Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com - - PowerPoint PPT Presentation

Confidentiality and disclosure

Mohamed Sayed Saidngar@yahoo.com

Introduction

• Introduction to data security.
• Security requirements.
• Types of security threats.
• Security risks.
• Technologies and security solutions.

Introduction

• Enterprise is a data.
• Data security priority of the institution.
• Data security is a technique to protect data

and services against malicious attacks or natural disasters.

Security and data protection Risks to data The data security and protection of areas Important in computer systems. The definition of data security That the procedures adopted by the Foundation to work on securing the data files and protect them from:

Security and data protection

Risks of unauthorized access

Include the arrival of persons from outside the

• rganization or its employees to data files and view or

modify illegally.

Lost/Corrupt or Data damage

The risk of changing the contents of files, delete, or disrupt it so as to prevent access them. These risks and returns to several reasons, including neglect, abuse or sudden failures in the system files infected or infected computers.

Data Security

Security requirements

Authentication, verification of identity The integrity of the data Confidentiality Prevent the recurrence procedure Anti-Replay Provide continuity in the provision of services / Availability

Types of threats

Threats of negative The familiarized themselves with the data

• nly without the destruction or alteration.

Threats to effective The change, sabotage and modify the data and the exploitation of the communication process.

Security threats

• Interception Identity - Breakthrough identity

Disguise and Masquerade

• To repeat the procedure
• Replay Attack
• Data interception
• Data Modification
• Repudiation

Security threats (continued)

• Data theft
• Macro viruses
• Trojan Horses
• Stop Service
• Privilege misuse
• Social Attack

Technologies and security solutions

• Continuous power supply
• Regulation of the

temperature of the ocean

• Control systems and the

discovery of.

• Access control system.
• Identity verification

systems

• Antivirus
• Data encryption systems.
• Systems and strategic

storage and backup.

• virtual local area networks

/ VLAN.

• Use of firewalls Firewall.
• Use of techniques RAID.
• Use of aggregation

techniques Clustering.

• Software control of

different types of attack.

• Awareness and education

workers.

Continuity of power supply

• Power outages lead to disruption of service and

distort the data.

• Use an uninterrupted power supply UPS.
• Use of generating electricity reserves.

Control systems and discover

• Conditioning systems.

Temperature regulation prevents the servers stopped working due to high heat. Smoke detection system and fire and control. Smoke detection and fire since the start and try to extinguish them and send warning signals and alert. Closed-Circuit Television. Control of personnel and monitoring the external doors Intrusion Detection System. The discovery of irregular parcels and sent to the disclosure rather than direct them to the network.

Access control system

• Control access to places where the

container of servers and data.

• Based on magnetic cards or electronic

cards or rely on the footprint.

• Allow some workers authorized to deal

with the data or servers directly.

• Prevents data theft and stop services.

Public key infrastructure PKI

• Infrastructure to transfer data over the network securely.
• Depend on the secret key and not a secret algorithm.
• Whenever a key length greater the more difficult to

decode encryption.

• Using a pair of keys.
• Each Party shall have two keys: a private key and public

key.

• The public key can be transferred over the network while

the private key remains when the sender is not transmitted over the network.

Applications of public key

• Data encryption.
• Electronic signature.
• Verification of identity.

Data Encryption

• Provides data confidentiality.
• Encrypting the data is by using the public key.
• Decrypt the data is using the private key.
• The sender requests from the future to send him his

public key.

• Future General sends his key to the sender.
• Sender encrypts data using the public key and sends

it to him in the future.

• Future data, and lifting the receive encrypted using

the private key.

Digitally sign messages

• Provide verification of identity and integrity of the data

but does not provide confidentiality.

• When you sign the message gives rise to the so-called

"message digest".

• Established "message digest" by the private key of the

sender.

• Lifting the future, "message digest" by the public key of

the sender.

• Gets on the future of the sender's public key by a trusted

party.

• The future generation of "summary" of the message and

compares them with the summary generated.

Certificates

• Certificates supposed encryption using the public

key that the identity of the owner of my husband's keys are located outside of the doubt.

• Certificate is a set of data that defines an object as a

whole.

• The Authority of the certificates of trusted

certification after identification by the object.

• Certification Authority CA trusted party to the

parties interlocutors.

Build a public key

Applications of public key

• File systems support encryption of data such as NTFS .
• IPSec protocol
• Transfer data across the network is encrypted .
• Works in accordance with the Protocol TCP / IP .
• Useful when the network is connected between the two

parties is safe .

• Safe transport protocol in the Web SSL
• Protocol encapsulates within the last Transfer Protocol .
• Depends on identity verification using the public key .
• The establishment of a single key to encrypt the data is

valid for one session .

• Linked to large applications based on Web and the HTTP

protocol, which then referred him to HTTPS .

Antivirus

• Anti-virus and trojans.
• Centralized system to combat viruses.

Firewalls

• Firewall is a device that connects a private network

and public network and allows access to the services available to the public only.

• Must be approved fire walls, interior and exterior.

virtual local area networks VLAN

• Virtual network is isolated from the physical network

associated with it.

• Large network is divided into small parts isolated

from each other.

• Provide a high level of security between the parts of

the network.

• Isolate Broadcast and parcel of the type of Multicast.

Must check the equipment standard IEEE 802.1Q VLAN.

VLAN

Technical RAID

Technique that allows you to restore data and continue to serve in the event of a hard drive crash. Types: Technical mirror or RAID 1. Technical dual tapes with Forums or RAID 5.

Technical RAID 1

• Copy the same data to two disks at the same time.
• When a disk crashes continue to work hard the other

does not lose data.

Technical RAID 5

• Copy the data to three or more disks.
• Disk is dedicated to data storage Forums Parity.
• When Disk crashes continue to work and calculated

data from the Forums information.

Clustering technology

• Compilation two servers or more to operate as one

server.

• Non-stop service.
• Distribute the load on the two servants.

Storage and backup

• Store data on storage media permanently

rechargeable storage.

• Magnetic cylinder CD.
• Hard drive storage.
• Save across the network.
• Save variable data periodically.
• Save the settings for the operating system when

each new setting.

• Develop a strategy for conservation.

Backup strategy

• Types of conservation:

Vary according to the index to deal with archiving.

• Normal: Copy all the files with the abolition of the

archive Index.

• Incremental: Copy the files ready for archiving only

with the abolition of the Archive Index.

• Differential: Copy the files ready for archiving only,

while maintaining the archive index.

Backup strategy First strategy: Second strategy:

Thursday

Wednesday

Tuesday Monday Sunday

Saturday

I I I I I N Thursday

Wednesday

Tuesday Monday Sunday

Saturday

D D D D D N

Staff education

• Explain the concepts of security.
• The importance of data.
• Data protection.
• Explain the concept and the privacy of the account.

Confidentiality.

• The complexity of the password.
• Periodic change of password.
• Staff education leads to prevent or reduce the
• ccurrence of intrusions.

Data Security Systems

Institutions put multiple security systems to protect data from damage and intentional or unintentional entry

• f any person who is not allowed to the

computer system. The main ways to put security systems and protection of data in the following:

• 1. Give the name of the definitions of

the user's ( User ID ).

• 2. Specify a password

(User Password).

Data Security

• 3. Guides confirmation User Authentications: This can

be a voice or fingerprint evidence or pin number or signature of user

• 4. Define the powers of users UserAuthorization.
• 5. Use virus-detection software for the computer and

working on updating these programs. 6 - keep the data storage disks

• In cabinets and other custom security

for this purpose

• And make backup copies of data

periodically.

Data Security

• 7. Not to neglect output of computer

paper and exposed to view by is not allowed to them, especially if they contain important information.

• 8. Recruitment of staff known for their

honesty and continuity as data manipulation may be software programmers or computer operators.

• 9. Use different systems to access the

locations Special information systems in order to ensure the confidentiality of work and these Systems:

Data Security

• Finger Print & Hand Geometry Reader.
• Voice Recognition.
• Iris Scanner.
• Face Reader.
• Devices fingerprint scanners to detect the identity of

persons

User Authentications