Upgrade to Pro — share decks privately, control downloads, hide ads and more …

IT Security Aspects in an Enterprise

IT Security Aspects in an Enterprise

वेणु गोपाल

November 08, 2006
Tweet

More Decks by वेणु गोपाल

Other Decks in Technology

Transcript

  1. A Pre s e n t ation by Venu Gopal

    Kakarla fo r BI TS U C 4 1 2 (Pra c t ic e Sc h o ol II)
  2. Information security means protecting information and information systems from •unauthorized

    access, •use, •disclosure, •disruption, •modification, •or destruction.
  3. Security provided by IT Systems can be defined as the

    IT system’s ability to being able to protect confidentiality and integrity of processed data, provide availability of the system and data, accountability for transactions processed, and assurance that the system will continue to perform to its design goals.
  4. For over twenty years information security has held that confidentiality,

    integrity and availability (known as the CIA Triad) are the core principles of information security. Confidentiality Availability Integrity
  5. Risk management is the process of identifying vulnerabilities and threats

    to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.
  6.  Risk is the likelihood that something bad will happen

    that causes harm/loss to an informational asset .  A vulnerability is a weakness that could be used to endanger or cause harm to an informational asset.  A threat is anything (man made or act of nature) that has the potential to cause harm.
  7.  A threat uses a vulnerability to cause harm. 

    The likelihood that a threat will use a vulnerability to cause harm creates a risk.  When a threat does use a vulnerability to inflict harm, it has an impact
  8.  Memory safety violations, such as:  Buffer overflows 

    Dangling pointers  Input validation errors, such as:  Format string bugs  Improperly handling shell metacharacters so they are interpreted  SQL injection  Code injection  E-mail injection  Directory traversal  Cross-site scripting in web applications  HTTP header injection  HTTP response splitting  Race conditions, such as:  Time-of-check-to-time-of-use bugs  Symlink races  Privilege-confusion bugs, such as:  Cross-site request forgery in web applications  Clickjacking  FTP bounce attack  Privilege escalation  User interface failures, such as:  Warning fatigue or user conditioning
  9. Operating System Network Protocol Stack Non-Server Application Server Application Hardware

    Communicat ion Protocol Encryption Module Other 2001 248 8 309 886 43 9 6 5 2002 213 18 267 771 54 2 0 27 2003 163 6 384 440 27 22 5 16 2004 124 6 364 324 14 28 4 5 0 100 200 300 400 500 600 700 800 900 1000
  10. statement = “SELECT * FROM users WHERE name = „”

    + userName + “‟;” John Doe SELECT * FROM users WHERE name = „John Doe‟; John Doe‟; DROP TABLE users; SELECT * FROM Users WHERE name = „John Doe'; DROP TABLE users;
  11.  Auditing  recording of event or occurrence data 

    examination of data  the use of event or occurrence alarm triggers  log file analysis.
  12.  Monitoring is the activity of manually or programmatically reviewing

    logged information looking for something specific.
  13.  Log analysis is a more detailed and systematic form

    of monitoring in which the logged information is analyzed in detail for trends and patterns as well as abnormal, unauthorized, illegal, and policy‐violating activities.
  14.  Intrusion detection is a specific form of monitoring both

    recorded information and real‐time events to detect unwanted system access.