Essentials Of Security

S. Vamshidhar Babu CCNA, MCSE, CEH, CHFI, GNIIT Team Lead AppLabs

Agenda Security Fallacies What is Security? How to Secure? Layers of Security Operation model of Computer Security Security Principles Security Concerns Poor Security = Challenges When Implementing Security Threat Modeling Overview of Security technology

Security Fallacies We have antivirus software, so we are secure We have a firewall, so we are secure The most serious threats come from the outside I don’t care about security because I backup my data daily Responsibility for security rests with IT security Staff.

What is Security? Its an technique for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization.

How to Secure? What assets are you trying to protect? What are the risks to those assets? How are you trying to protect them? How well does your solution work? What other risks does your solution introduce?

Layers of Security Physical Security Host Security Network Security Web Application Security

Physical Security Physical security consists of all mechanisms used to ensure that physical access to the computer system and networks is restricted to only authorized users. Access Controls , physical barriers, etc…

Host security takes a granular view of security by focusing on protecting each computer and device individually instead of addressing protection of the network as a whole. Authentication and Logging Mechanisms Host based IDS File Integrity Checkers Host Security

Network Security In network security, an emphasis is placed on controlling access to internal computers from external entities. Firewalls Intrusion Detection Systems (IDS) Access Controls on network devices Vulnerability Scanners

Web Application Security A Web application is an application, generally comprised of a collection of scripts, that reside on a Web server and interact with databases or other sources of dynamic content. Examples of Web applications include search engines, Webmail, shopping carts and portal systems

Web Application Security Application attacks are the latest trend when it comes to hacking. On average, 90% of all dynamic content sites have vulnerabilities associated with them. No single web server and database server combination has been found to be immune! “ Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer - Gartner

Basic Security Terminology CIA Confidentiality Integrity Availability Confidentiality Integrity Availability AAA Authorization Access Control Authentication

Basic Terminology of Attacks Vulnerability: A weakness that may lead to undesirable consequences. Threat: The danger that a vulnerability will actually occur. Risk: A potential problem (Vulnerability + Threat + Extent of the consequences) Example. Buffer overflow is the vulnerability, where the threat would be transmission of a TCP/IP packet to cause buffer overflow and System crash is Risk.

Operational model of Computer Security the focus of security was on prevention. If we could prevent somebody from gaining access to our computer systems and networks, then we assumed that we had obtained security. Protection was thus equated with prevention. Protection = Prevention + (Detection + Response)

Security Model Prevention Access controls Firewall Encryption Detection Audit Logs Intrusion Detection System Honeypots Response Backups Incident Response teams Computer Forensics

Security Principles Three ways to an organization to choose to address the protection of its network: Ignore Security Issues Provide Host Security Approach security at a network level Only last two Host and Network security, have prevention as well as detection and response components.

Security Concerns Security concerns: Application reliance on the Internet Hacking, Cracking, Phreaking, Script kiddies Internal Security attacks External Security attacks Viruses and Worms

Common Types of Attacks Connection Fails Organizational Attacks Restricted Data Accidental Breaches In Security Automated Attacks Attackers Viruses, Trojan Horses, and Worms Denial of Service (DoS) DoS

Examples of Security intrusions CodeRed I & II ILoveYou Nimda Sniffing Spoofing Trojans Backdoors DDos Attacker Virus Trojans

Poor Security = Serious damage Website Deface System downtime Lost productivity Damage to business reputation Lost consumer confidence Severe financial losses due to lost revenue

Challenges When Implementing Security Attacker needs to understand only one vulnerability Defender needs to secure all entry points Attackers have unlimited time Defender works with time and cost constraints Attackers vs. Defenders Security vs. Usability Secure systems are more difficult to use Complex and strong passwords are difficult to remember Users prefer simple passwords Do I need security… Security As an Afterthought Developers and management think that security does not add any business value Addressing vulnerabilities just before a product is released is very expensive

Threat Modeling Threat modeling is: A security-based analysis of an application A crucial part of the design process Threat modeling: Reduces the cost of securing an application Provides a logical, efficient process Helps the development team: Identify where the application is most vulnerable Determine which threats require mitigation and how to address those threats

Overview of Security Technology Encryption Secure communication Firewalls IDS Virus Protection

Encryption Encryption is the process of encoding data To protect a user’s identity or data from being read To protect data from being altered To verify that data originates from a particular user Encryption can be: Asymmetric Symmetric

Symmetric vs. Asymmetric Encryption Algorithm Type Description Symmetric Uses one key to: Encrypt the data Decrypt the data Is fast and efficient Asymmetric Uses two mathematically related keys: Public key to encrypt the data Private key to decrypt the data Is more secure than symmetric encryption Is slower than symmetric encryption

Secure Communication How SSL Works The user browses to a secure Web server by using HTTPS The browser creates a unique session key and encrypts it by using the Web server’s public key, which is generated from the root certificate The Web server receives the session key and decrypts it by using the server’s private key After the connection is established, all communication between the browser and Web server is secure 1 2 3 4 Web Server Root Certificate Message Secure Web Server HTTPS Secure Browser 1 2 3 4

Firewalls Firewalls can provide: Secure gateway to the Internet for internal clients Packet filtering Application filtering A system or group of systems that enforce a network access control policy Filters data packet in and out of intended target Will mitigate the following attacks: Denial of Services (DoS) Attacks Unauthorized Access Port-scanning and Probing

Intrusion Detection System (IDS) IDS is an application which detects attacks on computer systems and / or networks. Network-based Intrusion Detection Monitors real-time network traffic for malicious activity Similar to a network sniffer Sends alarms for network traffic that meets certain attack patterns or signatures Host-based Intrusion-Detection Monitors computer or server files for anomolies Sends alarms for network traffic that meets a predetermined attack signature

Virus Protection Software should be installed on all network servers, as well as computers. Shall include the latest version, as well as signature files (detected viruses) Should screen all software coming into your computer or network system (files, attachments, programs, etc.) Secure from: Viruses and Worms Malicious Code and Trojans

Essentials Of Security

More Related Content

What's hot

Similar to Essentials Of Security

Recently uploaded

Essentials Of Security

Editor's Notes