Antispyware :Spybot Search & DestroyAd-Aware Free
Въведение винформационната сигурност21 юни 2011 г. Дарин Йончев
За New Horizons Най-голямата независима обучаваща организация от 2002 г. насам (изт. IDC) Най-пълното портфолио от обучения Техническо обучение - Microsoft, Cisco, IBM, CompTIA, Adobe, IT Security, ITIL и др.; Курсове за работа с приложения (например Microsoft Project, Excel, PowerPoint, Adobe Photoshop, Illustrator и др.) Тренинги за бизнес умения (управление на проекти, комуникационни умения, продажби, лидерство и др.). Доставяме повече курсове, по-често и на повече места, отколкото всяка друга компания по света.
The characteristics of Secure Network Confidentiality Integrity Confidentiality Availability Keeping information and communications private and protected from unauthorized access Availability Ensuring that systems operate continuously and that authorized persons can access the data that they need. Integrity Keeping organization information accurate, free of errors, and without unauthorized modifications.NB: If one of the principles is compromised, the security of the organization is threatened.
Why Network Security Is NecessaryOrganizations must protect their assets to survive and prosperCommon assets that network security personnel protect: Hardware Documentation Software Data An organization’s reputationNetwork security personnel play an important role in protecting theseassets from accidents, mistakes, deliberate attacks, and naturaldisasters
Goals of Network SecuritySecurity Goal Description Personal information, company information, and information on intellectual property must be protected. If security is breached in anyPrevention of these departments, then the organization may have to put a lot of effort into recovering losses. Detection is the step that occurs when a user is discovered trying toDetection access unauthorized data or the information has been lost. You need to employ a process to recover vital data present in files orRecovery folders from a crashed system or data storage devices. Recovery can also pertain to physical resources.
ThreatsA threat is any event or action that could potentially result in the violationof a security requirement, policy, or procedure.Regardless of whether a violation is intentional or unintentional, malicious or not,it is considered a threat. Unintentional or intentional Information Security ThreatsChanges to Interruption of Interruption of Damage to Damage toInformation Services Access Hardware Facilities
Common Threats to Network Security Target Examples Threats Theft Credit-card numbers, DestructionData trade secrets, customer Interception informationPhysical Computers, hubs, Theftcomponents routers Destruction Unauthorized access Memory locations,Virtual Prevention of access network connection,resources to network services CPU Power
Vulnerabilities Attacker Unsecured Router Information SystemAt the most basic level, a vulnerability is any condition that leaves a systemopen to attack. A weakness in your security that could be exploited by a threat.Vulnerabilities can come in a wide variety of forms:• Not understanding or ignoring security policies• Improperly configured or installed hardware or software.• Bugs in software or operating systems.• The misuse of software or communication protocols.• Poorly designed networks.• Poor physical security.• Sharing passwords or using weak passwords• Design flaws in software or operating systems.• And, unchecked user input
AttacksAn attack is a technique that is used to exploit a vulnerability in a computersystem without the authorization to do so. Physical Security Attacks Software-Based Attacks Social Engineering Attacks Web Application-Based Attacks Network-Based Attacks
Social EngineeringA social engineering attack is a type of attack that uses deception and trickeryto convince unsuspecting users to provide sensitive data or to violate securityguidelines.
Types of Social Engineering attacksImpersonation - an attacker pretends to be someone he is not.Phishing - In a phishing attack, the attacker sends an email that seems tocome from a respected bank or other financial institution. Example: The email claims that the recipient needs to provide an account number, Social Security number, or other private information to the sender in order to verify an account.”Vishing - a human-based attack where the goal is to extract personal,financial, or confidential information from the victim by the telephone or VoIPsystemWhaling - a form of phishing that targets individuals who are known topossess a good deal of wealth. It is also known as spear phishing.Spam and spim - email-based threat where the user’s inbox is flooded withemails which carry advertising material for products or promotions for get-rich-quick schemes and can sometimes deliver viruses or malware.
Port Scanning Attacks Port Protocol State 21 FTP Open 53 DNS Closed 80 HTTP Open 110 POP3 Closed 119 NNTP Closed 443 HTTPS Open Nmap, SuperScan, Strobe and etc.
Eavesdropping Attacks (sniffing)An eavesdropping or sniffıng attack uses special monitoring software togain access to private network communications, Tools: Wireshark, Microsoft Network Monitor, tcpdump, dsniff and etc.
Social Network AttacksEvil twin attack/account phishing - attacker creates a social networkaccount to impersonate a genuine user to gain access to various personaldetails and even company informationClickjacking - An attack that forces a user to unintentionally click a link.Password stealer - software that, when installed on a system, will be able tocapture all the passwords and user names entered into the instantmessaging (IM) application or social network site that it was designed for.Spamming - ending unsolicited bulk messages by misusing the electronicmessaging services inside the social networking site.
DoS AttacksA DoS attack is a type of network attack in which an attacker attempts todisrupt or disable systems that provide network services by various means. ICMP flood (Smurf Attack) UDP flood SYN flood Buffer overflow Reflected DoS attack
DDoS AttacksA Distributed Denial of Service (DDoS) attack is a type of DoS attack thatuses multiple computers on disparate networks to launch the attack from manysimultaneous sources. Drones
Session HijackingA session hijacking attack involves exploiting a computer in session to obtainunauthorized access to an organization’s network or services. It involvesstealing an active session cookie that is used to authenticate a user to a remoteserver and using that to control the session thereafter. Legitimate Computer Session Stealing an Active Session Cookie
ARP PoisoningARP poisoning occurs when an attacker with access to the target networkredirects an IP address to the MAC address of a computer that is not the intendedrecipient. IP Address DHCP Server Redirects IP Address to Self
DNS attacksVulnerability Description An attacker exploits the traditionally open nature of the DNS system toDNS poisoning redirect a domain name to an IP address of the attackers choosing. An attacker sets up a rogue DNS server. This rogue DNS serverDNS hijacking responds to legitimate requests with IP addresses for malicious or non- existent websites..
Wireless attacksRogue access point This is an unauthorized wireless access point on a corporate or private network.Evil twins These are rogue access points on a network that appear to be legitimateInterference The phenomenon by which radio waves interfere with the 802.11 wireless signals.Bluesnarfing This is a method in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection within the 30-foot Bluetooth transmission limit.War driving the act of searching for instances of wireless networks using wireless tracking devices such as PDAs, mobile phones, or laptopsCrack wireless encryption IV capture, Brute force
Types of Application AttacksApplication attacks are software attacks that are targeted at web-basedand other client server applications. They can threaten application and webservers, users, other backend systems, and the application code itself. Application Attack Description Cross-site An attack that is directed towards sites with dynamic content. This is done by introducing malicious scripts or by taking over the scripting session before the user session cookies expire. Command injection attacks include several types: • SQL injection Command • LDAP injection injection attacks • XML injection • Directory traversal An attack that occurs when the security level of a system is at its Zero day exploit lowest, immediately after the discovery of a vulnerability.
Types of Application Attacks (Cont.)Application Attack Description An attack where the attacker can merge malicious software or codeAttachment into a downloadable file or attachment on a web server so that usersattack download and execute it on client systems. An add-on that is meant to look like a normal add-on, except thatMalicious add- when a user installs it, malicious content will be injected to target theons security loopholes that are present in a web browser.Header An attack where the attacker manipulates the header informationmanipulation passed between the web servers and clients in HTTP requests.Web applications and other client-server applications are alsovulnerable to various general attack types such as buffer overflowsand session hijacking.
Hackers and Attackers Hacker Attacker Always Malicious IntentWhite Hat Black Hat
Categories of Attackers Malicious insiders (employees and contractors) Electronic activist (hacktivist) Data thief (Industrial or political spies) Script kiddie (novice attackers) Electronic vandals CyberterroristRemember that: Internal attackers can cause more damage than external attackers Novice, intermediate, and advanced attackers all pose significant threats to networks