Module-2 System Security System Security • The objective of system security is the protection of information and property from theft, corruption and other types of damage, while allowing the information and property to remain accessible and productive. • System security includes the development and implementation of security countermeasures. System Security • Security can be compromised via any of the breaches mentioned: – Breach of confidentiality: • This type of violation involves the unauthorized reading of data. – Breach of integrity: • This violation involves unauthorized modification of data. – Breach of availability: • It involves unauthorized destruction of data. – Theft of service: • It involves unauthorized use of resources. – Denial of service: • It involves preventing legitimate use of the system. System Security • There are a number of different approaches to computer system security, – Firewall – Data encryption – Passwords and biometrics. System Security • Firewall – One widely used strategy to improve system security is to use a firewall. – A firewall consists of software and hardware set up between an internal computer network and the Internet. – A computer network manager sets up the rules for the firewall to filter out unwanted intrusions. These rules are set up in such a way that unauthorized access is much more difficult. System Security • Firewall – A system administrator can decide, for example, that only users within the firewall can access particular files, or that those outside the firewall have limited capabilities to modify the files. – You can also set up a firewall for your own computer, and on many computer systems, this is built into the operating system. System Security • Firewall – Each institution/organisation that wishes to improve the efficiency of filtering and increase the level of security in its network should apply the following recommendations: • 1. Traffic-filtering rules – that will determine the manner in which the incoming and outgoing traffic flows in the network will be regulated. A set of traffic-filtering rules can be adopted as an independent packet filtering policy or as a part of the information security policy; • 2. Select a traffic-filtering technology – that will be implemented depending on the requirements and needs; • 3. Implement defined rules – on the selected technology and optimize the performance of devices accordingly; • 4. Maintain all the components of the solution, – including not only devices, but also the policy. System Security • Encryption – One way to keep files and data safe is to use encryption. This is often used when data is transferred over the Internet, where it could potentially be seen by others. – Encryption is the process of encoding messages so that it can only be viewed by authorized individuals. – An encryption key is used to make the message unreadable, and a secret decryption key is used to decipher the message. System Security • Encryption – Encryption is widely used in systems like ecommerce and Internet banking, where the databases contain very sensitive information. – If you have made purchases online using a credit card, it is very likely that you've used encryption to do this. System Security • Passwords – The most widely used method to prevent unauthorized access is to use passwords. – A password is a string of characters used to authenticate a user to access a system. – The password needs to be kept secret and is only intended for the specific user. – In computer systems, each password is associated with a specific username since many individuals may be accessing the same system. System Security • Passwords – Good passwords are essential for keeping computer systems secure. – Unfortunately, many computer users don't use very secure passwords, such as the name of a family member or important dates - things that would be relatively easy to guess by a hacker. – One of the most widely used passwords - you guessed it - 'password.' Definitely not a good password to use. System Security • Passwords – So what makes for a strong password? • Longer is better - A long password is much harder to break. The minimum length should be 8 characters, but many security experts have started recommending 12 characters or more. • Avoid the obvious - A string like '0123456789' is too easy for a hacker, and so is 'LaDaGaGa'. You should also avoid all words from the dictionary. System Security Tools Public Key Infratsructure (Stores digital certificates and public keys) Managed Detection & Responses( security as a service offering designed to provides organizations with threat hunting services and responds to threats once they are discovered. Serves as a pro-active measure to try identify vulnerabilities in services and organizations before other attackers can System Security Tools • Antivirus Software – Antivirus software is a program which is designed to prevent, detect, and remove viruses and other malware attacks on the individual computer, networks, and IT systems. – It also protects our computers and networks from the variety of threats and viruses such as Trojan horses, worms, keyloggers, browser hijackers, rootkits, spyware, botnets, adware, and ransomware. – Most antivirus program comes with an auto-update feature and enabling the system to check for new viruses and threats regularly. It provides some additional services such as scanning emails to ensure that they are free from malicious attachments and web links. System Security Tools • PKI Services – PKI stands for Public Key Infrastructure. This tool supports the distribution and identification of public encryption keys. – It enables users and computer systems to securely exchange data over the internet and verify the identity of the other party. – We can also exchange sensitive information without PKI, but in that case, there would be no assurance of the authentication of the other party. System Security Tools • PKI Services – People associate PKI with SSL or TLS. – It is the technology which encrypts the server communication and is responsible for HTTPS and padlock that we can see in our browser address bar. – PKI solve many numbers of cybersecurity problems and deserves a place in the organization security suite. System Security Tools • PKI Services – PKI can also be used to: • Enable Multi-Factor Authentication and access control • Create compliant, Trusted Digital Signatures. • Encrypt email communications and authenticate the sender's identity. • Digitally sign and protect the code. • Build identity and trust into IoT ecosystems. System Security Tools • Managed Detection and Response Service (MDR) – Managed detection and response is focused on threat detection, rather than compliance. – MDR relies heavily on security event management and advanced analytics. – While some automation is used, MDR also involves humans to monitor our network. – MDR service providers also perform incident validation and remote response. System Security Tools • Penetration Testing – Penetration testing, or pen-test, is an important way to evaluate our business's security systems and security of an IT infrastructure by safely trying to exploit vulnerabilities. – These vulnerabilities exist in operating systems, services and application, improper configurations or risky end-user behavior. – In Penetration testing, cybersecurity professionals will use the same techniques and processes utilized by criminal hackers to check for potential threats and areas of weakness. System Security Tools • Staff Training – Staff training is not a 'cybersecurity tool' but ultimately, having knowledgeable employees who understand the cybersecurity which is one of the strongest forms of defence against cyber-attacks. – Today's many training tools available that can educate company's staff about the best cybersecurity practices. – Every business can organize these training tools to educate their employee who can understand their role in cybersecurity.