Home >Documents >E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security...

E3-E4 – CFA IT Security › e3e4 › cfa › 11-E3-E4 CFA-IT Security.pdfE3-E4 – CFA IT Security...

Date post:30-Jun-2020
Category:
View:2 times
Download:0 times
Share this document with a friend
Transcript:
  • For BSNL internal circulation only

    E3-E4 – CFA

    IT Security

  • For BSNL internal circulation only

    Information SensitivityInformation Sensitivity

    Information is the most important asset of corporate

    wealth

    Quality information is hard to acquire and easy to

    lose.

    Information Nature : Easy to move and easy to alter

    and this aspect has added insecurity dimension to

    information.

  • For BSNL internal circulation only

    Information SecurityInformation Security

    Vital if Information is on Network

    Means to achieve security may be technical, the

    goals are economical

    The loss of information can adversely affect the

    business continuity and even the image of the

    company

  • For BSNL internal circulation only

    What is Information SecurityWhat is Information Security

    ISO 17799:2000 defines this as the preservation of:

    Confidentiality

    Ensuring that information is accessible only to those

    authorized to have access

    Integrity

    Safeguarding the accuracy and completeness of

    information and processing methods

    Availability

    Ensuring that authorized users have access to information

    and associated assets when required

  • For BSNL internal circulation only

    How to Secure Information?How to Secure Information?

    It involves

    The security at all levels viz.

    – Network

    – OS

    – Application

    – Data

  • For BSNL internal circulation only

    Security AttacksSecurity Attacks

    Who is Attacker/Hacker?

    Internal

    External

  • For BSNL internal circulation only

    Hacking is not difficultHacking is not difficult

    Attack tools are available

    Ready made exploits

    Attack Tools (e.g.)

    – Port Scanners (Fport, Hping2 ..)

    – Vulnerability Scanners (Retina…)

    – Password Crackers (John the Ripper..)

  • For BSNL internal circulation only

    Indications of InfectionIndications of Infection

    Attack tools are available

    Poor System Performance

    Abnormal System Behavior

    Unknown Services are running

    Crashing of Applications

    Change in file extension or contents

    Hard Disk is Busy

  • For BSNL internal circulation only

    Security Incidents Security Incidents -- ReasonsReasons

    Malware (Malicious Codes)

    Known Vulnerabilities

    Configuration Errors

  • For BSNL internal circulation only

    Various Malicious CodesVarious Malicious Codes

    Virus

    Worms

    Trojan Horses

    Bots

    Key Loggers

    Adware and Spyware

  • For BSNL internal circulation only

    Some known Vulnerability Some known Vulnerability

    MSBlaster.A

    Aug. 11, 2003

    Patch: MS03-026

    Jul. 16, 2003

    Patch: MS02-039

    Jul. 24, 2002

    Slammer

    Jan. 25, 2003

    Nimda

    Patch: MS00-078

    Oct.17, 2000 Sept. 18, 2001

    Window

    26 days

    185 days

    336 days

    Window of time from patch availability to outbreak is shrinking

  • For BSNL internal circulation only

    Vulnerable ConfigurationsVulnerable Configurations

    Default Accounts

    Default Passwords

    Un-necessary Services

    Remote Access

    Logging and Audit Disabled

    Access Controls on Files

  • For BSNL internal circulation only

    Information Security ManagementInformation Security Management

    Start With a Focused Methodology

    Evaluate the Organization's IT Infrastructure

    Explore Departmental and IT Controls

    Identify Gaps and Establish Controls

  • Vulnerability Management Vulnerability Management Lifecycle Lifecycle

    For BSNL internal circulation only

  • For BSNL internal circulation only

    Create Usage Policy StatementsCreate Usage Policy Statements

    Start With a Focused Methodology

    Outline Users’ Roles and Responsibilities

    Identify specific actions that can result in punitive

    actions;

    Outline Partner Use Statement

    Outline Administrator Use Statement

  • For BSNL internal circulation only

    Conduct A Risk AnalysisConduct A Risk Analysis

    Identify Risk to Network, Network Resources and Data.

    Identify Portions of the Network, Assign a threat rating to

    each portion and apply appropriate level of security.

    Assign each network resource – Low, Medium or High

    Risk Level

    Identify the types of Users for each resource

  • For BSNL internal circulation only

    Monitoring Security of NetworkMonitoring Security of Network

    Monitor for any changes in Configuration of ‘High risk’

    Devices

    Monitor Failed Login Attempts

    Unusual Traffic

    Changes to the Firewall Configuration

    Connection setups through Firewalls

    Monitor Server Logs

  • Approach to Info Security:Approach to Info Security:Defense in DepthDefense in Depth

    For BSNL internal circulation only

  • Application

    NOS

    RDBMS

    Server

    N/W

    Clients/Users

    How to Secure Information?How to Secure Information?

    For BSNL internal circulation only

  • For BSNL internal circulation only

    Defensive Measure Defensive Measure -- OSOS

    Firewalls are used for Perimeter Defence

    Using Firewall Access Control Policy is Implemented.

    It controls all internal and external traffic.

  • For BSNL internal circulation only

    Perimeter Perimeter DefenceDefence

    Firewalls are used for Perimeter Defence

    Keep up-to-date Security Patches and update releases

    for OS

    Install up-to-date Antivirus Software

    Harden OS by turning off unnecessary clients, Services

    and features

  • For BSNL internal circulation only

    Defensive Measure Defensive Measure ––User ApplicationUser Application

    Keep up-to-date Security Patches and update releases

    for Application Package

    Don’t Install Programs of unknown origin

    Precautions with Emails

    Protection from Phishing attacks

    Securing Web Browsers

  • For BSNL internal circulation only

    Database Security AspectsDatabase Security Aspects

    User Management

    Password Management

    Managing Allocation of Resources to Users

    Backup and Recovery

    Auditing

  • User

    Password expiration and aging

    Password verification

    Password history

    Account locking

    Setting up profiles

    Password ManagementPassword Management

    For BSNL internal circulation only

  • For BSNL internal circulation only

    Setting Resource LimitsSetting Resource Limits

    Number of Concurrent Sessions

    Elapsed Connect Time

    Period of Inactive Time

    Total CPU time

    Number of Datablocks

  • For BSNL internal circulation only

    Backup and Recovery IssuesBackup and Recovery Issues

    Protect the database from numerous types of

    failures

    Increase Mean-Time-Between_Failures (MTBF)

    Decrease Mean-Time-To-Recover

    Minimize Data Loss

  • For BSNL internal circulation only

    AuditingAuditing

    Auditing is the monitoring of selected user data

    base actions and is used to :-

    Investigate suspicious database activity

    Manage your audit trail

    Monitor the growth of the audit trail

    Protect the audit trail from unauthorized access

  • For BSNL internal circulation only

    Summary of Action PlanSummary of Action Plan

    Secure Physical Access

    Remove Unnecessary Services

    Secure Perimeter

    Proper Network Administration

    Apply Patches in Time

    Antivirus Software

    Data Backup

    Encrypt Sensitive Data

    Install IDS

    Proper Monitoring

  • For BSNL internal circulation only

    BSNL Information Security PolicyBSNL Information Security Policy

    BSNL has formulated its Information Security Policy

    and circulated for its implementation during

    December 2008. The BISP consists of two sections:

    Section AThis provides the directives and policies that would

    be followed in ICT facilities within BSNL to provide

    secure computing environment for BSNL

    employees and business to run. The policies are

    formulated around 11 domains of security. These

    are:

  • For BSNL internal circulation only

    BSNL Information Security PolicyBSNL Information Security Policy

    Section AInformation Classification and Control

    Physical and Environmental Security

    Personnel Security

    Logical Access Control

    Computing Environment Management

    Network Security

    Internet Security

    System Development and Maintenance

    Business Continuity Planning

    Compliance

    Third Party and Outsourcing Services

  • For BSNL internal circulation only

    BSNL Information Security PolicyBSNL Information Security Policy

    Section BThis provides the technical solution support to the

    policies mentioned within the policy document. It is

    intended to allow policy makers and architects

    within BSNL to prepare solutions around the

    various security requirements as proposed in

    Section A.

    All BSNL employees are to implement BISP and

    Violation of these Policy Standards may result in

    immediate disciplinary action.

  • For BSNL internal circulation only

Click here to load reader

Reader Image
Embed Size (px)
Recommended