ensures the data which passes through it is encrypted. • Effective means of confidentiality through Internet.

  37. Virtual Private Networks DATA ENCRYPTION TUNNEL

  38. P K I

  39. Replace letterhead & signature on original document AUTHENTICATION INTEGRITY Ref: Sub: Sir, NON REPUDIATION This is with your Ref vide ------- -------------------- XYZ Signature Replace Envelope CONFIDENTIALITY Security Requirements Cryptographic digital signature Encryption

  40. Requires a shared key between the two parties Decryption Encryption Key Key + + Algorithm Algorithm Symmetric Cryptography

  41. Asymmetric Cryptography Requires a key pair between the two parties Decryption Encryption Public Key Private Key + + Algorithm Algorithm

  42. Common e-Security Technologies Authentication Integrity Non- repudiation Confidentiality ü Anti-virus ü ü Firewalls ü ü Access Control ü Encryption ü ü ü ü Public Key Infrastructure BCP - v1.0 - 04/99

  43. INITIATIVES NATIONAL AND ARMY LEVEL

  44. NATIONAL LEVEL INFORMATION TECHNOLOGY ACT • CERTIFYING AUTHS - FOR LICENCING, CERTIFYING & MONITORING USE OF DIGITAL SIGNATURES • CYBER REGULATIONS ADVISORY COMMITTEE • PENALTIES & ADJUDICATION • TO CURB CMPTR CRIMES • ADJUDICATING OFFRS • CYBER REGULATIONS APPELLATE TRIBUNAL (HEADED BY HIGH COURT JUDGE)

  45. ARMY LEVEL SALIENT FEATURES : CYBER SECURITY POLICY • Covers all types of computer systems in the army • Safeguarding of Classified and Sensitive Unclassified Info • Networking of Info Stores • Nomination and duties of System Security Administrator • Periodic review of Safeguards • Internet access • Dial up access • Security of WAP • Use of commercially available off the shelf security software • Backups • Handling of TOP SECRET software

  46. INITIATIVES MCTE TESEC ACSE

  47. TASKS • Knowledge centre on Cyber Security and Converging Technologies • Undertake pilot studies and projects • Adaptation of technology • Monitoring of outsourced pilot projects • Advice on evaluation, induction, testing & R&D • Interaction with trade, industry, academia & other agencies

  48. CYBER SECURITY IMPLEMENTATION UNIT LEVEL

More Related