SlideShare a Scribd company logo

Data Integrity and Availability

Download as PPTX, PDF
Sripati Mahapatra
Sripati Mahapatra

Basics Of Network Security And Ethical Hacking

Education
1 of 51
Security can be defined as the process or procedure to ensure the integrity, availability, and confidentiality of data and resources against threats, viruses, bugs, and vulnerabilities. Security can be of two types: Computer security Network security refers to preventing the disclosure of information to unauthorized individuals or systems In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle.This means that data cannot be modified in an unauthorized or undetected manner.
For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. AVAILIBILITY
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro- actively limiting the impact of a security breach. PLAN : Is about designing the ISMS, assessing information security risks and selecting appropriate controls. DO : phase involves implementing and operating the controls. CHECK : objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS. ACT : changes are made where necessary to bring the ISMS back to peak performance.
ISO/IEC 27000 ISO/IEC 27001:2005 The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27k' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC). The standard explains the purpose of an Information Security Management System (ISMS), Management system and risk management and definition of information security. is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC). The key benefits of 27001 are: o It can act as the extension of the current quality system to include security o It provides an opportunity to identify and manage risks to key information and systems assets o Provides confidence and assurance to trading partners and clients; acts as a marketing tool o Allows an independent review and assurance to you on information security practices
ISO/IEC 27003 ISO/IEC 27004 ISO/IEC 27003 is part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series. And the purpose of ISO/IEC 27003 is to provide help and guidance in implementing an ISMS (Information Security Management System). Tasks To Maintain The Standards :- o Seeking management approval to start the project and to implement ISMS. o Describing scope and boundary Of ISMS. o Conducting security risks assessment planning for risk treatments. o Designing ISMS and planning the implementation project. The purpose of ISO/IEC 27004:2009 is to help organizations measure, report and hence systematically improve the effectiveness of their Information Security Management System(ISMS). The standard includes the following main sections: o Information security measurement overview. o Management responsibilities. o Measures and measurement development. o Measurement operation. o Data analysis and measurement results reporting. o Information Security Measurement Program evaluation and improvement.
PASSIVE ATTACK ACTIVE ATTACK A "passive attack" attempts to learn or make use of information from the system but does not affect system resources. TYPES : BRUTE FORCE ATTACK : Breaks the encrypted data by finding the appropriate key. ALGEBERIC ATTACK : In which you can write a cipher as a system equation. After writing a cipher you can read it by using appropriate key. CODE BOOK ATTACK : Refers to a technique for cryptanalysis. The attacker tries to build a code book in which an attacker describes the cipher text and its corresponding plain test. An "active attack" attempts to alter system resources or affect their operation. EXAMPLES : Denial-of-service attack Spoofing
Refers to a software that is designed for preventing, identifying and removing malware including malicious codes and computer system virus. Is a sequence of code or instructions that inserted into other programs and executed when the program runs. And is harmful for pc. Boot Sector Virus : - infects the MBR of hard disk and execute at the time of booting. File infector virus : - Attach itself to executable files and executed when the program runs. Macro Virus : - Attach itself to the documents and get executed when the file opens. Multipartite Virus : - Combines the boot sector virus with file infector virus.
Polymorphic Virus : - Get replicated when they start replicating themselves over the network. Worm : - Refers to the virus they can auto replicate from one to many and can travel from one place another through network. Trojan Horse : - A program that appears safe but can harmful for the computer as it can steal password, delete data and create security hole or backdoor for hacker. Logic Bombs : - Embeds with some program and are designed to execute on a particular date or time. Bacteria/Rabbit : - The types of codes that do not damage the files but deny access to the resources by consuming all disk space or memory. Mac (Mandatory Access Control) : - Stores highly secret or sensitive information. And mainly used in Govt. Department . Dac (Discretionary Access Control) : - It Use username and password to check weather or not the user is authorized. Authentication : - A method of verifying the users who want to access the network or computer system.
TYPES OF AUTHENTICATION SOMETHING THE USER KNOWS : - SOMETHING THE USER HAS : - SOMETHING THE USER IS : - E-MAIL WEB AUTHENTICATING SERVER DIRECTORY SERVICES DHCP Method of specifying the access right to the information and resources .
PRINTING :- NFS :- TELNET INSTANT MESSAGING (IM) TCP/IP UDP SMTP POP FTP HTTP DNS
PORT IN PROTOCOL
CHAPTER – 2 THREATS TO A COMPUTER NETWORK II
ACCESS ATTACK MODIFICATION ATTACK REPUDIATION ATTACK DENIAL-OF-SERVICE ATTACK Aims at gaining access to information that the attacker is not authorizes to have. Refers to the attack in which an attacker can modify your computer information such as inserting or deleting the text, which appears as genuine to the user. Makes the data or information to be useless. Refers to a strategy of attack in which an outsider tries to disrupt your network and services.
SCOPING AN ATTACK ENUMERATING NETWORK Is a method or process which is used to violate the security of the network The process of gathering information about a host or group of hosts . Information can be gathered in different ways like whois query, zone transfer, ping sweeps, and traceroute . It provides the information, such as administrative contact, billing contact, and address of the target network. A scanning technique used to determine the range of ip address that can be mapped to live hosts and also known as ICMP sweep. By which we can check whether a particular pc is live in a network or not. WHOIS QUERY THE PING SWEEP
The Zone Transfer The Traceroute Is performed with the help of nslookup command that is supported by both unix and windows platform. The various tools can be used for zone transfer such as ws pingpro, sam spade, and netscan. A command line tool available on both windows and unix platform Since domains can be registers via so many registrars you must first query the registrar to which the domain is registered. After that you can query the domain record from the associated registrar. In which you need to query internet regional registries (RIRs) for network blocks and details. For example ARIN or APNIC whois query.
Is a way of collecting information from the organizational DNS sever by zone transferring method. Where a hacker can collect information regarding any hosts inside the organization and their corresponding ip address known as HINFO record. In this case the attacker sends a multiple SYN request to a host but never reply the request sent by the other host. In this way the listen queue is filled and does not accept new connections, till a partially opened connections is not completed. In this case the attacker send ICMP packet instead of SYN packet for DOS attack. TCP/IP hijacking is a clever technique that uses spoofed packets to take over a connection between a victim and a host machine. This technique is exceptionally useful when the victim uses a one-time password to connect to the host machine. A one-time password can be used to authenticate once and only once, which means that sniffing the authentication is useless for the attacker. TCP SYN FLOOD ATTACK ICMP ATTACKS TCP/IP HIJACKING
IP SPOOFING TCP SEQUENCE NUMBER ATTACK The purpose of IP spoofing is to make the data look as if it came from an trusted host when in reality it did come from the attacker’s host. And the victim starts communicating with the attacker host as it is an authenticated server. Lets see what the attacker does : The attacker wants to attack Host A. It floods Host B with new requests causing a Denial of service attack to stop Host B from communicating with A. Now, the attacker can predict the sequence number of the packet that A is expecting from B. Attacker prepares such kind of packet and sends it to Host A. Since its a faked packed so host A thinks its coming from B. Now, this host can terminate the connection or asking host A to run some malicious commands/scripts etc.
SOCAIL ENGINEERING MALICIOUS CODES The primary purpose of a hacker is to trick people into retrieving password or other confidential information by pretending as a trustworthy person. Different ways of social engineering are :- o FRIENDSHIP o E-MAIL o DUMPSTER DRIVING o OFFICE SNOOPING o TRUST VIRUSES o BOOT VIRUS : - Affect boot sector o RESIDENT VIRUS :- Resides in RAM o DIRECT ACTION VIRUS :- First replicate itself then take action when it executed. o OVERWRITE VIRUS :-Delete the information contained a file. o POLYMORPHIC VIRUS :- Can change its own digital signature.
o MULTIPARTITE VIRUS :- Combination of boot sector virus and program virus. o STEALTH VIRUS :- Has the ability to mask or disguise itself from antivirus. o MACRO VIRUS :- Infects files and documents. o PROGRAM VIRUS : - Executed when the program executes with whom it attached. o REMOTE ACCESS TROJAN : - Provides remote access service to the victim’s pc. o PASSWORD SENDING TROJAN :- Sends all your credentials to the person who installed it. o KEY LOGGERS :- Track and log the keystrokes of the target computer. o DESTRUCTIVE TROJANS :- Used to delete the information and database of PC. o DOS ATTACK TROJANS :-Produce Lot of traffic on the target computer and create congestion on the internet connection. o PROXY/WINGATE TROJANS :- Change the target computer into a proxy or wingate server. o E-MAIL WORMS : -Spread through emails messages. o INSTANT MESSAGING WORMS :- Spread through IM applications. o INTERNET WORMS :- Attempt to access the vulnerable PCs in internet. o INTERNET RELAY CHAT WORMS :- Spread through the chat channel mainly. TROJAN HORSE WORMS
o FILE SHARING NETWORKS WORMS :- Spreads through shared folder affecting it. o NUWAR OL WORMS :- Delivered to the users inbox with subjects like “you are in my dreams” , “I love you so much” , etc.. And when the user opens the message it infects the computer of that user as well as the all those users inside the contact list of the person by sending the message itself. o VALENTINE E WORMS – Distribute through emails and equivalent to NUWAR OL WORMS. Is a method of obtaining information from the internet conversation between two system. Involves physical access to a part of the wire (that is access to a section of PBX) Is a modification of the software that is used to run the phone system and also known as Remote Observation System (REMBOS), Direct Access Test Unit (DATU), Electronic switching System (ESS), and translation Tap. WIRETAPS HARDWIRED WIRETAP SOFT WIRETAP
TRANSMIT WIRETAP RECORDING WIRETAP PASSIVE EAVESDROPPING ACTIVE EAVESDROPPING Refers to the Radio Frequency (RF) transmitter connected a wire. But it can be easily detectable by competent bug sweep specialist. Is similar to a tape recorder wire into the phone line. And is similar to hardwire wiretap. Very difficult to detect as it requires a very high level technical expertise. Technical surveillance counter measures (TSCM) specialists are usually hired to detect such wiretap. Is a process of listening partially of whole conversation between two parties. A attack on network layer used to capture packet using packet sniffer tools. Refers to unauthorized, covert monitoring of data transmission. Refers to probing, scanning to tampering with a transmission channel to access the transmitted data. EAVESDROPPING
PORT SCAN IP SCAN PORT SCANNING TECHNIQUES A method used by attacker to identifying the port that are open or in use by any pc. And can search port from 0 to 65535 used by TCP/IP suite. A method used by attacker to identify live hosts or IPs those are actively used by pcs in a network. Exa- Lan Scanner The scanning is provided by an operating system . It succeeded if the port is listening, otherwise the port is unreachable. A narrower scan that used to check some specific port or services that the attacker know how to exploit. Also known as half-open-scanning as it does not require a TCP connection to complete. If the target respond with a SYN+ACK packet to the attacker’s SYN packet then it can be considered as a open port and a reset(RST) response represent non-listener port. TCP Connect STROBE SYN Scan
FRAGMENTED PACKET PORT SCAN FIN SCAN BOUNCE SCAN FINGER EMAIL HTTP Proxy IRC BNC (Internet Relay Chat Bouncer) Splits the TCP header into several IP fragments so that it can easily pass through a packet filter firewall as filter rule will not match with the fragmented packet. 1. Speed: TCP FIN scanning is fast compared to other types of scans 2. Stealth: TCP FIN scanning is stealthy compared to other types of scans 3. Open Port: Detects an open port via no response to the segment 4. Closed Port: Detects that a closed via a RST received in response to the FIN FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request. Refers to the spammers, which try to relay their spams through smtp servers. Refers to the web server support to use proxy so that all web traffic can be sent to a single server for filtering and caching to improve performance of network. Refers to the attackers who want to hide their IRC identities by bouncing their connection with the help of other machines. For this purpose a particular program known as BNC can be used on other pc.
SPOOFING Man In The Middle Attack a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. IP spoofing and DNS spoofing are the most popular spoofing attacks. Different types of spoofing are :- o IP Spoofing o Content Spoofing o Caller ID Spoofing o E-Mail Spoofing o Phishing A man-in-the-middle (MITM) attack is a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party.
BLIND SPOOFING Denial-Of –Service Attack Replay Attack Password-Guessing Attack URL Spoofing and Phishing In this method the hacker blindly send packets expecting by target host without reading or packets and TCP session. Because some operating systems now use random sequence numbers which is difficult to predict them accurately. Refers to an attempt that restricts the access to the computer or network to its intended user or organization. And IP spoofing can be used to defend against D-O-S. In this method the attacker can capture the information between a client and authenticated server and then replay it by submitting the security certificate, and if the attack becomes successful, the attacker will have the privileges that provided to the certificate holder. A method of guessing password of any E-mail account or authenticate device repeatedly with the help of password cracker application. In this method the attacker design a legitimate web page, such as bank’s site or any social network web page to misguide the user by making that believe that they are connected to a trusted web site.
IDENTITY, AUTHENTICATION AND VULNEREBILITY MANAGEMENT
IDENTIFICATION AND AUTHENTICATION PASSWORD BIOMETRICS PHYSIOLOGICAL BEHAVIORAL Identification refers to recognizing a user and authentication refers to the process of verifying whether the user is valid or not. It can be checked in two ways :- PASSWORD and BIOMETRICS Is a code, number, word or string of character that must be kept secret from others. It used to authenticating user over network. Is defined as the process of identifying or authenticating the identity of a user by using physiological and behavioral characteristics under the close observation. And is based on what a person is rather than what a person has. And can be divided into two classes. Refers to the body characteristics such as fingerprints, face recognition, hand and palm geometry, iris scan etc.. Refers to the behavior of a person such as hand writing, voice, sound etc..
Method of biometric authentication also can be of two types.. Here user’s biometric is compared with stored original information to verify the user and it can be done in combination with smart card, username or ID number. Here user’s biometric is compared with the biometrics available in a database to identify an unknown user. A host can authenticate a user using the following mechanism :- In SSO a user provides username (ID) and password to the network at the beginning of the authentication process to logon to the network. Prompts a user for authentication and getting a Kerberos ticket to verify the user. VERIFICATION IDENTIFICATION AUTHENTICATION OF HOST o Single-Sign-On o Kerberos o Cryptography SINGLE-SIGN-ON KERBEROS BASED
Smart Card Based OTP Token KERBEROS Authentication Method In the smart card based SSO , The user credential are stored in the smart card. Refers to one time password token and the best way for SSO authentication. Kerberos is a secure method for authenticating a request for a service in a computer network. Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). o The user enters the username and password to request a service. o Information is passed to the Authentication server(AS) or Key distribution center(KDC). o The KDC validates the username and password. o Then the AS creates a session key basing upon the user password and a random value that represent the requested service. The session key is effectively a Ticket Granting Ticket (TGT) o Then the TGT is sent to the TGS or the user requested server. o The service either rejects the ticket or accepts it and performs the service
CRYPTOGRAPHY Common Uses of Cryptography Access Control Password Authentication E-Mail Security Data Integrity Security Digital Signature The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable. is a mathematical scheme for demonstrating the authenticity of a message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.
GOALS OF CRYPTOGRAPHY Confidentiality:- Integrity :- Availability :- Terms Used In Cryptography Cipher text :- Plain text :- Encryption :- Decryption :- Key :- Substitution :- BASIC PREMITIVE OF CRYPTOGRAPHY Symmetric Key -Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key. This means that the key must be transferred from sender to reciever.
Symmetric key ciphers are implemented as either ”block ciphers” or ”stream ciphers”. a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called BLOCK. The process is used when the size of the data is more than 128 bit. It takes the whole block of plain text and gives the whole in cipher text as output. where plaintext digits are combined with a pseudorandom cipher digit stream (key stream). In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the key stream, to give a digit of the cipher text stream. The method of encryption in which different keys are used to encrypt and decrypt data. The public key is used to encrypt the message, the private key is kept secret and used to decrypt the massage. BLOCK CIPHER STREAM CIPHER ASYMMETRIC KEY OR PUBLIC KEY ENCRYPTION
Hash Function Low Cost Determinism Uniformity Variable range Dynamic Hash Function Continuity Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value. It is also used in many encryption algorithms. Refers to the property that generates the same hash value for each given input. Refers to the process of checking consistency of data. This implies that every input must have output in hash code according to the input. Refers to the range variation of hash values according to the program run or data. The hash table can automatically expand or shrink according to the size of the data. Increase or decrease the output value with increase or decrease in the input value.
RSA ALGORITHM EXAMPLE RSA is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Microsoft and Netscape. Choose p = 3 and q = 11 Compute n = p * q = 3 * 11 = 33 Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20 Choose e such that 1 < e < φ(n) and e and n are co-prime. Let e = 7 Compute a value for d such that (d * e) % φ(n) = 1. One solution is d = 3 [(3 * 7) % 20 = 1] Public key is (e, n) => (7, 33) Private key is (d, n) => (3, 33) The encryption of m = 2 is c = 27 % 33 = 29 The decryption of c = 29 is m = 293 % 33 = 2 Where n = modulus e = encryption exponent d = decryption exponent
vulnerability management Stages Vulnerability management is a pro-active approach to managing network security.
1.Discover: Inventory all assets across the network and identify host details including operating system and open services to identify vulnerabilities. Develop a network baseline. Identify security vulnerabilities on a regular automated schedule. 2.Prioritize Assets: Categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to your business operation. 3.Assess: Determine a baseline risk profile so you can eliminate risks based on asset criticality, vulnerability threat, and asset classification. 4.Report: Measure the level of business risk associated with your assets according to your security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities. 5.Remediate: Prioritize and fix vulnerabilities in order according to business risk. Establish controls and demonstrate progress. 6.Verify: Verify that threats have been eliminated through follow-up audits.
INTRUSION DETECTION
Introduction Stages Of IDS An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.
NETWORK-BASED IDS Capture network traffic to perform intrusion detection operations. NIDS scans the network at the router or host-level, audits packet information, and log any suspicious packets into a special log file with extended information. And when it will find any severity in packets informs the security team with emails or pager calls.
THREATS AND ACTIVITIES THAT CAN BE CONTROLLED BY NIDS CONTROL MECHANISM Advantages of IDS o IP Spoofing o Denial-Of-Service Attack o DNS name corruption o Man-in-the-Middle attack o Centralized :- The information present in the various IDSs is analyzed and processed by a central entity. o Distributed :- The log information is distributed to every node present in the network. o Low Cost Of Ownership :- Do not require any additional software to be loaded in the network. Low cost is due to the small number of detection in can make. o Detects Attacks Missed by the HIDS:- examine all the packet header for signs of malicious and suspicious activities. o Analyze the payload packet :- Examines the content of the payload, looking for command used in specific attacks. o Real-time detection and response :- Allows rapid actions such as notification and responses. The response can ranges from allowing the penetration in surveillance mode to gather information or to immediate termination of the attack.
o More difficult for an attacker to remove evidence :- Does not allow an attacker to remove evidence because NIDS use live network traffic for attack detection. o Active Response : - When a system is threatened by any potential attack it takes the immediate possible action required to decrease the impact of attack. o Passive Response : - When a system is threatened by any potential attack it notifies the administrator about the threat. o Logging :- Records an event and the circumstances of its occurrence. It can provide sufficient information about the nature of attack. o Notification :- Communicates event-related information to the person when an event takes place. o Shunning :- refers to the activity of avoiding attack. o Terminating Process Or Sessions :- Terminate all the unauthorized process and sessions that are trying to gain access to the system by resetting the network. o Network Configuration Changes :- Instructs the firewall or border router to reject any request or traffic coming from a particular socket or address that is being attacked. o Deception :- Fools the attackers and redirects them to a system that is designed to be broken. RESPONSES Common Passive Response Strategies Common Active Response Strategies
HOST-BASED INTRUSION DETECTION SYSTEM
Host Based IDS Advantages Of HIDS Mechanism Signature-Based HIDS Statistical Anomaly-based IDS Designed to monitor, detect and respond to activities or attacks on a given host. And are run on individual hosts or devices in the network. o Monitors user privileges o Verify success or failure of an attack o Monitors specific system activities o Detects attacks missed by the NIDS o Well-Suited for encrypted or switched environment . o Near-Real-Time detection and response o Requires no additional hardware. Also Known as the knowledge-based IDS, compares the packet against a database of signature or attributes from the known malicious threats. Also Known as Behavior-based IDS and dynamically detects deviations arising from the behavior of the user and accordingly triggers alarm.
Issued Faced while using an IDS Honeypots Production honeypot o Continuous increase in the network traffic. o Use of encrypted massage to transport malicious information o Lack of widely accepted IDS terminology and conceptual structures o Inappropriate and automated response attacks are also inherited. o Lacks objectivity in evaluating and testing information. A honeypot is a computer that has been designed as a target for computer attacks. It is a trap mechanism that is used to attract a hacker away from valuable network resources and provide an early indication of an attack. It is configured to interact with possible hackers and capture details of their attacks and are also known as sacrificial lambs or booby traps. It records only limited information like organization of the attack and tools used in the process.
Identifying Operating system vulnerabilities Issues physical and local security management Logon Security Management Is a process of defining the main issues related to the security of an OS. o Managing physical and local security o Managing logon security o Managing users and groups o Managing local and global groups o Managing user accounts o Managing domains o Password protect your basic input/output system. o Boot the computer from hard disk not by using floppy or compact disks o Password protect your computer o Password Protect your all user accounts o Set LegalNoticeCaption in registry under the string HKEY_LOCAL_MACHINESOFTWAREMICROSOFTwindowsNTcurrentversion winlogon
User and Group Management Local And Global Group Management User Account Management Domain Management o Need to create group for easy and reliable management of users o Access privilege should be given to each user or group according to the responsibilities given to the user. o Local groups refer to the computer itself. o Global groups can be belongs to a whole domain. o Password complexity must be enabled for your PC. o Last logon user details can be disabled to make the user account secure by editing the registry: - HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionWin logon then select Edit-New-String Vlaue to create a new string value then rename the string as “DonotDisplayLastUserName” then doible click it and type 1 for value data. o You must create BDC or ADC for PDC. in case PDC stops functioning BDC can work as PDC.
Hardening the Operating System Layers Of Protection Analysis Components of LOPA o Refers to the process of protecting, securing or providing security to a computer or network by reducing vulnerabilities, such as weak password or threats from bugs. o The OS must updated with service pack and hotfixes. o LOPA is defined as a risk assessment method. It is used in many organizations to evaluate risks and compare it with risk tolerance criteria to determine if existing safeguards are adequate or if additional safeguards are required. o Process Design : -Refers to the components that helps to reduce the probability of loss due to various events such as fire and explosions. o Basic Control :- Refers to the components that can be used to responds to critical situations. o Alarms, Manual, Intervention – IPLs Refers to devices, systems or actions that are capable of preventing a scenario from proceeding to undesired consequences. And can be organized as an Independent Protection Layer (IPL) o SIS :- Stand for Safety Instrumented System which can handle emergency situations such as emergency shutdown. o Physical Protection:-Refers to the process of protect our system from outside accident using any equipments.
o Plant and community response/emergency response :- Refers to the process or responses they are activated after initial release of critical situations . :- Refers to the process of sending max to max DHCP requests with deceived MAC addresses to make the DHCP server out of IP address. And then the attacker uses a fake DHCP server to provide IP address to the clients and gain access to the whole network. DHCP ATTACK Address Starvation Man-In –The-Middle-Attack Rouge DHCP Server Refers to a unauthorized DHCP server generally used by attacker for sniffing or reconnaissance purpose and to gain access to network traffic.

Recommended

Basics of computer
Basics of computerBasics of computer
Basics of computerSripati Mahapatra
 
Network security
Network securityNetwork security
Network securityNkosinathi Lungu
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Network security
Network securityNetwork security
Network securityNandini Raj
 
Network Security Issues
Network Security IssuesNetwork Security Issues
Network Security IssuesAfreenYousaf
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Network security
Network security Network security
Network security Madhumithah Ilango
 

Recommended

Basics of computer
Basics of computerBasics of computer
Basics of computerSripati Mahapatra
 
Network security
Network securityNetwork security
Network securityNkosinathi Lungu
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Network security
Network securityNetwork security
Network securityNandini Raj
 
Network Security Issues
Network Security IssuesNetwork Security Issues
Network Security IssuesAfreenYousaf
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Computer and network security
Computer and network securityComputer and network security
Computer and network securityKarwan Mustafa Kareem
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeIkhtiar Khan Sohan
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Network security
Network securityNetwork security
Network securityfatimasaham
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applicationswebhostingguy
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksSam Bowne
 
Network security
Network security Network security
Network securityVikas Jagtap
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewMohamed Loey
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network securityIGZ Software house
 
Presentation network security
Presentation network securityPresentation network security
Presentation network securitycegonsoft1999
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutionshassanmughal4u
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-CommerceHem Pokhrel
 
A Complete Guide Cloud Computing
A Complete Guide Cloud ComputingA Complete Guide Cloud Computing
A Complete Guide Cloud ComputingSripati Mahapatra
 
Subnetting
SubnettingSubnetting
SubnettingSripati Mahapatra
 

More Related Content

What's hot

Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeIkhtiar Khan Sohan
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
Network security
Network securityNetwork security
Network securityfatimasaham
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applicationswebhostingguy
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksSam Bowne
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewMohamed Loey
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Presentation network security
Presentation network securityPresentation network security
Presentation network securitycegonsoft1999
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutionshassanmughal4u
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-CommerceHem Pokhrel
 

What's hot (20)

Computer and network security
Computer and network securityComputer and network security
Computer and network security
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and Challenge
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
 
Network security
Network securityNetwork security
Network security
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applications
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
Network management and security
Network management and securityNetwork management and security
Network management and security
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer Attacks
 
Network security
Network security Network security
Network security
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Network security
Network security Network security
Network security
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
 
Presentation network security
Presentation network securityPresentation network security
Presentation network security
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-Commerce
 

Viewers also liked

A Complete Guide Cloud Computing
A Complete Guide Cloud ComputingA Complete Guide Cloud Computing
A Complete Guide Cloud ComputingSripati Mahapatra
 
configure IP address in command mode
configure IP address in command modeconfigure IP address in command mode
configure IP address in command modeSripati Mahapatra
 
Osi model with neworking overview
Osi model with neworking overviewOsi model with neworking overview
Osi model with neworking overviewSripati Mahapatra
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
Slideshare cost of ignoring network security presentation v4
Slideshare cost of ignoring network security presentation v4Slideshare cost of ignoring network security presentation v4
Slideshare cost of ignoring network security presentation v4Sergio Loureiro
 
Network Security
Network SecurityNetwork Security
Network SecurityJaya sudha
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
A NETWORK SECURITY APPROACH USING RSA.
A NETWORK SECURITY APPROACH USING RSA.A NETWORK SECURITY APPROACH USING RSA.
A NETWORK SECURITY APPROACH USING RSA.Tuhin_Das
 

Viewers also liked (20)

A Complete Guide Cloud Computing
A Complete Guide Cloud ComputingA Complete Guide Cloud Computing
A Complete Guide Cloud Computing
 
Subnetting
SubnettingSubnetting
Subnetting
 
Processor
ProcessorProcessor
Processor
 
CCNA ALL IN ONE
CCNA ALL IN ONE CCNA ALL IN ONE
CCNA ALL IN ONE
 
Storage device
Storage deviceStorage device
Storage device
 
configure IP address in command mode
configure IP address in command modeconfigure IP address in command mode
configure IP address in command mode
 
Osi model with neworking overview
Osi model with neworking overviewOsi model with neworking overview
Osi model with neworking overview
 
01.number systems
01.number systems01.number systems
01.number systems
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
Raid Levels
Raid LevelsRaid Levels
Raid Levels
 
Slideshare cost of ignoring network security presentation v4
Slideshare cost of ignoring network security presentation v4Slideshare cost of ignoring network security presentation v4
Slideshare cost of ignoring network security presentation v4
 
Network Security
Network SecurityNetwork Security
Network Security
 
INTEGRATED CIRCUIT
INTEGRATED CIRCUITINTEGRATED CIRCUIT
INTEGRATED CIRCUIT
 
Network Security
Network SecurityNetwork Security
Network Security
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
A NETWORK SECURITY APPROACH USING RSA.
A NETWORK SECURITY APPROACH USING RSA.A NETWORK SECURITY APPROACH USING RSA.
A NETWORK SECURITY APPROACH USING RSA.
 
Network Security Lecture
Network Security LectureNetwork Security Lecture
Network Security Lecture
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Similar to Data Integrity and Availability

Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OSC.U
 
D03302030036
D03302030036D03302030036
D03302030036theijes
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxInfosectrain3
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 

Similar to Data Integrity and Availability (20)

Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Network security
Network securityNetwork security
Network security
 
Chapter 4.ppt
Chapter 4.pptChapter 4.ppt
Chapter 4.ppt
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Network security
Network securityNetwork security
Network security
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
OSCh19
OSCh19OSCh19
OSCh19
 
OS_Ch19
OS_Ch19OS_Ch19
OS_Ch19
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OS
 
D03302030036
D03302030036D03302030036
D03302030036
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Intercept product
Intercept productIntercept product
Intercept product
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 

Recently uploaded

Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxPoojaSen20
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinojohnmickonozaleda
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 

Recently uploaded (20)

Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipino
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 

Data Integrity and Availability

  • 1.
  • 2.
  • 3. Security can be defined as the process or procedure to ensure the integrity, availability, and confidentiality of data and resources against threats, viruses, bugs, and vulnerabilities. Security can be of two types: Computer security Network security refers to preventing the disclosure of information to unauthorized individuals or systems In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle.This means that data cannot be modified in an unauthorized or undetected manner.
  • 4. For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. AVAILIBILITY
  • 5. An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro- actively limiting the impact of a security breach. PLAN : Is about designing the ISMS, assessing information security risks and selecting appropriate controls. DO : phase involves implementing and operating the controls. CHECK : objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS. ACT : changes are made where necessary to bring the ISMS back to peak performance.
  • 6. ISO/IEC 27000 ISO/IEC 27001:2005 The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27k' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC). The standard explains the purpose of an Information Security Management System (ISMS), Management system and risk management and definition of information security. is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC). The key benefits of 27001 are: o It can act as the extension of the current quality system to include security o It provides an opportunity to identify and manage risks to key information and systems assets o Provides confidence and assurance to trading partners and clients; acts as a marketing tool o Allows an independent review and assurance to you on information security practices
  • 7. ISO/IEC 27003 ISO/IEC 27004 ISO/IEC 27003 is part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series. And the purpose of ISO/IEC 27003 is to provide help and guidance in implementing an ISMS (Information Security Management System). Tasks To Maintain The Standards :- o Seeking management approval to start the project and to implement ISMS. o Describing scope and boundary Of ISMS. o Conducting security risks assessment planning for risk treatments. o Designing ISMS and planning the implementation project. The purpose of ISO/IEC 27004:2009 is to help organizations measure, report and hence systematically improve the effectiveness of their Information Security Management System(ISMS). The standard includes the following main sections: o Information security measurement overview. o Management responsibilities. o Measures and measurement development. o Measurement operation. o Data analysis and measurement results reporting. o Information Security Measurement Program evaluation and improvement.
  • 8. PASSIVE ATTACK ACTIVE ATTACK A "passive attack" attempts to learn or make use of information from the system but does not affect system resources. TYPES : BRUTE FORCE ATTACK : Breaks the encrypted data by finding the appropriate key. ALGEBERIC ATTACK : In which you can write a cipher as a system equation. After writing a cipher you can read it by using appropriate key. CODE BOOK ATTACK : Refers to a technique for cryptanalysis. The attacker tries to build a code book in which an attacker describes the cipher text and its corresponding plain test. An "active attack" attempts to alter system resources or affect their operation. EXAMPLES : Denial-of-service attack Spoofing
  • 9. Refers to a software that is designed for preventing, identifying and removing malware including malicious codes and computer system virus. Is a sequence of code or instructions that inserted into other programs and executed when the program runs. And is harmful for pc. Boot Sector Virus : - infects the MBR of hard disk and execute at the time of booting. File infector virus : - Attach itself to executable files and executed when the program runs. Macro Virus : - Attach itself to the documents and get executed when the file opens. Multipartite Virus : - Combines the boot sector virus with file infector virus.
  • 10. Polymorphic Virus : - Get replicated when they start replicating themselves over the network. Worm : - Refers to the virus they can auto replicate from one to many and can travel from one place another through network. Trojan Horse : - A program that appears safe but can harmful for the computer as it can steal password, delete data and create security hole or backdoor for hacker. Logic Bombs : - Embeds with some program and are designed to execute on a particular date or time. Bacteria/Rabbit : - The types of codes that do not damage the files but deny access to the resources by consuming all disk space or memory. Mac (Mandatory Access Control) : - Stores highly secret or sensitive information. And mainly used in Govt. Department . Dac (Discretionary Access Control) : - It Use username and password to check weather or not the user is authorized. Authentication : - A method of verifying the users who want to access the network or computer system.
  • 11. TYPES OF AUTHENTICATION SOMETHING THE USER KNOWS : - SOMETHING THE USER HAS : - SOMETHING THE USER IS : - E-MAIL WEB AUTHENTICATING SERVER DIRECTORY SERVICES DHCP Method of specifying the access right to the information and resources .
  • 12. PRINTING :- NFS :- TELNET INSTANT MESSAGING (IM) TCP/IP UDP SMTP POP FTP HTTP DNS
  • 14. CHAPTER – 2 THREATS TO A COMPUTER NETWORK II
  • 15. ACCESS ATTACK MODIFICATION ATTACK REPUDIATION ATTACK DENIAL-OF-SERVICE ATTACK Aims at gaining access to information that the attacker is not authorizes to have. Refers to the attack in which an attacker can modify your computer information such as inserting or deleting the text, which appears as genuine to the user. Makes the data or information to be useless. Refers to a strategy of attack in which an outsider tries to disrupt your network and services.
  • 16. SCOPING AN ATTACK ENUMERATING NETWORK Is a method or process which is used to violate the security of the network The process of gathering information about a host or group of hosts . Information can be gathered in different ways like whois query, zone transfer, ping sweeps, and traceroute . It provides the information, such as administrative contact, billing contact, and address of the target network. A scanning technique used to determine the range of ip address that can be mapped to live hosts and also known as ICMP sweep. By which we can check whether a particular pc is live in a network or not. WHOIS QUERY THE PING SWEEP
  • 17. The Zone Transfer The Traceroute Is performed with the help of nslookup command that is supported by both unix and windows platform. The various tools can be used for zone transfer such as ws pingpro, sam spade, and netscan. A command line tool available on both windows and unix platform Since domains can be registers via so many registrars you must first query the registrar to which the domain is registered. After that you can query the domain record from the associated registrar. In which you need to query internet regional registries (RIRs) for network blocks and details. For example ARIN or APNIC whois query.
  • 18. Is a way of collecting information from the organizational DNS sever by zone transferring method. Where a hacker can collect information regarding any hosts inside the organization and their corresponding ip address known as HINFO record. In this case the attacker sends a multiple SYN request to a host but never reply the request sent by the other host. In this way the listen queue is filled and does not accept new connections, till a partially opened connections is not completed. In this case the attacker send ICMP packet instead of SYN packet for DOS attack. TCP/IP hijacking is a clever technique that uses spoofed packets to take over a connection between a victim and a host machine. This technique is exceptionally useful when the victim uses a one-time password to connect to the host machine. A one-time password can be used to authenticate once and only once, which means that sniffing the authentication is useless for the attacker. TCP SYN FLOOD ATTACK ICMP ATTACKS TCP/IP HIJACKING
  • 19. IP SPOOFING TCP SEQUENCE NUMBER ATTACK The purpose of IP spoofing is to make the data look as if it came from an trusted host when in reality it did come from the attacker’s host. And the victim starts communicating with the attacker host as it is an authenticated server. Lets see what the attacker does : The attacker wants to attack Host A. It floods Host B with new requests causing a Denial of service attack to stop Host B from communicating with A. Now, the attacker can predict the sequence number of the packet that A is expecting from B. Attacker prepares such kind of packet and sends it to Host A. Since its a faked packed so host A thinks its coming from B. Now, this host can terminate the connection or asking host A to run some malicious commands/scripts etc.
  • 20.
  • 21. SOCAIL ENGINEERING MALICIOUS CODES The primary purpose of a hacker is to trick people into retrieving password or other confidential information by pretending as a trustworthy person. Different ways of social engineering are :- o FRIENDSHIP o E-MAIL o DUMPSTER DRIVING o OFFICE SNOOPING o TRUST VIRUSES o BOOT VIRUS : - Affect boot sector o RESIDENT VIRUS :- Resides in RAM o DIRECT ACTION VIRUS :- First replicate itself then take action when it executed. o OVERWRITE VIRUS :-Delete the information contained a file. o POLYMORPHIC VIRUS :- Can change its own digital signature.
  • 22. o MULTIPARTITE VIRUS :- Combination of boot sector virus and program virus. o STEALTH VIRUS :- Has the ability to mask or disguise itself from antivirus. o MACRO VIRUS :- Infects files and documents. o PROGRAM VIRUS : - Executed when the program executes with whom it attached. o REMOTE ACCESS TROJAN : - Provides remote access service to the victim’s pc. o PASSWORD SENDING TROJAN :- Sends all your credentials to the person who installed it. o KEY LOGGERS :- Track and log the keystrokes of the target computer. o DESTRUCTIVE TROJANS :- Used to delete the information and database of PC. o DOS ATTACK TROJANS :-Produce Lot of traffic on the target computer and create congestion on the internet connection. o PROXY/WINGATE TROJANS :- Change the target computer into a proxy or wingate server. o E-MAIL WORMS : -Spread through emails messages. o INSTANT MESSAGING WORMS :- Spread through IM applications. o INTERNET WORMS :- Attempt to access the vulnerable PCs in internet. o INTERNET RELAY CHAT WORMS :- Spread through the chat channel mainly. TROJAN HORSE WORMS
  • 23. o FILE SHARING NETWORKS WORMS :- Spreads through shared folder affecting it. o NUWAR OL WORMS :- Delivered to the users inbox with subjects like “you are in my dreams” , “I love you so much” , etc.. And when the user opens the message it infects the computer of that user as well as the all those users inside the contact list of the person by sending the message itself. o VALENTINE E WORMS – Distribute through emails and equivalent to NUWAR OL WORMS. Is a method of obtaining information from the internet conversation between two system. Involves physical access to a part of the wire (that is access to a section of PBX) Is a modification of the software that is used to run the phone system and also known as Remote Observation System (REMBOS), Direct Access Test Unit (DATU), Electronic switching System (ESS), and translation Tap. WIRETAPS HARDWIRED WIRETAP SOFT WIRETAP
  • 24. TRANSMIT WIRETAP RECORDING WIRETAP PASSIVE EAVESDROPPING ACTIVE EAVESDROPPING Refers to the Radio Frequency (RF) transmitter connected a wire. But it can be easily detectable by competent bug sweep specialist. Is similar to a tape recorder wire into the phone line. And is similar to hardwire wiretap. Very difficult to detect as it requires a very high level technical expertise. Technical surveillance counter measures (TSCM) specialists are usually hired to detect such wiretap. Is a process of listening partially of whole conversation between two parties. A attack on network layer used to capture packet using packet sniffer tools. Refers to unauthorized, covert monitoring of data transmission. Refers to probing, scanning to tampering with a transmission channel to access the transmitted data. EAVESDROPPING
  • 25. PORT SCAN IP SCAN PORT SCANNING TECHNIQUES A method used by attacker to identifying the port that are open or in use by any pc. And can search port from 0 to 65535 used by TCP/IP suite. A method used by attacker to identify live hosts or IPs those are actively used by pcs in a network. Exa- Lan Scanner The scanning is provided by an operating system . It succeeded if the port is listening, otherwise the port is unreachable. A narrower scan that used to check some specific port or services that the attacker know how to exploit. Also known as half-open-scanning as it does not require a TCP connection to complete. If the target respond with a SYN+ACK packet to the attacker’s SYN packet then it can be considered as a open port and a reset(RST) response represent non-listener port. TCP Connect STROBE SYN Scan
  • 26. FRAGMENTED PACKET PORT SCAN FIN SCAN BOUNCE SCAN FINGER EMAIL HTTP Proxy IRC BNC (Internet Relay Chat Bouncer) Splits the TCP header into several IP fragments so that it can easily pass through a packet filter firewall as filter rule will not match with the fragmented packet. 1. Speed: TCP FIN scanning is fast compared to other types of scans 2. Stealth: TCP FIN scanning is stealthy compared to other types of scans 3. Open Port: Detects an open port via no response to the segment 4. Closed Port: Detects that a closed via a RST received in response to the FIN FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request. Refers to the spammers, which try to relay their spams through smtp servers. Refers to the web server support to use proxy so that all web traffic can be sent to a single server for filtering and caching to improve performance of network. Refers to the attackers who want to hide their IRC identities by bouncing their connection with the help of other machines. For this purpose a particular program known as BNC can be used on other pc.
  • 27. SPOOFING Man In The Middle Attack a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. IP spoofing and DNS spoofing are the most popular spoofing attacks. Different types of spoofing are :- o IP Spoofing o Content Spoofing o Caller ID Spoofing o E-Mail Spoofing o Phishing A man-in-the-middle (MITM) attack is a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party.
  • 28. BLIND SPOOFING Denial-Of –Service Attack Replay Attack Password-Guessing Attack URL Spoofing and Phishing In this method the hacker blindly send packets expecting by target host without reading or packets and TCP session. Because some operating systems now use random sequence numbers which is difficult to predict them accurately. Refers to an attempt that restricts the access to the computer or network to its intended user or organization. And IP spoofing can be used to defend against D-O-S. In this method the attacker can capture the information between a client and authenticated server and then replay it by submitting the security certificate, and if the attack becomes successful, the attacker will have the privileges that provided to the certificate holder. A method of guessing password of any E-mail account or authenticate device repeatedly with the help of password cracker application. In this method the attacker design a legitimate web page, such as bank’s site or any social network web page to misguide the user by making that believe that they are connected to a trusted web site.
  • 30. IDENTIFICATION AND AUTHENTICATION PASSWORD BIOMETRICS PHYSIOLOGICAL BEHAVIORAL Identification refers to recognizing a user and authentication refers to the process of verifying whether the user is valid or not. It can be checked in two ways :- PASSWORD and BIOMETRICS Is a code, number, word or string of character that must be kept secret from others. It used to authenticating user over network. Is defined as the process of identifying or authenticating the identity of a user by using physiological and behavioral characteristics under the close observation. And is based on what a person is rather than what a person has. And can be divided into two classes. Refers to the body characteristics such as fingerprints, face recognition, hand and palm geometry, iris scan etc.. Refers to the behavior of a person such as hand writing, voice, sound etc..
  • 31. Method of biometric authentication also can be of two types.. Here user’s biometric is compared with stored original information to verify the user and it can be done in combination with smart card, username or ID number. Here user’s biometric is compared with the biometrics available in a database to identify an unknown user. A host can authenticate a user using the following mechanism :- In SSO a user provides username (ID) and password to the network at the beginning of the authentication process to logon to the network. Prompts a user for authentication and getting a Kerberos ticket to verify the user. VERIFICATION IDENTIFICATION AUTHENTICATION OF HOST o Single-Sign-On o Kerberos o Cryptography SINGLE-SIGN-ON KERBEROS BASED
  • 32. Smart Card Based OTP Token KERBEROS Authentication Method In the smart card based SSO , The user credential are stored in the smart card. Refers to one time password token and the best way for SSO authentication. Kerberos is a secure method for authenticating a request for a service in a computer network. Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). o The user enters the username and password to request a service. o Information is passed to the Authentication server(AS) or Key distribution center(KDC). o The KDC validates the username and password. o Then the AS creates a session key basing upon the user password and a random value that represent the requested service. The session key is effectively a Ticket Granting Ticket (TGT) o Then the TGT is sent to the TGS or the user requested server. o The service either rejects the ticket or accepts it and performs the service
  • 33. CRYPTOGRAPHY Common Uses of Cryptography Access Control Password Authentication E-Mail Security Data Integrity Security Digital Signature The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable. is a mathematical scheme for demonstrating the authenticity of a message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.
  • 34. GOALS OF CRYPTOGRAPHY Confidentiality:- Integrity :- Availability :- Terms Used In Cryptography Cipher text :- Plain text :- Encryption :- Decryption :- Key :- Substitution :- BASIC PREMITIVE OF CRYPTOGRAPHY Symmetric Key -Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key. This means that the key must be transferred from sender to reciever.
  • 35. Symmetric key ciphers are implemented as either ”block ciphers” or ”stream ciphers”. a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called BLOCK. The process is used when the size of the data is more than 128 bit. It takes the whole block of plain text and gives the whole in cipher text as output. where plaintext digits are combined with a pseudorandom cipher digit stream (key stream). In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the key stream, to give a digit of the cipher text stream. The method of encryption in which different keys are used to encrypt and decrypt data. The public key is used to encrypt the message, the private key is kept secret and used to decrypt the massage. BLOCK CIPHER STREAM CIPHER ASYMMETRIC KEY OR PUBLIC KEY ENCRYPTION
  • 36. Hash Function Low Cost Determinism Uniformity Variable range Dynamic Hash Function Continuity Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value. It is also used in many encryption algorithms. Refers to the property that generates the same hash value for each given input. Refers to the process of checking consistency of data. This implies that every input must have output in hash code according to the input. Refers to the range variation of hash values according to the program run or data. The hash table can automatically expand or shrink according to the size of the data. Increase or decrease the output value with increase or decrease in the input value.
  • 37. RSA ALGORITHM EXAMPLE RSA is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Microsoft and Netscape. Choose p = 3 and q = 11 Compute n = p * q = 3 * 11 = 33 Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20 Choose e such that 1 < e < φ(n) and e and n are co-prime. Let e = 7 Compute a value for d such that (d * e) % φ(n) = 1. One solution is d = 3 [(3 * 7) % 20 = 1] Public key is (e, n) => (7, 33) Private key is (d, n) => (3, 33) The encryption of m = 2 is c = 27 % 33 = 29 The decryption of c = 29 is m = 293 % 33 = 2 Where n = modulus e = encryption exponent d = decryption exponent
  • 38. vulnerability management Stages Vulnerability management is a pro-active approach to managing network security.
  • 39. 1.Discover: Inventory all assets across the network and identify host details including operating system and open services to identify vulnerabilities. Develop a network baseline. Identify security vulnerabilities on a regular automated schedule. 2.Prioritize Assets: Categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to your business operation. 3.Assess: Determine a baseline risk profile so you can eliminate risks based on asset criticality, vulnerability threat, and asset classification. 4.Report: Measure the level of business risk associated with your assets according to your security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities. 5.Remediate: Prioritize and fix vulnerabilities in order according to business risk. Establish controls and demonstrate progress. 6.Verify: Verify that threats have been eliminated through follow-up audits.
  • 41. Introduction Stages Of IDS An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.
  • 42. NETWORK-BASED IDS Capture network traffic to perform intrusion detection operations. NIDS scans the network at the router or host-level, audits packet information, and log any suspicious packets into a special log file with extended information. And when it will find any severity in packets informs the security team with emails or pager calls.
  • 43. THREATS AND ACTIVITIES THAT CAN BE CONTROLLED BY NIDS CONTROL MECHANISM Advantages of IDS o IP Spoofing o Denial-Of-Service Attack o DNS name corruption o Man-in-the-Middle attack o Centralized :- The information present in the various IDSs is analyzed and processed by a central entity. o Distributed :- The log information is distributed to every node present in the network. o Low Cost Of Ownership :- Do not require any additional software to be loaded in the network. Low cost is due to the small number of detection in can make. o Detects Attacks Missed by the HIDS:- examine all the packet header for signs of malicious and suspicious activities. o Analyze the payload packet :- Examines the content of the payload, looking for command used in specific attacks. o Real-time detection and response :- Allows rapid actions such as notification and responses. The response can ranges from allowing the penetration in surveillance mode to gather information or to immediate termination of the attack.
  • 44. o More difficult for an attacker to remove evidence :- Does not allow an attacker to remove evidence because NIDS use live network traffic for attack detection. o Active Response : - When a system is threatened by any potential attack it takes the immediate possible action required to decrease the impact of attack. o Passive Response : - When a system is threatened by any potential attack it notifies the administrator about the threat. o Logging :- Records an event and the circumstances of its occurrence. It can provide sufficient information about the nature of attack. o Notification :- Communicates event-related information to the person when an event takes place. o Shunning :- refers to the activity of avoiding attack. o Terminating Process Or Sessions :- Terminate all the unauthorized process and sessions that are trying to gain access to the system by resetting the network. o Network Configuration Changes :- Instructs the firewall or border router to reject any request or traffic coming from a particular socket or address that is being attacked. o Deception :- Fools the attackers and redirects them to a system that is designed to be broken. RESPONSES Common Passive Response Strategies Common Active Response Strategies
  • 46. Host Based IDS Advantages Of HIDS Mechanism Signature-Based HIDS Statistical Anomaly-based IDS Designed to monitor, detect and respond to activities or attacks on a given host. And are run on individual hosts or devices in the network. o Monitors user privileges o Verify success or failure of an attack o Monitors specific system activities o Detects attacks missed by the NIDS o Well-Suited for encrypted or switched environment . o Near-Real-Time detection and response o Requires no additional hardware. Also Known as the knowledge-based IDS, compares the packet against a database of signature or attributes from the known malicious threats. Also Known as Behavior-based IDS and dynamically detects deviations arising from the behavior of the user and accordingly triggers alarm.
  • 47. Issued Faced while using an IDS Honeypots Production honeypot o Continuous increase in the network traffic. o Use of encrypted massage to transport malicious information o Lack of widely accepted IDS terminology and conceptual structures o Inappropriate and automated response attacks are also inherited. o Lacks objectivity in evaluating and testing information. A honeypot is a computer that has been designed as a target for computer attacks. It is a trap mechanism that is used to attract a hacker away from valuable network resources and provide an early indication of an attack. It is configured to interact with possible hackers and capture details of their attacks and are also known as sacrificial lambs or booby traps. It records only limited information like organization of the attack and tools used in the process.
  • 48. Identifying Operating system vulnerabilities Issues physical and local security management Logon Security Management Is a process of defining the main issues related to the security of an OS. o Managing physical and local security o Managing logon security o Managing users and groups o Managing local and global groups o Managing user accounts o Managing domains o Password protect your basic input/output system. o Boot the computer from hard disk not by using floppy or compact disks o Password protect your computer o Password Protect your all user accounts o Set LegalNoticeCaption in registry under the string HKEY_LOCAL_MACHINESOFTWAREMICROSOFTwindowsNTcurrentversion winlogon
  • 49. User and Group Management Local And Global Group Management User Account Management Domain Management o Need to create group for easy and reliable management of users o Access privilege should be given to each user or group according to the responsibilities given to the user. o Local groups refer to the computer itself. o Global groups can be belongs to a whole domain. o Password complexity must be enabled for your PC. o Last logon user details can be disabled to make the user account secure by editing the registry: - HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionWin logon then select Edit-New-String Vlaue to create a new string value then rename the string as “DonotDisplayLastUserName” then doible click it and type 1 for value data. o You must create BDC or ADC for PDC. in case PDC stops functioning BDC can work as PDC.
  • 50. Hardening the Operating System Layers Of Protection Analysis Components of LOPA o Refers to the process of protecting, securing or providing security to a computer or network by reducing vulnerabilities, such as weak password or threats from bugs. o The OS must updated with service pack and hotfixes. o LOPA is defined as a risk assessment method. It is used in many organizations to evaluate risks and compare it with risk tolerance criteria to determine if existing safeguards are adequate or if additional safeguards are required. o Process Design : -Refers to the components that helps to reduce the probability of loss due to various events such as fire and explosions. o Basic Control :- Refers to the components that can be used to responds to critical situations. o Alarms, Manual, Intervention – IPLs Refers to devices, systems or actions that are capable of preventing a scenario from proceeding to undesired consequences. And can be organized as an Independent Protection Layer (IPL) o SIS :- Stand for Safety Instrumented System which can handle emergency situations such as emergency shutdown. o Physical Protection:-Refers to the process of protect our system from outside accident using any equipments.
  • 51. o Plant and community response/emergency response :- Refers to the process or responses they are activated after initial release of critical situations . :- Refers to the process of sending max to max DHCP requests with deceived MAC addresses to make the DHCP server out of IP address. And then the attacker uses a fake DHCP server to provide IP address to the clients and gain access to the whole network. DHCP ATTACK Address Starvation Man-In –The-Middle-Attack Rouge DHCP Server Refers to a unauthorized DHCP server generally used by attacker for sniffing or reconnaissance purpose and to gain access to network traffic.