INFORMATION SECURITY

1.INTRODUCTION: As of January 2008, the internet connected an estimated 541.7

million computers in more than 250 countries on every continent, even Antarctica . The internet is not a single network, but a worldwide collection of loosely connected networks that are accessible by individual computer hosts, in a variety of ways, to anyone with a computer and a network connection. Thus, individuals and organizations can reach any point on the internet without regard to national or geographic boundaries or time of day.

However, along with the convenience and easy access to information come risks. Among them are the risks that valuable information will be lost, stolen, changed, or misused. If information is recorded electronically and is available on networked computers, it is more vulnerable than if the same information is printed on paper and locked in a file cabinet. Intruders do not need to enter an office or home; they may not even be in the same country. They can steal or tamper with information without touching a piece of paper or a photocopier. They can also create new electronic files, run their own programs, and hide evidence of their unauthorized activity.

2.What is Information Security (IS) about? Everyone:

Information Security has three primary goals, known as the security triad:

Confidentiality :
Making sure that those who should not see your information, can not see it.

Integrity :
Making sure the information has not been changed from how it was intended to be.

Availability :
Making sure that the information is available for use when you need it.

As you can see, the security triad can be remembered as the letters CIA. These principals are simplistic when broken down, but when you think about it more in depth, all steps taken within security are to help complete one or more of these three security goals.
When most people think about Information Security, they will generally only think of the first item, Confidentiality, and for good reason, since that's all the media seems to think security is about. Confidentiality is also, ironically, the one of the three goals you most often do not need. A public web-site does not want to be confidential, it would defeat the point of being public. In order to promote Confidentiality, you have several tools at your disposal, depending on the nature of the information. Encryption is the most commonly thought of method used to promote Confidentiality, but other methods include Access Control Lists (ACLs) that keep people from having access to information, using smart cards plus pin numbers to prevent unauthorized people into your building and looking around, or even explaining to your employees what information about the company they can and can not disclose over the phone .

Integrity is the part of the triad that affects the most people in the IT world, but few seem to notice it, and fewer still think of it as a security issue. The files on your operating system must maintain a high level of integrity, but worms ,viruses and trojans are a major issue in IT, and can also be a way that an attacker can get information out of your network, or inject his own information into it. And integrity is not just about malicious parties, it also covers items such as disk errors, or accidental changes made to files by unauthorized users. Access control lists (ACLs), physical security, and regular backups all fall under integrity .

Availability is the part of the triad most administrators have to worry about at work, and with good reason. It's the most common, and most visible, part of the security triad and it is part of the job duties of just about every administrator, even non-security based ones. It's mostly about system uptime for them, but it can also cover subjects such as accidentally denying a user access to a resource they should have, having a user locked out of the front door because the biometrics does not recognize his fingerprints (False negative), or even major issues such as natural disasters, and how the company should recover in case of one.

3. How do I protect my information?

Now that you know the goals of security, you may ask: how do I apply them? Well, first, you must decide what needs protected. In other words, you need audit all of your assets, from

information stored on servers to physical items such as staplers, if your duties call for it. Since most people reading this are applying the principals here just to information security, we will first focuson information classifications. There are many different ways of classifying information, but many of them follow the same basic principals. According to Microsoft's view of information, there are four types of information: Public Internal Confidential Secret While it may not be as cool as remembering CIA, the word PICS should help you remember these four data types. But remember, while Microsoft and others use these classifications of data, not all groups follow this as a standard. In other words, it's just not as wide spread as the talk about the CIA model, and some companies may use their own models. Depending on the type of data, security is compromised just by exposing the information to others. With other types of data, however, damage is only done if the data was altered or unavailable. Here is a more in-depth explanation of the four major data types:

PUBLIC INFORMATION: Public data is designed to be shown, so there is no reason to protect it from being seen, and thus confidentiality is not a concern. If Public data is changed or destroyed, however, you lose something you can remember by the letters PTR,or PoinTeR: Prestige, Trust, and Revenue. Public data needs to be accessible, but only a few users or machines should be able to change it. Examples of Public data for businesses may be information on your company web site or any documentation sent to all consumers of your product or services. For home users it may be your personal homepage, or something akin to a myspace page. While it would do no harm for this data to be seen by others, if this data was changed in transit, the results could be disastrous.And funny. Must mostly disastrous. INTERNAL INFORMATION: Internal data, also called Private data, is data that company workers generally know, but outsiders should not know.It's items such as PINs (Personal Identification

Numbers) for doors if everyone shares the same pin, the location of some rooms within the building (such as server rooms or wiring cabinets), or internal procedures of the company. Its information that most company workers can find out, or may even need to know. Discovering this information is normally not a risk in itself, but it allows for better attacks. The main risk is modification, either by an outside force such as an attacker, or most cases, accidentally by an internal user . Security breaches of this type of information will generally affect the operations of a business, and not much else. Most files on your OS would actually fall under this, as damage to them will only affect operations. Keep in mind, however, that internal data can also be a stepping stone to launch attacks on other, more secure, forms of data. On the flip side removing internal data from the view of workers can cause damages to business operations, performing a form of Denial of Service (DoS) attack. For a home user, Private data could be where you store your keys, security codes for home security systems, to even less obvious items.

CONFIDENTIAL INFORMATION:
Confidential data is the data used by a limited number of internal users, and should not be known to the majority of workers. This is the class Human Resources (HR) data and payroll information falls under. Read access to this data is limited to a few users, and write access is generally restricted even more. If this becomes public internally, Operations and Internal Trusts are at stake, while if reviled externally, you once again lose PTR, along with Operations and Internal Trusts. OS files dealing with security also fall into this area in most cases. Confidential data is just a few steps away from Secret data, and like Secret, it needs to be protected. For a home user this could be some emails you've wrote, your browser history, or a folder containing pictures and movies the rest of the household wouldn't approve of.

SECRET INFORMATION:
Secret data is the data most people think of when they hear about breaches in information. This data is your trade secrets, intellectual property, and External Secrets, such as info held in trust for others (partner company's, or customers). Loss of this data may cause critical damage to the company, and could very well be the downfall of it. Besides the PTR loss, and maybe loss of operations, there's fines and legal actions to think of in most cases. While this may seem like only businesses would have data that fall in these four classes, all information can be placed inside them, sometimes into more then one class. As stated before,

most of the files used by your operating system would fall under Internal data. Its not something that needs to be kept secret so much as needs to be kept from being changed. Music files on your machine? They have an effect on the operation of how you run your life, and so fall under operations. Credit card information could be considered secret data as well.

4. COMMON ATTACKS:
Without security measures and controls in place, your data might be subjected to an attack. Some attacks are passive, meaning information is monitored; others are active, meaning the information is altered with intent to corrupt or destroy the data or the network itself. Your networks and data are vulnerable to any of the following types of attacks if you do not have a security plan in place. Access Attack Access Attack is the act of secretly listening to the private conversation of others without their consent. This attack can also be done over telephone lines, email, instant messaging, and other methods of communication considered private

Modification: Modification attack is an attempt to modify information that an attacker is not authorized to modify.

Repudiation Attack: Repudiation or masquerading is a technique that hides an entire address space, usually consisting of private network addresses

Denial of service Unlike a password-based attack, the denial-of-service attack prevents normal use of your computer or network by valid users. After gaining access to your network, the attacker can do any of the following:

Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion.

Send invalid data to applications or network services, which causes abormal termination or behavior of the applications or services.

Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.

Block traffic, which results in a loss of access to network resources by authorized users.

5.TOOLS:
Viruses:
Computer viruses are software programs deliberately designed to: interfere with computer operation; record, corrupt, or delete data; or spread themselves to other computers and throughout the Internet, often slowing things down and causing other problems in the process. How do viruses work? Basic viruses typically require unwary computer users to inadvertently share or send them. Some viruses that are more sophisticated, such as worms, can replicate and send themselves automatically to other computers by controlling other software programs, such as an e-mail sharing application. Certain viruses, called Trojans (named after the fabled Trojan horse), can falsely appear as a beneficial program to coax users into downloading them. Some Trojans can even provide expected results while quietly damaging your system or other networked computers at the same time. How Can I Protect My Computer From Viruses? Install an antivirus program and keep it updated. University Technology Services has purchased a volume license for antivirus software and made it available for download by students, staff and faculty. Keeping antivirus programs updated is imperative. Because new viruses are released every day, there's always some risk that your computer will be infected by a virus that your antivirus program does not "know" about. Unless a rapidly-spreading virus is released, you should be reasonably safe if you update your antivirus program weekly.

How Do I Know If My Computer Is Infected By A Virus? In a perfect world, your antivirus software will warn you of an infection. However, that may not happen if you have not been downloading updates or if your antivirus software stops functioning for some reason. (For example, some viruses attack antivirus software). There's no single symptom for virus infections. Some viruses inform you themselves by displaying messages like, "Ha, ha, you're infected by whatever." Others just usurp system and network resources to do things like send e-mail messages or propagate themselves over the network. Still others delete or corrupt critical files. If your computer starts performing differently for no apparent reason, it may be infected by a virus.

Worms:
Worms? What are they? Worms are programs that make copies of themselves in different places on a computer. The objective of this type of malware is usually to saturate computers and networks, preventing them from being used. Unlike viruses, worms dont infect files. What do they do? The main objective of worms is to spread and infect as many computers as possible. They do this by creating copies of themselves on infected computers, which then spread to other computers by several channels including email, P2P programs and instant messaging, among others. Worms often use social engineering techniques. To do so, malware creators use attractive names to camouflage the malicious files. Most of these names relate to sex, famous people, pirate software, current affairs or generally try to appeal to peoples morbid curiosity. The use of these techniques significantly increases around dates such as Valentines Day, Christmas and Halloween.

Evolution of Worms:

Worms have also been adapted to fit the new malware dynamic. Previously, worms were designed largely to achieve notoriety for the creators, and were therefore programmed to spread massively and infect computers around the world. Now, however, worms are more geared towards generating financial gain. They are used to create massive botnets which control thousands of computers around the world. Cyber-crooks then send commands to these computers (zombies) to send spam, launch denial of service attacks, download malicious files, etc. Conficker or The Gaobot or Sdbot families are just a few examples of this type of worm. In the following statistics you can chack out the importance of this type of malware nowadays:

At present, there are thousands upon thousands of computers being used as zombies without their owners realizing. These compromised computers can still be used normally, and so often the only indication of the infection is reduced performance.

How can you protect yourself from Worms?

There are a series of basic measures that users can take to ensure that computers are protected against worms: Scanning any potentially suspicious files with an antivirus solution. Keeping antivirus programs up-to-date and, if you dont have an antivirus, you can install any of Panda Securitys antivirus solutions to give you full protection against these and other threats.

Running a free antivirus scan of your computer to check whether it is worm-free.

TROJANS:
The effects of the Trojans can be very dangerous, taking into account their evolution in the last years. Here you can find all the information regarding them.

Trojans? What are they? The main objective of this type of malware is to install other applications on the infected computer, so it can be controlled from other computers. Trojans do not spread by themselves, and as their name suggests, like the astute Greeks in their attack on Troy, these malicious codes reach computers in the guise of an apparently harmless program, which, in many cases, when executed releases a second program, the Trojan itself. Currently, the percentage of malware traffic represented by the Trojans worldwide is: Worm: 14.04% What do they do? The effects of Trojans can be highly dangerous. Like viruses, they can destroy files or information on hard disks. They can also capture and resend confidential data to an external address or open communication ports, allowing an intruder to control the computer remotely. Additionally, they can capture keystrokes or record passwords entered by users. Given all these characteristics, they are frequently used by cyber-crooks, for example, to steal confidential banking information. Evolution Trojans were designed initially to cause as much damage as possible on the compromised computer. They were designed to format disks or eliminate system files, although they were not widely noticed, as at that time malware creators were looking to cause widespread epidemics, and Trojans could not spread by themselves. One such example was Autorooter.

10

In recent years, thanks to the massive uptake of the Internet, the trend has changed and cybercrooks have seen the use of this type of malware for stealing bank details, usernames and passwords, personal information, etc. In fact, this has led to the creation of new categories of malware: Banker Trojans and Spyware. Within the banker Trojan category, one example which has been highly active recently is Trj/Sinowal, a kit sold on some Russian forums which allows the buyer to create bespoke banker Trojans to launch an attack. At PandaLabs we have observed a worrying increase in the production of banker Trojans, as illustrated in the following graph. Trojans currently account for 70% of all malware we receive at the laboratory.

How can you protect yourself?

To protect yourself against this ubiquitous type of malware, we offer a series of practical tips:

Dont download content from dubious or unknown websites. Keep a close eye on downloads made over P2P networks. Keep antivirus programs up-to-date and, if you dont have an antivirus, you can install any of Panda Securitys antivirus solutions to give you full protection against these and other threats.

11

Run a free antivirus scan of

5.SECURITY MECHANISMS:
Firewalls:
Firewalls are computer security systems that protect your office/home PCs or your network from intruders, hackers & malicious code. Firewalls protect you from offensive software that may come to reside on your systems or from prying hackers. In a day and age when online security concerns are the top priority of the computer users, Firewalls provide you with the necessary safety and protection.

WHAT EXACTLY THEY WORK? Firewalls are software programs or hardware devices that filter the traffic that flows into you PC or your network through a internet connection. They sift through the data flow & block that which they deem (based on how & for what you have tuned the firewall) harmful to your network or computer system. When connected to the internet, even a standalone PC or a network of interconnected computers make easy targets for malicious software & unscrupulous hackers. A firewall can offer the security that makes you less vulnerable and also protect your data from being compromised or your computers being taken hostage.

How do they work? Firewalls are setup at every connection to the Internet, therefore subjecting all data flow to careful monitoring. Firewalls can also be tuned to follow "rules". These Rules are simply security rules that can be set up by yourself or by the network administrators to allow traffic to their web servers, FTP servers, Telnet servers, thereby giving the computer

12

owners/administrators immense control over the traffic that flows in & out of their systems or networks. Rules will decide who can connect to the internet, what kind of connections can be made, which or what kind of files can be transmitted in out. Basically all traffic in & out can be watched and controlled thus giving the firewall installer a high level of security & protection.

Types of Firewall

Software firewalls New generation Operating systems come with built in firewalls or you can buy a firewall software for the computer that accesses the internet or acts as the gateway to your home network.

Hardware firewalls Hardware firewalls are usually routers with a built in Ethernet card and hub. Your computer or computers on your network connect to this router & access the web.

CRYPTOGRAPHY: What Is Cryptography?

Cryptography is the science of providing security for information. It has been used historically as a means of providing secure communication between individuals, government agencies, and military forces. Today, cryptography is a cornerstone of the modern security technologies used to protect information and resources on both open and closed networks.

Basic Components of Modern Cryptography

Modern electronic cryptosystems use complex mathematical algorithms and other techniques and mechanisms to provide network and information security. Cryptography-based security

13

technologies commonly use one or more of the following basic components to provide security functions:

Encryption algorithms Message digest functions Hashed Message Authentication Code (HMAC) functions Secret key exchange algorithms Digital signatures

Risk Factors for Cryptography Systems

There is no simple formula for determining how safe a specific cryptosystem is from attacks and potential security compromises. However, the following factors affect the risk of successful attacks on cryptosystems:

Symmetric key length Public key length Key lifetimes Amount of plaintext known to attackers Strength of the security technology implementation Randomness of generated key Strength of the security protocols

AUTHENTICATION:
Proving that you are who you say you are, where you say you are, at the time you say it is. Authentication may be obtained by the provision of a password or a scan of your retina. Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. To access most technology services of Indiana University, you must provide such proof of identity.

14

INTRUSION DETECTION SYSTEM(IDS):

Intrusion detection system is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization.

Types:
For the purpose of dealing with IT, there are two main types of IDS: Network intrusion detection system (NIDS) It is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network intrusion detection systems gain access to network traffic by connecting to anetwork hub, network switch configured for port mirroring, or network tap. In a NIDS, sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. Sensors capture all network traffic and analyzes the content of individual packets for malicious traffic. An example of a NIDS is Snort. Host-based intrusion detection system (HIDS) It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability databases, Access control lists, etc.) and other host activities and state. In a HIDS, sensors usually consist of a software agent. Some application-based IDS are also part of this category. An example of a HIDS is OSSEC. Stack-based intrusion detection system (SIDS) This type of system consists of an evolution to the HIDS systems. The packets are examined as they go through the TCP/IP stack and, therefore, it is not necessary for them to work with the network interface in promiscuous mode. This fact makes its implementation to be dependent on the Operating System that is being used.

15

Intrusion detection systems can also be system-specific using custom tools and honeypots.

CONCLUSIONS:
Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. The never ending process of information security involves ongoing training, assessment, protection, monitoring & detection, incident response & repair, documentation, and review. This makes information security an indispensable part of all the business operations across different domains.

16