CPN Presentation New

8/16/2019 CPN Presentation New

1/56

Information SecurityManagement and Forensic

Computing By

Dr. A. S. Sodiya, MCPN, FNCSDr. A. S. Sodiya, MCPN, FNCS

Senior Lecturer / Information Security Consultant

Department of Computer Science

Federal University of Agriculture

Abeokuta, gun State, !igeria.

Chairman - Publication, Standards, Research and Development,igeria Computer Society

!ditor-in-Chief, "ournal of Computer Science and Its #pplications

+2348034551851, [email protected]


2/56

Content♦ !n"rodu#"ion "o !n$or%a"ion Se#uri"y

♦ &e'ie( o$ So%e Curren" Se#uri"y Me#)anis%s – Au")en"i#a"ion

– Au")orisa"ion * A#ess Con"ro Sys"e%s

– Fire(as – !n"rusion De"e#"ion Sys"e% !DS-

– n#ry/"ion

♦ Cyberse#uri"y

♦ S"e/s in !n$or%a"ion Se#uri"y Manae%en"

♦ Forensi# Co%/u"in

♦ Con#usion2


3/56

Introduction to Information security

!n$or%a"ion se#uri"y♦Simply means protecting information

systems from unauthorised access.

♦ It means protecting information andinformation systems from unauthorized

access, use, disclosure, disruption,

modification, perusal, inspection, recordingor destruction.

3


4/56

Introduction to Information securitycontd...

Other related terms :♦ Co%/u"er sys"e% se#uri"y means the collective

processes and mechanisms y !hich sensitive and

valuale information and services are protected from

pulication, tampering or collapse y unauthorizedactivities or untrust!orthy individuals and unplanned

events respectively

♦ Da"a Se#uri"y means protecting a dataase from

destructive forces and the un!anted actions ofunauthorised users

♦ Ne"(or se#uri"y protecting net!or" resources from

unauthorised access

#


5/56


$ccording to Sodiya and Onashoga %2&'&(, the valueof computer and net!or" resources can e

compromised in three !ays commonly

referred to as the CI$s of computer security: – Confidentiality: prevention of unauthorizeddisclosure of information)

– Integrity: prevention of unauthorized

modification of information) and

– Availability: prevention of unauthorized

!ithholding of information

*


6/56


")ers in#ude♦ Au")en"i#i"y it is necessary to ensure that the data,

transactions, communications or documents %electronic

or physical( are genuine. It is also important for

authenticity to validate that oth parties involved are!ho they claim they are.

♦ Non*re/udia"ion In la!, it implies one+s intention to

fulfill their oligations to a contract. It also implies that

one party of a transaction cannot deny having receiveda transaction nor can the other party deny having sent a

transaction.


7/56

$uthentication Authentication is the process of verifying the

identity of a user, process, or device, often as a prere-uisite to allo!ing access to resources in a

system /IS0, 2&''1.

0he identity of a certain user or process is

challenged y the system and proper steps must

e ta"en to prove the claimed identity.

$uthentication involves t!o stages:

a. Identification, !here the user supply valididentities

b. Verification, !here the supply identity is

confirmed


8/56

$uthentication contd....Can e done in three !ays:

♦Something you "no! %the pass!ord(♦ Something you have %card, seal(

♦ Something you are %iometric such as

your face, your voice, your fingerprints, or

your 4/$(

5


9/56

$uthentication contd....6ass!ord7ased authentication is usually

done in t!o !ays:7a. 0e8t7ased pass!ord: $ pass!ord is a secret that

consist of symols or characters %usually

memorised y users( used for authentication. Itusually consist of alphaets, numers and some

allo!ed special characters.

. 9raphical7ased pass!ord: sers enter the

pass!ord y clic"ing on a set of images,specific pi8els of an image, or y dra!ing a

pattern in a pre7defined and secret order.

;


10/56

$uthentication contd....


11/56


''

4ra! a secret %4$S( 6ass 4oodle

Some e8amples of graphical7ased

authentication


12/56


'2

6asspoints ac"ground 4$S

Other e8amples of graphical7ased

authentication


13/56

$uthentication contd....oens

♦Some authentication systems commonlyuse to"ens, !hich is any device or o>ect

that can authenticate

♦Common modern e8amples include physical "eys, 6I/ generating device,

pro8imity cards, credit cards, or $0?

cards.

'3


14/56

$uthentication contd....io%e"ri# au")en"i#a"ion

0his is the use of iological characteristics of users forauthentication.

Common iometric systems include the follo!ing:

♦ @acial recognitionA?easures distances et!een specific points on the face.

♦ @ingerprintsA?easures distances et!een specific points on a fingerprint.

♦ Band geometryA?easures the length of fingers and the length and !idth of the hand.

♦ eystro"e dynamicsA?easures specific "eystro"es in typing a predetermined phrase) this is

commonly used !ith e8isting pass!ord systems.

♦ Band veinA=eads the venal and arterial patterns !ithin a human hand.

♦ IrisA?easures the color and pattern of the iris in the eye.

♦ =etinaA=eads the venal and arterial pattern on the retina of the eye.

♦ SignatureA=ecognizes the signature as !ell as the speed and style of the actual performance of

♦ !riting the signature.

♦ DoiceA?easures and recognizes specific audio patterns in human speech for predetermined

♦ phrases.

♦ @acial thermogramA=ecognizes heat patterns in the face using a thermal camera.

♦ 4/$A?easures the specific patterns of genes in human 4/$.

'#


15/56


'*

Common attac"s on authentication systemsa. 0he attac"s .


16/56

$uthentication contd....♦ Sniffing attacks %also "no!n as the man7in7the7

middle attac"s( capture information as it flo!s et!een a client and a server.

♦ ID spoofing attacks occur !hen a malicious user

or process claims to e a different user or

process. 0his attac"

allo!s an intruder on the Internet to effectively

impersonate a local system+s I6 address.

♦ A Brute-force attack is any form of attac"against a credential information file that

attempts to find a valid username and pass!ord

in succession.'


17/56

$uthentication contd....♦ $ dictionary attack is the EsmartF version of rute7force

attac"s and is also e8ecuted using automated attac"

tools to capture usersG crediential information.

♦ $ replay attack means that the malicious user

trapped the authentication se-uence that !as

transmitted y an authorized user through thenet!or", and then replayed the same se-uence to the

server to get himself authenticated.

♦ Credential decryption is a basic supplementary

attac" for sniffing attac"s, rute7force attac"s, and

dictionary attac"s. $ tool, !hose aim is to rea" the

encryption algorithm that !as used to encrypt

credential information, usually performs these attac"s.'


18/56

$uthentication contd....ther forms of attacks are

♦ eylogging attac", !here "eystro"es %ey se-uences(of users are captured y automated tools or devices

♦ Shoulder surffing is a security attac" !here the

attac"er uses oservation techni-ues, such as loo"ing

over someone+s shoulder, to get crediential information.

'5


19/56

$ccess Control

♦ $ccess control is concerned !ith determining theallo!ed activities of legitimate users

♦ Bongchao et al %2&'&( defined access control as a

security mechanism to protect certain resources or

services from illegal access,♦ It is the aility to permit or deny the use of a particular

resource y a particular entity.

';

$ C l S


20/56

$ccess Control Sytem contd....

♦ 0here are three asic components in an access controlsystem:

– the sube#"s: the entity that re-uests access to

a resource is called the sube#" of the access)

it is an active entity ecause it initiates theaccess re-uest

– the "are"s: the resource a su>ect attempts to

access is called the "are"6obe#" of theaccess and

– the rues !hich specify the !ays in !hich the

su>ects can access the targets.2&

$ C l S


21/56

$ccess Control Sytem contd....$ccess control systems are generally classified as

%Sodiya et al., 2&&;(:♦ Discretionary Access Control (DAC) : the

o>ect o!ner or anyone else !ho is authorized

to control the o>ectGs access specifies !ho have

access to the o>ect or specifies the policies

♦ Non-Discretionary Access Control (NDAC): It

commonly uses a su>ectGs role or a tas"

assigned to the su>ect to grant or deny o>ectaccess. It specifies that access control policy

decision are made y a central authority and not

y individual o!ner of the o>ect2'

$ C l S


22/56

$ccess Control Sytem contd....♦ Some e8amples of 4$C are:7

i. Lattice-based access control is a variation of the non7

discretionary access control design. Instead of associating accessrules !ith specific roles or tas"s, each relationship et!een a

su>ect and an o>ect has a set of access oundaries. 0hese access

oundaries define the rules and conditions that allo! o>ect

access

ii. Identity-based Access Control :7 0he techni-ue ma"es o>ect

access decision ased on a user I4 or a userGs group memership.

Hhen a su>ect re-uests access to the o>ect, the su>ectGs

credentials are presented and evaluated to deny or grant the

re-uest.

iii. Access Control Lists (ACLs), !hich is a techni-ue that allo!

groups of o>ects, or su>ects, to e controlled to ma"e

administration a little easier. It can grant a su>ect access to a

group of o>ects or grant a group of su>ects access to a specific

o>ect 22

$ C t l S t


23/56

$ccess Control Sytem contd....♦ Some e8amples of /4$C are:7i. Role-based Access Control (RBAC): 0his descries the

techni-ue in !hich categories and duties of users are considered

efore permissions are granted to invo"e an

ii. &ue*based A##ess Con"ro &uAC-* 0his descries the

techni-ue that allo!s su>ects or users to access o>ects ased on

pre7determined and configured rules.iii. !r"ose-based Access Control (BAC): 0his allo!s access to

e granted ased on the intentions of the su>ects.

iv. #istory-based Access Control (#BAC (:7 0his descries an

access control techni-ue in !hich access is granted ased on the

previous records.

v. $e%"oral Constraints Access Control ($CAC):7 0his involves

access control policies in time restrictions are attached resource

access. @or e8ample, some activities must e

performed !ithin a reasonale period 23


24/56

@i ll


25/56

@ire!all

♦ 7PS F!&A99

♦ ac&et filter : 6ac"et filtering inspects each pac"et passingthrough the net!or" and accepts or re>ects it ased on user7

defined rules

♦ Cir#ui"*e'e $ire(a: $pplies security mechanisms !hen a

0C6 or 46 connection is estalished. Once the connection

has een made, pac"ets can flo! et!een the hosts !ithout

further chec"ing

♦ A""lication gate'ay: $pplies security mechanisms to specific

applications, such as @06 and 0elnet servers

♦ roy server : Intercepts all messages entering and leaving thenet!or" acting as an intermediary et!een clients and

servers. 0he pro8y server hides the true net!or" addresses

@i ll


26/56

@ire!all

)a" #an a $ire(a do:

♦ It provides a single point of defense, allo!ing acontrolled and audited access to services provided

♦ It reinforces the o!n systemGs security

♦ It implements a security policy to access the secure

net!or"

♦ It can monitor incoming outcoming traffic

♦ It can limit the e8posure to an insecure net!or"

♦ It may ecome the point to ta"e security decisionssince all traffic goes across

I t i 4 t ti S t %I4S(


27/56

Intrusion 4etection System %I4S(

♦ $n intrusion is defined as any set of actions that

attempt to compromise the integrity,confidentiality or availaility of a resource.

♦ Intrusion detection is simply an act of detecting

intrusions.♦ Intrusion 4etection System %I4S( is an

authorized !ay of identifying illegitimate users,

attac"s and vulnerailities that could affect the

proper functioning of computer systems.

♦ I4S detects e8ternal and internal attac"s on

computer systems and net!or"s %Hang et al.

2&&;( 2



28/56


♦ Classification and Structure of I4S

25



29/56


♦ Some of the prolems !ith e8isting I4S are:

– @alse positive

– @alse negative

– Security of I4S

– Jo! detection efficiency especially for coordinatedand distriuted attac"s

2;

< ti


30/56


31/56


32/56

as)in 7 Some common hashing algorithms are

?essage 4igest * %?4*( and Secure Bashing

$lgorithm %SB$(

32


33/56

Cyersecurity

&*3''

Cyber s/a#e

0his is communication path!ay.

Cyerspace is a name for the environment that onlinecommunication ta"es place in. It is also "no!n as anelectronic medium for computer net!or"s. Cyerspacerefers to the !hole !orld of the Internet and is noto!ned y anyody

Fea"ures o$ Cybers/a#e

orderless$vailale gloally

Capacity and and!idth not -uantifiale


34/56

Cyersecurity %Contd...(

&*3''

Cyber Se#uri"y

Cyber se#uri"y is concerned !ith protectingresources of net!or"s connected to internetfrom malicious or unauthorised access.

International 0elecommunication nion %I0(defined Cyber se#uri"y as the collection ofapproaches, actions, training, est practices,

assurance and technologies that can e used to protect the cyer environment and organizationand userGs assets


35/56

C C it 0h t $ d


36/56

Common Cyersecurity 0hreats $nd

Contermeasures

&*3''

Insider threats

♦ $n insider attac" involves someone from the inside, such as a disgruntled employee, attac"ing the net!or"Insider attac"s can e malicious or no malicious. ?alicious insiders intentionally eavesdrop, steal, or damage

information) use information in a fraudulent manner) or deny access to other authorized users. 0his controlled

using efficient authentication and authorisation systems and I4S

?al!are

♦ ?al!are are malicious codes that can cause distortion on your ro!ser and eventually cripple your system. 0hey

can hi>ac" your ro!ser, redirect your search attempts, serve up nasty pop7up ads, trac" !hat !e sites you visit,

and prevent you from performing certain functions. an horse, spy!are, ad!are,

dialers, hi>ac"ers, etc. 0hey are controlled using fre-uently updated and highly rated antivirus, antispy!are, etc.


37/56

Cyberse#uri"y * )e Payers

&*3''

♦$ac%ers♦Security e&perts'researchers

♦(overnment, organisations,Individuals

M "i F C b A""


38/56

Mo"i'es For Cyber A""a#s

&*3''

♦ Some of the motives for cyer attac"s include:

– Dendetta=evenge

– Lo"e6ran"

– 0he Bac"er+s


39/56

&e#en" >is"ory $ Cyber A""a#s

&*3''

a. >ear"and Pay%en" Sys"e%s♦ Da"e ?arch 2&&5

♦ !%/a#" '3# million credit cards e8posed through SMJ

in>ection to install spy!are on Beartland+s data systems.

♦ $ federal grand >ury indicted $lert 9onzalez and t!ounnamed =ussian accomplices in 2&&;. 9onzalez, a

Cuan7$merican, !as alleged to have masterminded

the international operation that stole the credit and deit

cards. In ?arch 2&'& he !as sentenced to 2& years infederal prison



40/56

&e#en" >is"ory $ Cyber A""a#scontd...

&*3''

. Sony?s PayS"a"ion Ne"(or – Da"e $pril 2&, 2&''

– !%/a#" million 6layStation /et!or"

accounts hac"ed) Sony is said to have lost

millions !hile the site !as do!n for a month.

♦ 0his is vie!ed as the !orst gaming community data

reach of all7time. Of more than million

accounts affected, '2 million had unencryptedcredit card numers. $ccording to Sony it still has

not found the source of the hac"



41/56


&*3''

♦ c. ooe6o")er Sii#on =aey #o%/anies – Da"e ?id72&&;

– !%/a#" Stolen intellectual property

♦

In an act of industrial espionage, the Chinesegovernment launched a massive and unprecedented

attac" on 9oogle, Nahoo, and dozens of other

Silicon Dalley companies. 0he Chinese hac"ers

e8ploited a !ea"ness in an old version of Internetis"ory $ Cyber A""a#s


42/56


&*3''

♦

d. CardSys"e%s Sou"ions – Da"e Lune 2&&*

– !%/a#" #& million credit card accounts e8posed.

CSS, one of the top payment processors for Disa,

?asterCard, $merican an attac", !hich inserted code into the

dataase via the ro!ser page every four days, placingdata into a zip file and sending it ac" through an @06.



43/56


&*3''

♦

e. &SA Se#uri"y – Da"e ?arch 2&''

– !%/a#" 6ossily #& million employee records

stolen.

♦ 0he impact of the cyer attac" that stole

information on the company+s SecurI4

authentication to"ens is still eing deated



44/56


&*3''

♦

$ . Ci"yban in SA – Da"e 2&''

– !%/a#" 2'&,&&& customers affected. $out 2.

million stolen.

♦ 0he impact of the cyer attac" targeted the social

Security numers, irth dates, card e8piration

dates and card security code %CDD( !ere not

compromised.



45/56


&*3''

")ers

♦ E@lameF the !ashington "ost reported in 2&'', even

though itGs li"ely that @lame %as !ell as Stu8net( is the

result of .S. and Israeli cyer!arfare cooperation.

♦ Israel admitted pulicly for the first time to engaging in

Ecyer activity consistently and relentlesslyF for the purposes of Kth!arting and disrupting enemy pro>ects,F

♦ .S. government long ago decided that launching cyer7

attac"s against countries it vie!s as a threat is a

legitimate foreign policy tool. .S. has against others,especially China, for conducting cyer operations against

.S. usinesses or government organizations.

&e#ord o$ /as" #yber a""a#s


46/56

&e#ord o$ /as" #yber a""a#s

&*3''

♦ 0he cyer !arfare continues !ith reno!ned Computer Security e8perts

fighting daily to cur the increasing numer of attac"s.

♦ $ccording to /IS0, 2&'2

P Fiure 1 &e#ords o$ /as" a""a#s

) ) i ") i :


47/56

)e (ar B )o is ")e (inner:

&*3''

♦ 0he attac"ers are clearly the !inners in the game at the present, and they lead

y a very !ide margin, and it is even more complicated ecause some of the

governments of countries fighting cyer threats are also attac"ers themselves

to other nation.

♦ 0his !as also the position of &SA Se#uri"y #)air%an $rthur Coviello, the

reno!ned system security company of the S$ !hose company is still

counting its loss from a recent attac".

Sra"eies $or !n$or%a"ion Se#uri"y


48/56

Manae%en"

&*3''

'& "ey strategies for information security management in organisations:7

♦

Create security training and a!areness programme !ithin the organization♦ Identify and document all resources on the net!or"

♦ $ll connections to the net!or" must e "no!n, documented and

monitored

♦ Bave an efficient access control system

♦ Implement trusted and efficient intrusion prevention and detectionsystems

♦ Bave an effective programme for ac"up and recovery, ris" analysis and

incident handling

♦ 6revent all un"no!n applications

♦ se security applications from reliale vendors

♦


49/56


50/56


51/56

Forensi# Co%/u"in


52/56

/

&*3''

$ digital forensic investigation commonly consists

of 3 stages: ac-uisition or imaging of e8hiits,

analysis, and reporting.♦ $c-uisition involves creating an e8act sector level duplicate %or

Kforensic duplicateK( of the media, often using a !rite loc"ing

device to prevent modification of the original.

♦ 4uring the analysis phase an investigator recovers evidence

material using a numer of different methodologies and tools. 0he

evidence recovered is analysed to reconstruct events or actions

and to reach conclusions, !or" that can often e performed y lessspecialised staff.

♦ Hhen an investigation is complete the data is presented, usually in

the form of a !ritten report.

Forensi# Co%/u"in


53/56

&*3''

Some tools used for digital forensic investigation

are:7

a. F< !%aer

b. De#;"

#. De#ode B Forensi# Da"e6i%e De#oder

d. Dii"a !%ae &e#o'ery

And %any %ore

Con#usion


54/56

Con#usion

&*3''

♦

$ ma>or concern is !hether the attac"ers !ill e!inners forever.

♦ Systems and /et!or" !ill continue to e penetrated

♦ Security e8perts and researchers are fighting hard. /e!

proactive and roust approaches need to e employed♦ Intelligence of the hac"ers must e anne8ed and utilised

y government

♦ Bo! prepared are !e as individuals, organisations and

governmentQ♦ usiness of everyody

&e$eren#es


55/56

&e$eren#es

&*3''

– 6eterson, 9ilert R Shenoi, Su>eet %2&&;(. K4igital @orensic =esearch: 0he 9ood, the

ad and the naddressedK. Advances in Digital $orensics V %Springer oston( 30:'–3. doi:'&.'&&;5737#27'**72.

♦ $li ?ohamed < %2&&5(. Study and 4evelop a /e! 9raphical 6ass!ord SystemF,

niversity 0echnology ?alaysia, ?aster 4issertation.

♦ $rash BJ, =osli S, Samaneh @, Omar T %2&&;(. $ !ide7range survey on =ecall7ased

9raphical ser $uthentications algorithms ased on ISO and $ttac" 6atterns, ILCSIS, : 3.

♦ $li ?ohamed < %2&&5(. Study and 4evelop a /e! 9raphical 6ass!ord SystemF,niversity 0echnology ?alaysia, ?aster 4issertation.

♦ $rash BJ, =osli S, Samaneh @, Omar T %2&&;(. $ !ide7range survey on =ecall7ased

9raphical ser $uthentications algorithms ased on ISO and $ttac" 6atterns, ILCSIS, : 3.

♦ Sodiya, A. S. and Onashoga, S. $. %2&&;(. EComponents7ased $ccess Control

$rchitectureF, o!rnal of Iss!es in Infor%ing *cience and Infor%ation

$ec+nology % S$, Dol. , 2&&; % pp *37', ISS/: '*#75#, pulished yInforming Science Institute. $vailale online at http:IIS0.

♦ '

&e$eren#es contd...

http://en.wikipedia.org/wiki/Digital_object_identifierhttp://dx.doi.org/10.1007%2F978-3-642-04155-6_2http://dx.doi.org/10.1007%2F978-3-642-04155-6_2http://en.wikipedia.org/wiki/Digital_object_identifier


56/56

&*3''

♦ Onashoga, S. $., Sodiya, A. S., $nd Omotoso, . 9. %2&&;(. E$ 0au Search $lgorithm

for Consumer @inancial Optimization SystemF, o!rnal of Co%"!ter *cience and Its

A""lication % Vol. &'% (o. &% Lune, 2&&;, ISS/: 2&&7**23, pulished y /igeria Computer

Society.♦ Sodiya, A. S., Onashoga, S. $. $nd $depo>u, . 0. %2&&;(. E

CPN Presentation New

Documents

Transcript of CPN Presentation New