Embed Size (px)
Citation preview
Data Security
The Security Trinity• The three legs of the "security trinity“ are:
1. Prevention2. Detection3. Response
• The security trinity should be the foundation for all security policies and measures that an organization develops and deploys.
Prevention
• To provide some level of security, it is necessary to implement measures to prevent the exploitation of vulnerabilities. It is easier, more efficient, and much more cost-effective to prevent a security breach than to detect or respond to one.
Detection
• Once preventative measures are implemented, procedures need to be put in place to detect security breaches, in the event preventative measures fail.
• It is very important to detect problems immediately. The sooner a problem is detected the easier it is to correct and cleanup.
Response
• Organizations need to develop a plan that identifies the appropriate response to a security breach. The plan should be in writing and should identify who is responsible for what actions.
Information SecurityInformation security = confidentiality + integrity + availability + authentication• Confidentiality “privacy - secrecy”:It refers to the protection of information fromunauthorized disclosure. Usually it is achievedeither by restricting access to the informationor by encrypting the information.• Availability:Refers to whether the network, system, hardware and
software are reliable and can recover quickly and completely in the event of an interruption in service.
Weaknesses and Vulnerabilities• A vulnerability is a weakness in the design,
configuration, or implementation of a network or system that makes it susceptible to a threat.– External weaknesses.– Internal weaknesses.
External weaknesses• Malware:
Virus: it is a peace of code that is capable of attaching to programs, disks, or computer memory (self propagation). The action of a virus ranges from displaying a message to erasing a computer hard disk.Worm: A worm is a self-contained and independent program that is usually designed to propagate on infected systems and to seek other systems via Email or available networks. The main difference between a virus and a worm is that a virus is not an independent program.
Trojan horse: A Trojan horse is a program that hides inside another program or disguises itself as a legitimate program. It functions the same way as the legitimate program, but usually it also performs some other function, such as recording sensitive information.
Spyware: It is a software that gathers user information and sends it to a central site, ex. Kazaa sharing program. Hoax: it is a special kind of mailware. It does not contain any code, instead it relying on the gullibility of the user to spread. Any Email message that asks you to forward copies to everyone you know is almost certainly a hoax.
Internal Weaknesses• Attackers do not always come from outside,
they may come from inside too. The following are some threats that may come from inside any organization:
Authenticated users: some authorized users may use the access they have to get to confidential data such as payrolls or personnel records.
Unauthorized programs: some authorized users may install additional unauthorized programs without a permission. By doing this, they may open a hole to the network.
Un-upgraded software: It is very important to have the latest updates. Once a SW bug is identified, vendors provide an update to their affected customers.
Web Security
Hardening
• When we install a new OS or a new web browser, the security settings are set to the default values.
• These settings need to be changed to harden the system against attacks or unauthorized access.
Hardening
• File Systems.• Browsers.
File Systems• When you install Windows, all versions have one thing
in common: weak security.• For ex., after logging in, all users have full control (all
permissions) of every drive and of the drives' subdirectories and files.
• A right allows the user to access the resources of the operating system itself, such as shutting down the system.
• A permission allows the user to access the file system's resources, such as reading and writing files.
Changing Permissions Step 1. Right-click the folder for which you want to change the
permission
Step 2. Select Properties from the pull-down choices
Step 3. Click the Security tab.
• You can see the default for Windows security. Every user logged in to the system has Full Control. This leaves the system wide open to any kind of unauthorized access. Therefore, you need to change those permissions.
Browsers (Internet Explorer)
• Internet Explorer has 4 security zones.• When you access a resource on another
machine, the other machine's zone relative to yours is determined, and the restrictions placed on that zone control the interaction with that resource.
Security Zones• Internet: Contains all websites that are not placed in another
zone.• Local Internet: Contains all the websites that are on your
company's intranet. Here, you find all sites that have the same domain name as the one your PC is using.
• Trusted sites: Contains websites that you trust not to damage your data. If you want to have trusted sites, you need to add them manually.
• Restricted: This zone contains websites that you do not trust because they could potentially damage your data. This is also a list created manually.
• To change the settings for these four zones:- In Internet Explorer, choose Tools > Internet Options.
- On the page that appears, select the Security tab.
-The Internet zone is the one
we need to handle most
carefully.
-The default setting here is
Medium, which is not so secure for
the World Wide Web.
Security LevelsLevelDescription
High
• This is the safest way to browse but also the least functional.
• Less secure features are disabled. • Cookies are disabled. (Some websites do not
work.)• This is appropriate for sites that might have
harmful content.
Medium
• Browsing is safe and still functional.• Prompts before downloading potential unsafe
content. • This is appropriate for most Internet sites.This is appropriate for most Internet sites.
LevelDescription
Medium-low
•This is the same as Medium without prompts. •Most content is run without prompts. •This is appropriate for sites on your local network (intranet).
Low
•Minimal safeguards and warning prompts are provided. •Most content is downloaded and run Most content is downloaded and run without prompts.without prompts.•Appropriate for sites that you Appropriate for sites that you absolutely trust.absolutely trust.
The default security for a trusted site is Low . We can set security to Medium-low or Medium to increase security . On that same
page, we also need to add the site we trust. To do that, click the Sites button.
Cookies• HTTP cookies - Web cookies - tracking cookies.• Cookies are parcels of text sent by a server to a Web
client (usually a browser) and then sent back unchanged by client each time it accesses that server. HTTP cookies are used for authenticating, session tracking, and maintaining specific information about users, such as the contents of their electronic shopping carts.
There are two types of cookies:
• Session cookie: This cookie is created to keep track of what you buy when, for example, you visit an e-commerce website where you use a shopping cart. After you check out from that website, the session cookie is deleted from your browser memory.
• Persistent cookie: When you go to a website and see a personalized welcome message, you know that a persistent cookie is on your PC. These cookies contain information about you and your account. Often, that information is a key that is related only to a database with your profile.
• We can manage cookies in several ways: we can delete all our cookies, or we can configure our browser to not accept cookies at any time. This would make browsing the Internet difficult because many sites need cookies to function properly.
• A better solution would be to force all our cookies to be session cookies. we can do this by making the folder where the cookies are stored read-only. The browser will accept them but will be unable to save them to disk.
