JASC: Journal of Applied Science and Computations ISSN NO: 1076-5131
INFORMATION SECURITY 1 Jelsteen.J, 2 M. Nithya Shree, 3K.Meenashi, 1Assistant Professor, MCA., M.Phil( P.hD), Department of BCA 2, 3 II BCA, Department of BCA
Sri Krishna Arts and Science College, Coimbatore [email protected] [email protected] [email protected]
Abstract
The concept of belief is currently not present in our environment. Users of internet are always in verge of threat by unknown resources. Threats can be received by any means, for example through emails and messages. Lots of attention should be earned from the people towards protecting their private information and alertness towards the threats from unauthorized resources. With this inspiration in our minds we have tried to bring out the possible threats and defenses against it. And also to explain the common methods hackers handle to breach our information.
figure :1
Introduction
Information security also called as infosec is a practice of protecting the users from unknown access, replacement of information and destruction of the data. Information security further ensures the confidentiality, integrity and availability. This kind of protection for the users is the primary aim of the information security.
1. Confidentiality: Confidentiality means information is not revealed to unauthorized websites, individuals and organizations. 2. Integrity: It ensures the accuracy of the information in its lifecycle [1]. In other words, information cannot be rewritten by unauthorized users. 3. Availability: To satisfy the needs of the users ,an information should be available to them whenever they need. It also ensures to block the denial of service attack which inhibits the availability of information.
Need of Infosec
Government, Military, Corporations, Hospitals etc have many sensitive information like usernames, personal information etc
Volume VI, Issue II, February/2019 Page No:2213 JASC: Journal of Applied Science and Computations ISSN NO: 1076-5131
which should not be known by others. There are hackers who impose threats to these sectors which increases the need to protect this information. Theft of equipment or information is becoming more common today due to the reality that most devices today are mobileprivacy of the users we mainly need information security. are vulnerable to theft and have also become far more desirable as the amount of data capacity increases[2]. To ensure the
Threats
As the time moves on, need of the people increases widely. Hence people need more technology to simplify their works. Here come the smart phones which can satisfy the need of the people. There are few mobile applications that open up a new page on their own, which provides a link between the hackers and the information present in our phones. Presence of malware which inputs harmful codes in our system to breach our private information. Viruses, worms and Trojan horses can go into our system to steal information [3].
There are various threats imposed by malware:
1. Adwares
Adwares impose threats by means of advertisements. They breach our private information. An attacker inserts malicious codes with ads which monitors our activities. They get installed in our system with our notice and starts to display advertisements on its own when users use browsers [4]. 2. Spywares
It is a program or software which regularly spies on the users and collects the information and provides those details to third party. Spywares enter through our system mainly through internet explorer. Their main tool is cookies. They collect user’s information through cookies.
3. Ransomware Ransomware are challenging ones, as they lock our systems which make the user unable to access their own computers. They demand the users for money. Starting from year 2012, use of ransomeware has increased tremendously. Ransomeware attacks are done with the help of Trojans. 4. Zombies
They are alike to spyware except that they wait for the command from the hackers. They also steal private and confidential information. Zombie computers are controlled by hackers. They create spam emails. 50% of the spam emails are sent by Zombies computers. 5. Worms
A Worms is a computer program that replicates itself. They jump from one computer to another easily with the presence of the network [5]. It reduces the performing speed of the computer considerably. Worms can place a copy of itself onto all the Web servers the affected system can extend. This affects the web servers also [6]. 6. Watering Hole Attack
In this kind of attack, hacker pursues a method in which they secretly observe a group or organization to find out which website they use often [7]. And then attackers or hackers insert a malware inside that website. Any one employee gets affected in the organization by the malware, which opens the way to get the entire information about the organization.
Threats faced by MNCs 1. Ebay
During May 2014 ebay faced a cyber attack which exposed the names, date of birth, addresses and phone numbers of the users. Hackers got hold of three employee’s accounts, which was the starting point of the hacking.
Volume VI, Issue II, February/2019 Page No:2214 JASC: Journal of Applied Science and Computations ISSN NO: 1076-5131
2. Yahoo
Around September 2014 Yahoo faced biggest cyber attack which exposed the personal information of approximately 500 million people. Yahoo urged people to amend their passwords and security questions as soon company heard about the hacking, so to prevent further more breach of information.
3. Uber
In late 2016 two hackers stole phone numbers, email addresses of 57 million users. Hackers also managed to steal license plate numbers of 6 lakhs uber drivers. Hackers accessed the data stored in third party cloud based services that uber used for storing customers details. 4. Sony Play station Networks
This incident is marked as one of the worst breach of information faced by any company, as it involved 77 million accounts. Hackers gained access to the emails, address, bank details and login details. This incident happened 20th of April, 2011.
5. Adobe
This incident had impact on nearly 38 million users. Company revealed that hackers got hold of bank details of the users and login details. This incident happened in October 2013. 6. Chinese Country Level Watering Hole Attack
This incident happened in 2018. Chinese hacker group called LuckyMouse was responsible for this watering hole attack in China. They inserted a malicious code in JavaScript, inside the official government websites to get the details about the government employees. Defenses
1. Firewall
Firewalls are protective shields against the hackers. They have a capability to identify the trusted and untrusted networks in internet. Firewall prevents us from various cyber attacks. They carefully select the data need to be given. They also prevent unwanted intrusions. A main disadvantage in using the firewall is that they are incapable to prevent us from malware attacks.
2. Mobile Secure Gateway
It provides secure transfer of data in mobile. It is composed of two main components client library and gateway. The client library is linked with the mobile application which gives a safe access to servers through gateways. Gateway uses the communication protocols like IPv4 and IPv6.
3. Cryptography
Cryptography provides a well secured and more restricted communication with presence of third parties, called adversaries [8]. Cryptography is to fabricate and examine the protocols that prevent others from reading the personal messages. It ensures various features of information security like confidentiality, data integrity, and authentication .Cryptography has its own boundaries as it can also be used to espionage and government has restricted its uses [9].
(a)Encryption
Encryption is the process of changing a data to format that can be accessed only by authorized users. Unauthorized users cannot access the data. Encryption has been used widely in communication between Militaries and governments. It is now frequently used in protecting information within many kinds of civilian systems. For example, the Compute r Security Institute reported that in 2007, 71percent of companies surveyed used encryption for some of their data in transit, and 53% utilized encryption for some of their data in storage
Volume VI, Issue II, February/2019 Page No:2215 JASC: Journal of Applied Science and Computations ISSN NO: 1076-5131
(b)Decryption
Decryption is changing the encrypted data into its original format. It is a crucial step because this decrypted data is the one understandable by users. As information travels over the Internet, it is necessary to scrutinize the access from unauthorized organizations or individuals.
4. Authentication
The process of identifying the user using username and passwords and then providing the access to their accounts is called as authentication. It does not say about the access rights about the individual. In simple terms users should prove their identity to the server for access their data.
Application securities are the steps taken to prevent the vulnerable attacks faced by the users while using an application. Application software includes antivirus software which is widely used by people to safeguard their system from virus attacks. It prevents the users from denial of service attack and unplanned events like failure of storage device.
Dominance of Information Security
1. Easy to utilize the services provided by it 2. As the technology increases crimes against it also gets increased 3. Help us to save our information by not getting into wrong hands 4. Information security will be helpful in the areas of banks , offices and many others sectors 5. Information security protects the data while it is in use as well as when it is not in use. 6. Information security will be helpful in the areas of banks , offices and many others sectors 7. Rate of cyber attacks and the threats for the private information are reduced
figure 2
Drawbacks of Infosec
1. Technology keeps on changing which force the users to purchase more upgraded version as the time passes by 2. If user fails to protect a particular data then they should face a threat of exposing their private information completely. 3. Some of the users are not aware about these technologies as they are complicated 4. To implement the concept of information security investment in huge lumpsum has become inevitable. 5. Right now we do not have the resources to find the vulnerable data.
Risk Management
Risk management is the process of identifying the possible threats to be faced by the users and to decide what kind of countermeasures they can take [10]. This is called as risk management .Risk management is also called as ISRM –Information security risk management. There are three main components in risk management:
1. Threats
Volume VI, Issue II, February/2019 Page No:2216 JASC: Journal of Applied Science and Computations ISSN NO: 1076-5131
. Threats are data which are exploited by unknown users. They can be done intentionally
2. Vulnerability
Vulnerability is how easily the data is been exposed to the hackers. As the rate of vulnerability is high, the chance of exposure of the data is high.
3. Threat Source
It is a method to identify the origin of the threat. This is called as threat source. Risk management is carried out by the people who have appropriate knowledge to identify the threat and who can propose a solution for the threat. They evaluate the threat of the system and they have potential to reduce the effects of the threat. The level of risk can be estimated very well by them [11].
Creating awareness
Government should be able to create awareness among the people to safeguard their private information. We must encourage the youngsters to create an application that safeguards our personal details from the eyes of hackers.
.
figure 3: Applications exposed to vulnerability
From this figure 3 we are able to conclude that these applications are more prone to the cyber attacks. Hence we must create awareness about the vulnerability of the data.
Volume VI, Issue II, February/2019 Page No:2217 JASC: Journal of Applied Science and Computations ISSN NO: 1076-5131
figure 4: Financial damages caused by cyber crimes
Figure 4 represents the approximate damages caused by cyber crime from the year 2007 to 2017. During the year 2016, many companies experienced information loss. Most of the data breach incidents were connected to identity theft.
A new malware named as CookieMiner discovered by Palo Alto Networks. This malware was discovered on Feb 1, 2018. It is capable of stealing passwords in Chrome and iPhone text messages from iTunes backup on tethered Mac. This malware steals the cookies of the web browsers, Google Chrome and Apple’s Safari.
Conclusion
Information security ensures the protection to the software, hardware and the data. In near future, as the technology develops, our information will be more prone to third party. There isn’t any software that can completely protect us from this threat. From this presentation we conclude that we must invent many techniques to afford protection to our private information. We also saw the notions of threats, risk management and defenses against the threat in this presentation.
References
[1] Boritz, J. Efrim. "IS Practitioners' Views on Core Concepts of Information Integrity". International Journal of Accounting Information Systems. Elsevier. Retrieved 12 August 2011.
[2]Enge Eric. "Stone Temple". Cell phones [3] Stewart, James (2012). CISSP Study Guide. Canada: John Wiley & Sons, Inc. pp. [4]Tulloch, Mitch (2003). Koch, Jeff; Haynes, Sandra,eds. Microsoft Encyclopedia of Security. Redmond, Washington: Microsof t Press
[5]Barwise, Mike. "What is an internet worm?". BBC. Retrieved 9 September 2010 [6] Information security,A.Angel Freedaraja, K.Benitlin Subha.
[7] Holyday watering hole attack proves difficult to detect and defend against D Kindlund - ISSA J, 2013 - issa.org
[8]Rivest, Ronald L. (1990). "Cryptography". In J. Van Leeuwen. Handbook of Theoretical Computer Science. 1. Elsevier [9] Cryptography, security, and the the future B Schneier - Communications of the ACM, 1997 - go.galegroup.com [10] ISACA (2006). CISA Review Manual 2006. Information Systems Audit and Control Association. p. 85. ISBN 1-933284-15-3. [11] The Role of Risk Management in IT systems of organizations “ H Tohidi – Procedia Computer science , 2011 – researchgate.ne
Volume VI, Issue II, February/2019 Page No:2218 JASC: Journal of Applied Science and Computations ISSN NO: 1076-5131
Volume VI, Issue II, February/2019 Page No:2219