Security of information asset
Download as PPT, PDF0 likes446 views
This document discusses various topics related to information security including logical access exposures, network infrastructure security, auditing network security, environmental issues and controls, and encryption. It describes common security threats like viruses, worms, Trojan horses, and denial of service attacks. It also outlines controls and countermeasures for securing logical access such as access control software, passwords, biometrics, and firewalls. Network security topics covered include LAN security, client-server security, and intrusion detection systems.
Security of information asset
- 1. Chapter # : 05 - CISAChapter # : 05 - CISA 11 Security of InformationSecurity of Information ASSETSASSETS
- 2. Chapter # : 05 - CISAChapter # : 05 - CISA 22 • Logical Access ExposuresLogical Access Exposures • Trojan HorsesTrojan Horses • Rounding DownRounding Down • Salami TechniquesSalami Techniques • VirusVirus • WormsWorms • Logic BombsLogic Bombs • Trap DoorsTrap Doors • Asynchronous AttacksAsynchronous Attacks • Data LeakageData Leakage • Wire-TappingWire-Tapping • PiggybackingPiggybacking • Computer ShutdownComputer Shutdown • Daniel of ServicesDaniel of Services LOGICAL ACCESS EXPOSURESLOGICAL ACCESS EXPOSURES ::
- 3. Chapter # : 05 - CISAChapter # : 05 - CISA 33 • Logical Access Control Software :Logical Access Control Software : To prevent unauthorized access and modificationTo prevent unauthorized access and modification to sensitive data and critical functions. It shouldto sensitive data and critical functions. It should be applied to networks, operating systems,be applied to networks, operating systems, databases and application systemsdatabases and application systems • General OS Access Control Functions:General OS Access Control Functions: • Apply user ID and authenticationApply user ID and authentication • Logon on specific terminalLogon on specific terminal • Multi-level accessMulti-level access • Individual accountability and auditabilityIndividual accountability and auditability • Create or change user profilesCreate or change user profiles • Log EventsLog Events • Log User ActivitiesLog User Activities • Report capabilitiesReport capabilities LOGICAL ACCESS EXPOSURESLOGICAL ACCESS EXPOSURES ::
- 4. Chapter # : 05 - CISAChapter # : 05 - CISA 44 • Identification and Authentications :Identification and Authentications : Based on, somethingBased on, something You KnowYou Know, something, something You haveYou have and somethingand something You AreYou Are – Logon-IDs and PasswordsLogon-IDs and Passwords Something you knowSomething you know – Token Devices, One Time Access ControlToken Devices, One Time Access Control Something you haveSomething you have – Biometrics Security Access Control (through FingerBiometrics Security Access Control (through Finger Prints, Eye Retina)Prints, Eye Retina) Something you areSomething you are LOGICAL ACCESS EXPOSURESLOGICAL ACCESS EXPOSURES ::
- 5. Chapter # : 05 - CISAChapter # : 05 - CISA 55 • Features of Passwords :Features of Passwords : • It should be easy to remember for user butIt should be easy to remember for user but • Difficult for perpetrator to guessDifficult for perpetrator to guess • Initial Password should be changed on first time log-onInitial Password should be changed on first time log-on • In result of entering wrong password ID should be heldIn result of entering wrong password ID should be held • Re-activation of ID should be on writtenRe-activation of ID should be on written request/approval by security administrator.request/approval by security administrator. • Password encryption and should be shadowedPassword encryption and should be shadowed • Changed periodicallyChanged periodically • Must be unique to each user ID.Must be unique to each user ID. • Unused IDs should be deactivated and logged offUnused IDs should be deactivated and logged off • Ideally length of Password is 5 to 8 charactersIdeally length of Password is 5 to 8 characters • Usage of Alphabets, Numeric, Lower case and specialUsage of Alphabets, Numeric, Lower case and special LOGICAL ACCESS EXPOSURESLOGICAL ACCESS EXPOSURES : I&A: I&A
- 6. Chapter # : 05 - CISAChapter # : 05 - CISA 66 • Token Devices, Once-Time PasswordsToken Devices, Once-Time Passwords • Biometrics :Biometrics : • Palm : ridges, valleys etcPalm : ridges, valleys etc • Hand Geometry : 3 dim perspective of handHand Geometry : 3 dim perspective of hand • Iris : Eyes colored portion surroundedIris : Eyes colored portion surrounded • RetinaRetina • Finger PrintsFinger Prints • FaceFace • SignaturesSignatures • Voice RecognitionVoice Recognition LOGICAL ACCESS EXPOSURESLOGICAL ACCESS EXPOSURES : I&A: I&A
- 7. Chapter # : 05 - CISAChapter # : 05 - CISA 77 • Single Sign-on (SSO)Single Sign-on (SSO) • Advantages :Advantages : • No need to remember multiple PWDsNo need to remember multiple PWDs • Improves administrators ability to manage user profilesImproves administrators ability to manage user profiles • Reduces Administrative overheadsReduces Administrative overheads • Reduces the time taken by userReduces the time taken by user • Disadvantages :Disadvantages : • Support for all major OS is difficultSupport for all major OS is difficult • Significant cost associated with SSO developmentSignificant cost associated with SSO development • Single point of failure and total compromise of anSingle point of failure and total compromise of an organization’s IS assetsorganization’s IS assets LOGICAL ACCESS EXPOSURESLOGICAL ACCESS EXPOSURES : I&A: I&A
- 8. Chapter # : 05 - CISAChapter # : 05 - CISA 88 • ControlsControls • Technical Qualified Operators,Technical Qualified Operators, • Job rotation (wherever possible)Job rotation (wherever possible) • Restricted operation of operators over operatorRestricted operation of operators over operator activity logs etc.activity logs etc. • Audit trail of all operator activities and itsAudit trail of all operator activities and its periodical review by operations management.periodical review by operations management. • Availability of documented Network operationsAvailability of documented Network operations standards and protocols to operators andstandards and protocols to operators and periodical review to ensure compliance.periodical review to ensure compliance. • Analysis for workload balance, fast responseAnalysis for workload balance, fast response time and system efficiencytime and system efficiency • Encryption should be used wherever requiredEncryption should be used wherever required NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
- 9. Chapter # : 05 - CISAChapter # : 05 - CISA 99 • LAN SecurityLAN Security – Threats :Threats : Loss of Data & Programs, less versionLoss of Data & Programs, less version control, Exposure to external Activities, viruses,control, Exposure to external Activities, viruses, Improper disclosure of data, Violating SoftwareImproper disclosure of data, Violating Software License, Illegal access by impersonating orLicense, Illegal access by impersonating or masquerading, Internal user's Spoofingmasquerading, Internal user's Spoofing – Remedies :Remedies : Declaring ownership of programs,Declaring ownership of programs, files and storage, Limiting access to read only,files and storage, Limiting access to read only, Record and File locking, enforcingRecord and File locking, enforcing ID/Passwords procedures.ID/Passwords procedures. – Dial Up ControlDial Up Control : Encrypted Passwords, Dial-: Encrypted Passwords, Dial- back modems for verificationback modems for verification NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
- 10. Chapter # : 05 - CISAChapter # : 05 - CISA 1010 • Client Server Security :Client Server Security : – Disabling the floppy drivesDisabling the floppy drives – Network Monitoring devices to inspect activitiesNetwork Monitoring devices to inspect activities – Data EncryptionData Encryption – Application level Access control programsApplication level Access control programs NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
- 11. Chapter # : 05 - CISAChapter # : 05 - CISA 1111 • Internet Threats :Internet Threats : – DisclosureDisclosure – Masquerade or Spoofing (Disguise IP address etc)Masquerade or Spoofing (Disguise IP address etc) – Unauthorized accessUnauthorized access – Loss of IntegrityLoss of Integrity – Denial of service (Sys Flooding of messages / requests and keepDenial of service (Sys Flooding of messages / requests and keep machines busy)machines busy) – Theft of service and resourcesTheft of service and resources • Internet Security Controls:Internet Security Controls: – Risk assessment of web based application.Risk assessment of web based application. – Security awarenessSecurity awareness – Firewall standardsFirewall standards – Intrusion Detection standards securityIntrusion Detection standards security – Remote Access for coordinating and controlling centrallyRemote Access for coordinating and controlling centrally – Encryption techniquesEncryption techniques – Monitoring usage of unauthorized usage and notification to them.Monitoring usage of unauthorized usage and notification to them. NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
- 12. Chapter # : 05 - CISAChapter # : 05 - CISA 1212 • Firewall Security SystemsFirewall Security Systems :: • General FeaturesGeneral Features • Firewall TypesFirewall Types Router Packet FilteringRouter Packet Filtering Application firewallApplication firewall Stateful inspectionStateful inspection • Firewall IssuesFirewall Issues • Creates false sense of securityCreates false sense of security • Other entry points, connections direct though ModemsOther entry points, connections direct though Modems • Mis-configurationMis-configuration • Firewall without screening router is uselessFirewall without screening router is useless • Irregular monitoring of activitiesIrregular monitoring of activities • Irregular maintenance of Firewall policiesIrregular maintenance of Firewall policies NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
- 13. Chapter # : 05 - CISAChapter # : 05 - CISA 1313 • Intrusion Detection Systems (IDS)Intrusion Detection Systems (IDS) :: • Components of IDSComponents of IDS Sensor, Analyzer, An administrator ConsoleSensor, Analyzer, An administrator Console A user interfaceA user interface • FeaturesFeatures Intrusion DetectionIntrusion Detection Gathering EvidenceGathering Evidence Automated responseAutomated response Security PolicySecurity Policy Interface with system toolsInterface with system tools Security Policy managementSecurity Policy management • LimitationsLimitations Weaknesses in the policy definitionWeaknesses in the policy definition Application level vulnerabilitiesApplication level vulnerabilities Backdoors into applicationBackdoors into application Weakness in identification and authentication schemesWeakness in identification and authentication schemes • Honeypots and HoneynetsHoneypots and Honeynets Software application pretend to be unfortunately hackedSoftware application pretend to be unfortunately hacked Network of honeypots making a false network for hackers to hack andNetwork of honeypots making a false network for hackers to hack and caughtcaught NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
- 14. Chapter # : 05 - CISAChapter # : 05 - CISA 1414 • EncryptionEncryption:: • Is a process of converting a plaintext into a secureIs a process of converting a plaintext into a secure coded form of text (Cipher General Features)coded form of text (Cipher General Features) • Key Elements of Encryption SystemsKey Elements of Encryption Systems Encryption AlgorithmEncryption Algorithm Encryption KeysEncryption Keys Key LengthKey Length • Private Key Cryptographic systemPrivate Key Cryptographic system • Public Key Cryptographic SystemPublic Key Cryptographic System • Digital SignaturesDigital Signatures • Digital EnvalopDigital Envalop • Is used to send encrypted information and relevantIs used to send encrypted information and relevant keys along with it.keys along with it. NETWORK INFRASTRUCTURE SECURITYNETWORK INFRASTRUCTURE SECURITY ::
- 15. Chapter # : 05 - CISAChapter # : 05 - CISA 1515 Review network DiagramReview network Diagram Identify Network DesignIdentify Network Design Dissemination of policies and standardsDissemination of policies and standards Experience/knowledge of security operators for internetExperience/knowledge of security operators for internet legislative issues are considered against usage of internetlegislative issues are considered against usage of internet based applicationbased application Review of service level contract in case of outsourcing.Review of service level contract in case of outsourcing. Hardware and software are well upgraded to counter newHardware and software are well upgraded to counter new vulnerabilitiesvulnerabilities – Auditing Remote AccessAuditing Remote Access – Auditing internet “point of presence”Auditing internet “point of presence” – Network penetration testsNetwork penetration tests – Full network assessment reviewsFull network assessment reviews – LAN network assessmentLAN network assessment – Development and Authorization of network changeDevelopment and Authorization of network change – Unauthorized changesUnauthorized changes – Computer forensicsComputer forensics AUDITING NETWORK INFRASTRUCTURE SECURITYAUDITING NETWORK INFRASTRUCTURE SECURITY ::
- 16. Chapter # : 05 - CISAChapter # : 05 - CISA 1616 • Environmental Issues and ExposuresEnvironmental Issues and Exposures :: – Fire, Natural Disasters,Fire, Natural Disasters, – Power FailurePower Failure Total FailureTotal Failure Severely reduced voltageSeverely reduced voltage Sages, spikes and surgesSages, spikes and surges Electromagnetic interferenceElectromagnetic interference – Power SpikePower Spike – Air conditioning FailureAir conditioning Failure – Electric ShockElectric Shock – Equipment FailureEquipment Failure – Water Damage / FloodingWater Damage / Flooding – Bomb Threat/attackBomb Threat/attack ENVIRONMENTAL EXPOSURES AND CONTORLS:ENVIRONMENTAL EXPOSURES AND CONTORLS:
- 17. Chapter # : 05 - CISAChapter # : 05 - CISA 1717 ENVIRONMENTAL EXPOSURES AND CONTORLS:ENVIRONMENTAL EXPOSURES AND CONTORLS: Controls for Environmental exposuresControls for Environmental exposures :: – Alarm Control PanelAlarm Control Panel – Water DetectorsWater Detectors – Handheld Fire ExtinguishersHandheld Fire Extinguishers – Manual Fire alarmsManual Fire alarms – Smoke detectorsSmoke detectors – Fire Suppression SystemFire Suppression System Water-based, Halon system, FM-200, COWater-based, Halon system, FM-200, CO22 systemsystem – Logically Locating the Computer RoomLogically Locating the Computer Room – Regular Inspection by Fire DepartmentRegular Inspection by Fire Department – Fire Proof Walls Floors and Ceilings surrounding the computer roomFire Proof Walls Floors and Ceilings surrounding the computer room – Electrical surge ProtectorElectrical surge Protector – UPS / GeneratorsUPS / Generators – Emergency Power Off SwitchEmergency Power Off Switch – Power leads from two substationsPower leads from two substations – Wiring in electrical panels and conduitWiring in electrical panels and conduit – Prohibiting against eating, drinking and smoking within theProhibiting against eating, drinking and smoking within the information processing facilityinformation processing facility – Fire resistant office materialFire resistant office material – Documented and tested emergency Evacuation Plans.Documented and tested emergency Evacuation Plans.