The Need for Security - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

The Need for Security

Description:

The Need for Security Principles of Information Security Chapter 2 – PowerPoint PPT presentation

Number of Views:325
Avg rating:3.0/5.0
Slides: 33
Provided by: HonoluluC9
Category:
Tags: ccna | chapter | need | security

less

Transcript and Presenter's Notes

Title: The Need for Security


1
The Need for Security
  • Principles of Information Security
  • Chapter 2

2
Chapter Objectives
  • Explain the business need for security.
  • Describe the responsibility of an organization's
    general management and IT management for a
    successful information security program.
  • Identify threats to information security and
    common attacks associated with those threats.
  • Differentiate between threats to information
    systems and attacks against the information
    systems.

3
Introduction
  • The primary mission of information security is to
    ensure that systems and their contents remain the
    same.

4
4 Important Functions of Information Security
  • Protect the ability to function.
  • Enable the safe operation of applications.
  • Protect data.
  • Safeguard technology assets.

5
Protecting the Functionality of the Organization
  • Shared responsibility between general management
    and IT managment
  • Set security policy in compliance with legal
    requirements.
  • Not really a technology issue
  • Address information security in terms of
  • Business impact
  • Cost of business interruption

6
Enabling Safe Operation
  • Organization requires integrated, efficient, and
    capable applications.
  • Technologically complex.
  • Must protect critical applications
  • Operating system platforms
  • Electronic mail
  • Instant messaging
  • Infrastructure developed by
  • outsourcing to a service provider
  • develop internally
  • Protection of the infrastructure must be overseen
    by management.

7
Protecting Data
  • Data provides
  • Record of transactions (e.g., banking)
  • Ability to deliver value to customers
  • Enable creation and movement of goods and
    services.
  • Data in motion (online transactions)
  • Data at rest (not online transaction)
  • Information systems must support these
    transactions.

8
Safeguarding Technology Assets
  • Must have secure infrastructure services based on
    the size and scope of the enterprise.
  • Smaller businesses may require less protection.
  • Email and personal encryption.
  • Additional services required for larger
    businesses.
  • Public Key Infrastructure (PKI) - more complex
  • Needs change as network grows.

9
Threats
  • Requirements to protect information
  • Be familiar with
  • The information to be protected
  • The systems that store, transport and process it
  • Know the threats you face
  • An object, person, or entity that represents a
    constant danger to an asset.

10
12 General Categories of Threat
  • Acts of human error or failure mistakes,
    sloppiness
  • Compromises to intellectual property - piracy,
    licensing
  • Deliberate acts of espionage or trespass
  • shoulder surfing, hacking, script kiddies,
    cracker, phreaker
  • Deliberate acts of information extortion -
    demanding a ransom
  • Deliberate acts of sabotage or vandalism
  • damage reputation, cyberactivist, cyberterrorism
  • Deliberate acts of theft - difficult to detect
  • Deliberate software attacks
  • malware, virus, worm, trojan horses, back door,
    hoaxes
  • Forces of nature - fire, flood, earthquake,
    lightning, storms, etc.
  • Deviations in quality or service - service
    disruptions
  • Technical hardware failures or errors - hardware
    defects
  • Technical software failures or errors -
    accidental or intentional flaws
  • Technological obsolescence - unreliable and
    untrustworthy

11
The Endless Game of Cat and Mouse Meet the Cast
  • Hackers versus crackers
  • White hats, black hats, all the shades of gray,
    and mysterious color changing
  • Conferences?
  • Web sites?
  • Drills?
  • http//www.safepatrolsolutions.com/papers/Crackers
    .pdf

12
Meet the Players
  • Top 10
  • And the others
  • From http//www.pbs.org/wgbh/pages/frontline/shows
    /hackers/
  • And where they congregate do NOT go there
    unless you want to risk catching something
  • http//phrack.com, .

13
Attacks
  • At act or action that takes advantage of a
    vulnerability to compromise a controlled system.
    Accomplished by a threat agent that damages or
    steals information or physical assets.
  • Vulnerability
  • an identified weakness in a controlled system,
    where controls are not present or no longer
    effective.
  • Attacks exist when a specific action occurs that
    may cause a potential loss.
  • Question how will the attacker identify
    weakness and/or know what to attack?

14
Well-Known Types of Attack Against Controlled
Systems
  • Spoofing
  • Man-in-the-Middle
  • Spam
  • Mail Bombing
  • Sniffers
  • Social Engineering
  • Buffer Overflow
  • Timing Attack
  • Malicious Code
  • Hoaxes
  • Back Doors
  • Password Crack
  • Brute Force
  • Dictionary
  • Denial-of-Service (DoS)
  • Distributed Denial-of-Service (DDoS)

Of course, any of these attacks can be
distributed, and/or coming from a botnet.
15
Malicious Code
  • Viruses, worms, Trojan horses, active web
    scripts.
  • State-of-the-art
  • Polymorphic or multivector worm
  • CERT, Symantec, etc. warnings
  • Known attack vectors
  • IP scan and attack
  • web browsing
  • Virus
  • unprotected shares
  • mass mail
  • SNMP

16
Hoaxes
  • Transmit a virus hoax with a real virus attached.
  • More readily transmitted by trusting users!

17
Back Doors
  • Use known or previously discovered access
    mechanism to gain access to a system or network
    resource.
  • May be left by system designers or maintenance
    staff.
  • Referred to as trap doors.
  • Hard to detect --- may be exempt from usual audit
    logging procedures.

18
Password Crack
  • Reverse calculate a password.
  • Component of many dictionary attacks.
  • Security Account Manager (SAM) file is accessible
  • contains hashed representation of the user's
    password.
  • a guessed password can be hashed using the same
    algorithm and compared to the stored hash version
    of the real password.

19
Brute Force Attack
  • AKA, password attack
  • Try every possible combination of options for a
    password.
  • Easier, if passwords are easy to guess or default
    passwords.
  • Avoid using easy to guess passwords --- and don't
    use default passwords.
  • Rarely used, if basic security precautions have
    been implemented (e.g., complex passwords)

20
Dictionary Attack
  • Use a list of commonly used passwords (i.e., a
    dictionary) instead of random combinations.
  • Takes less time to crack than a brute force
    attack.
  • Use electronic dictionaries to enforce use of
    (more) complex passwords.

21
Denial of Service (DoS)Distributed Denial of
Service (DDoS)
  • Overload target with requests
  • Many different flavors
  • TCP SYN flood attack send many TCP connection
    requests.
  • Send million emails or faxes and clog the server
  • DDoS
  • Often uses compromised machines (called zombies,
    from a botnet) to attack the target system.
  • The most difficult to defend against.
  • No controls that any single organization can
    apply.
  • Some cooperative efforts among service providers.
  • MyDoom worm attack.

22
Spoofing
  • Technique of sending messages to a computer using
    a source IP address that indicates the messages
    are coming from a trusted host.
  • Must find an IP address for a trusted host.
  • Must modify packet headers for the attack
    messages.
  • Routers and firewalls can protect against
    spoofing attacks.

23
Man-in-the-Middle Attack
  • AKA, TCP hijacking attack
  • Attacker "sniffs" packets from the network,
    modifies them, then inserts them back into the
    network.
  • Uses IP spoofing to impersonate another entity on
    the network.
  • Allows the attacker to
  • eavesdrop, change, delete, reroute, add, forge,
    or divert data.
  • Spoofing involves the interception of an
    encryption key exchange, which enables the
    hijacker to act as an eavesdropper (transparent
    to the network).

24
Spam
  • Unsolicited commercial email.
  • Has been used as a vector for malicious code
    attacks.
  • Wastes computer and human resources i.e. it is a
    DOS attack
  • Methods to counteract spam
  • Delete offending messages
  • Use filtering technologies to stem the flow

25
Mail Bombing
  • Email denial-of-service attack.
  • Send large emails with forged headers
  • Mechanisms
  • Social engineering
  • SMTP flaws

26
Sniffers
  • AKA, packet sniffers.
  • A program or device that can monitor data
    traveling over a network.
  • Use for legitimate network management functions
    or maliciously.
  • Unauthorized sniffers are dangerous to security.
  • Virtually impossible to detect.
  • Can be inserted anywhere.

27
Social Engineering
  • The process of using social skills to persuade
    people to reveal access credentials or other
    valuable information.
  • Over the phone Hey, Joe, this is Andy from
    department C. Aaron (the boss) told me to ask you
    to give me the XYZ plans, the customers is
    demanding we fix the bugs by tomorrow.
  • Over the phone or in person, to the secretarial
    support
  • May involve impersonating someone higher in the
    organizational hierarchy (requesting
    information).
  • Hey, Joe, this is Aaron (the boss). What was the
    .
  • Tailgating, shoulder surfing, etc.
  • May be a scam --- Nigerian banking, etc.

28
Physical (illegal) access
  • War Driving driving around trying to catch a
    signal
  • Wireless without encryption
  • Non-wireless el.magn. radiation
  • Garbage Diving looking through disposed
    documents
  • Tapping any cable that is not optical. Or, at
    exposed locations (switches, control panels, etc.)

29
Buffer Overflow
  • Buffer is a term for data storage, on logical
    level (often called queue in networking)
  • Buffers are used for many different reasons for
    example, to temporarily store networking data
    when waiting to be processed, etc.
  • Buffers are often implemented as arrays in code
  • Arrays typically have fixed size
  • A buffer overflow is a programming error that
    occurs when more data is sent to a buffer than it
    can handle AND the programmer did not specify
    what happens in that special case
  • Attacker can take advantage of this programming
    error to cause unintended side effects.

30
Timing Attack
  • Something bad happens when a certain time is
    reached
  • Many different flavors. Examples
  • Explores web browser's cache.
  • Allows web designer to develop malicious cookie
    to be stored on user's system.
  • Could allow designer to collect information on
    how to access password-protected sites.

31
Port Scanning
  • http//www.pctopsecurity.com/types-of-attacks/port
    -scan-attack Port scan sees which ports are
    available, which OS you are using,
  • http//www.softpanorama.org/Security/IDS/port_scan
    _detectors.shtml A view from the trenches
  • http//www.cipherdyne.org/psad/ A tool to detect
    port scans

32
  • Review http//www.scribd.com/doc/20138373/CCNA-Sec
    urity-Chapter-1-assessment
  • Challenge go through the PCWeek Hack on p.47 and
    try to understand each step the attacker took.
Write a Comment
User Comments (0)
About PowerShow.com