1 / 35

Security

Security. Security: Security means, Protection against, Some kind of Threat (Danger). Security. Security: Scenario: Few years ago: It was only about a Computer / PC security which was obtained by, Using physical controls over access to computers. Tools to secure computers were:

bat
Download Presentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Security: Security means, Protection against, Some kind of Threat (Danger).

  2. Security Security: Scenario: Few years ago: It was only about a Computer / PC security which was obtained by, Using physical controls over access to computers. Tools to secure computers were: Alarmed Doors and Windows. Security Guards. Security Badges to admit people to sensitive areas. Surveillance cameras. Mainly dealing with, Physical Security. Scenario: Today: It’s not about a Computer/PC security but, All about Computer Network Security. Physical security is just one aspect of security and, Along with Physical security, one more aspect of security needs to be considered: Logical Security

  3. Network Security Network Security: 2 general types of security: Physical Security: Protection against physical threats/dangers such as: Unauthorized Person such as Thief etc. Unauthorized Device such as CD, Pen Drive etc. Logical Security: Protection against logical/software/electronic threats/dangers such as: Viruses, Worms, Spywares etc. Note: Physical security is the first step to any kind of security because, If a PC is not ‘Physically’ secure, it can never be secured ‘Logically’.

  4. Network Security Physical Security: Measures to control Physical Access to Networks and improve Physical Security: Basic measures: Locked Rooms, Security Alarms, CCTV Cameras, Security Badges for Authorized Persons. Advanced measures: Writing pads that detect the form and pressure of a person writing a signature. Biometric Devices such as: Fingerprint Scanner, Face Recognition, Eye/Retina Scanner, Palm Scanner.

  5. Network Security Physical Security: Apart from the normal physical security such as guards, surveillance systems, Many companies maintain backup copies of server contents at a remote location. In case of a disaster, The operations can be switched over in a matter of seconds to the backup location.

  6. Network Security Logical Security: Need: Internet/Network was always designed to be, Redundant because, Packets travel through different uncontrolled paths, And was never designed to be, Secure. Hence ‘Logical Security’ is something which is, Not a inherent (inbuilt) part of Network.

  7. Logical Security Measures for Logical Security: IDs and Passwords: Provide authentication credentials to every user of the system in the form of: IDs and Passwords Even after successful login, Allow access to only certain required applications by giving, Selected ‘Rights/Permissions’ to the users. Apply ‘Time-of-Day’ restrictions to users and applications so that, Available on weekdays but offline on weekends.

  8. Logical Security IDs and Passwords: Tips to Select & Protect IDs and Passwords: Select a password which is, At least 8 characters long and, Including all types of symbols such as lowercase, uppercase, numbers and special characters. Password should be selected in such a way so that it is, Not easily guessable/identifiable such as, Name of spouse, children, phone number, as a password. Change the passwords, Periodically or at regular intervals. Log (Store) and check all the unsuccessful login attempts and, Block the ID if unsuccessful login attempts increase beyond a certain threshold (level) because, A pattern of attempted but unsuccessful logins might signal that an unauthorized user is trying to access the network.

  9. Cryptography Logical Security Encryption / Decryption Hello Hello Hello Hello Ifmmp Ifmmp Sender Receiver Ifmmp 3rd person

  10. Key: VIOLIN Encryption (Example) Algorithm: SENDER RECEIVER Transfer One Lakh Rupees To Account 756 Transfer One Lakh Rupees To Account 756 Encryption Decryption rrLuTo5snheAt nOke n fe sc a apou6Te R c7

  11. Logical Security Measures for Logical Security: Encryption: Coding / Locking of information by using: A mathematically based program (Algorithm) AND A secret key, To produce a string of characters that is, Unintelligible (Not understandable). Similar to, Scrambling that is done on the premium cable channels. If the cable user pays an extra fee, The cable company unscrambles the signal for that user by, Sending over the KEY.

  12. Logical Security Measures for Logical Security: Cryptography: Science that studies encryption / decryption. Comes from 2 Greek words: krypto: secret grapho: writing

  13. Symmetric Key Encryption / Private Key Cryptography Cryptography Plaintext Ciphertext Hello Hello Ifmmp Same Keys & Private Encryption Decryption Sender Receiver Advantage: Anyone can easily generate a Symmetric Key. 2-way secure communication is possible using a single Symmetric Key. Challenge/Disadvantage: Difficult to exchange ‘KEY’ itself securely at the first place.

  14. ASymmetric Key Encryption / Public Key Cryptography Cryptography Sender2 Different Keys Public, Private Private Key Hello Hello Ifmmp Decryption Encryption Sender1 Receiver Public Key Challenge/Disadvantage: With 2 keys, only 1 way secure communication is possible and Sender3 It is not easy for everyone to generate those related keys.

  15. Logical Security Cryptography: Symmetric/Private Key Cryptography: Uses a single key for, Encryption and Decryption, which must be kept, Private (Secret) between the Sender and the Receiver. Challenge/Disadvantage: Difficult to share the Private Key securely at the first place. Examples: DES: Data Encryption Standard. 56 bit encryption key. Could be broken by a fast computer in 6 minutes. 3DES: Triple DES. Key Length: 112 bits. AES: Advanced Encryption Standard. Key Length: 256 bytes = 2048 bits. Takes 150 trillion years to break the key. Blowfish, IDEA (International Data Encryption Algorithm) etc.

  16. Logical Security Cryptography: Asymmetric/Public Key Cryptography: Uses 2 different (mathematically related) keys for, Encryption and Decryption where, Encryption is done using Receiver’s Public Key and, Decryption is done using Receiver’s Private Key. Data encrypted using receiver’s Public Key can only be decrypted using, Receiver’s Private Key and cannot be decrypted using, The same Public Key. Examples: RSA: Ron Rivest, Adi Shamir, Leonard Adleman. Key Length: 1024 bit For more detailed information, click here.

  17. How a 2-way secure communication happens? Cryptography Private Using Symmetric Key Encryption OR Using Public Key Encryption Public Challenge / Disadvantage: Encryption only ensures secure communication. Does not ensure the authenticity / genuineness of the receiver. Private Symmetric Difficult to ensure that communication is happening with ‘Facebook’ and not ‘Fakebook’. Public Key Cryptography is used to exchange the Symmetric Key securely. Public All further communication happens using the Symmetric Key.

  18. ASymmetric Key Encryption / Public Key Cryptography Cryptography Digital Signature Keys Private Student1 HOD Public Private Student2 Faculty Public Encryption: Done using the private key. Student3 Decryption: Done using the public key.

  19. Private Cryptography Public Private Certification Authorities (CAs) Digital Certificate Public Question: From where did client get the public key of google server?

  20. SSL (HTTPS) Communication 1. Clients sends a request. Cryptography 2. Server sends a response in the form of its Digital Certificate issued by some Certification Authority (CA). Digital Certificate is encrypted by the Private Key of CA. 3. Client decrypts the Digital Certificate using the preloaded Public Key of CA and extracts information such as Name of Server, Address of Server, Public Key of Server, Expiry Date of Certificate etc. 4. Client generates a unique Symmetric Key and sends it to the Server by encrypting it using Public Key of Server. 5. Server decrypts the Symmetric Key using the Private Key of Server. 6. Then communication happens between Client and Server using the Symmetric Key.

  21. SSL (HTTPS) Communication

  22. SSL (HTTPS) Communication

  23. Logical Security Asymmetric/Public Key Cryptography: Digital Signature: A method for, Showing the authenticity (genuineness) of a message or document. A valid digital signature gives a receiver a reason to believe that, Authentication: Message was created by a known sender. Non-Repudiation: Sender cannot deny having sent the message. Integrity: Message was not altered in transit. Commonly used for, Software distribution, Financial transactions etc.

  24. Logical Security Digital Certificates / Digital ID: A functionality that: Verifies that a sender (Web site) is who or what it claims to be. Serves the same function as a: Driving license Passport Although it does not say one thing: About the usefulness or quality of the downloaded program. Only supplies a level of assurance that the software is genuine.

  25. Logical Security Digital Certificates: Issued to organizations or individuals by an agency called: Certification authority (CA). Examples: Thawte VeriSign Entrust Equifax Secure Entities must supply appropriate proof of identity when applying for digital certificates. Once the CA is satisfied, it issues the certificate.

  26. Logical Security Digital Certificates: Includes following elements: Certificate owner’s identifying information such as name, organization, address. Certificate owner’s public key. Dates between which the certificate is valid. Serial number of the certificate. Name of the certificate issuer (Certification Authority).

  27. Firewall Logical Security Network of an Organization Switch Question: Will there be any control on the traffic either moving From the Organization to the Internet or vice versa? NO. Could this be dangerous/risky for the security of the organization?

  28. Logical Security Firewall: Entity which is placed at the, Entry/Exit point of the networks to, Provide a defense between, A network and the Internet and, Control the data traffic moving through it. Acts as a, Filter which can distinguish/identify, Good from the Bad, Allowed from Denied, According to the, Rules/Configurations/Policies set in a Firewall. Similar to, Scanning machine kept at the Malls / Airports. Ozone layer of the atmosphere.

  29. Firewall Characteristics of a Firewall: 1) All traffic from inside to outside and from outside to inside the network, Must pass through the firewall. 2) A firewall should obstruct/block/stop, All the unauthorized traffic. 3) A firewall should not obstruct/block/stop, Any legitimate users.

  30. Firewall Characteristics of a Firewall: 4) The firewall itself should be immune to penetration. Firewalls should not have any unnecessary software installed. Should be used only as a firewall and not as a general-purpose computing machine. Only essential OS and firewall-specific protection software should remain on the computer. Having fewer software programs on the system means: Less chances of security breaches. Access to a firewall should only be restricted to: Physical Access (Not remote access)

  31. Firewall Types of Firewalls: Classified into following categories: Application-level Firewall. Packet-level Firewall.

  32. Firewall Types of Firewalls: Application-level Firewall: Filter traffic based on the application requested. Allow/Deny access to specific applications such as, FTP, HTTP etc. Example of Application-level policy: Allows Incoming FTP requests but Blocks Outgoing FTP requests. Allows Incoming HTTP requests but Blocks Outgoing HTTP requests.

  33. Firewall Types of Firewalls: Packet-level Firewall: Works as IP level filter. Examines/Checks the source and destination addresses and ports of incoming packets and, Allows or denies entrance to the packets based on a set of rules. Example: Allow IP address 192.168.1.1 to go through but disallow IP address 192.168.10.10.

  34. Logical Security Firewall Home User Can a home user afford a dedicated machine for a Firewall? NO. Software Firewall: Windows Firewall, Norton Internet Security etc.

  35. Network Security References: http://content.hccfl.edu/pollock/AUnixSec/PublicKeyDemo.htm http://www.youtube.com/watch?v=Ao5pMFe9fHU

More Related