INFORMATION SECURITY LAW - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

INFORMATION SECURITY LAW

Description:

Software: purchased or developed programs ... Hacking: intentional access without authorization or in excess of authorization ... – PowerPoint PPT presentation

Number of Views:109
Avg rating:3.0/5.0
Slides: 38
Provided by: michaelg2
Category:

less

Transcript and Presenter's Notes

Title: INFORMATION SECURITY LAW


1
INFORMATION SECURITY LAW
2
Risk Analysis
  • Assets
  • Threats
  • Vulnerabilities

3
Risk Analysis - Identification of Assets
  • Physical assets
  • Hardware
  • Software purchased or developed programs
  • Documentation manuals, administrative
    procedures, etc
  • Supplies paper forms, magnetic media, printer
    liquid, etc
  • Money, financial assets

4
Identification of Assets Intellectual Capital
  • Data and databases
  • Client lists and customer information
  • Contract and pricing information
  • Internal processes and methods of doing business
  • Business strategies and plans
  • New product development, promotional campaigns
  • R D activities
  • Other intangibles, such as goodwill,
    organizational structure, employee
    knowledge/expertise

5
Threats and Vulnerabilities
  • Threat
  • Any circumstance or event with the potential to
    intentionally or unintentionally exploit a
    specific vulnerability in an information system
    or otherwise adversely affect an organizations
    operations or assets

6
Threats and Vulnerabilities
  • Vulnerability
  • A flaw or weakness in the design or
    implementation of an information system that
    could be intentionally or unintentionally
    exploited to adversely affect an organizations
    operations or assets

7
  • Threats and Vulnerabilities The Big Picture

8
The State of Information Security
  • Security problems are growing
  • Total financial losses doubled in 2003
  • Most organizations are not yet equipped to deal
    with security threats
  • Growth of the external threat
  • New and evolving threats
  • 95 of security issues could have been avoided if
    systems were properly configured and patched

CERT 2003 Computer Crime Survey
9
Attacks and Attackers
  • Attackers
  • Internal or external
  • Purpose or motivation of attacker

10
Attackers
  • Hackers
  • Hacking intentional access without authorization
    or in excess of authorization
  • Some are highly skilled, others have less
    technical expertise

11
Attackers
  • Script Kiddies
  • Use pre-written attack scripts (kiddie scripts)
  • Viewed as lamers
  • Large numbers make dangerous
  • Noise of kiddie script attacks masks more
    sophisticated attacks

12
Attackers
  • Criminals, organized crime
  • Theft and embezzlement
  • Credit card and identity theft
  • Stealing trade secrets (intellectual property)
  • Extortion

13
Attackers
  • Employees (Present Former), Consultants,
    Partners, Vendors and Contractors
  • Financial theft
  • Theft of trade secrets
  • Sabotage

14
Attackers
  • Cyberterrorists
  • New level of danger
  • Infrastructure destruction
  • IT Infrastructure
  • Use IT to damage physical infrastructure

15
Attackers - Motivation
  • Fame or publicity
  • Revenge or personal motivation e.g., harm to
    former employers business
  • Economic gain (theft, extortion, identity theft,
    industrial espionage)
  • Political or ideological - cyberterrorists, spys
    etc.

16
Spy
Thief
Trespasser
Author
Vandal
Script-Kiddie
HobbyistHacker
Expert
Specialist
17
Largest segment by spent on defense
Spy
Largest area by lost
Fastest growing segment
Thief
Trespasser
Largest area by volume
Author
Vandal
HobbyistHacker
Script-Kiddie
Expert
Specialist
18
Attacks and Attackers
  • Attacks
  • Directed or Random
  • Nature of attack - methods/means

19
Types of Attacks
Attacks
Social Engineering -- Opening Attachments Password
Theft Information Theft
Physical Access Attacks -- Wiretapping Server
Hacking Vandalism
Dialog Attacks -- Eavesdropping Impersonation Mess
age Alteration
Penetration Attacks
Malware -- Viruses Worms
Denial of Service
Scanning (Probing)
Break-in
20
Common Types of Attacks
  • Denial of service attacks
  • Malware
  • Hacking/unauthorized access

21
Denial-of-Service (DOS) Attacks
  • Attack on availability, prevents legitimate
    users access to a system by flooding the system
    with illegitimate traffic
  • Usually act of vandalism
  • Threat of DOS can be means of extortion

22
Types of DOS Attacks
  • Single-Message DOS Attacks
  • Crash a host with a single attack packet
  • Flooding DOS Attacks
  • Flood host with a series of packets

23
Figure 4-11 Denial-of-Service (DoS) Attacks
  • Flooding Denial-of-Service Attacks
  • SYN flooding (Figure 4-12)
  • Try to open many connections with SYN segments
  • Victim must prepare to work with many connections
  • Victim crashes if runs out of resources at least
    slows down
  • More expensive for the victim than the attacker

24
Figure 4-12 SYN Flooding DoS Attack
SYN
SYN
SYN
SYN
SYN
Attacker Sends Flood of SYN Segments Victim Sets
Aside Resources for Each Victim Crashes or Victim
Becomes Too Overloaded to Respond to the SYNs
from Legitimate Uses
Attacker 1.34.150.37
Victim 60.168.47.47
25
Figure 4-13 Smurf Flooding DoS Attack
Innocent Firm
Echo
4. Echo Replies
Attacker 1.34.150.37
2. Router with Broadcasting Enabled
1. Single
ICMP Echo Message Source IP 60.168.47.47
(Victim) Destination IP Broadcast
3. Broadcast Echo Message
Victim 60.168.47.47
26
Denial-of-Service (DOS) Attacks
  • Distributed Denial-of-Service Attack
  • Sophisticated DOS attack where attacker takes
    control of hundreds or thousands of computers
    (Zombies) and uses them to launch a coordinated
    attack against a target or multiple targets

27
Figure 4-14 Distributed Denial-of-Service (DDoS)
Attack
Zombie
Handler
Attack Command
Attack Command
Attack Packet
Victim 60.168.47.47
Attacker 1.34.150.37
Attack Packet
Attack Command
Attack Command
Zombie
Attack Packet
Attack Command
Handler
Zombie
28
Malicious Software (Malware)
  • Malware Malicious software
  • Automated attack robot capable of doing damage
  • Contain harmful or benign payloads

29
Types of Malware
  • Viruses piece of programming code usually
    disguised that causes unexpected and damaging
    results
  • Infect files or system sectors on disk
  • Attach themselves to executable programs or to
    disk system sectors (mostly the former)
  • Infected file must be executed for virus to be
    able to work

30
Types of Malware
  • Worms self-replicating virus that does not alter
    files but resides in active memory and duplicates
    itself
  • Generally use parts of operating system that are
    automatic and invisible to the user
  • Propagate by themselves between hosts

31
Types of Malware
  • Trojan horse program in which the malicious code
    is contained inside apparently harmless
    programming or data
  • Malicious scripts programs embedded in a Web
    site that can cause some degree of damage
    (pop-ups, crashing of system)

32
Virus Propogation
  • Exchange floppy disks
  • IRC, P2P and instant messaging (IM)
  • Downloads
  • E-mail attachments
  • 90 of viruses spread via e-mail attachments today

33
Unauthorized Access/Hacking
  • Probing and surveillance techniques
  • Scanning, sniffing, fingerprinting, social
    engineering
  • Penetration and access
  • Password guessing cracking software,
    exploiting known vulnerabilities
  • Compromising the information system
  • Spyware, keystroke programs, robots

34
Trends in Attacks
  • Automation of attack tools
  • Sophistication
  • Faster discovery of vulnerabilities
  • Increasing permeability of firewalls
  • Asymmetric threats
  • Infrastructure attacks

35
Symantic Internet Security Threat Report (2004)
  • Increased threats to e-commerce
  • Short time between vulnerability and exploit
  • Rise in remotely controlled bots
  • Increase in easy-to-exploit vulnerabilities

36
Top Vulnerabilities to Windows Systems
  • W1 Internet Information Services (IIS)
  • W2 Microsoft SQL Server (MSSQL)
  • W3 Windows Authentication
  • W4 Internet Explorer (IE)
  • W5 Windows Remote Access Services
  • W6 Microsoft Data Access Components (MDAC)
  • W7 Windows Scripting Host (WSH)
  • W8 Microsoft Outlook and Outlook Express
  • W9 Windows Peer to Peer File Sharing (P2P)
  • W10 Simple Network Management Protocol (SNMP)

37
Top Vulnerabilities to UNIX Systems
  • U1 BIND Domain Name System
  • U2 Remote Procedure Calls (RPC)
  • U3 Apache Web Server
  • U4 General UNIX Authentication Accounts with
    No Passwords or Weak Passwords
  • U5 Clear Text Services
  • U6 Sendmail
  • U7 Simple Network Management Protocol (SNMP)
  • U8 Secure Shell (SSH)
  • U9 Misconfiguration of Enterprise Services
    NIS/NFS
  • U10 Open Secure Sockets Layer (SSL)
Write a Comment
User Comments (0)
About PowerShow.com