Increasing Complexity

Increases Vulnerability
  The computing environment has become enormously complex.
 Networks, computers, operating systems, applications, Web
sites, switches, routers, and gateways are interconnected and
driven by hundreds of millions of lines of code. This
environment continues to increase in complexity every day.
CLOUD COMPUTING

 environment in which software and data storage are services

provided via the Internet (“the cloud”);
 This represents a significant change in how data is stored, accessed,
and transferred, and it raises many security concerns.
SERVICE MODEL

(Infrastructure as a service)
SERVICE MODEL

(Platform as a service)
SERVICE MODEL

(Software as a service)
SERVICE MODEL
VIRTUALIZATION SOFTWARE

 operates in a software layer that runs on top of the operating system.

 It enables multiple virtual machines each with their own operating
system—to run on a single computer.
VIRTUALIZATION SOFTWARE

BENEFITS:

 Increased efficiency and multitasking

 Manageability - the ability to move, copy, and isolate VMs
 Sustainability – energy savings by the way of less hardware and electricity
 Availability – the ability to snapshot, clone, and run redundant VMs
 Security – isolation of VMs and application
VIRTUAL MACHINES

 performs as if it is a separate computer, completing required tasks for the users

and applications assigned to that virtual machine.
 With virtualization, the workload from multiple physical servers can be handled
by separate virtual machines on a single physical server.
HIGHER COMPUTER USER EXPECTATIONS
 

 Today, time means money, and the faster computer users can solve a problem,
the sooner they can be productive.
 Some computer users share their login ID and password with other co-workers
who have forgotten their own passwords.
 Sometimes they forget to:
 Verify user’s identities.
 Check whether users are authorized to perform the requested action.
EXPANDING AND CHANGING SYSTEMS
INTRODUCE NEW RISKS
 
Network Era
- Personal computers connect to networks with millions of other computers.
- All capable of sharing information.

Information Technology
- Necessary tool for organization to achieve goals.
- Increasingly difficult to keep up with the pace of technological change.
BRING YOUR OWN DEVICE (BYOD)

 is a business policy that permits, and in some cases encourages

employees to use their own mobile devices (smartphones, tablets, or
laptops) to access company computing resources and applications,
including email, corporate databases, the corporate intranet, and the
Internet.
BRING YOUR OWN DEVICE (BYOD)
BRING YOUR OWN DEVICE (BYOD)
INCREASED RELIANCE ON COMMERCIAL
SOFTWARE WITH KNOWN VULNERABILITIES

 Exploit
- is an attack on an information system that takes advantage of a
particular system vulnerability.
- Often this attack is due to poor system design or implementation.
 patch
-Once the vulnerability is discovered, software developers create and
issue a “fix,” to eliminate the problem.
INCREASED RELIANCE ON COMMERCIAL
SOFTWARE WITH KNOWN VULNERABILITIES

 zero-day attack
- takes place before the security community or software developer knows
about the vulnerability or has been able to repair it.

 U.S Companies
- increasingly rely on commercial software with known vulnerabilities.
INCREASED RELIANCE ON COMMERCIAL
SOFTWARE WITH KNOWN VULNERABILITIES
INCREASED RELIANCE ON COMMERCIAL
SOFTWARE WITH KNOWN VULNERABILITIES

YEAR Number of Software Vulnerabilities Identifies

2006 4,842
2007 4,644
2008 5,562
2009 4,814
2010 6,253
2011 4,989
THANK YOU
AND GOD BLESS!
The Common types of attack
1. Viruses
2. Worms
3. Trojan Horse
4. Spam