CYBER & INFORMATION SECURITY
An organization can reduce the risks associated with all of these threats by assessing the vulnerabilities and threats present in their systems and implementing appropriate countermeasures. A security model involves applying countermeasures at every layer of the computer network, from the perimeter routers and firewalls to users' personal computers running
Microsoft Windows.
The defense-in-depth security model is illustrated in Figure 1. Imagine your organization's information technology (IT) infrastructure as a series of interconnected layers. At the base of the model are security policies and procedures. Your formal security policies dictate the basic requirements and goals in a technology agnostic way. The procedures are more specific because they formally define how to properly perform specific tasks on specific devices such as how to install a new router or how to configure a new Web server. For these reasons, policies and procedures affect every other defense-in-depth layer.
Figure 1: Defense in Depth Security Model
The following example explains the practical application of the defense-in-depth model. An account executive, named Bob, is working remotely and needs to modify the record of one of
1 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r - A I I T
CYBER & INFORMATION SECURITY your organization's clients. Bob starts up his laptop computer and logs into Windows XP. This action is an example of a client host. Bob uses a dial-up connection to connect to the Internet, and then uses a VPN to connect to the corporate network. In other words, the client host connects to the network through the perimeter. Bob then opens the enterprise resource planning (ERP) client software that your organization uses and connects to the ERP server. At this point, the client host has connected to the server host and then the server application. After the ERP client software connects to the server, Bob is able to select the client's record and make the desired modifications; that is, Bob is able to view and modify the data.
Protection measures mean the precautionary measures taken toward possible danger or damage.
There are 6 types of security measures.
Fig. 2: Protection Measures
1) DATA BACKUP
Data Backup is a program of file duplication. Backups of data applications are necessary so that they can be recovered in case of an emergency.
2) CRYPTOGRAPHY
Cryptography is a process of hiding information by altering the actual information into different representation, for example, an APA can be written as I?
2 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r - A I I T
CYBER & INFORMATION SECURITY
Almost all cryptosystems depend on a key such as a password like the numbers or a phrase that can be used to encrypt or decrypt a message. The traditional type of cryptosystem used on a computer network is called a symmetric secret key system.
3) ANTIVIRUS
An antivirus program protects a computer against viruses by identifying and removing any computer viruses found in the computer memory, on storage media or incoming e-mail files. An antivirus program scans for programs that attempt to modify the boot program, the operating system and other programs that normally are read from but not modified.
4) ANTI-SPYWARE
Spyware is a program placed on a computer without the user’s knowledge. It secretly collects information about the user. The spyware program communicates information to the outside source. An anti-spyware application program sometime called tracking software or a spybot is used to remove spyware. Among of the popular anti-spyware programs are:
• Spybot Search and Destroy
• Ad-aware
• Spyware Blaster
5) FIREWALL
Firewall is a piece of hardware or software which functions in a networked environment to prevent some communications forbidden by the security policy. Firewall implements a security policy. It might permit limited access from in or outside the network perimeters or from certain user or for certain activities.
3 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r - A I I T
CYBER & INFORMATION SECURITY
6) HUMAN ASPECTS OF SECURITY MEASURES
Human aspects refer to the user and also the intruder of a computer system. It is one of the hardest aspects to give protection to. The most common problem is the lack of achieving a good information security procedure.
The three pillars of software security are applied risk management, software security touchpoints, and knowledge. By applying the three pillars in a gradual, evolutionary manner and in equal measure, a reasonable, cost-effective software security program can result.
Fig. 3: Pillars of S/W Security
Touchpoints are a mix of destructive and constructive activities. Destructive activities are about attacks, exploits, and breaking software. These kinds of things are represented by the black hat
(offense). Constructive activities are about design, defense, and functionality. These are represented by the white hat (defense).
Here are seven touchpoints, in order of effectiveness:
1.
Code review
2.
Architectural risk analysis
4 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r - A I I T
CYBER & INFORMATION SECURITY
3.
Penetration testing
4.
Risk-based security tests
5.
Abuse cases
6.
Security requirements
7.
Security operations
Following figure specifies the software security touchpoints and shows how software practitioners can apply them during software development. This means understanding how to work security engineering into requirements, architecture, design, coding, testing, validation, measurement, and maintenance.
Fig. 4: Seven Touchpoints for S/W Security
Database security concerns the use of a broad range of information security controls to protect databases against the compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical.
D atabase security is a specialist topic within the broader realms of computer security, information security and risk management.
5 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r - A I I T
CYBER & INFORMATION SECURITY
Security risks to database systems include, for example:
Unauthorized or unintended activity or misuse by authorized database users, database administrators, or network/systems managers, or by unauthorized users or hackers (e.g. inappropriate access to sensitive data, metadata or functions within databases, or inappropriate changes to the database programs, structures or security configurations);
Malware infections causing incidents such as unauthorized access, leakage or disclosure of proprietary or personal data, deletion of or damage to the data or programs, interruption or denial of authorized access to the database, attacks on other systems and the unanticipated failure of database services;
Overloads, performance constraints and capacity issues resulting in the inability of authorized users to use databases as intended;
Physical damage to database servers caused by computer room fires or floods, overheating, lightning, accidental liquid spills, static discharge, electronic breakdowns/equipment failures and obsolescence;
Design flaws and programming bugs in databases and the associated programs and systems, creating various security vulnerabilities (e.g. unauthorized privilege escalation), data loss/corruption, performance degradation etc.;
Data corruption and/or loss caused by the entry of invalid data or commands, mistakes in database or system administration processes, sabotage/criminal damage etc.
Many layers and types of information security control are appropriate to databases, including:
Access control
Auditing
Authentication
Encryption
Integrity controls
Backups
Application security
6 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r - A I I T
CYBER & INFORMATION SECURITY
Fig. 5: Oracle Database Security
A distributed system is susceptible to a variety of security threats. A principal can impersonate other principal and authentication becomes an important requirement.
Authentication is a process by which one principal verifies the identity of another principal. In one-way authentication, only one principal verifies the identity of the other principal. In mutual authentication, both communicating principals verify each other’s identity.
The authentication mechanism for distribution system tackles the various security challenges through following manner:
1) a remote authentication architecture that lets users recover easily in case of password compromise;
7 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r - A I I T
CYBER & INFORMATION SECURITY
2) a social network-based email system in which users can authenticate themselves as trusted senders without disclosing all their social contacts; and
3) a group access-control scheme where requests can be monitored while a ff ording a degree of anonymity to the group member performing the request.
The authentication mechanism for distribution system combines system designs and novel cryptographic techniques to address their respective security and privacy requirements both e ff ectively and e ffi ciently.
Fig. 6: Authentication in Distributed System
A wireless network is “unsecured” if you can access the internet using the network without entering a password or network key. For example, a “hotspot” is a wireless network that is open and available for the public to use. They can be found in restaurants, airports, coffee shops, bookstores, hotels, libraries and just about any place that the public gathers. They are often unsecured so anyone in range can use them. In some cases like at hotels or even universities, the networks are “secured” because they require a network key.
Risk:
Once an intruder has access to your insecure network, they have access to everything you have stored on any computers on that network and anything you do online. And if you think you do not have anything worth stealing, think again. An intruder, once inside can access your tax
8 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r - A I I T
CYBER & INFORMATION SECURITY documents, financial records, online banking information, credit card numbers, emails, usernames and passwords, and even where you are going online. More sophisticated intruders can install software that records your every keystroke and every site you visit.
Prevention:
1. Secure your insecure network. Some simple steps are below:
Click the Router
Click on Settings
Change the Default SSID (a unique identifier used to name wireless networks)
Disable the SSID Broadcast (hides the network so it isn’t visible for all in range to see)
Change the default password
2. When you are on an unsecured wireless network, never shop online, transmit password information, credit card numbers or login to online banking, email, social media sites or any site that requires you send personal or private information.
3. Communicate the risks of using an unsecured wireless network with others and emphasize the importance of keeping their passwords and private information private.
The Information Warfare (IW) primarily involves the use and management of information technology in search of a competitive advantage over an opponent. Information warfare may involve collection of tactical information, assurance(s) that one's own information is valid, spreading of propaganda or disinformation to demoralize or manipulate the enemy and the public, undermining the quality of opposing force information and denial of information-collection opportunities to opposing forces.
Information warfare is closely linked to psychological warfare.
The Information warfare can take many forms:
Television and radio transmission(s) can be jammed.
Television and radio transmission(s) can be hijacked for a disinformation campaign.
Logistics networks can be disabled.
Enemy communications networks can be disabled or spoofed.
9 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r - A I I T
CYBER & INFORMATION SECURITY
Stock exchange transactions can be sabotaged, either with electronic intervention, by leaking sensitive information or by placing disinformation.
Surveillance is the monitoring of the behavior, activities, or other changing information, usually of people for the purpose of influencing, managing, directing, or protecting them. This can include observation from a distance by means of electronic equipment (such as CCTV cameras), or interception of electronically transmitted information (such as Internet traffic or phone calls), human intelligence agents and postal interception.
Surveillance is very useful to governments and law enforcement to maintain social control, recognize and monitor threats, and prevent/investigate criminal activity. There are various devices used for the surveillance. o Computer o Telephones o Cameras o Social network analysis o Biometric o Aerial o Data mining and profiling o Corporate o Satellite imagery o Identification and credentials o Geolocation devices
Global Positioning System
Mobile phones o Devices o Postal services
Cryptography is a technique to hide the existing data from external environments including attacker, hacker, intruder and unauthorized user.
10 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T
CYBER & INFORMATION SECURITY
The Basic Principles of Cryptography
1. Encryption
Encryption is a process to convert the data in some unreadable form. This helps in protecting the privacy while sending the data from sender to receiver. On the receiver side, the data can be decrypted and can be brought back to its original form. The reverse of encryption is called as decryption. The concept of encryption and decryption requires some extra information for encrypting and decrypting the data. This information is known as key. There may be cases when same key can be used for both encryption and decryption while in certain cases, encryption and decryption may require different keys.
2. Authentication
This is another important principle of cryptography. In a layman’s term, authentication ensures that the message was originated from the originator claimed in the message. Suppose, Alice sends a message to Bob and now Bob wants proof that the message has been indeed sent by
Alice. This can be made possible if Alice performs some action on the message that Bob knows only Alice can do. Well, this forms the basic fundamental of Authentication.
3. Integrity
Integrity means that Cryptography should ensure that the messages that are received by the receiver are not altered anywhere on the communication path. This can be achieved by using the concept of cryptographic hash.
4. Non Repudiation
What happens if Alice sends a message to Bob but denies that she has actually sent the message?
Cases like these may happen and cryptography should prevent the originator or sender to act this way. One popular way to achieve this is through the use of digital signatures.
Types of Cryptography
11 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T
CYBER & INFORMATION SECURITY
There are three types of cryptographic techniques :
1.
Secret Key Cryptography
2.
Public key cryptography
3.
Hash Functions
1. Secret Key Cryptography
This type of cryptography technique uses just a single key. The sender applies a key to encrypt a message while the receiver applies the same key to decrypt the message. Since the only single key is used so we say that this is a symmetric encryption.
The biggest problem with this technique is the distribution of key as this algorithm makes use of a single key for encryption or decryption.
2. Public Key Cryptography
This type of cryptography technique involves two key crypto system in which a secure communication can take place between receiver and sender over an insecure communication channel. Since a pair of keys is applied here so this technique is also known as asymmetric encryption.
In this method, each party has a private key and a public key. The private is secret and is not revealed while the public key is shared with all those whom you want to communicate with. If
Alice wants to send a message to Bob, then Alice will encrypt it with Bob’s public key and Bob can decrypt the message with its private key.
3. Hash Functions
This technique does not involve any key. Rather it uses a fixed length hash value that is computed on the basis of the plain text message. Hash functions are used to check the integrity of the message to ensure that the message has not be altered,compromised or affected by virus.
12 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T
CYBER & INFORMATION SECURITY
A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit
(integrity). Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.
Using Bob and Alice, we can illustrate how a digital signature (standard electronic signature) is applied and verified.
Step 1: Getting a Private and Public Key
In order to digitally sign a document, Bob needs to obtain a private and public key, which is a one-time process. The private key, as the name implies, is not shared and is used only by the signer. The public key is openly available and used by those that need to validate the signer's digital signature.
Step 2: Signing an Electronic Document
Create a digital signature - A unique digital fingerprint of the document is created using a mathematical algorithm (such as SHA-1). Append the signature to the document - The hash result and the user's digital certificate (which includes the user's public key) are combined into a digital signature. The resulting signature is unique to both the document and the user. Finally, the digital signature is appended to the document. Bob sends the signed document to Alice. Alice uses Bob's public key to authenticate Bob's signature and to ensure that no changes were made to the document after it was signed.
Step 3: Validating a Digital Signature
Initiate the validation process- Depending on the software used, Alice needs to initiate the validation process (e.g., by clicking a "Validate Signature" menu option button on the software's toolbar).
13 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T
CYBER & INFORMATION SECURITY
Decrypt the digital signature - Using Bob's public key, Alice decrypts his digital signature and receives the original document (the document fingerprint).
Compares the document fingerprint with her calculated one - Alice's software then calculates the document hash of the received document and compares it with the original document hash (from the previous step). If they are the same, the signed document has not been altered.
Fig. 7: Digital Signature
14 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T
CYBER & INFORMATION SECURITY
A digital watermark is a signal or code that is hidden in a digital signal (such as in the digital audio or a digital image portion) that contains identifying information. For example, a digital watermark should not be distorted or lost when the signal is passed through a conversion or compression process.
A software program or assembly that can separate the watermark from a media file extracts a digital watermark. This watermark may be used to provide the key that is able to decode and play the media file. The process of watermarking is called stenography.
Encrypted watermarks are tamper resistant information that is added (data embedding) or changed information in a file or other form of media that can be used to identify that the media is authentic. To identify the watermark in the media file, a decryption code is needed to decipher the contents of the watermark message.
Fig. 8: Digital Watermarking
Digital watermarks can be added to any type of media files such as digital video and audio.
Adding or slightly modifying the colors and/or light intensities in the video in such a way that the viewer does not notice the watermarking information. Audio watermarking may be
15 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T
CYBER & INFORMATION SECURITY performed by adding audio tones above the normal frequency or by modifying the frequencies and volume level of the audio in such a way that the listener does not notice the watermarking information.
A biometric security system refers to the identification and verification of a person based on the unique physiological or behavioral characteristics. Since they depend on properties which are highly impossible to fake, the reliability of biometric security system satisfies the needs of immensely guarded areas of an organization. It can be commercially extended for home security systems as well.
Fig 9: Biometric Security
Advantages of Biometric Security
1. Highly Reliable
The means of identification are highly accurate and precise. The chances of false negatives and false positives are almost zero. This makes it an authentic security system that can be employed in high security zone such as in banking, defense, military access, etc.
2. Unique
The identity established by a biometric recognition security system is unique. It is based on characteristics like a fingerprint, eye print, etc. in which no two people share similarities. Hence the database formed is unique to each individual.
16 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T
CYBER & INFORMATION SECURITY
3. Difficult to Fake
The features that are used by a biometric security system cannot be shared or copied from a person. It makes it difficult to forge an identity of a person who has access, for misuse by another person.
4. Impossible to Lose
It is highly impossible to lose the feature used for recognition by the biometric security system unless the person has met with a serious accident that causes serious disruption in the specific characteristics.
5. Easier Tracking
Being an automated system, the tracking of events or entry-exit is made lot easier. The records are maintained in a database which can be accessed easily whenever required. This gives an authentic backup solution in case of any problem.
6. Complete Integration
The biometric systems encompass wide solutions for the complete integration through information in a database. The customer applications, facilities and access are integrated into a robust control system.
7. Safe
The system is considered to be safe as well as user friendly when compared to the other security systems. The issues of privacy and invasion are minimal.
8. Speed
The method is quite fast and the results are available almost instantly. The speed of processing an access request is one of the added advantages of using biometric security systems.
17 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T
CYBER & INFORMATION SECURITY
Security management is the identification of an organization's assets (including information assets), followed by the development, documentation, and implementation of policies and procedures for protecting these assets.
An organization uses such security management procedures as information classification, risk assessment, and risk analysis to identify threats, categorize assets, and rate system vulnerabilities so that they can implement effective controls.
Fig 10: Security Management
A Security Management System (SeMS) set out an organization’s security policy as an integral part of its business process. It is thus a part of the corporate management responsibility. SeMS is based on the same concepts used in the Safety Management System (SMS). SeMS provides system-wide security model encouraging and dependent on close co-operation between all stakeholders and regulators.
In today's high-tech and interconnected world, every corporation needs a well thought out security policy. Threats exist from both within the walls of each enterprise as well as from
18 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T
CYBER & INFORMATION SECURITY external sources such as hackers, competitors and foreign governments. The goal of corporate security policies is to define the procedures, guidelines and practices for configuring and managing security in your environment. By enforcing corporate policy, corporations can minimize their risks and show due diligence to their customers and shareholders.
Security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls. For systems, the security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including programs and access to data by people.
Fig 11: Security Policies
As the policy pyramid shows, the best security begins with upper management, creating an actual policy or mandate to implement security. The policy should be based on industry standards and regulations such as ISO 17799 and HIPAA. Procedures, guidelines and practices form the basis for all security technology. Products such as Enterprise Security Manager (ESM) measure policy
19 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T
CYBER & INFORMATION SECURITY compliance with modules and policies for operating systems, databases and applications. These then interact with the actual computer environment.
Risk management is the identification, assessment, and prioritization of risks followed by coordinating and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
Risks can come from uncertainty in financial markets, threats from project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as a deliberate attack from an adversary, or events of uncertain or unpredictable root-cause.
According to the ISO standard, the risk management consists several processes as follows:
1. Identify Risks – Identify risks that affect the project (positively or negatively) and documenting their characteristics
2. Assess & Analyze Risks - Assess the risk impact, Analyze the probability of risk occurrence and prioritize the risks, numerically analyze the effect of identifying risks on project objectives.
3. Plan Actions – Explore all the possible ways to reduce the impact of threats (or exploit opportunities). Plan actions to eliminate the risks (or enhance the opportunities). Action plans should be appropriate, cost effective and realistic.
4. Monitor & Implement the Action – Track the risks throughout the project. If risks occur then implement the risk strategy based on the action plan. Ex. If mitigation strategy is selected, execute the contingency plan based on risk triggers. In case contingency plan fails, execute a fallback plan.
5. Measure the effectiveness & Control the risk impact - Measure the effectiveness of the planned action and controlling the risk impact by understanding risk triggers & timely implementation of planned actions.
20 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T
CYBER & INFORMATION SECURITY
Fig. 12 Risk Management Processes
Risk management processes are cyclic which starts from the identification of a risk and it may result in identification of another new risk.
THANKS!
21 | P a g e H i m a n s h u G u p t a , F a c u l t y M e m b e r -
A I I T