1_Introduction to security.pptx

Security+ Guide to Network
Security Fundamentals,
Fourth Edition
Chapter 1
Introduction to Security

Security+ Guide to Network Security Fundamentals, Fourth Edition 2
Objectives
• Describe the challenges of securing information
• Define information security and explain why it is
important
• Identify the types of attackers that are common
today
• List the basic steps of an attack
• Describe the five basic principles of defense

Challenges of Securing Information
• There is no simple solution to securing information
• This can be seen through the different types of
attacks that users face today
– As well as the difficulties in defending against these
attacks
• Today’s Security Attacks
– Smartphones a new target

Difficulties in Defending Against
Attacks
• Difficulties include the following:
 Universally connected devices
 Increased speed of attacks
 Greater sophistication of attacks
 Availability and simplicity of attack tools
 Faster detection of vulnerabilities
 Delays in patching
 Weak distribution of patches
 Distributed attacks
 User confusion

Attacks (cont’d.)
• Universally connected devices
• Attacker anywhere can silently launch an attack on any
connect device.
• Increased speed of attacks
• Availability of attack tools.
• Many tool can initiate new attacks without any human
participation
o Slammer worm infected 75,000 computers in the first
11 minutes of its release.
o Slammer infections doubled every 8.5 seconds
o Slammer scanned 55 million computers per Second.

Attacks (cont’d.)
• Greater sophistication of attacks:
• Attackers today use common Internet tools and protocols
to send malicious data and commands.
• Some attack appear differently each time.

Attacks (cont’d.)
• Availability and simplicity of attack tools

Attacks (cont’d.)
• Availability and simplicity of attack tools
8

9
Security+ Guide to Network Security Fundamentals, Fourth Edition
Attacks (cont’d.)
• Faster detection of vulnerabilities
• Using new software tools and techniques
• Day zero attacks
– Occur when an attacker discovered and exploit
previous unknown flaws
• Delays in patching
• Vendors are overwhelmed trying to keep pace with
updating their products against attacks.
• Weak distribution of patches
• Some software vendors have not invested in patch
distribution systems.

Attacks (cont’d.)
• Distributed attacks
• Many against one.
• Difficult to stop an attack by identifying and blocking
the source.
• User confusion:
• Make important decisions with little knowledge.

Attacks (cont’d.)
11
Table 1-2 Difficulties in defending against attacks

What Is Information Security?
• Before defense is possible, one must understand:
– What information security is
– Why it is important
– Who the attackers are

Defining Information Security
• Security
– Steps to protect person or property from harm
• Harm may be intentional or non-intentional.
– Includes preventive measures, rapid response and
preemptive attacks.
• Information security
– Guarding digitally-formatted information:
• That provides value to people and organizations.

Defining Information Security (cont’d.)
• Information security
– Ensures that protective measures are properly
implemented
– Cannot completely prevent attacks or guarantee that
a system is totally secure

• Information security is intended to protect
information that has value to people and
organizations
– Three types of information protection: often called
CIA
• Confidentiality
• Integrity
• Availability
• Information security is achieved through a
combination of three entities

• Confidentiality: Prevention of unauthorized
disclosure of information and keeping unwanted
parties from accessing assets of a computer
system also known as secrecy or privacy
• Integrity: Prevention of unauthorized modification
of information.
• Availability: Prevention of unauthorized
withholding of information or resources. Or
keeping system available

Example
• Consider a payroll database in a corporation, it
must be ensured that:
– Salaries of employees are not disclosed to arbitrary
users of the database.
– Salaries are modified by only those individuals that
are properly authorized.
– Paychecks are printed on time at the end of each
pay period.
17

• Another set of protections implemented to secure
information (AAA)
– Authentication
• Individual is who they claim to be and not an imposter
– Authorization
• Grant ability to access information
– Accounting
• Provides tracking of events

19
Figure 1-3 Information security components
© Cengage Learning 2012

Table 1-3 Information security layers

• A more comprehensive definition of information
security is:
– That which protects the integrity, confidentiality,
and availability of information on the devices that
store, manipulate, and transmit the information
through products, people, and procedures

Information Security Terminology
• Asset
– Something that has a value
• Threat
– Actions or events that have potential to cause harm
• Threat agent
– Person or element with power to carry out a threat

(cont’d.)
Table 1-4 Information technology assets
23

(cont’d.)
• Vulnerability
– Flaw or weakness
• Threat agent can bypass security
• Risk
– Likelihood that threat agent will exploit vulnerability
– Cannot be eliminated entirely
• Cost would be too high
• Take too long to implement
– Some degree of risk must be assumed

Figure 1-4 Information security components analogy
(cont’d.)

(cont’d.)
• Options to deal with risk
– Accept
• Realize there is a chance of loss
– Diminish
• Take precautions
• Most information security risks should be diminished
– Transfer
• Example: purchasing insurance

(cont’d.)

Understanding the Importance of
Information Security
• Preventing data theft
– Security often associated with theft prevention
– Business data theft
• Proprietary information
– Individual data theft
• Credit card numbers

Information Security (cont’d.)
• Thwarting identity theft
– Using another’s personal information in
unauthorized manner
• Usually for financial gain
– Example:
• Steal person’s SSN
– Create new credit card account
– Charge purchases
– Leave unpaid

• Avoiding legal consequences
– Laws protecting electronic data privacy
– Businesses that fail to protect data they posses may
face serious penalties
• The Health Insurance Portability and Accountability
Act of 1996 (HIPAA)
• In Saudi Arabia, All banks must comply with PCI DSS
standard (SAMA regulation).

• Maintaining productivity
– Post-attack clean up diverts resources
• Time and money
Table 1-6 Cost of attacks

• Foiling cyberterrorism
– Premeditated, politically motivated attacks
– Target: information, computer systems, data
– Designed to:
• Cause panic
• Provoke violence
• Result in financial catastrophe
– Potential cyberterrorism targets
• Banking, military, energy (power plants) ,
transportation (air traffic control centers), water
systems

Who Are the Attackers?
• Categories of attackers (attackers profile)
– Hackers
– Script kiddies
– Spies
– Insiders
– Cybercriminals
– Cyberterrorists

Hackers
• Hacker
– Person who uses computer skills to attack
computers
– Term not common in security community
• White hat hackers
– Goal to expose security flaws
– Not to steal or corrupt data
• Black hat hackers
– Goal is malicious and destructive

Script Kiddies
• Script kiddies
– Goal: break into computers to create damage
– Unskilled users
– Download automated hacking software (scripts)
• Use them to perform malicious acts
– Attack software today has menu systems
• Attacks are even easier for unskilled users
– 40% of attacks performed by script kiddies

Spies
• Computer spy
– Person hired to break into a computer and steal
information
• Hired to attack a specific computer or system:
– Containing sensitive information
• Goal: steal information without drawing attention to
their actions
• Possess excellent computer skills

Insiders
• Employees, contractors, and business partners
• Most insider attack are either the sabotage or theft
of intellectual property.
• Reasons
– An employee might want to show the company a
weakness in their security
– Dissatisfied employees may want get even with the
company
– For money
– Blackmailing
– Carelessness
Security+ Guide to Network Security Fundamentals, Fourth Edition
37

Insiders
• Examples of insider attacks
– Health care worker publicized celebrities’ health
records
• Disgruntled over upcoming job termination
– Government employee planted malicious coding
script
– Stock trader concealed losses through fake
transactions
– U.S. Army private accessed sensitive documents

Cybercriminals
• Network of attackers, identity thieves, spammers,
financial fraudsters
• Difference from ordinary attackers
– More highly motivated
– Willing to take more risk
– Better funded
– More tenacious
– Goal: financial gain

Cybercriminals (cont’d.)
• Organized gangs of young attackers
– Eastern European, Asian, and third-worldregions
Table 1-7 Characteristics of cybercriminals

Cybercriminals (cont’d.)
• Cybercrime
– Targeted attacks against financial networks
– Unauthorized access to information
– Theft of personal information
• Financial cybercrime
– Trafficking in stolen credit cards and financial
information
– Using spam to commit fraud

Cyberterrorists
• Cyberterrorists
– Ideological motivation
• Attacking because of their principles and beliefs
• Goals of a cyberattack:
– Deface electronic information
• Spread misinformation and propaganda
– Deny service to legitimate computer users
– Commit unauthorized intrusions
• Results: critical infrastructure outages; corruption of
vital data

Attackers Profile Summary
Cybercriminals
Money
Insider

Attacks and Defenses
• Wide variety of attacks
– Same basic steps used in attack
• To protect computers against attacks:
– Follow five fundamental security principles

Steps of an Attack
1. Probe for information
– Such as type of hardware, software used or personal
information.
– Examples: Ping sweeps, port scanning or queries
that respond with failure message.
2. Penetrate any defenses
– Launch the attack
– Example: cracking passwords
3. Modify security settings
– Allows attacker to reenter compromised system
easily.
45

Steps of an Attack (cont’d.)
4. Circulate to other systems
– Use the compromised system or network as a base
of attack toward other systems.
– Same tools directed toward other systems.
5. Paralyze networks and devices
– Attackers may work to maliciously damage the infected
computer or network.
– Examples: delete/edit critical OS files or inject malicious
software.

Figure 1-6
Steps of an attack

Defenses Against Attacks
• Although multiple defenses may be necessary to
withstand an attack
– These defenses should be based on five fundamental
security principles:
• Layering
• Limiting
• Diversity
• Obscurity
• Simplicity

Layering
• Information security must be created in layers
– Single defense mechanism may be easy to
circumvent
– Unlikely that attacker can break through all defense
layers
• Layered security approach
– Can be useful in resisting a variety of attacks
– Provides the most comprehensive protection

Limiting
• Limiting access to information reduces the threat
against it
• Only those who must use data granted access
– In addition, the amount of access limited to what that
person needs to know
• Methods of limiting access
– Technology
• File permissions
– Procedural
• Prohibiting document removal from premises

Diversity
• Closely related to layering
– Layers must be different (diverse)
• If attackers penetrate one layer:
– They can't use the same techniques to break
through other layers
• Breaching one security layer does not compromise
the whole system
• Example of diversity
– Using security products from different manufacturers

Obscurity
• Obscuring inside details to outsiders
• An example of obscurity would be not revealing the
type of computer, operating system, software, and
network connection a computer uses
– An attacker who knows that information can more
easily determine the weaknesses of the system to
attack it
• Obscuring information can be an important means
of protection.

Simplicity
• Nature of information security is complex
• Complex security systems
– Difficult to understand and troubleshoot
– Often compromised for ease of use by trusted users
• Secure system should be simple for insiders to
understand and use
• Keeping a system simple from the inside but
complex on the outside can sometimes be difficult
but result in a major benefit

Summary
• Information security attacks growing exponentially
in recent years
• Several reasons for difficulty defending against
today’s attacks
• Information security protects information’s integrity,
confidentiality, and availability:
– On devices that store, manipulate, and transmit
information
– Using products, people, and procedures

Summary (cont’d.)
• Goals of information security
– Prevent data theft
– Thwart identity theft
– Avoid legal consequences of not securing
information
– Maintain productivity
– Foil cyberterrorism
• Different types of people with different motivations
conduct computer attacks
• An attack has five general steps

1_Introduction to security.pptx

Recommended

Recommended

More Related Content

Similar to 1_Introduction to security.pptx

Similar to 1_Introduction to security.pptx (20)

Recently uploaded

Recently uploaded (20)

1_Introduction to security.pptx