Uploaded byremoteaimms
PPTX, PDF171 views

Computer Security Fundamentals Chapter 1

Chuck Easttom

Embed presentation

Download to read offline
Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to Computer Security
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 2 Chapter 1 Objectives  Identify top threats to a computer network  Assess the likelihood of an attack  Define key terms like cracker, sneaker, firewall, and authentication  Compare and contrast perimeter and layered approaches to network security  Use online resources
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 3 Introduction  Computer systems and networks are all around us.  Online banking  Automated supermarket checkouts  Online classes  Online shopping  Online travel resources
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 4 Introduction (cont.)  How is personal information safeguarded?  What are the vulnerabilities?  What secures these systems?
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 5 How Seriously Should You Take Threats to Network Security?  Which group do you belong to?  “No one is coming after my computer.”  “The sky is falling!”  Middle ground.
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 6 Identifying Types of Threats  Malware: MALicious softWARE  Security Breaches  DoS: Denial of Service attacks  Web Attacks  Session Hijacking  DNS Poisoning  Insider Threats
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 7 Malware  Software with a malicious purpose  Virus  Trojan horse  Spyware  Logic Bomb
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 8 Malware (cont.) Virus  One of the two most common types  Usually spreads through e-mail  Uses system resources, causing slowdown or stoppage
Malware That Spreads (cont’d.) Security+ Guide to Network Security Fundamentals, Fourth Edition 9
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 10 Malware (cont.) Trojan Horse  The other most common kind of malware  Named after the wooden horse of ancient history
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 11 Malware (cont.) Spyware  The most rapidly growing types of malware  Cookies  Key logger
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 12 Malware (cont.) Logic Bomb  Lays dormant until some logical condition is met, often a specific date.
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 13 Compromising System Security Intrusions  Attacks that break through system resources  Hackers  Crackers  Social engineering  War-driving
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 14 Denial of Service Attacks  The attacker does not int rude into the system but just blocks access by au thorized users.
Example 1 DoS Ping flood attack : a faster, more powerful computer rapidly sends a large number of ICMP (Internet Control Message Protocol ) echo requests, overwhelming a smaller, slower Web server computer Security+ Guide to Network Security Fundamentals, Fourth Edition 15 Echo request Echo reply ICMP ping Faster Slower
Example 2 DoS Internet Perpetrator Victim ICMPecho (spoofed source address ofvictim) Sentto IPbroadcastaddress ICMP echo reply From the presentation: Smurf Attack Description & Suppression by Craig A. Huegen (Cisco Systems) dst: broadcast address src: victim
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 17 Web Attacks  The attacker attempts to breach a web application. Common attacks of this type are SQL injection and Cross Site Scripting.
Security+ Guide to Network Security Fundamentals, Fourth Edition 18 Figure 3-2 Web application security © Cengage Learning 2012 By design, the user’s input through the Web browser using HTTP must be processed by Web applications at the application level
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 19 Session Hijacking  This is a complex attack that involves actually taking over an authenticated session.
Security+ Guide to Network Security Fundamentals, Fourth Edition 20 Figure 3-7 Session hijacking © Cengage Learning 2012
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 21 DNS Poisoning  This involves altering DNS records on a DNS server to redirect client traffic to malicious websites, usually for identity theft.
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 22 Assessing the Likelihood of an Attack on Your Network  Viruses  Catch up on new and refurbished viruses  Unauthorized use of systems  DoS attacks  Intrusions  Employee misuse
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 23 Basic Security Terminology People:  Hackers  White hats  Black hats  Gray hats  Script kiddies  Sneakers  Ethical hackers
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 24 Basic Security Terminology (cont.) Devices  Firewall  Filters network traffic  Proxy server  Disguises IP address of internal host  Intrusion Detection System  Monitors traffic, looking for attempted attacks
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 25 Basic Security Terminology (cont.) Activities  Authentication  Auditing
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 26 Network Security Paradigms  How will you protect your network?  CIA Triangle (Confidentiality, Integrity, Availability: Cryptography)  Least Privileges  Perimeter security approach  Layered security approach  Proactive versus reactive  Hybrid security method
Security+ Guide to Network Security Fundamentals, Fourth Edition 27 Figure 11-3 Hashing at an ATM © Cengage Learning 2012
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 28 How Do Legal Issues Impact Network Security?  The Computer Security Act of 1987  OMB Circular A-130  See www.alw.nih.gov/Security/FIRST/papers/ lega l/statelaw.txt for state computer laws  Health Insurance Portability and Accountability Act of 1996, HIPAA
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 29 Online Security Resources  CERT (Computer Emergency Readiness Team)  www.cert.org  Microsoft Security Advisor  www.microsoft.com/security/default.mspx  F-Secure (Information on virus outbreaks)  www.f-secure.com  SANS (Documentation on computer security issues)  www.sans.org
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 30 Summary  Network security is a constantly changing field.  You need three levels of knowledge.  Take the courses necessary to learn the basic techniques.  Learn your enterprise system intimately, with all its strengths and vulnerabilities.  Keep current in the ever-changing world of threats and exploits.

More Related Content

PPT
20190708223246easttom_ppt_01_final.ppt
bymohammedSALEH189
 
DOCX
Computer Security FundamentalsChuck EasttomChapte.docx
bymccormicknadine86
 
PDF
Introduction to Cybersecurity fundamentals.pdf
byPrashantPandey543423
 
PPTX
Cyber security
byNimesh Gajjar
 
PPT
Computer Securityyyyyyyy - Chapter 1.ppt
bySolomonSB
 
PPT
Security - Chapter 1.ppt
byWorknehEdimealem
 
PDF
Security in computer systems fundamentals
byManesh T
 
PPTX
Security in Computer System
byManesh T
 
20190708223246easttom_ppt_01_final.ppt
bymohammedSALEH189
 
Computer Security FundamentalsChuck EasttomChapte.docx
bymccormicknadine86
 
Introduction to Cybersecurity fundamentals.pdf
byPrashantPandey543423
 
Cyber security
byNimesh Gajjar
 
Computer Securityyyyyyyy - Chapter 1.ppt
bySolomonSB
 
Security - Chapter 1.ppt
byWorknehEdimealem
 
Security in computer systems fundamentals
byManesh T
 
Security in Computer System
byManesh T
 

Similar to Computer Security Fundamentals Chapter 1

PPTX
Chapter 12 - Securing a Network CompTIA Network+
bydaddodon18
 
PDF
Sec0001 .pdf
bymah902110
 
PPTX
Ehical Hacking: Unit no. 1 Information and Network Security
byprachi67
 
PPTX
Network security and firewalls
byMurali Mohan
 
PPTX
Network security (syed azam)
bysayyed azam
 
PPTX
Unit 1 Network Fundamentals and Security .pptx
byGuna Dhondwad
 
PDF
overview of cyber security and related chapters
byphoenixbyte
 
PPT
Introduction To Computer Security
byVibrant Event
 
PPTX
Lecture 9 Computer Security IN aict.pptx
byiafaaqanwar
 
PPTX
Lecture 6 Cybersecurity-Basics and .pptx
byakatsesena2003
 
PDF
(eBook PDF) Corporate Computer Security 4th Edition by Randall J. Boyle
byoscgbksaxg403
 
PPTX
Computer Security and their social effect and their usage.
byrizwanshafique4321
 
PPT
ISM Chapter 1.ppt
bySajjadAbdullah4
 
PPTX
Lec_05.pptxejkbfjwnfjwfwflwejfklwflkwfnlwjkfwjklfnwjklfnljkwnflwjfnkjwnfkjwnf...
byDhineshMelroy
 
PPT
Ethical Hacking - Introduction to Computer Security
byVibrant Technologies & Computers
 
PDF
Ch14 security
byWelly Dian Astika
 
PPT
23 computer security
byhafizhanif86
 
PPTX
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
byEric Vanderburg
 
PPT
Ethical Hacking - Introduction to Computer Security
byVibrant Event
 
PDF
COMP 424 Computer System Security Fall 2016
bySamGuy7
 
Chapter 12 - Securing a Network CompTIA Network+
bydaddodon18
 
Sec0001 .pdf
bymah902110
 
Ehical Hacking: Unit no. 1 Information and Network Security
byprachi67
 
Network security and firewalls
byMurali Mohan
 
Network security (syed azam)
bysayyed azam
 
Unit 1 Network Fundamentals and Security .pptx
byGuna Dhondwad
 
overview of cyber security and related chapters
byphoenixbyte
 
Introduction To Computer Security
byVibrant Event
 
Lecture 9 Computer Security IN aict.pptx
byiafaaqanwar
 
Lecture 6 Cybersecurity-Basics and .pptx
byakatsesena2003
 
(eBook PDF) Corporate Computer Security 4th Edition by Randall J. Boyle
byoscgbksaxg403
 
Computer Security and their social effect and their usage.
byrizwanshafique4321
 
ISM Chapter 1.ppt
bySajjadAbdullah4
 
Lec_05.pptxejkbfjwnfjwfwflwejfklwflkwfnlwjkfwjklfnwjklfnljkwnflwjfnkjwnfkjwnf...
byDhineshMelroy
 
Ethical Hacking - Introduction to Computer Security
byVibrant Technologies & Computers
 
Ch14 security
byWelly Dian Astika
 
23 computer security
byhafizhanif86
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
byEric Vanderburg
 
Ethical Hacking - Introduction to Computer Security
byVibrant Event
 
COMP 424 Computer System Security Fall 2016
bySamGuy7
 

Recently uploaded

PDF
lecture on Microprocessor: 8288 bus controller
bysandeshupadhayay989
 
PPTX
pH-Responsive Polymers: Synthesis, Properties, and Biomedical Applications
byBURAKALPERENKARABULU
 
PPTX
UNIT-1.pptx...................................
byRavinderKaur647214
 
PDF
Bme manufacturing process module 3 .4648
bysatyabsp44
 
PPT
Data Streams and Mining_1.ppt UNIT ONE COVERED
byBhupendraSingh564079
 
PPTX
Forouzan6e_ch09_PPTs_Transport.pptxmcgrawhill
byshaiviadesh
 
PDF
22nd Safety Convention by IE(I) dt 27.12.25 by Rajesh Prasad.pdf
byRajesh Prasad
 
PPTX
AI INTRODUCTION New Microsoft Office PowerPoint Presentation.pptx
byb23cs183
 
PPTX
410776623-5G 3GPP STANDARED-Overview.pptx
byMohamedshabana38
 
PPTX
Lecture 2_Introduction to engineering design.pptx
bylynxvill3
 
PDF
RisaTakahashi_Food plating referencer: A Visual Plateware Selection System Ba...
byMatsushita Laboratory
 
PPTX
narrow-band-dfr-presentation-megger.pptx
byssuser52ed331
 
PPTX
researchproposalpresentation-141127024318-conversion-gate02.pptx
bybcabcu20222025
 
PDF
0acebd80-08f7-4be1-9135-15abe45dbc94.pdf
bySirvan7
 
PPTX
MOD 1 (concrete technology -cement,aggregates .pptx
bytkmmullonkal
 
PPTX
PVD MNA 501 Recipe Review with understanding
byNritaGaur1
 
PPTX
Module 1 AGGREGATES, DEFINITION, TYPES .pptx
bytkmmullonkal
 
PPT
Unit 1 - SHAPER, MILLING AND GEAR CUTTING MACHINES .ppt
byarivazhaganrajangam
 
PPT
CHAPTER 09 - Digital signatures cryptography note
bySherin Wilson
 
PPT
Steam Power plant Generation anatomy and organs
byVishalSingh995299
 
lecture on Microprocessor: 8288 bus controller
bysandeshupadhayay989
 
pH-Responsive Polymers: Synthesis, Properties, and Biomedical Applications
byBURAKALPERENKARABULU
 
UNIT-1.pptx...................................
byRavinderKaur647214
 
Bme manufacturing process module 3 .4648
bysatyabsp44
 
Data Streams and Mining_1.ppt UNIT ONE COVERED
byBhupendraSingh564079
 
Forouzan6e_ch09_PPTs_Transport.pptxmcgrawhill
byshaiviadesh
 
22nd Safety Convention by IE(I) dt 27.12.25 by Rajesh Prasad.pdf
byRajesh Prasad
 
AI INTRODUCTION New Microsoft Office PowerPoint Presentation.pptx
byb23cs183
 
410776623-5G 3GPP STANDARED-Overview.pptx
byMohamedshabana38
 
Lecture 2_Introduction to engineering design.pptx
bylynxvill3
 
RisaTakahashi_Food plating referencer: A Visual Plateware Selection System Ba...
byMatsushita Laboratory
 
narrow-band-dfr-presentation-megger.pptx
byssuser52ed331
 
researchproposalpresentation-141127024318-conversion-gate02.pptx
bybcabcu20222025
 
0acebd80-08f7-4be1-9135-15abe45dbc94.pdf
bySirvan7
 
MOD 1 (concrete technology -cement,aggregates .pptx
bytkmmullonkal
 
PVD MNA 501 Recipe Review with understanding
byNritaGaur1
 
Module 1 AGGREGATES, DEFINITION, TYPES .pptx
bytkmmullonkal
 
Unit 1 - SHAPER, MILLING AND GEAR CUTTING MACHINES .ppt
byarivazhaganrajangam
 
CHAPTER 09 - Digital signatures cryptography note
bySherin Wilson
 
Steam Power plant Generation anatomy and organs
byVishalSingh995299
 

Computer Security Fundamentals Chapter 1

  • 1.
    Computer Security Fundamentals Chuck Easttom Chapter1 Introduction to Computer Security
  • 2.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 2 Chapter 1 Objectives  Identify top threats to a computer network  Assess the likelihood of an attack  Define key terms like cracker, sneaker, firewall, and authentication  Compare and contrast perimeter and layered approaches to network security  Use online resources
  • 3.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 3 Introduction  Computer systems and networks are all around us.  Online banking  Automated supermarket checkouts  Online classes  Online shopping  Online travel resources
  • 4.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 4 Introduction (cont.)  How is personal information safeguarded?  What are the vulnerabilities?  What secures these systems?
  • 5.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 5 How Seriously Should You Take Threats to Network Security?  Which group do you belong to?  “No one is coming after my computer.”  “The sky is falling!”  Middle ground.
  • 6.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 6 Identifying Types of Threats  Malware: MALicious softWARE  Security Breaches  DoS: Denial of Service attacks  Web Attacks  Session Hijacking  DNS Poisoning  Insider Threats
  • 7.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 7 Malware  Software with a malicious purpose  Virus  Trojan horse  Spyware  Logic Bomb
  • 8.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 8 Malware (cont.) Virus  One of the two most common types  Usually spreads through e-mail  Uses system resources, causing slowdown or stoppage
  • 9.
    Malware That Spreads(cont’d.) Security+ Guide to Network Security Fundamentals, Fourth Edition 9
  • 10.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 10 Malware (cont.) Trojan Horse  The other most common kind of malware  Named after the wooden horse of ancient history
  • 11.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 11 Malware (cont.) Spyware  The most rapidly growing types of malware  Cookies  Key logger
  • 12.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 12 Malware (cont.) Logic Bomb  Lays dormant until some logical condition is met, often a specific date.
  • 13.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 13 Compromising System Security Intrusions  Attacks that break through system resources  Hackers  Crackers  Social engineering  War-driving
  • 14.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 14 Denial of Service Attacks  The attacker does not int rude into the system but just blocks access by au thorized users.
  • 15.
    Example 1 DoS Pingflood attack : a faster, more powerful computer rapidly sends a large number of ICMP (Internet Control Message Protocol ) echo requests, overwhelming a smaller, slower Web server computer Security+ Guide to Network Security Fundamentals, Fourth Edition 15 Echo request Echo reply ICMP ping Faster Slower
  • 16.
    Example 2 DoS Internet Perpetrator Victim ICMPecho(spoofed source address ofvictim) Sentto IPbroadcastaddress ICMP echo reply From the presentation: Smurf Attack Description & Suppression by Craig A. Huegen (Cisco Systems) dst: broadcast address src: victim
  • 17.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 17 Web Attacks  The attacker attempts to breach a web application. Common attacks of this type are SQL injection and Cross Site Scripting.
  • 18.
    Security+ Guide toNetwork Security Fundamentals, Fourth Edition 18 Figure 3-2 Web application security © Cengage Learning 2012 By design, the user’s input through the Web browser using HTTP must be processed by Web applications at the application level
  • 19.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 19 Session Hijacking  This is a complex attack that involves actually taking over an authenticated session.
  • 20.
    Security+ Guide toNetwork Security Fundamentals, Fourth Edition 20 Figure 3-7 Session hijacking © Cengage Learning 2012
  • 21.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 21 DNS Poisoning  This involves altering DNS records on a DNS server to redirect client traffic to malicious websites, usually for identity theft.
  • 22.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 22 Assessing the Likelihood of an Attack on Your Network  Viruses  Catch up on new and refurbished viruses  Unauthorized use of systems  DoS attacks  Intrusions  Employee misuse
  • 23.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 23 Basic Security Terminology People:  Hackers  White hats  Black hats  Gray hats  Script kiddies  Sneakers  Ethical hackers
  • 24.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 24 Basic Security Terminology (cont.) Devices  Firewall  Filters network traffic  Proxy server  Disguises IP address of internal host  Intrusion Detection System  Monitors traffic, looking for attempted attacks
  • 25.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 25 Basic Security Terminology (cont.) Activities  Authentication  Auditing
  • 26.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 26 Network Security Paradigms  How will you protect your network?  CIA Triangle (Confidentiality, Integrity, Availability: Cryptography)  Least Privileges  Perimeter security approach  Layered security approach  Proactive versus reactive  Hybrid security method
  • 27.
    Security+ Guide toNetwork Security Fundamentals, Fourth Edition 27 Figure 11-3 Hashing at an ATM © Cengage Learning 2012
  • 28.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 28 How Do Legal Issues Impact Network Security?  The Computer Security Act of 1987  OMB Circular A-130  See www.alw.nih.gov/Security/FIRST/papers/ lega l/statelaw.txt for state computer laws  Health Insurance Portability and Accountability Act of 1996, HIPAA
  • 29.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 29 Online Security Resources  CERT (Computer Emergency Readiness Team)  www.cert.org  Microsoft Security Advisor  www.microsoft.com/security/default.mspx  F-Secure (Information on virus outbreaks)  www.f-secure.com  SANS (Documentation on computer security issues)  www.sans.org
  • 30.
    © 2016 byPearson Education, Inc. Chapter 1 Introduction to Computer Security 30 Summary  Network security is a constantly changing field.  You need three levels of knowledge.  Take the courses necessary to learn the basic techniques.  Learn your enterprise system intimately, with all its strengths and vulnerabilities.  Keep current in the ever-changing world of threats and exploits.

Editor's Notes

  • #2 Identify the top threats to a computer network: malware, intrusion, Denial of service attacks Assess the likelihood of an attack on your personal computer and network Define key terms such as cracker, sneaker, firewall and authentication Compare and contrast perimeter and layered approaches to network security Use online resources to secure your network (find out who the address belongs to)
  • #3 Computer systems are everywhere. Online banking, ATMs, debit cards E-Bay, Amazon, Half.com for textbooks Expedia, Travelocity, airplane e-tickets
  • #4 How is my online personal information safeguarded? Passwords, account numbers, etc. What are the vulnerabilities to these systems? Web site security What steps are taken to ensure that these systems and data are safe? SSL, Encryption, etc.
  • #5 Which group do you belong to?: “No one is coming after me/my computer.” Prove to me that I am at risk Ostrich Theory “The sky is falling!!” Prove to me that I am not at risk Paranoia Middle Ground An educated awareness of true risk
  • #6 Malware – MALicious softWARE, the most common threat to your system Intrusions – an attempt to gain unauthorized access to your system DoS – Denial of Service attacks, attempts to deny authorized users access to the system
  • #7 Virus – “a small program that replicates itself and hides itself inside other programs, usually without your knowledge” (Symantec, 2003) Trojan horse - a malicious program disguised as something desirable or harmless Spyware – the fastest-growing category of malware
  • #8 One of the two most common types of malware Usually spreads itself through unsuspecting user’s e-mail Even without malicious payload, rapid replication uses system resources, causing slow down or stoppage
  • #10 The other most common kind of malware Named after the famous wooden horse of ancient history It disguises itself as something benign, something you need or want, i.e. a game, screen saver, account logon, etc It captures your information and returns it to the intruder
  • #11 Spyware is the most rapidly growing type of malware. Cookies: initially a good idea to help users surf the Web, now misused to spy on users Key logger: both in software and hardware, captures all the user’s typing and logs it, capturing passwords, account numbers, credit card numbers, etc.
  • #12 Spyware is the most rapidly growing type of malware. Cookies: initially a good idea to help users surf the Web, now misused to spy on users Key logger: both in software and hardware, captures all the user’s typing and logs it, capturing passwords, account numbers, credit card numbers, etc.
  • #13 Intrusions are attacks that break through your system’s resources without authorization Hackers – early internet joy riders, by intent not malevolent Crackers – system intruders, with malevolent intent Social Engineering – intruding into a system using human nature, not technology War driving – driving around looking for unprotected wireless networks
  • #14 The attacker does not actually intrude into the system, just blocks access from authorized users Keeps your customers from purchasing on your Web site, denying you sales Keeps your employees from purchasing e-tickets to a trade show, making them use a travel agent, which costs more money than you had planned Keeps you from transferring the money from your business Line of Credit to your business account to pay for the tickets, causing your account to be overdrawn
  • #17 The attacker does not actually intrude into the system, just blocks access from authorized users Keeps your customers from purchasing on your Web site, denying you sales Keeps your employees from purchasing e-tickets to a trade show, making them use a travel agent, which costs more money than you had planned Keeps you from transferring the money from your business Line of Credit to your business account to pay for the tickets, causing your account to be overdrawn
  • #19 The attacker does not actually intrude into the system, just blocks access from authorized users Keeps your customers from purchasing on your Web site, denying you sales Keeps your employees from purchasing e-tickets to a trade show, making them use a travel agent, which costs more money than you had planned Keeps you from transferring the money from your business Line of Credit to your business account to pay for the tickets, causing your account to be overdrawn
  • #21 The attacker does not actually intrude into the system, just blocks access from authorized users Keeps your customers from purchasing on your Web site, denying you sales Keeps your employees from purchasing e-tickets to a trade show, making them use a travel agent, which costs more money than you had planned Keeps you from transferring the money from your business Line of Credit to your business account to pay for the tickets, causing your account to be overdrawn
  • #22 Viruses are most common network attacks Check any AV vendor Web site to catch up on new and refurbished viruses Unauthorized use of systems is the next most common attack DoS attacks Intrusions Employee misuse, either deliberate or accidental
  • #23 People Hackers – anyone who studies a system through analyzing its flaws White hats – Consider themselves the “good guys” Black hats – Or “crackers” are definitely the “bad guys” Gray hats – Not a common term; refers to individuals who operate out side of the law on occasion Script kiddies – Inexperienced; consider themselves hackers, but only copy the work of others Ethical hackers – Consultants who are hired to do vulnerability assessments on company systems
  • #24 Firewalls – Found in a router or a server or as a stand-alone device, it filters ingress and egress network traffic. Proxy server – This sits between a client and an application, acting as the host on your network, disguising the IP address of your internal host. Intrusion Detection System – IDS monitors traffic, looking for attempted attacks.
  • #25 Phreaking – A subspecialty of hacking, breaking into telephone systems, it gave Kevin Mitnick his start down the road to prison. Authentication – Process todetermine if the credentials given by a user are authorized to access system resources. Auditing – Process of reviewing logs, records, and procedures to ensure established standards are being met; tedious but critical.
  • #26 How will you protect our network? Perimeter security approach Perimeter Defense is the most popular because it used to be clearly defined, but as companies hire mobile workers, home workers, and contract workers, the perimeter is becoming less and less clearly defined. Layered security approach Not only the perimeter but separate sections of the network are protected to the security level assigned to them. Proactive Versus Reactive Are your security measures active or passive? Do you have a security plan, or are you part of someone else’s plan to intrude on you? Hybrid Security Method Only a thorough and ongoing risk assessment and vulnerability can keep you informed about what combination of postures will benefit your network the most.
  • #28 The Computer Security Act of 1987, the first piece of U.S. legislation to affect computer systems OMB Circular A-130, a more specific federal law that addresses the idea of security standards
  • #29 CERT Computer Emergency Response Team, sponsored by Carnegie-Mellon University, the first computer incident response team Microsoft Security Advisor Microsoft security information, tools, and updates F-Secure Information on virus outbreaks SANS Documentation on computer security issues