* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Why we need IT security - Department of Computer Science and
Survey
Document related concepts
Cyber-security regulation wikipedia , lookup
IT risk management wikipedia , lookup
Information security wikipedia , lookup
Proxy server wikipedia , lookup
Security-focused operating system wikipedia , lookup
Wireless security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Antivirus software wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Unix security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Computer security wikipedia , lookup
Distributed firewall wikipedia , lookup
Mobile security wikipedia , lookup
Transcript
Information technology security Fundamentals of Information Technology Session 8 Why we need IT security • Estimated UK losses to cybercrime in 2011 were in the region of £27 billion – £21bn of costs to businesses – £2.2bn to government – £3.1bn to citizens. • This accounts only for reported crimes; the figure is probably much higher Why we need IT security UK Crime 2009 2010 2011 UK Cybercrime 2009 2010 2011 What is cybercrime? • Cybercrime is not new crime; it is old crime facilitated by new digital technologies, e.g. – – – – – – Theft Fraud Identity theft Obscene publication Slander Copyright infringement • Digital technology facilitates these crimes; in many cases, it makes them easier and less risky to carry out The role of computer networks in cybercrime • The growth of cybercrime correlates exactly with the proliferation of computer networks, particularly the Internet • Large public networks, like the Internet, create vulnerabilities which present opportunities for criminals • Vulnerabilities create the potential to develop new threats. These threats create new risks for organisations, which in turn have potential detrimental impacts on information and/or financial assets • In response to threats and risks, organisations must seek to adopt a range of protective countermeasures • These should be set out in an information security management document Vulnerabilities • A vulnerability is a point where a system is weak • In IT systems vulnerabilities exist: – – – – At the interface between internal and external networks Along lines of network communication In loopholes in application code Where data is stored • Vulnerabilities in IT systems arise for several reasons: – Human error/carelessness – Technical weaknesses – Lack of foresight/planning Threats • Threats are targeted at vulnerabilities in IT systems • A threat is a malicious and/or illegal activity conducted by individuals or groups. Common examples of threats are: – – – – – – – Hacking Sniffing Malware infection (Viruses/Worms/Trojans) Denial of service attack Phishing Copyright infringement Software piracy Risks • Risks are the potential outcomes of threats being carried out against organisations or individuals Threat Risks Phishing Identity theft. Fraud Hacking Loss of sensitive/personal data. Theft. Loss of trust Virus/Malware Infection Damage to systems. Loss of service Denial of services Loss/degradation of service. Loss of revenue and trust • Organisations need to employ risk management techniques to mitigate the likely occurrence and impact of potential threats Risk management • The level of risk associated with a threat can be decided by looking at likelihood and impact Risk management • The countermeasures an organisation puts in place will be determined by its attitude to risk. This may be that: – – – • No risks are acceptable: all risks, whether low, medium or high, should be treated. Low risks are acceptable: only medium and high risks should be treated. Low and medium risks are acceptable: only high risks should be treated. Attitude to risk is generally determined by: – – – – – Available resources Previous experience of information security breaches, The current approach to risk of other organisations in the same sector. Legislation or regulation Contractual obligations Countermeasures Vulnerability Threat Risk Possible countermeasure Provision of IM to employees Sniffing Loss of company data Encrypt IM transmissions Customer payments Sniffing Loss of customer card details. Loss of trust Implement TLS for payment systems Network Unauthorised access Theft of customer details. Loss of trust. Litigation Establish more robust network authorization policy Invest in proxy server Email system / VoIP Viruses/worms Destruction of data. System degradation. Loss of service Invest in better anti-virus system. Invest in firewall Public website Denial of Service attack Loss of public presence. Loss of trust. Loss of revenue Create mirror web site Countermeasures • Countermeasures need to be continually updated as criminals learn how to overcome them (e.g. automatic updates) • Success in the development of countermeasures generally means no more than staying just ahead of the threat • However, this is not always possible, as criminals are continually looking for ways to circumvent countermeasures either through the use of technology or through human agents (e.g. crooked employees in bank call centres) • One countermeasure alone is never enough to protect an organisation’s digital assets: a combination of countermeasures needs to be adopted Countermeasures – Encryption • All communications across the Internet are vulnerable to packet sniffing Client Message (email, VoIP, IM) Internet message · (Packet) Sniffing software · · · Loss of personal or organisational data Theft Identity theft Fraud Company LAN Countermeasures – Encryption • Encrypting data sent across a network, makes it impenetrable to third parties by converting it to unreadable code • Encryption should be used for sensitive communications sent across the Internet • All online payments should use security protocols like Secure Socket Layer (SSL) or more recently Transport Layer Security (TLS) that ensure privacy between communicating applications • TLS works by negotiating a unique encryption algorithm and cryptographic keys between a client and a server before data is exchanged. Countermeasures – (Reverse) Proxy server • A reverse proxy server places an extra barrier between an external network and an internal network’s assets (e.g. the Internet and private company files) • A reverse-proxy only allows internet users to indirectly access certain internal servers Countermeasures – (Reverse) Proxy server • Internet users then only see the IP address of the proxy server, so the true identity of internal servers is hidden; thus, making them less vulnerable to attack • A reverse proxy server will first check to make sure a request is valid. If a request is not valid, it will not continue to process the request resulting in the client receiving an error or a redirect. • Reverse proxy servers are also used as a platform for encrypted connection software such SSL or TLS Countermeasures – Firewall • A firewall is a system or group of systems that enforces an access control policy between two networks, usually the Internet and a Private LAN • A firewall can also be used to secure sensitive sections of private networks from unauthorised employee access Company LAN Sensitive data Internet Web server Client Countermeasures – Firewall • A firewall can be software (e.g. Windows Firewall), hardware or a combination of hardware and software • A firewall is used to: – Inspect all inbound and outbound internet messages (Uses packet filtering to distinguish between legitimate messages that are responses to valid user activity and illegitimate messages that are unsolicited). Makes its decisions based on message source address, destination address and requested port and in many cases on previous traffic history (stateful packet filtering) – Block network traffic from specified applications that can serve as conduits for threats (e.g. LimeWire, Yahoo Messenger) – Block denial of service attacks • Firewall rules must be pre-specified by the system administrator • A firewall is a first line of defence; it does not stop viruses or other malware Countermeasures – Antivirus • Antivirus software are computer programs that attempt to identify, neutralize or eliminate malware (viruses, worms, trojans) • Antivirus software commonly uses three approaches to identify malware: – Virus dictionary (Antivirus scans files in memory, the operating system and registry and compares them to a dictionary of known malware) – Identifying suspicious behaviour (Antivirus notes the behaviour of all executable programs and brings any suspicious activity to the attention of the user, e.g. an executable is triggered by another executable) – Whitelisting (Rather than looking for only known bad software, this approach prevents execution of all computer code except that which has been previously identified as trustworthy by the system administrator) Countermeasures – Antivirus • All three approaches have their weaknesses – A virus dictionary only protects against known viruses. Antivirus software only protects against 20-30% of zero day threats – The suspicious behaviour approach tends to produce many false positives, which in turn can result in the user becoming desensitized – Whitelisting is difficult in large, complex organisations where there are a large number of applications. This makes keeping an inventory of trusted applications difficult. It also reduces flexibility of software installation Fallback and Disaster recovery • As well as first line countermeasures, fallback measures also need to be factored into IT security policies. This will include: – – – – Mirror websites Back up servers Backed up data Offsite hosting • To prevent against outright disaster, an organisation should develop a disaster recovery policy. This sets out the procedures for dealing with any significant or unusual incident that has long-term implications to business Education • Technical countermeasures by themselves are never enough, as many security breaches are the result of human error rather than technical weakness. For example: – Employee installs infected software – Employee uses unsecured connection for transmission of sensitive company data – Administrator fails to set access privileges correctly – Firewall software not updated • To mitigate against human error companies need to develop – An acceptable use policy which lays out to employees and other users the rules for using the organisation’s IT Systems – Training to disseminate security protocols and acceptable use policy Legal obligations • All organisations are legally obliged to have a minimum level of IT security where they hold sensitive data on individuals (e.g. customer data) • Failure to ensure the minimum security measures can result in prosecution under the Data Protection Act 1998 (DPA) • Norwich Union was fined £1.26 million in 2007 for allowing thieves to gain access to customer account details and steal £3.3 million FIT Session 8 – Activities • Now do – Activity 8 – IT security