This is a presentation on Information Security module as part of Diploma in Business Process Outsourcing by SOVET, IGNOU

1. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Information Security
Sukant Kole
Advanced Centre for Informatics & Innovative Learning
Indira Gandhi National Open University, New Delhi
August 24, 2010
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

2. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
What is Information Security ?
Definition
Information Security means protection of information and
information system from unauthorized access, modification and
misuse of information or destruction.
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

3. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
What is Information Security ?
Definition
Information Security means protection of information and
information system from unauthorized access, modification and
misuse of information or destruction.
Impact of Weather Forecasting & Flight Scheduling System
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

4. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Integrity
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

5. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Integrity
Confidentiality
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

6. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Integrity
Confidentiality
Availability
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

7. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Integrity
Confidentiality
Availability
Security
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

8. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Integrity
Confidentiality
Availability
Security
Privacy
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

9. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

10. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

11. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical (Malicious insiders, Careless Employees)
Network
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

12. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical (Malicious insiders, Careless Employees)
Network
Application
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

13. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical (Malicious insiders, Careless Employees)
Network
Application
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

14. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

15. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

16. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

17. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

18. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

19. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

20. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Physical (Malicious insiders, Careless Employees)
Network
Application (Exploited Vulnerabilities, Zero day attacks)
Access Devices Mobile devices, USB Devices
Social Networking
Cloud computing security
Cyber Espionage
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

21. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Access restriction to datacentre, Security surveillance,
Disaster Recovery
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

22. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Access restriction to datacentre, Security surveillance,
Disaster Recovery
VLAN, Authentication Authorization & Auditing service,
WPA-PSK
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

23. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Access restriction to datacentre, Security surveillance,
Disaster Recovery
VLAN, Authentication Authorization & Auditing service,
WPA-PSK
Security patches, Stable version, 3 tier architecture
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

24. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
What is encryption ?
Definition
“....In cryptography, encryption is the process of transforming
information (referred to as plaintext) using an algorithm (called
cipher) to make it unreadable to anyone except those possessing
special knowledge, usually referred to as a key. The result of the
process is encrypted information (in cryptography, referred to as
ciphertext....” (Source: Wikipedia)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

25. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Symmetric Encryption
(Ref: http://www.devx.com/dbzone/Article/29232/1954)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

26. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
Asymmetric Encryption
(Ref: www.uic.edu/depts/accc/newsletter/adn26/figure2.html)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

27. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
User Policies
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

28. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
User Policies
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

29. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
User Policies (Password, Resource Access)
IT Policies
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

30. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
User Policies (Password, Resource Access)
IT Policies
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

31. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
User Policies (Password, Resource Access)
IT Policies (Backup, firewall, IDS & IPS)
General
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

32. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
User Policies (Password, Resource Access)
IT Policies (Backup, firewall, IDS & IPS)
General
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

33. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Attributes of Information Security
Type of threats
Types of security measures
Encryption
Security Policies
User Policies (Password, Resource Access)
IT Policies (Backup, firewall, IDS & IPS)
General (Service License Agreement, Business Continuity)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

34. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

35. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

36. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Infection process
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

37. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Infection process
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

38. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Infection process
Viruses
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

39. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Infection process
Viruses
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

40. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Infection process
Viruses
Worm
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

41. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Infection process
Viruses
Worm
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

42. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

43. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

44. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Introduction
Infection process
Viruses
Worm (Morris Worm, November 2, 1988)
Trojan Horses
Social Engineering attacks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

45. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Definition
“....In the field of networking, the specialist area of network
security consists of the provisions and policies adopted by the
network administrator to prevent and monitor unauthorized access,
misuse, modification, or denial of the computer network and
network-accessible resources....” (Source: Wikipedia)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

46. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Denial of Service (ARP Posioning, DNS Cache Poisoning,
Packet flooding)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

47. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Denial of Service (ARP Posioning, DNS Cache Poisoning,
Packet flooding)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

48. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Denial of Service (ARP Posioning, DNS Cache Poisoning,
Packet flooding)
Unauthorized access to resources (unsecured LAN /WLAN
network points)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

49. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Denial of Service (ARP Posioning, DNS Cache Poisoning,
Packet flooding)
Unauthorized access to resources (unsecured LAN /WLAN
network points)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

50. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Denial of Service (ARP Posioning, DNS Cache Poisoning,
Packet flooding)
Unauthorized access to resources (unsecured LAN /WLAN
network points)
MAC Spoofing, Man-in-the-middle attack
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

51. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Firewall [Software, Hardware]
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

52. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Firewall [Software, Hardware]
Virtual LANs, Virtual Private Networks
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

53. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Firewall [Software, Hardware]
Virtual LANs, Virtual Private Networks
Secured and encrypted access to resources
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

54. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Firewall [Software, Hardware]
Virtual LANs, Virtual Private Networks
Secured and encrypted access to resources
De-Militarized Zones
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

55. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Firewall [Software, Hardware]
Virtual LANs, Virtual Private Networks
Secured and encrypted access to resources
De-Militarized Zones
Intrusion Detection & Prevention System
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

56. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Firewall [Software, Hardware]
Virtual LANs, Virtual Private Networks
Secured and encrypted access to resources
De-Militarized Zones
Intrusion Detection & Prevention System
Honeypots
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

57. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Firewall [Software, Hardware]
Virtual LANs, Virtual Private Networks
Secured and encrypted access to resources
De-Militarized Zones
Intrusion Detection & Prevention System
Honeypots
Directory Services (LDAP, MS-ADS)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

58. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Firewall [Software, Hardware]
Virtual LANs, Virtual Private Networks
Secured and encrypted access to resources
De-Militarized Zones
Intrusion Detection & Prevention System
Honeypots
Directory Services (LDAP, MS-ADS)
Vulnerability Assessment tools (Nessus, Wireshark)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

59. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
Firewall [Software, Hardware]
Virtual LANs, Virtual Private Networks
Secured and encrypted access to resources
De-Militarized Zones
Intrusion Detection & Prevention System
Honeypots
Directory Services (LDAP, MS-ADS)
Vulnerability Assessment tools (Nessus, Wireshark)
Penetration Testing assessment
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

60. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
De-Militarized Zones
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

61. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
De-Militarized Zones
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

62. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
De-Militarized Zones
Virtual LANs
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

63. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
De-Militarized Zones
Virtual LANs
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

64. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
What is network security
Threats to network security
Tools of network security
Secure network devices
De-Militarized Zones
Virtual LANs
Authentication, Authorization, Auditing Service (Desktop,
Web)
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting

65. Information Security Concerns
Software Vulnerabilties
Network Security and Authentication
Open Discussion
Sukant Kole BPOI-007 Course 7 - IT Skills: DBPO-Finance & Accounting