Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Sarvajanik college of engineering and technology. Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m) Jarul Mehta(co-m) Topic :- security and information assurance.. Submitted to:- bhaumik sir ( BE ) What is security and information assurance??? Information security is as computer security which is applied to computers and computer networks..... Security and information assurance is the practice of assuring information and managing risks related to the use, processing,storage, and transmission of information or data and the systems and processes used for those purposes. It includes protection of integrity, authenticity,confidentiality of user data... Areas where it is used!!!!!! Computer science Business and accounting Forensic science Fraud examination Areas where it is used!!!!!! It is also used in the fields of criminology, security engineering, disaster recovery , management science, import-export of goods..... Brief introduction about data protection... Data protection is legal control over access to and use of data stored in computers... Classification of data protection By making some changes in default information.. Methods for data protection…. Certain methods used for authentication of the person(user) operating the computer…. Facial recognition:- it measures distances between specific points on the face. Finger prints :- measure distance between specific points on a fingerprint. Hand geometry:- measures length of fingers and length ad width of hand. Iris :-measures the colour and pattern of the iris in the eye. And some other methods are by analyzing the signature ,voice , retina ,keystrokes, hand vein etc. How to protect your data???.. 1. Back up early and often. 2.Use file-level and share-level security. 3.Password-protect documents. 4.Make use of public key infrastructure. 5.Secure wireless transmission. 6.Protect data with transit with IP security. Security analysis... • Security analysis in computer is the field that covers all the process and mechanisms by which computer based equipment,information and services are protected from unintended or unauthorized access, change or destruction... • Security analysis in computer is also known as cybersecurity or IT security Security Challenges? People/Organization Secured Infrastructure Policies Technologies Processes Security Requirements Authentication Availability Auditing Authorization Privacy/Confidentiality Integrity Non-repudiation Ten Security Domains Cryptography Law, Investigations, and Ethics Telecommunication & Network Security Application/System Security Access Control Security Domains Security Management Operations Security Business Continuation & Disaster Recovery Planning Security Architecture Physical Security CIA Triad of security analysis(IS) ENSURING THAT DATA CAN BE MODIFIED ONLY BY APPROPRIATE MECHANISMS SECURITY ANALYSIS THE DEGREE TO WHICH AUTHORIZED USERS CAN ACCESS INFORMATION FOR LEGITIMATE PURPOSSES ENSURING THAT DATA IS PROTECTED FROM UNAUTHORIZED ACCESS PREVENTING UNAUTHORIZED ACCESS • GUIDELINES FOR PASSWORDS: • Easy to remember, hard to guess • Don't use family or pet names • Don't make it accessible • Use combination uppercase/lowercase letters, digits and special characters • Don't leave computer when logged in • Don't include in an email • Don't use the same passwords in lots of places Secure software engineering Secure software engineering is a process that helps design and implement software that protect the data and resources contained in and controlled by that software . Cybercrime Evolution 1986-1995 LANs First PC virus Motivation : damage 1995-2003 Internet Era. “big worms” Motivation to Damage 2004+ OS, DB attacks spyware,spam Motivation: financial 2006+ Targeted attacks Social engineering Financial+ political MICROSOFT SDL AND WINDOWS 500 Total vulnerabilities disclosed one year after release 400 300 200 100 0 Windows XP Windows VISTA OS 1 Before SDL after SDL 45% reduction in vulnerabilities OS 3 Microsoft SDL and SQL server 200 160 Total vulnerabilities disclosed 36 months after release 120 80 40 0 SQL Server 2000 SQL Server 2005 Before SDL after SDL 91% reduction in vulnerabilities competing commercial DB Infrastructure security Infrastructure security means it includes how to address security issues across an IT enviorment to ensure each device is protected from malicious activity… Firewall Infrastructure security:- Firewall Firewall :- Firewall provides an effective means of protection of a local system or network of systems from network – based security threats while affording access to the outside world via LAN’s and internet. Firewall:- Design principles Firewall is inserted between the premises network and internet. Aims of firewall design 1. To establish a controlled link. 2. To protect the premises network from internet – based attacks.. 3. Provide a single point of contact between your secure internal network and untrusted network. Firewall:- Design goals All traffic from inside to outside should pass through firewall. Only authorized traffic should be allowed to pass… Firewall is itself immune to penetration.(use of trusted system with a secure operating system) Types of Firewalls Types of Firewalls Application layer filtering: It deals with the details of particular service they are checking. Special purpose code needed for each application. Easy to log all incoming and outgoing traffic. Email is generally passed through an applicationlevel filter. Infrastructure security:-Antivirus Antivirus software is a computer program that detects, prevents, and takes action to disarm or remove malicious software programs, such as viruses and worms. You can help protect your computer against viruses by using antivirus software. How does antivirus works??? Most antivirus software will offer to delete or contain (quarantine) the malicious code. Remember, the antivirus program runs in the random access memory (RAM or memory) of a computer. All communication from that computer through TCP/IP is programmed to be monitored by the antivirus software, thus when malicious code is detected it is stopped before it can damage the computer. Viruses have patterns that are matched by the antivirus software within these communication layers. Most viruses do have patterns, but some don't. That is when the intelligent engine in the antivirus software takes over. Thank you….for watching it!!!!