Information Security

By
Bhupendra Ratha, Lecturer
School of Library & Information Science
D.A.V.V., Indore
E-mail:bhu261@gmail.com
 Outline of Information Security
 Introduction
 Impact of information
 Need of Information Security.
 Objectives of Information Security.
 Areas of Information Security.
 Types of attackers
 Why attacks?
 Methods of Attacking on the Information
 Methods of Defending the Information
 Tips for the Information Security
 Introduction
 Information Security is a complicated area and can
be addressed by well-trained and experienced
Professionals.
 “When there is an attack on the system with the
help of different threats, it means that our system is
working very slowly, damaged and our
information are unsecured” is called Information
insecurity. This is a very big problem.
 The Information Security is the solution for it.
 Importance of Information
 Our work is based on records (information).
 We spend minimum half our day with documents
 15% of Rs. spent managing documents.
 Can’t work without data, record or information
 Need of Information Security
 To privacy of our Data/Information
 To safely data saving
 Theft own Data/Information
 To avoid bad use of our data
 Lack of time
 Lack of money
 Lack of human resources
 Objectives of Data/Inf. Security

Confidentiality Availability

Objectives of Data/Info. security

Integrity Authenticity
 Security Areas

 Basically three areas of security

1. Physical security
2. Network security
3. Database Security
 Physical Security
 Keep the servers in locked room with network and
power cables snipped off.
 Security of other hardware and machinery
 Network Security
 Network security all entry points to a network should be guarded.

Unprotected Network Switch

Server

Internet
Printer

Workstation

Firewall
Modem

Scanner
Protected LAN
 Database Security
 Database Integrity
 User Authentication
 Access Control
 Availability
 Types of Attackers
 Hackers
 Lone criminals
 Police
 Malicious insiders
 Press/media
 Terrorists
 Industrial espionage
 National intelligence organizations
 Info warriors
 Hackers
– Attacks for the challenge
– Own subculture with names, lingo and rules
– Stereotypically young, male and socially
– Can have considerable expertise and passion for
attacks
 Lone criminals
– Attack for financial gain
– Cause the bulk of computer-related crimes
– Usually target a single method for the attack
 Malicious insiders
– Already inside the system
– Knows weaknesses and tendencies of the
organization
– Very difficult to catch
 Press/media
– Gather information for a story to sell papers/
commercial time

Police
–Lines are sometimes crossed when gathering information
to pursue a case
 Terrorists
–Goal is disruption and damage.
–Most have few resources and skilled.
 National Intelligence Organizations
 To investigation of different cases

Industrial Espionage

• To discover a competitors strategic marketing

 Info warriors
– Military based group targeting information or
networking infrastructures
– Lots of resources
– Willing to take high risks for short term gain
 Why attacks?
 To publicity
 To financial gain
 Jealousness
 To fun
 To competition with the person of same field
 Specific types of attacks

 Engineering attacks
 Physical attacks
 Environmental attacks
 Engineering attacks
 Viruses
 String of computer code that attaches to other programs and replicates

 Worms
 Replicates itself to multiple systems
 Rarely dangerous, mostly annoying

 Trojan Horses
 Collects information and sends to known site on the network
 Also can allow external takeover of your system
 Cont…

colleague

Attacker

Virus

Our system
 Cont..
– Password sniffing
 Collect first parts of data packet and look for login
attempts

– IP Spoofing
 Fake packet to “hijack” a session and gain access

-Port scanning
 Automated process that looks for open networking ports
 Logs positive hits for later exploits
 Physical attacks
 Equipment failure arising from defective
components.
 Temperature and humidity.
 Physical destruction of hardware and equipment
 Theft or sabotage.
 Environmental Attacks
 Natural Disasters
Fire, Earthquakes etc.

 Man-Made Disasters
War, Chemical Leaks etc.
 Methods of Information Security Threats

 Backups
 Antivirus Software
 Cryptography
 Biometrics
 Honey pots
 Firewalls
 Burglar alarms
 Backups
 Backups allow us to restore damaged or
destroyed data.
 We can set up backup servers on the network.
 Backup media are- Floppy disks, external hard
disks, ISP online backup.
 Antivirus
 Antivirus is a program that we can install on
our computer to detect and remove viruses.
 It is used to scan hard disks, floppy disks,
CDs, for viruses and scan e-mail messages and
individual files, downloads from the Net.
 Cryptography
 Cryptography is the art of converting info. Into a
secret code that can be interpreted only by a person
who knows how to decode it.

Encrypted

Plain text Cipher text

Decrypted
 Example of Cryptography

Original message Original message

Sender Receiver

Encrypted Decrypted
 Bioinformatics
 The bioinformetics authentication process uses a
person’s unique physical characteristics to
authentically the identity.
 Bioinformatics authentication method fingerprint
recognition, voice authentication, face recognition,
keystroke dynamics and retina.

Fingerprint Retina
 Honey pots
 A honey pots is a tool used for detecting an
intrusion attempt.
 A honey pots simulates a vulnerable computer
on a network.
 It contains no critical data or application but has
enough data to lure an intruder.
 Honey pots

Honey pots
Intruder
 Firewall
 A firewall is a tool for the network security
that stand between trusted and entrusted
networks and inspecting all traffic that flows
between them.
 In simple language firewall is a filter
machine that monitors the type of traffic that
flows in and out of the network.
 Firewall

Private network
Firewall

Internet
 Burglar alarms
 Traps set on specific networked objects that
go off if accessed
 Tips for information Security
 Use of strong password
 Adopt a security policy
 Use of anti-virus.
 Information security officer
 Use of firewalls
 Use of bioinformatics
 Beware to malicious insiders
 Security training
 Use of other security tools