SUBMITEED TO:Dr.

Jaydip Chaudhari

BY:

CHAMPANERIA DHARMIN (06) JOSHI CHIRAG (38) NAIR AKHIL (59)

 Understand information security services Be aware of vulnerabilities and threats Realize why network security is necessary What are the elements of a comprehensive security program

Within the subculture of computer hobbyists and software enthusiasts, the term Hacker usually refers to a particulars kind of programmer.
Someone who programs creatively Someone who programs for pure enjoyment

Someone who breaks into computers, often to do something malicious such as steal credit card information
Many times from personal computer Using the program crackers can break into a system without

really knowing how they did it

 Passwords are the most fundamental security tool of any modern operating

system and the most commonly attacked features.

Don`ts of choosing a password: Don`t use a variation of your login name or full name, this will still be an

easily guessed password

Don`t use a dictionary word, even if you add numbers or punctuation to it

 Do`s of choosing the password:-

Good way to choose a strong password is to take the first latter from each word of an easily remembered sentence. Examples:ItMc? - Is that My coat?
System Admin Tips for Password: Change or force user to change password periodically Password files within your server or database

 Password protection

Protecting the network by filtering network access and traffic

(i.e. firewall) Running security audit Examine and monitor log files Make use of intrusion detection tool Use common sense

More information is being created, stored, processed and communicated using computers and networks Computers are increasingly interconnected, creating new pathways to information assets

The threats to information are becoming more widespread and more sophisticated

Productivity, competitiveness, are tied to the first two trends

Third trend makes it inevitable that we are increasingly vulnerable to the corruption or exploitation of information

 Confidentiality refers to preventing the disclosure of

information to unauthorized individuals or systems.

Confidentiality is necessary for maintaining the privacy of the

people whose personal information is held in the system.

 Organizations protect against loss of confidentiality

with access controls and encryption.

For example, users are first required to authenticate

and then access is granted to users based on their proven identity. In short, users are granted access to data via permissions. If users do not have permissions, they are denied access.
There are many other instances where someone can

access data without needing to prove their identity.

 Integrity refers to the trustworthiness of information resources

It includes the concept of "data integrity" -- namely, that data

have not been changed inappropriately, whether by accident or deliberately malign activity. It also includes "origin" or "source integrity" -- that is, that the data actually came from the person or entity you think it did, rather than an imposter.

 One of the common ways of ensuring integrity is with

hashing. In short, a hash is a number and a hashing algorithm can calculate a hash for a file or string of data. As long as the data has not changed (and the same hashing algorithm is used), the hash will always be the same. The two primary hashing algorithms used today are Message Digest 5 (MD5) and Secure Hashing Algorithm 1 (SHA-1). EG, if you calculate the hash of the phrase ILoveSecurity with the MD5 hashing algorithm it will always be E7F8B292F4F5C2F98E5DF1435EB73D1B.

 EG, if you calculate the hash of the phrase

ILoveSecurity with the MD5 hashing algorithm it will always be E7F8B292F4F5C2F98E5DF1435EB73D1B.

One way hashes are used is by detection systems that

calculate hashes of key files. The detection systems later check these files to determine if the hash is the same. If the hash has been modified, the file has lost integrity and is considered suspect.

 For any information system to serve its purpose, the

information must be available when it is needed. This means that the computing systems used to store and process the information. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks such as a flood of incoming messages to the target system essentially forcing it to shut down.

 Primary methods that organizations use to protect

against loss of availability are fault tolerant systems. Fault tolerance means that a system can develop a fault, yet tolerate it and continue to operate. This is often accomplished with redundant systems such as redundant Backups ensure that that important data is backed up and can be restored if the original data becomes corrupt

 Fault tolerance and redundancies can be implemented

at multiple levels. For example, RAID-1 is a mirror of two drives; if one drive fails, the other drive still holds all the data. RAID-5 (striping with parity) uses three or more drives and uses parity to recreate the data if any drive fails. RAID-10 combines the features of a RAID-1 with the features of a RAID-0 array.

 A potential cause of an incident, that may result in harm of

systems and organization

Computer networks are typically a shared resource used by

many applications representing different interests. The Internet is particularly widely shared, being used by competing businesses, mutually antagonistic governments, and opportunistic criminals.

 Key Pre Distribution

Authentication Protocols
Example Systems Firewalls

 To

use ciphers and authenticators, the communicating participants need to know what keys to use. In the case of a symmetric-key cipher, how does a pair of participants obtain the key they share? In the case of a public-key cipher, how do participants know what public key belongs to a certain participant? The answer differs depending on whether the keys are shortlived session keys or longer-lived pre-distributed keys.

 A session key is a key used to secure a single,

relatively short episode of communication: a session.

Each distinct session between a pair of participants uses a

new session key, which is always a symmetric-key key for speed. The participants determine what session key to use by means of a protocola session key establishment protocol. A session key establishment protocol needs its own security (so that, for example, an adversary cannot learn the new session key); that security is based on the longer-lived predistributed keys.

 There are several motivations for this division of labor

between session keys and pre-distributed keys:

Limiting the amount of time a key is used results in less

time for computationally intensive attacks, less ciphertext for cryptanalysis, and less information exposed should the key be broken. Pre-distribution of symmetric keys is problematic. Public key ciphers are generally superior for authentication and session key establishment but too slow to use encrypting entire messages for confidentiality.

 Pre-Distribution of Public Keys One of the major standards for certificates is known as X.509. This standard leaves a lot of details open, but specifies a basic structure. A certificate clearly must include
the identity of the entity being certified the public key of the entity being certified the identity of the signer the digital signature a digital signature algorithm identifier (which cryptographic hash

and which cipher)

 Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) is a widely used approach to providing security for electronic mail. It provides authentication, confidentiality, data integrity, and nonrepudiation. Originally devised by Phil Zimmerman, it has evolved into an IETF standard known as OpenPGP PGPs confidentiality and receiver authentication depend on the receiver of an email message having a public key that is known to the sender. To provide sender authentication and nonrepudiation, the sender must have a public key that is known by the receiver. These public keys are pre-distributed using certificates and a web-oftrust PKI. PGP supports RSA and DSS for public key certificates.

 Secure Shell (SSH) The Secure Shell (SSH) protocol is used to provide a remote login service, and is intended to replace the less-secure Telnet and rlogin programs used in the early days of the Internet. SSH is most often used to provide strong client/server authentication/ message integritywhere the SSH client runs on the users desktop machine and the SSH server runs on some remote machine that the user wants to log into but it also supports confidentiality. Telnet and rlogin provide none of these capabilities. Note that SSH is often used to refer to both the SSH protocol and applications that use it; you need to figure out which from the context.

 A firewall is a system that typically sits at some point of

connectivity between a site it protects and the rest of the network. It is usually implemented as an appliance or part of a router, although a personal firewall may be implemented on an end user machine. Firewall-based security depends on the firewall being the only connectivity to the site from outside; there should be no way to bypass the firewall via other gateways, wireless connections, or dial-up connections.

 In effect, a firewall divides a network into a more-trusted zone

internal to the firewall, and a less-trusted zone external to the firewall. This is useful if you do not want external users to access a particular host or service within your site. Firewalls may be used to create multiple zones of trust, such as a hierarchy of increasingly trusted zones. A common arrangement involves three zones of trust: the internal network; the DMZ (demilitarized zone); and the rest of the Internet.

 Firewalls filter based on IP, TCP, and UDP information, among

other things. They are configured with a table of addresses that characterize the packets they will, and will not, forward. By addresses, we mean more than just the destinations IP address, although that is one possibility. Generally, each entry in the table is a 4-tuple: It gives the IP address and TCP (or UDP) port number for both the source and destination.