MODERN TRENDS IN

INFORMATION
SECURITY
Hari Krishna
Sanal Michael
Seethu Soman
Sujai jaiLal
Vishnu KC

1
MODERN TRENDS IN INFORMATION
SECURITY
INTRODUCTION
2
The U.S. National Information Systems Security Glossary defines
"Information Systems Security" as the protection of information
systems against unauthorized access or modification of
information, whether in storage, processing or transit, and against
the denial of service to authorized users or the provision of service
to unauthorized users, including those measures necessary to
detect, document, and counter such threats.

Information security
3
Principles of Information Security

Confidentiality
Concealment of data from unauthorized parties
Integrity
In information security, data integrity means maintaining and
assuring the accuracy and consistency of data over its entire life-cycle
Availability
For any information system to serve its purpose, the information
must be available when it is needed


4

Non-repudiation

Non-repudiation implies one's intention to fulfil their
obligations to a contract

Authenticity
It is necessary to ensure that the data, transactions,
communications or documents are genuine

5
Threats in information security
BOTNETS
collection of software robots, or bots, that creates an
army of infected computers


HACKING
actions taken to gain unauthorized access to a computer
6
MALWARE
any software used to disrupt computer operation, gather
sensitive information, or gain access to private computer
systems
includes computer viruses, worms, trojan
horses, ransomware, spyware, adware, scareware


PHISHING/SPOOFING
acquire sensitive information such as
usernames, passwords, and credit card details, money by
masquerading as a trustworthy entity in an electronic
communication
7

RANSOMWARE
Ransomware is a type of malware that restricts access to
your computer or your files and displays a message that
demands payment in order for the restriction to be
removed
8

SPYWARE
software that aids in gathering information about a
person or organization without their knowledge and that
may send such information to another entity without the
consumer's consent, or that asserts control over a
computer without the consmer's knowledge


WIFI-EAVESDROPPING
The interception of personal information sent using
wireless signals.
Virtual listening in on information that's shared over an
unsecure (not encrypted) WiFi network.
9
10
DISTRIBUTED DENIAL-OF-SERVICE
A distributed denial-of-service (DDoS) attack is one in
which a multitude of compromised systems attack a
single target, thereby causing denial of service for users
of the targeted system
Two types of DDoS attacks:
a network-centric attack which overloads a service by
using up bandwidth
an application-layer attack which overloads a service or
database with application calls
TOOLS USED IN
INFORMATION
SECURITY
11
Firewall
It is a hardware or software network security device that locate
between two networks to control what information is allowed to
pass between those networks.
12
Encryption
Encryption is the transformation of data into a form unreadable by
anyone without the secret decryption key.
13
Secured wireless
A secured wireless network is a network created for a domain
with limited and known people. So that data security can be
maintained between them.
14
Virtual Private Network (VPN)
A secure communication channel that enables peoples to access
their office computers from off campus via a secure web
interface.

15
Password Management A password is a convenient
and easy method of authentication for users entering a
computer system. Password approach is subject to a number of
security threats.

Virus protection tool
Anti-virus, is computer software used to prevent, detect and
remove malicious computer viruses.


16
Intrusion Detection System
is a device or software application that monitors network or
system for malicious activities or policy violations and
produces reports to a management station

There are broadly two types of Intrusion Detection systems
Host based intrusion detection system
Network based intrusion detection system
17
NETWORK INTRUSION
DETECTION SYSTEM
placed at a strategic point or points within the network to
monitor traffic to and from all devices on the network

Once the attack is identified, or abnormal behavior is sensed,
the alert can be sent to the administrator

NIDS server can also scan system files looking for
unauthorized activity and to maintain data and file integrity.

Possible uses include scanning local firewalls or network
servers for potential exploits, or for scanning live traffic to see
what is actually going on.






18
HOST INTRUSION DETECTION
SYSTEM

run on individual hosts or devices on the network

monitors the inbound and outbound packets from the device
only and will alert the user or administrator if suspicious
activity is detected

A host Intrusion detection systems (HIDS) can only monitor
the individual workstations on which the agents are installed
and it cannot monitor the entire network. Host based IDS
systems are used to monitor any intrusion attempts on critical
servers.
19
INTRUSION PREVENTION SYSTEM
are network security appliances that monitor network or
system activities for malicious activity.

The main functions of intrusion prevention systems are
to identify malicious activity, log information about this
activity, attempt to block/stop it, and report it.

extensions of intrusion detection system
20
DETECTION METHODS
Signature-Based Detection
monitors packets in the Network and compares with pre-
configured and pre-determined attack patterns known as
signatures.

Statistical anomaly-based detection



Stateful Protocol Analysis Detection

21


ISO/IEC 27001
22

ISMS

ISMS stands for Information Security Management System.
An ISMS is a systematic approach to managing sensitive
company information so that it remains secure. It includes
people, processes and IT systems by applying a risk
management process.
It can help small, medium and large businesses in any sector
keep information assets secure.

23

Benefits of ISO/IEC 27001

Identify risks and put controls in place to manage or eliminate
them
Flexibility to adapt controls to all or selected areas of your
business
Gain stakeholder and customer trust that their data is
protected
Demonstrate compliance and gain status as preferred supplier
Meet more tender expectations by demonstrating compliance
24
Reasons for adopting ISO 27001
It is suitable for protecting critical and sensitive
information
It provides a holistic, risk-based approach to secure
information and compliance
Demonstrates credibility, trust, satisfaction and
confidence with stakeholders, partners, citizens and
customers
Demonstrates security status according to internationally
accepted criteria
Creates a market differentiation due to prestige, image
and external goodwill
If a company is certified once, it is accepted globally

25
26
Identity Management
Identity management (IdM) describes the management of
individual principals, their authentication, authorization, and
privileges within or across system and enterprise
boundaries with the goal of increasing security and
productivity while decreasing cost, downtime and repetitive
tasks.
27

Identity Management Functions

The pure identity function: Creation, management and deletion
of identities without regard to access or entitlements.
The user access (log-on) function: For example: a smart
card and its associated data used by a customer to log on to a
service or services (a traditional view).
The service function: A system that delivers personalized, role-
based, online, on-demand, multimedia (content), presence-
based services to users and their devices

28

Identity Theft

Identity theft happens when thieves gain access to identity
information such as the PIN that grants access to a bank
account.
Privacy
Putting personal information onto computer networks
necessarily raises privacy concerns. Absent proper protections,
the data may be used to implement a surveillance society.
Social web and online social networking services make heavy
use of identity management. Helping users decide how to
manage access to their personal information has become an
issue of broad concern.
29
30