Essential of Security
S. Vamshidhar BabuCCNA, MCSE, CEH, CHFI, GNIITTeam LeadAppLabs
AgendaSecurity FallaciesWhat is Security?How to Secure?Layers of SecurityOperation model of Computer SecuritySecurity PrinciplesSecurity ConcernsPoor Security =Challenges When Implementing SecurityThreat ModelingOverview of Security technology
Security FallaciesWe have antivirus software, so we are secureWe have a firewall, so we are secureThe most serious threats come from the outsideI dont care about security because I backup my data dailyResponsibility for security rests with IT security Staff.
What is Security?Its an technique for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization.
How to Secure?What assets are you trying to protect?What are the risks to those assets?How are you trying to protect them?How well does your solution work?What other risks does your solution introduce?
Layers of SecurityPhysical SecurityHost SecurityNetwork SecurityWeb Application Security
Physical SecurityPhysical security consists of all mechanisms used to ensure that physical access to the computer system and networks is restricted to only authorized users.Access Controls, physical barriers, etc
Host security takes a granular view of security by focusing on protecting each computer and device individually instead of addressing protection of the network as a whole.Authentication and Logging MechanismsHost based IDSFile Integrity Checkers
Network SecurityIn network security, an emphasis is placed on controlling access to internal computers from external entities.FirewallsIntrusion Detection Systems (IDS)Access Controls on network devicesVulnerability Scanners
Web Application SecurityA Web application is an application, generally comprised of a collection of scripts, that reside on a Web server and interact with databases or other sources of dynamic content. Examples of Web applications include search engines, Webmail, shopping carts and portal systems
Web Application SecurityApplication attacks are the latest trend when it comes to hacking.On average, 90% of all dynamic content sites have vulnerabilities associated with them.No single web server and database server combination has been found to be immune!Today over 70% of attacks against a companys network come at the Application Layer not the Network or System layer - Gartner
Basic Security TerminologyCIAConfidentialityIntegrityAvailability
Basic Terminology of AttacksVulnerability: A weakness that may lead to undesirable consequences.Threat: The danger that a vulnerability will actually occur.Risk: A potential problem(Vulnerability + Threat + Extent of the consequences)Example. Buffer overflow is the vulnerability, where the threat would be transmission of a TCP/IP packet to cause buffer overflow and System crash is Risk.
Operational model of Computer Securitythe focus of security was on prevention. If we could prevent somebody from gaining access to our computer systems and networks, then we assumed that we had obtained security. Protection was thus equated with prevention.
Protection = Prevention + (Detection + Response)
Security ModelPreventionAccess controlsFirewallEncryptionDetectionAudit LogsIntrusion Detection SystemHoneypotsResponseBackupsIncident Response teamsComputer Forensics
Security PrinciplesThree ways to an organization to choose to address the protection of its network:Ignore Security IssuesProvide Host SecurityApproach security at a network levelOnly last two Host and Network security, have prevention as well as detection and response components.
Security ConcernsSecurity concerns:Application reliance on the Internet Hacking, Cracking, Phreaking, Script kiddies Internal Security attacksExternal Security attacksViruses and Worms
Common Types of Attacks
Layers - Dangers
Examples of Security intrusionsCodeRed I & II ILoveYouNimdaSniffingSpoofingTrojansBackdoorsDDosAttackerVirusTrojans
Poor Security = Serious damageWebsite DefaceSystem downtimeLost productivityDamage to business reputationLost consumer confidenceSevere financial losses due to lost revenue
Challenges When Implementing Security
Threat ModelingThreat modeling is:A security-based analysis of an applicationA crucial part of the design processThreat modeling: Reduces the cost of securing an applicationProvides a logical, efficient processHelps the development team:Identify where the application is most vulnerableDetermine which threats require mitigation and how to address those threats
Overview of Security TechnologyEncryptionSecure communication FirewallsIDSVirus Protection
EncryptionEncryption is the process of encoding dataTo protect a users identity or data from being readTo protect data from being alteredTo verify that data originates from a particular userEncryption can be:AsymmetricSymmetric
Symmetric vs. Asymmetric Encryption
Algorithm TypeDescriptionSymmetricUses one key to:Encrypt the dataDecrypt the dataIs fast and efficientAsymmetricUses two mathematically related keys:Public key to encrypt the dataPrivate key to decrypt the dataIs more secure than symmetric encryptionIs slower than symmetric encryption
Secure Communication How SSL WorksThe user browses to a secure Web server by using HTTPSThe browser creates a unique session key and encrypts it by using the Web servers public key, which is generated from the root certificateThe Web server receives the session key and decrypts it by using the servers private keyAfter the connection is established, all communication between the browser and Web server is secure1234Web Server Root CertificateMessageSecure Web ServerHTTPSSecure Browser1234
Firewalls can provide:Secure gateway to the Internet for internal clientsPacket filteringApplication filteringA system or group of systems that enforce a network access control policyFilters data packet in and out of intended targetWill mitigate the following attacks:Denial of Services (DoS) AttacksUnauthorized AccessPort-scanning and Probing
Intrusion Detection System (IDS)IDS is an application which detects attacks on computer systems and / or networks.Network-based Intrusion DetectionMonitors real-time network traffic for malicious activitySimilar to a network snifferSends alarms for network traffic that meets certain attack patterns or signaturesHost-based Intrusion-DetectionMonitors computer or server files for anomoliesSends alarms for network traffic that meets a predetermined attack signature
Virus ProtectionSoftware should be installed on all network servers, as well as computers.Shall include the latest version, as well as signature files (detected viruses)Should screen all software coming into your computer or network system (files, attachments, programs, etc.)Secure from:Viruses and WormsMalicious Code and Trojans
MGB 2003 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.*MGB 2003 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.*In this agenda topic, we will focus on the importance of security. Specifically, we will discuss:
security concerns.Common types of attacks on software systems.Examples of security intrusions.poor security.
MGB 2003 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.*Workforce mobility is increasing, and consequently, the way in which employees connect to your companys network is evolving. Employees connect in a number of different ways, including traditional wired connections, new and evolving wireless network standards, and dial-up and broadband virtual private network (VPN) connections.The variety of ways your mobile users connect to your companys network introduces a number of security concerns, including:Wireless susceptibility. Although wireless networks can be as secure as wired networks if administered properly, by default, many wireless networks provide the opportunity for any compatible device to connect in an ad-hoc manner.Employee home security. Many employees have wireless networks at home, and may not be aware of the issues that are involved with securing this type of network. Furthermore, always-on broadband connections make home networks (whether wireless or not) more susceptible to viruses and attackers. The potential susceptibility of home networks may result in viruses or attackers gaining access to your corporate network, either when the user connects over a VPN or when they physically plug their computers into the network on your companys premises. Although virus checkers and firewalls can help secure home networks and broadband connections, it is often difficult for your network administrators to enforce the use of these defences.Employees increasingly use their laptop computers and other mobile devices to connect to wireless networks run by third parties. For example, they might connect to WiFi hotspots in coffee houses, airports, hotels, and other places to check their e-mail or to browse the Internet. Because your company has no control over the security of these public networks, they provide a potential route for attackers or viruses. As with home networks, this may result in viruses or attackers gaining access to your corporate network, either when the user connects over a VPN or when they physically