IT Security Aspects in an Enterprise

Transcript

1. A Pre s e n t ation by Venu Gopal

   Kakarla fo r BI TS U C 4 1 2 (Pra c t ic e Sc h o ol II)
2. None

3. Information security means protecting information and information systems from •unauthorized

   access, •use, •disclosure, •disruption, •modification, •or destruction.

4. Security provided by IT Systems can be defined as the

   IT system’s ability to being able to protect confidentiality and integrity of processed data, provide availability of the system and data, accountability for transactions processed, and assurance that the system will continue to perform to its design goals.

5. For over twenty years information security has held that confidentiality,

   integrity and availability (known as the CIA Triad) are the core principles of information security. Confidentiality Availability Integrity

6. preventing disclosure of information to unauthorized individuals or systems

7. means that data cannot be modified without authorization

8. the information must be available when it is needed

9. Risk management is the process of identifying vulnerabilities and threats

   to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.

10.  Risk is the likelihood that something bad will happen

    that causes harm/loss to an informational asset .  A vulnerability is a weakness that could be used to endanger or cause harm to an informational asset.  A threat is anything (man made or act of nature) that has the potential to cause harm.

11.  A threat uses a vulnerability to cause harm. 

    The likelihood that a threat will use a vulnerability to cause harm creates a risk.  When a threat does use a vulnerability to inflict harm, it has an impact

12.  Password Management Flaws  Fundamental Operating System Design Flaws

     Software Bugs  Unchecked User Input

13.  Memory safety violations, such as:  Buffer overflows 

    Dangling pointers  Input validation errors, such as:  Format string bugs  Improperly handling shell metacharacters so they are interpreted  SQL injection  Code injection  E-mail injection  Directory traversal  Cross-site scripting in web applications  HTTP header injection  HTTP response splitting  Race conditions, such as:  Time-of-check-to-time-of-use bugs  Symlink races  Privilege-confusion bugs, such as:  Cross-site request forgery in web applications  Clickjacking  FTP bounce attack  Privilege escalation  User interface failures, such as:  Warning fatigue or user conditioning

14. Operating System Network Protocol Stack Non-Server Application Server Application Hardware

    Communicat ion Protocol Encryption Module Other 2001 248 8 309 886 43 9 6 5 2002 213 18 267 771 54 2 0 27 2003 163 6 384 440 27 22 5 16 2004 124 6 364 324 14 28 4 5 0 100 200 300 400 500 600 700 800 900 1000

15. 0 200 400 600 800 1000 1200 1400 1600 2001

    2002 2003 2004
16. None
17. None
18. None

19. statement = “SELECT * FROM users WHERE name = „”

    + userName + “‟;” John Doe SELECT * FROM users WHERE name = „John Doe‟; John Doe‟; DROP TABLE users; SELECT * FROM Users WHERE name = „John Doe'; DROP TABLE users;

20. Policies, Guidelines, Standards, Procedures Chart Course Assess Risk Baseline Enterprise

    Compliance Monitor Respond Awareness and Training

21. Threats Vulnerabili ties Exposure Risk Safeguards Assets

22. Plan Implement Monitor Assess

23. Data Application Host Network

24.  Auditing  recording of event or occurrence data 

    examination of data  the use of event or occurrence alarm triggers  log file analysis.

25.  Logging is the activity of recording information about events

    or occurrences to a log file or database

26.  Monitoring is the activity of manually or programmatically reviewing

    logged information looking for something specific.

27.  Log analysis is a more detailed and systematic form

    of monitoring in which the logged information is analyzed in detail for trends and patterns as well as abnormal, unauthorized, illegal, and policy‐violating activities.

28.  Intrusion detection is a specific form of monitoring both

    recorded information and real‐time events to detect unwanted system access.
29. None
30. None
31. None