Академический Документы
Профессиональный Документы
Культура Документы
Justina Ekundayo
PRESENTATION OBJECTIVES
Understand information security services
Be aware of vulnerabilities and threats
Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.
It addresses the vulnerabilities to which your organization is exposed as a consequence of being connected to a network.
3
Whos vulnerable?
Everyone in your organization who uses computers or networks in the process of doing their job. Everyone in your organization who is affected by the information stored in computers. Outsiders who rely on your organization your customers, the public. Both Servers and End-Users are subject to attack.
Web servers, E-mail servers, File servers, Communications servers, Network devices End-users receiving e-mail, visiting web sites, downloading files, participating in online services Using e-mail (e.g. viruses, worms) Using web-browsers (e.g. malicious applets and scripts) Simply being connected to the network (protocol hacks, breaking and entering)
Whos vulnerable?
From 2000 CSI/FBI Computer Crime and Security Survey of 643 US Organizations 90% of respondents detected computer security breaches w/in last 12 months 74% acknowledged financial losses due to computer breaches 70% reported a variety of serious computer security breaches other than viruses, laptop theft, or net abuse Quantified financial losses from 273 respondents totaled $265,589,940
Whos vulnerable?
20-year-old man arrested for breaking into two computers of NASAs Jet Propulsion Laboratory. Hacking started in 1998 One computer was used to host chat room devoted to hacking Thousands of usernames and passwords were stolen
Reuters News, July 12, 2000
Hacker boosted stock price by posting fake merger press release A hacker boosted the stock of Aastrom Biosciences by 6.5% by posting a fake press release on the company's Web site announcing a merger with California biopharmaceutical company Geron.
Reuters News, Feb. 17, 2000
6
Integrity
Detecting that the data is not tampered with
Authentication
Establishing proof of identity
Nonrepudiation
Ability to prove that the sender actually sent the data
Access Control
Access to information resources are regulated
Availability
Computer assets are available to authorized parties when needed
8
11
Internet Security?
Replay Attack
Spoofing
13
Problem is Worsening
Code Red
30000
10000
Source: CERT Coordination Center Carnegie Mellon
1990
1994
1998
1988
1989
1991
1992
1993
1995
1996
1997
1999
2000
2001
14
VIRUSES
Risk Threat TROJ_SIRCAM.A W32.Navidad W95.MTX W32.HLLW.QAZ.A VBS.Stages.A VBS.LoveLetter VBS.Network Wscript.KakWorm W32.Funlove.4099 PrettyPark.Worm Happy99.Worm Discovered New !! 11/03/2000 8/17/2000 7/16/2000 6/16/2000 5/04/2000 2/18/2000 12/27/1999 11/08/1999 6/04/1999 1/28/1999 Protection Latest DAT 11/06/2000 8/28/2000 7/18/2000 6/16/2000 5/05/2000 2/18/2000 12/27/1999 11/11/1999 6/04/1999 1/28/1999
15
Consider that
90% of companies detected computer security breaches in the last 12 months 59% cited the Internet as the most frequent origin of attack
16
34% are from Internet or an external connection to another company of some sort
HACKERS
17
HACKER MOTIVATIONS
Money, profit Access to additional resources Experimentation and desire to learn Gang mentality Psychological needs Self-gratification Personal vengeance Emotional issues Desire to embarrass the target
The Need for Web Security 18
3.
4. 5.
SECURITY COUNTERMEASURES
THREE PHASE APPROACH PROTECTION
DETECTION RESPONSE
20
21
22
Firewall
A system or group of systems that enforces an access control policy between two networks.
PC Servers
Visible IP Address
Internal Network
Host
24
CRYPTOGRAPHY
Necessity is the mother of invention, and computer networks are the mother of modern cryptography.
Ronald L. Rivest
26
References
Reputable sites
www.hackingexposed.com www.securityfocus.com
Questionable sites
www.because-we-can.com www.digicrime.com www.insecure.org
27
THANK YOU
I have questions
28