Sarvajanik college of engineering and technology.

Created by:- Keshvi Khambhati (co-m) Ria Bhatia (co-m) Meghavi Gandhi (co-m)

Jarul Mehta(co-m)Topic :- security and information assurance..Submitted to:- bhaumik sir ( BE )

What is security and information What is security and information assurance???assurance???

Information security is as computer Information security is as computer security which is applied to computers security which is applied to computers and computer networks.....and computer networks.....

Security and information assurance is Security and information assurance is the practice of assuring information the practice of assuring information and managing risks related to the use, and managing risks related to the use, processing,storage, and transmission processing,storage, and transmission of information or data and the systems of information or data and the systems and processes used for those and processes used for those purposes. It includes protection of purposes. It includes protection of integrity, authenticity,confidentiality of integrity, authenticity,confidentiality of user data... user data...

Areas where it is used!!!!!!Areas where it is used!!!!!! Computer scienceComputer science

Business and Business and accountingaccounting

Forensic scienceForensic science

Fraud examinationFraud examination

Areas where it is used!!!!!!Areas where it is used!!!!!! It is also used in the fields of It is also used in the fields of

criminology, security criminology, security engineering, disaster engineering, disaster recovery , management recovery , management science, import-export of science, import-export of goods..... goods.....

Brief introduction about Brief introduction about data data protectionprotection......

Data protection Data protection is legal control over access is legal control over access to and use of data stored in computers...to and use of data stored in computers...

Classification of Classification of data protectiondata protection

By making some changes in default information..

Methods for Methods for data protectiondata protection….…. Certain methods used

for authentication of the person(user) operating the computer….

Facial recognition:- it measures distances between specific points on the face.

Finger prints :- measure distance between specific points on a fingerprint.

Hand geometry:- measures length of fingers and length ad width of hand.

Iris :-measures the colour and pattern of the iris in the eye.

And some other methods are by analyzing the signature ,voice , retina ,keystrokes, hand vein etc.

How to protect your data???..How to protect your data???..

1. Back up early and often.2.Use file-level and share-level security.3.Password-protect documents.4.Make use of public key infrastructure.5.Secure wireless transmission.6.Protect data with transit with IP

security.

Security analysis...• Security analysis in computer is the

field that covers all the process and mechanisms by which computer based equipment,information and services are protected from unintended or unauthorized access, change or destruction...

• Security analysis in computer is also known as cybersecurity or IT security

People/Organization

Technologies

Processes

Policies

SecuredInfrastructure

Security Challenges?

Security RequirementsSecurity Requirements

AAuthenticationuthenticationAAvailabilityvailabilityAAuditinguditingAAuthorizationuthorizationPPrivacy/Confidentialityrivacy/Confidentiality IIntegrityntegrityNNon-repudiationon-repudiation

SecurityDomains

Application/SystemSecurity

OperationsSecurity

Telecommunication & Network Security

Physical Security

Cryptography

SecurityArchitecture

SecurityManagement

Access Control

Law, Investigations, and Ethics

Business Continuation& Disaster Recovery Planning

Ten Security Domains

CIA Triad of security analysis(IS)

SECURITY ANALYSIS

ENSURING THAT DATA CAN BEMODIFIEDONLY BYAPPROPRIATEMECHANISMS

THE DEGREE TO WHICH AUTHORIZED USERS CAN ACCESS INFORMATION FORLEGITIMATE PURPOSSES

ENSURING THAT DATA IS PROTECTED FROM UNAUTHORIZEDACCESS

INTIGRITY AVAILABILITY

CONFIDENTIALITY

PREVENTING UNAUTHORIZED ACCESS

• GUIDELINES FOR PASSWORDS:• Easy to remember, hard to guess• Don't use family or pet names• Don't make it accessible• Use combination uppercase/lowercase letters, digits and special

characters• Don't leave computer when logged in• Don't include in an email• Don't use the same passwords in lots of places

Secure software engineering Secure software engineering is a

process that helps design and implement software that protect the data and resources contained in and controlled by that software .

Cybercrime Evolution

1986-1995 1995-2003 2004+ 2006+

LANs First PC virus Motivation : damage

Internet Era. “big worms” Motivation to Damage

Targeted attacksSocial engineeringFinancial+ political

OS, DB attacks spyware,spam Motivation: financial

MICROSOFT SDL AND WINDOWS

Windows XP Windows VISTA OS 1 OS 30

100

200

300

400

500

Total vulnerabilities disclosed one year after release

Before SDL after SDL 45% reduction in vulnerabilities

Microsoft SDL and SQL server

SQL Server 2000 SQL Server 2005 competing commercial DB0

40

80

120

160

200

Total vulnerabilities disclosed 36 months after release

Before SDL after SDL91% reduction in vulnerabilities

Infrastructure security Infrastructure security means it

includes how to address security issues across an IT enviorment to ensure each device is protected from malicious activity…

Firewall

Infrastructure security:- Firewall Firewall :- Firewall provides an effective

means of protection of a local system or network of systems from network – based security threats while affording access to the outside world via LAN’s and internet.

Firewall:- Design principles Firewall is inserted between the

premises network and internet. Aims of firewall design 1. To establish a controlled link.2.To protect the premises network from

internet – based attacks..3.Provide a single point of contact

between your secure internal network and untrusted network.

Firewall:- Design goals

Types of Firewalls

Types of Firewalls Application layer

filtering:- It deals with the details of

particular service they are checking.

Special purpose code needed for each application.

Easy to log all incoming and outgoing traffic.

Email is generally passed through an application-level filter.

Infrastructure security:-Antivirus Antivirus software is a computer

program that detects, prevents, and takes action to disarm or remove malicious software programs, such as viruses and worms. You can help protect your computer against viruses by using antivirus software.

How does antivirus works??? Most antivirus software will offer

to delete or contain (quarantine) the malicious code. Remember, the antivirus program runs in the random access memory (RAM or memory) of a computer. All communication from that computer through TCP/IP is programmed to be monitored by the antivirus software, thus when malicious code is detected it is stopped before it can damage the computer. Viruses have patterns that are matched by the antivirus software within these communication layers. Most viruses do have patterns, but some don't. That is when the intelligent engine in the antivirus software takes over.

Thank you….for watching it!!!!