Posts: 610
Threads: 262
Joined: Jun 2010
Abstract
Classical cryptographic protocol based on user chosen keys allows an attacker to mount password guessing attacks. In todayâ„¢s world, the importance of information cannot be over emphasizing. All this makes it imperative for individuals and organizations alike to safeguard their data and avoid its misuse, destruction, duplication or distribution by unauthorized people, especially after witnessing the havoc that can be unleashed by such attacks. Recent threats to the information systems of the world have led to unprecedented efforts to seek a way out to stop these miscreants. Computer security has become synonymous with network security.
Our paper deals with one such system that is presently Cryptography. The three types of cryptography algorithms are secret key cryptography, public key cryptography, hash functions, trust models. Authentication, Integrity and Non Repudiation, Key Distribution and certification, Access control by implementing Firewalls etc. also feature in the discussion in the form of the KERBEROS AUTHENTICATION SYSTEM, IP Sec & AAA server. In this information and network security provides some methods like VPN (virtual private network), firewalls, IP Sec (internet protocol security), AAA server.
Posts: 5,362
Threads: 2,998
Joined: Feb 2011
PRESENTED BY:
Y Gautami Sree
[attachment=10299]
Information Security threats in today’s organizations
What is Information Security?
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
NEED FOR SECURITY
• Data Stealing
• Data Diddling
• Hackers
• Viruses
• Loss of Data
SERVICES FOR SECURITY
• Confidentiality
• Authentication
• Integrity
• Non-Repudiation
• Availability
TYPES OF SECURITY THREATS
Active Attacks:An attack in which an unauthorized party makes modification to a message , data stream or a file
Four Types:
• Masquerading
• Replay( Man in The Middle)
• Message modification
• Denial of Service
PASSIVE ATTACK: An attack in which an unauthorized user gains access but does not modify its content.
Two Types:
• Eavesdropping
• Traffic Analysis
TOP 10 INFORMATION SECURITY THREATS FACED BY [b]ORGANIZATIONS TODAY…
FIRE[/b]
People don’t expect this to be here; it is not the lack of equipment but the lack of procedures that brings this risk to the top 10.
• Heat-generating equipments such as copiers, work processors, coffee makers and hot plates should be kept away from anything that might catch fire.
• Combustible materials such as paper should be stored properly. They should not be stacked up.
• Sprinklers and fire/smoke detectors should be installed in storage areas.
• Storage areas should be located away from heat sources.
• Electricity outlets should not be overloaded. The best way is to assure a sufficient number of outlets.
UNAUTHORIZED PHYSICAL ACCESS
Physical devices like laptops, desktops, etc can be accessed by unauthorized people if perimeter barriers and other physical security safeguards are absent. Although organizations take care of their Datacentre, this particular aspect brings it into the top 10.
• Prevent unauthorized entries into the premises and other sensitive areas.
• Identification methods together with authorization and access control such as badge systems, card readers or biometric controls should be implemented.
• Visitor control procedures should be employed to restrict the freedom by which a visitor can access the premises.
MISUSE OF USER RIGHTs
Widespread administrator level access to users, non-removal of access on role-change and privilege escalation has brought this risk in the top 10.
• Principle of least privilege should be followed.
• Every program and every user of the system should operate using the least set of privileges necessary to complete his job.
• If a person does not need an access right, he should not have the right.
• A unique ID and password should be given to each user.
Users should be given read only access to the applications present.
DENIAL OF SERVICE
Many corporate websites have suffered from illegal denial of service attacks lately. The major contributing factor to this has been a slack in timely hardening and patching of systems.
• An organization should maintain audit trails which describe what has changed in the network and why.
• Anti-virus should be installed and updated regularly.
• Firewalls should be installed and configured to restrict traffic coming into and leaving the computer.
• Email filters should be installed as they help in restricting traffic.
SOFTWARE CORRUPTION / FAILURE
Piracy is not the only reason for this to feature in the top 10. Misconfiguration and incorrect software usage have created several issues this year. It happens due to corruption by virulent software, configuration complexity, or improper backups.
• Backups should be taken on a regular basis, so that even if the data gets corrupted due to some reason, the organization is still safe and so is its customer database.
• Pirated copies of software should not be bought even though these copies can be purchased at a lesser price.
• A program should be used only for its intended purpose else it might become corrupt and stop functioning.
DELETION
Organizations are still quite lackadaisical towards data backup. Several companies lacking well-conceived data recovery strategies had to bear both financial as well as legal losses they could ill-afford.
• Backup of data should be taken at regular intervals.
• Restoration capabilities should also be provided such that the backed up data can be restored as and when required.
• Data recovery tools should be present with the administrator such that data can be recovered if it is accidentally deleted.
INTERNET CONNECTIVITY FAILURE
Global cabling problems aside, several companies are still struggling to make their infrastructure robust for internet access (network and bandwidth management). Service provider selection criteria leave a lot of room for improvement.
• Service provider should be selected depending on the need of the organization.
• A backup service provider should be selected such that if the previous provider is unable to provide optimum services the backup provider could provide them.
• The temperature of the server room should be maintained in order to avoid excessive heating of the devices.
DATA CORRUPTION
Growth in internet usage has also seen the growth in malware infections which significantly contribute to data corruption.
• A computer should not be switched off without proper shutdown procedure.
• Malware infections also lead to data corruption. Thus, one should be very careful while downloading files from the internet.
• Files should always be downloaded from reliable sources.
• Poorly written software if downloaded can also lead to data corruption.
MODIFICATION OF DATA
Data integrity is the key to the success of any organization. However due to the limited attention being paid to it, this risk has risen significantly.
• All confidential information should be sent in the form of an attachment.
• Attachment should be encrypted using strong cryptographic controls.
• Digital signatures should be used in order to avoid non-repudiation by sender.
UNAUTHORIZED LOGICAL ACCESS
Lack of password policy awareness was quite rampant this year. Given that the IT infrastructure is only going to get complex from here on, much more needs to be done to ensure that this risk is marginalized.
• Simple passwords should be replaced by stronger, multi-factor authentication passwords.
• Strong identity authentication should be done which includes the use of two or three factors such as something one has (a physical item or token in your possession), something one knows (information only you know) and something one is (a unique physical quality or behavior that differentiates one person from another)
CONCLUSION
• Internal IT threats, in particular data theft and employee carelessness, remained the greatest danger for organizations.
• The interest in virus epidemics and hacker attacks is equal, but and those problems are being viewed more and more as media sensationalism.
• From the point of view of security measures to prevent leaks of confidential data, organizations can be described as moving in the right direction, but not quickly enough.
Posts: 2
Threads: 0
Joined: Mar 2011
hi i want abstract and report for Information Security threats in today’s organizations...please send me .my email pravi65[at]ymail.com...urgent... thanks in advance
