IT Security Basic - CH.1 Introduction

Submitted by keithyau on Tue, 01/05/2010 - 18:05


Introduction

What is security?
- Encryption
- Authentication
- Identification
Why we need network security?

Increase in digital criminal and now is a serious problem which caused economic damage.

Ways of attack
  1. Guessing password
  2. Cracking
  3. back doors
  4. sniffers
  5. Packet spoofing
  6. Dos
  7. www attacks
  8. SQL injection
  9. Buffer overflow
  10. ...
Vulnerabilities Reported
  1. http://www.cert.org/stats/cert_stats.html
No. of Vulnerabilities is strictly increasing
SPAM - The biggest problem in the Internet
  1. Capture victim PCs to be used as SPAM sending zombies
  2. Rent zombies to others
  3. 50% of email in many companies are SPAM
  4. Phishing
    Trick people by sending email that direct them to fake websites [E.g. A Bank] and steal passwords
Hope - IT Security professionals

  1. Training IT Professionals
  2. Increase understanding of users
  3. New technology on - encryption, strong authentication and survivable systems
  4. Increase collaboration across government and industry
  5. Establish risk management process
Security Policy - RFC 2196
A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide
Security Practices Structure

Step 1: Harden/Secure
  • Install the operating system and all applicable patches
  • Deny all, then allow the just enough privilege
  • Set authentication mechanisms, backups, virus detection, remote administration and physical access
  • Logging activities
Step 2: Prepare
  • Prioritize critical assets, level of asset protection, potential threats and detection
  • Identify what data should collect and the collection mechanisms
  • Identify, install and understand monitoring tools
  • Keep and protect recorded information
Step 3: Detect
  • Investigate unauthorized hardware
  • Initiate response procedure
  • Monitor system and network activities
  • Inspect files and directories for unexpected changes
Step 4: Response
  • Analyze available information
  • Collect evidence
  • Disseminate information per policy, using secure channels
  • Return systems to normal operation
Step 5: Improve
  • Install new patch, re-harden system
  • Install new tools
  • Update policy and train users
  • Update configuration of alert, logging and any mechanisms
Types of digital pest

  1. Logic Bombs
  2. Trapdoor
  3. Trojan Horse
  4. Virus
  5. Worms
  6. Zombie
  7. ...
Counter measure available
  1. Cryptography Algorithms and Secure Protocols
  2. Secure network protocols
  3. Secure programming techniques
  4. Building secure software
  5. Access control and policies
  6. Authentication tools
  7. Security Perimeter Controls and Patrol
  8. Monitoring tools
REMEMBER
  1. Security is about Risk management. You cannot 100% eliminate all existing risks.
  2. Security is a process. It is not a piece of software or a box of hardware.
  3. Practice Defense-in-depth
  4. Education should be given to anybody is related.

1206, No. 1388 New Jinqiao Road, Jinqiao district, Shanghai, China
General Enquiry: info@yubis.net
Website: http://www.yubis.net