Académique Documents
Professionnel Documents
Culture Documents
Security
P.S.Dhekne
BARC
Presentation at SASTRA
Organization
General Policy
Min. Security Enforcement
Secure Backup
August 24, 2
Presentation at SAS
INFORMATION
SECURITY
The information systems
are known to be
vulnerable to many threats like cyber crime,
hacking and terrorism
Regardless of whether the information has
been stolen by the attacker or not, the security
breaches and virus attacks result in adverse
publicity to the organization.
Thus issues like protection and security of the
information systems have become greater
August 24, 2
Presentation at SAS
3
concern.
Presentation at SAS
INFORMATION
SECURITY
There are
computers
two
ways
to
attack
Integrity:
Access Control:
Authentication:
August 24, 2
Presentation at SAS
Nonrepudiation:
Audit Trail:
Privacy:
August 24, 2
Presentation at SAS
What is at Risk?
Data, Time and Money
1.
August 24, 2
Presentation at SAS
August 24, 2
Presentation at SAS
3.
Resource Availability:
4.
August 24, 2
Presentation at SAS
10
Erroneous Program
Poor Administration
August 24, 2
Presentation at SAS
11
General Threat
Perceptions
Network threatened by external
Presentation at SAS
12
Physical Security
Protect machine
Limit network access
Most secure (without
external access)
Suppose it falls
into an adversary
All the data can be
obtained in the
clear
August 24, 2
Cryptographic Secure.
Protects even if the
m/c falls to adversary
Of course person
having access can
delete -- Hence,
BACKUP
Data Integrity
Cryptography: Fragile
Presentation at SAS
13
August 24, 2
Presentation at SAS
14
Secure Backup
Prevent what you cannot detect and
detect
what you cannot prevent
Security of the backup itself
Backup over a network
Cryptographic encryption
Key servers
Incremental Backup
Deleting Backups
August 24, 2
Presentation at SAS
15
Secure
Communication
Cryptography
Encryption/decryption
Key management
Session key protocols
Certification
Digital Signatures
August 24, 2
Presentation at SAS
16
Replay
Prevention
Presentation at SAS
17
Network Perimeter
Security
(Protection from Outsiders)
General (Policies to be enforced)
Policies delineating appropriate and
inappropriate behaviour
Security Classification of data and Machines
and enforce access controls
Only required access to be given to insiders
Enforce Physical security for file servers,
secure nodes, key servers, authentication
servers, backups etc.
Audit Procedures (manual and automated)
August 24, 2
Presentation at SAS
18
Network Perimeter
Security
(Min. Security Enforcement)
External Access:
Secure Configuration
August 24, 2
Presentation at SAS
19
Presentation at SAS
20
Intrusion Detection
Systems
August 24, 2
Presentation at SAS
21
Certification: Key
Servers, PKI
Infrastructure
Needed security
Authenticated usage
Online
offline
August 24, 2
Presentation at SAS
22
Securing
Communication
August 24, 2
Trusted sites
Use of public network
Secure channels
Transparent to users
Presentation at SAS
23
Virtual Private
Network:VPN
Secure use of public communication channel with
August 24, 2
Presentation at SAS
24
Basic VPN
August 24, 2
Presentation at SAS
25
Managing the
VPN
Presentation at SAS
26
Tighten Exit
Security
Reroute traffic
August 24, 2
Presentation at SAS
27
Internal
Security
August 24, 2
Presentation at SAS
28
Policy
Teams
August 24, 2
Presentation at SAS
29
Emergency Response
Team
Plan
Presentation at SAS
30
- Loss of data
- Loss of server up time
- Loss of user's productivity
- Loss of money
Average cost per virus encounter US $ 2454
How much protection is enough ?
No one knows!!
August 24, 2
Presentation at SAS
31
Information Security
Management System
(ISMS)
Organization Security
Personnel Security
Security Policy
Information Security
Approach
Presentation at SAS
33
WWW
server
Via VPN
202.41.86.x
PROXY
Server
Internet
Mail
Gateway
DMZ
DNS
server
192.168.x.x
IDS
Centralized
Log server
And SMS
Internal
Email
Server
NAT Firewall
10.x.x.x
IDS
PC
HDSL Modems
Remote Access
Server
PC
ISDN
Exchange
Browsing PCs
PC
ISDN lines
HDSL Modems
PC
PC
Browsing PCs
August 24, 2
Presentation at SAS
PC
PC
PC
Browsing PCs
34
SECURITY BUILDING
BLOCKS
Presentation at SAS
35
Use of Secure
Software
Securing Mail-gateways
Intrusion Detection
System
August 24, 2
Presentation at SAS
37
August 24, 2
Presentation at SAS
38
Auditing
Intrusion detection
Performance measurement
August 24, 2
Presentation at SAS
39
Presentation at SAS
40
August 24, 2
Presentation at SAS
41