Amit Goyal

Introduction

Amit Goyal
 Need Of Information Security

Hackers Attack
n
eeBay Account ret atio m
its ew c
Adm
n N -Zee News NASA Sitess Se form fro my
n
Ma king i s Hacked In olen Ar Of
c
Ha k Tim
e Mar 25,2005 St dian es
-Computer m
Y o r
C
In Ti
NB h e
S World -T dia 6
-- M 04 Information 2 00
8 ,20 Apr,24,2005 In
25
,
Ja n Hacked by a n
militant from Ja
DRDO.
es
-The Hindu
s t i gat g
inve otin
May25,2006 CBI at e-v
k Space
hac ware
so f t information
k hacked from
j Ta
-Aa 006 ISRO
2 5 , 2
Nov --Hindustan
Times
Amit Goyal Dec 24,2006
 Present Scenario

THE MODERN THIEF CAN STEAL MORE WITH A

COMPUTER THAN A GUN.

 MORE DAMAGE COULD BE CARRIED OUT WITH A KEYBOARD

THAN A BOMB.

Amit Goyal
 Information Security

The Indian National Information Systems Security

Glossary defines Information systems security
(INFOSEC) as:

 The protection of information systems against

unauthorized access to or modification of
information, whether in storage, processing or
transit, and against the denial of service to
authorized users or the provision of service to
unauthorized users, including those measures
necessary to detect, document, and counter such
threats.

Amit Goyal
Standard Output Reports &
Suitability To The Industry

Amit Goyal
 Indian Scenario:

83% of Indian
businesses reported a
security breach.

42% of these had 3

more breaches. 1-2 breaches(58%)
3-5 breaches(24%)
Nature of Incidents More than 6 breaches(18%)

Virus threat continues

to lead at 76%
Global+
54% reported a 2002-03
security breach other
than a virus/malicious 2004
code.
0 20 40 60 80 100

Amit Goyal
 Nature of Incidents

 Virus threat continues to lead at 76%

 54% reported a security breach other than a
virus/malicious code.
80
70
60
50
40
30
20
10
0
Denial of

Defacing
Unknown

Unauthorized

Web Site
Confidential

Compromise
Virus/Malicious

Service

Access

info.
Code

2004 Global+
Amit Goyal 2002-03
 Method Of Attack

Lack of process rather than flawed technology is the cause

of most security breaches.
46% don’t know what hit them!
23% due to unintended configuration errors.

OS Vulne rability

Application Vulne rability

Abus e d valid Us e r Accounts

Wage d De nial Of Se rvice

Gue s s e d Pas s w ord

Poor Acce s s e d Controls

Uninte nde d Configuration

Unk now n

0 10 20 30 40 50 60

2004
Amit Goyal Global+ 2002-03
 Who does it?

62% cannot identify

Insiders (current & former employees) do it more often
than hackers!
Unk now n

Hack e rs Or Te rrorist

Cure nt Em ploye e s

Form e r Em ployee s

Othe rs

Se rvice Provide rs

Com pe titors

Cus tom e rs

Public Intere s t Groups

Suppliers

Inform ation Brok e rs

Fore ign Governm e nts

0 10 20 30 40 50 60 70

2004 Global+
Amit Goyal 2002-03
 Actions Taken To Improve Information
Security In Business

Utilize the capabilities of the private sector to achieve

security.

A mechanism to share information on cyber attacks,

vulnerabilities and security practices to better respond to
cyber-attacks is essential.
Enhance awareness & Emergency preparedness.

Establishment information sharing and analysis centers

(ISACs) by Government/Industry to address the lack of
communication.

The government at the national, state and local levels

must actively collaborate and partner with the private
sector via ISACs.

Amit Goyal
Description Of Information
Security

Amit Goyal
Information Security Architecture

Amit Goyal
 Create Input For
Prevention
Deterrent Mechanisms Detective Methods

Self Assessment Computer & N/W usage

Secured Services
Vulnerability Scans Security
Campus Border Filters
Process Review Education & Awareness
Unit Level Filters Program
Intrusion Detection System
VPN Sharing Incident
Network Monitoring Information
Host Based security
System audit System Administrator Skill
Sets
Disclose & Generate
Reduce chance Of Process Improvement
Statistics Of
Reduces

Threat AttackExploits VulnerabiliResults In Impact

Natural catalyst
Internal
Business Process
tyInformation Systems To Our
Business Continuty
External Mission
Financial, Regulatory
Manmade Prompts Legal, Reputation

Reactive Measures
Incident Response Procedures
Computer Forensics
Service Restoration
Amit Goyal
Legal Action,System Modification
 Information Classification

Three widely accepted elements (aims, principles,

qualities, characteristics, attributes ...) of information
security are:
confidentiality
integrity
availability
authentication

Amit Goyal
 Information Security Challenges

Managing security has become increasing complex

Growing external and internal threats
Internal threats increasingly common than external – much
easier too
Good external security measures in place
Attackers looking for other means of
circumventing/bypassing guards and getting inside
Social engineering becoming popular
Methods - personal contact, installing backdoor, key
loggers,spyware, phising via email attachments

Amit Goyal
 Information Security Solutions

Nothing is 100% secure!!!

You can only mitigate the risks.
Approach should be to apply defense-in-depth
The most effective way to apply security is in layers
Place security measures at different points in your network
Construct a series of obstacles of varying difficulty
Secure each component in your network (firewalls, routers,
servers, desktops)
If one measure fails the next will protect
The series of obstacle may finally make the attacker give
up!

Amit Goyal
Types Of Information Security

Amit Goyal
 Types Of Information Security

Physical Security

Environmental Security

Personal Security

Amit Goyal
Common Security Threats & Vulnerabilities

 Threat:
 Any person, object, or event that, if realized, can potentially
cause damage to the network or networked device

 Vulnerability:
 A weakness in a host or network that can be exploited by a
threat

Amit Goyal
 Common Threats

Unauthorized Intrusions

Denial of Service (DoS) Attacks

Viruses, Worms, Trojan Horses (Backdoors)

Website Defacements

Internal Attacks

Amit Goyal
 Unauthorized Intrusions

 Intruders want to gain control of your computer

and to
use it to launch attacks on other computer
systems.

 Having control of your computer gives them the

ability to
hide their true location as they launch attacks,
often
against high-profile computer systems such as
government or financial systems.

The damage created depends on the intruder's

motives

 Confidential information maybe compromised,

altered or
damaged Amit Goyal
 Denial of Service

 Interruption of service either because the system is

destroyed or is temporarily unavailable

e.g.
Destroying a computer's hard disk
Severing the physical infrastructure
Using up all available system resource - CPU,
memory,disk space
Consuming network bandwidth to the server

Amit Goyal
 Viruses & Worms

A virus requires a user to do

something to continue the
propagation – harmful, may destroy
data

A worm can propagate by itself -

self-propagating malicious code,
consumes resources destructively,
DoS– Blaster, Slammer

Highly prevalent/common on the

Internet

Common distribution: e-mail, ftp,

media sharing, hidden codes

Amit Goyal
 Trojans (Backdoors)

 Trojans (Backdoors) -
Executable codes installed
that enable entry
into the infected host
without authorization

 Once installed the back door

can be used by the attacker
at their leisure

 Launching points for further

security attacks
(DDOS,SPAM)
Amit Goyal
 Bots (Spy ware)

 Modularized root-kits for specific functions.

 What Bots can do:

 Create Launch pad for DDOS attacks

 Packet sniffing
 Key logging
 File Serving of illegal or malicious code
 Replicating

Amit Goyal
 Website Defacements

Intent: To create political propaganda based attacks

To make a political statement

Launched primarily at Government Orgs, Media, Religious

Groups

By exploiting known vulnerabilities in websites or servers

The attacker can plant codes or files to vandalize site

Amit Goyal
 Internal Attacks

Computer Security Institute/FBI and Ernst & Young

say nearly 50% of all network attacks come from the
inside

Often, from unhappy/disgruntled workers

76% of the IT executives surveyed by Net Versant

said they were concerned about inside attacks from
unhappy employees

Losses associated with insider attacks can be more

damaging

Amit Goyal
 Other Common Attacks

Connection (Session) hijacking

IP source address spoofing

Smurf attack

Brute-force/Dictionary attacks (password guessing)

Humans are often the weakest link = social engg

"Hi, this is Bob, what's the root password?"

Amit Goyal
 Vulnerabilities

Insecure protocols/services running on a host

Exploitable security hole on a host without latest patches

or workarounds

Poorly protected hosts without firewalls, IDSs, etc.

Use of weak or default passwords

Insecure configuration of hosts

Execution of malicious codes – Trojan, Backdoors

Use of pirated or downloaded software from a public site

without verifying checksum (integrity) and authenticity
(signature)

Social engineering
Amit Goyal
Security Principles

Amit Goyal
 Security Principles

The Information Security Program for an organization can

be broken down into specific stages as follows:
(a) Adoption of a security policy
(b) Security risk analysis
(c) Development and implementation of a information
classification system
(d) Development and implementation of the security
standards manual
(e) Implementation of the management security self-
assessment
process
(f) On-going security programme maintenance and
enforcement
(g) Training.

Amit Goyal
Tools For Information Security

Amit Goyal
 Tools For Information Security
Passwords

Bio-Metrics

Smart Cards

Token devices

Firewalls

Virus Protection Tools

Intrusion detection System

Cryptographic Tools

Digital Signatures

Digital Certificate

Amit Goyal
 Firewall

Protects your internal network from the external

world

Enforces an access control policy between two

networks

Install firewalls also between office departments

Disallow unauthorized traffic in/out of your network

Define rules depending on required services/protocol

Prevent DOS attacks using rate limits

Amit Goyal
 Firewall

Only Secured Data Pass

No Checking Of Data
through it.
Data
No Protection

Data Data Data

Data
Data
Data

Data Data
Data
Data

Data
Data

Data

Amit Goyal
 Types Of Firewall

 Packet filtering firewalls

 Application layer firewalls

 Stateful Inspection Firewalls

Amit Goyal
Bio-Metrics

Amit Goyal
 Bio-Metrics

Face
Recognition
System
Multiscale Feature
Head Search Search

Face
Wrap Wrap
Masking And
Contrasrt
Norm

Detection
And
Alignmen
t
Amit Goyal
 Bio-Metrics

Face Recognition

System Coder

Recognition
Eigenspace
System ID
Projection

Recognition And
Coding

Amit Goyal
 Basics OF Cryptography

Plain Text Secret Key Cipher Text

Encryption

Decryptio
n

Cipher Text Secret Key Plain Text

Amit Goyal
 Digital Signature

Private Key

Public Key

Message Message
Text Cipher Text

Signature Encryption
Text Decryption
Signature

Private Key Public Key

Sender Of Sender Receiver
Of Sender

Amit Goyal
 Secure Socket Layer

 The SSL is the most common protocol used in ‘Electronic

Certificate’.

.
Its main capability is to encrypt messages

Amit Goyal
 Secure Electronic Transaction

• A more comprehensive protocol for credit

card processing is SET.
• It is not used much due to its cost and complexity

Electronic Certificate

Electronoc Certificate are issued by a trusted third

party,called a certificate authority(CA).
In order to verify that a specific public key belongs
to a
specific organization.
A certificate may verify name,age,gender and other
attributes of the individual to whom the public key
belongs.
Certificate are signed by CA and are valid until an
expiration date
Amit Goyal
Hardware & Software
Requirement

Amit Goyal
 Hardware & Software Requirement &
Maintenance
Hardware:
 Router
 Firewall
 Nessus
 Hping2
 SPIKE Proxy
 Shadow Security Scanner
 Solar Winds Toolsets
 Firewalk
Software :
Systems SW : Operating systems
Applications
Firewall

Amit Goyal
Developers Of Security Tools

Amit Goyal
 Developers Of Security Tools

Main manufacturer of security

tools is
‘CISCO’. Retina
CISCO SAINT
DSniff SARA Security
Hping2 Auditor's Research Assistant
Nessus- Firewalk
GFI LAN guard N-Stealth
Sam Spade Achilles
ISS Internet Scanner Brutus
Nikto Fragroute
SuperScan
SPIKE Proxy
Shadow Security Scanner
Nmap

Amit Goyal
 Conclusion

Providing Security is a cheap process than hacking of

important data.

As such it ensures the safety and security of the

information and IT assets that underwrite our way of life.

Information Security will enhance the level of confidence

among trading partners

Consumers will be able to trust the integrity and

confidentiality of certified suppliers no matter where they
might be located.

Amit Goyal
Amit Goyal