info-sys-security3.pptx

© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Lesson 3
Malicious Attacks, Threats, and
Vulnerabilities

Fundamentals of Information
Systems Security
Lesson 3
Malicious Attacks, Threats, and
Vulnerabilities
www.jblearning.com

Learning Objective(s)
Page 2Fundamentals of Information Systems Security www.jblearning.com
www.jblearning.com
Fundamentals of Information Systems Security Page 3
 Describe how malicious attacks, threats,
and vulnerabilities impact an IT
infrastructure.

Key Concepts
www.jblearning.com
Malicious software and countermeasures
Common attacks and countermeasures
Social engineering and how to reduce risks
Threats and types of attacks on wireless
networks
Threats and types of attacks on web
applications

Malicious Activity on the Rise
www.jblearning.com
 Examples of the malicious attacks are
everywhere
 Data breaches occur in both public and private
sectors
 In 2013, China was top country of origin for
cyberattacks, at 41 percent
 United States was second at 10 percent

What Are You Trying to Protect?
Customer data
IT and network infrastructure
Intellectual property
Finances and financial data
Service availability and productivity
Reputation
www.jblearning.com

www.jblearning.com
 Customer data— Name, address, phone, Social Security
number (SSN), date of birth, cardholder data, protected
health care information.
 IT assets and network infrastructure— Hardware,
software, and services.
 Intellectual property—Sensitive data such as patents,
source code, formulas, or engineering plans.

www.jblearning.com
 Finances and financial data—Bank accounts, credit card
data, and financial transaction data.
 Service availability and productivity—The ability of
computing services and software to support productivity
for humans and machinery.
 Reputation—Corporate compliance and brand image.
 Let’s look at each of these types of assets individually and
discuss how they are at risk from malicious attacks.

Whom Are You Trying to Catch?
Hackers
Black-hat
White-hat
Gray-hat
Crackers
www.jblearning.com

• Black-hat hacker: Tries to break IT security and gain access to
systems with no authorization in order to prove technical prowess.
• Black-hat hackers generally develop and use special software tools to
exploit vulnerabilities.
• May exploit holes in systems but generally do not attempt to disclose
vulnerabilities they find to the administrators of those systems.
• White-hat hacker: Also called an ethical hacker, is an information
systems security professional who has authorization to identify
vulnerabilities and perform penetration testing.
• Difference between white-hat hackers and black-hat hackers is that
white-hat hackers will identify weaknesses for the purpose of fixing
them, and black-hat hackers find weaknesses just for the fun of it or to
exploit them.
www.jblearning.com

• Gray-hat hackers: is a hacker with average abilities who may one
day become a black-hat hacker but could also opt to become a white-
hat hacker.
• A hacker who will identify but not exploit discovered vulnerabilities, yet
may still expect a reward for not disclosing the vulnerability openly.
• Cracker: Has a hostile intent, possesses sophisticated skills, and may
be interested in financial gain. Crackers represent the greatest threat to
networks and information resources.
www.jblearning.com

Attack Tools
www.jblearning.com
Protocol analyzers (sniffers)
 Port scanners
 OS fingerprint scanners
 Vulnerability scanners
 Password crackers
 Keystroke loggers

Attack Tools
www.jblearning.com
 Vulnerability scanners
 Software program that is used to identify and, when possible,
verify vulnerabilities on an IP host device.
 Common Vulnerabilities & Exposure (CVE).
 Password crackers
 The purpose is to uncover a forgotten or unknown password.
 Use brute-force password attack to gain unauthorized access
to a system or recovery of passwords.
 Keystroke loggers
 Type of surveillance software or hardware that can record to a log
file every keystroke a user makes with a keyboard.

Attack Tools
www.jblearning.com
Protocol Analyzers (Sniffers):
 Software program that enables a computer to monitor and capture
network traffic, whether on a LAN or a wireless network.
 Port Scanners
 A tool used to scan IP host devices for open ports that have been
enabled.
 OS Fingerprint Scanners
 A software program that allows an attacker to send a variety of
packets to an IP host device, hoping to determine the target
device’s operating system (OS) from the responses.

What Is a Security Breach?
www.jblearning.com
Any event that results in a violation of any
of the C-I-A security tenets.
Some security breaches disrupt system
services on purpose.
Some are accidental and may result from
hardware or software failures.

Activities that Cause Security
Breaches
Denial of service (DoS) attacks
Distributed denial of service (DDoS) attacks
Unacceptable web-browsing behavior
Wiretapping
Use of a backdoor to access resources
Accidental data modifications
www.jblearning.com

Denial of Service Attack (DoS
Attack)
www.jblearning.com
 A coordinated attempt to deny service by occupying a
computer to perform large amounts of unnecessary tasks
• Logic attacks
• Flooding attacks
 Protect using
• Intrusion prevention system (IPS)
• Intrusion detection system (IDS)
 Attacks launched using
• SYN flood
• Smurfing

Denial of Service Attack (DoS Attack)
 Smurf Attack
A network attack in which forged Internet Control Message Protocol
(ICMP) echo request packets are sent to IP broadcast addresses
from remote locations to generate DoS attacks.
 Smurfing
A DoS attack that uses a directed broadcast to create a flood of
network traffic for the victim computer.
www.jblearning.com

DoS Attack Protection
 Intrusion detection system (IDS):
 An IDS security appliance examines IP data streams for common attack
and malicious intent patterns.
 IDSs are passive, going only so far as to trigger an alarm, but they will
not actively block traffic.
Intrusion prevention system (IPS)
 An IPS does the same thing as an IDS but can block IP data streams
identified as malicious.
 IPSs can end the actual communication session, filter by source IP
addresses, and block access to the targeted host.
www.jblearning.com

Distributed Denial of Service Attack(DDoS Attack)
www.jblearning.com
Overloads computers and prevents legitimate users from
gaining access.
More difficult to stop than a DoS attack because DDoS
originates from different sources.

Unacceptable Web Browsing
www.jblearning.com
Define acceptable web browsing in an
acceptable use policy (AUP).
Unacceptable use can include:
• Unauthorized users searching files or storage
directories.
• Users visiting prohibited websites.

Wiretapping
Active
• Between-the-lines
wiretapping
• Piggyback-entry
wiretapping
Passive
• Also called sniffing
www.jblearning.com

Wiretapping
www.jblearning.com
 Between-the-lines wiretapping: This type of
wiretapping does not alter the messages sent by the
legitimate user but inserts additional messages into the
communication line when the legitimate user pauses.
 Piggyback-entry wiretapping: This type of
wiretapping intercepts and modifies the original
message by breaking the communications line and
routing the message to another computer that acts as a
host.

Backdoors
www.jblearning.com
Hidden access included by developers.
Attackers can use them to gain access.
Data Modifications
Data that is:
Purposely or accidentally modified
Incomplete
Truncated

Additional Security Challenges
Spam
and spim
www.jblearning.com
Hoaxes
Cookies

www.jblearning.com
 Spam is unwanted email.
 Spim consists of instant messages or IM chats.
• Most spam and spim are commercial advertising—often for
get-rich-quick schemes, dubious products, or other
services.
• Sending spam costs very little because the recipient covers
most of the costs associated with spam.
• It costs money for ISPs and online services to transmit
spam.
• Processing large volumes of unwanted messages is
expensive.

 Hoaxes
• Hoax an act intended to deceive or trick the receiver.
• In this context, hoaxes normally travel in email messages.
• Often, these messages contain warnings about devastating
new viruses.
 Cookies
• To help a web server track a user’s history, web browsers
allow the web server to store a cookie on the user’s hard
drive.
• A cookie is simply a text file that contains details gleaned
from past visits to a website.
www.jblearning.com

Risks, Threats, Vulnerabilities
•Probability that something bad is going to
happen to an asset.
Risk
•Any action that can damage or compromise
an asset.
Threat
•An inherent weakness that may enable threats
to harm system or networks.
Vulnerability
www.jblearning.com

Risks, Threats, Vulnerabilities
www.jblearning.com
 Threats exploit vulnerabilities, which creates risk.
 You cannot eliminate risk.
 You can minimize the impact of threats.
 You can reduce the number of vulnerabilities.
 Minimizing threats and reducing vulnerabilities
lessens overall risk.
 Threats, risks, and vulnerabilities negatively
impact the CIA triad.

Most Common Threats
Malicious software
Hardware or software failure
Internal attacker
Equipment theft
External attacker
Natural disaster
Industrial espionage
Terrorism
www.jblearning.com

Threat Types
• Sabotage
• Espionage
Disclosure
threats
• Unauthorized changes
Alteration
threats
• DoS attack
Denial or
destruction
threats
www.jblearning.com

What Is a Malicious Attack?
 Four
categories of
attacks
Fabrications
Interceptions
Interruptions
Modifications
www.jblearning.com

What Is a Malicious Attack?
www.jblearning.com
• Fabrications: Fabrications involve the creation of some
deception in order to trick unsuspecting users.
• Interceptions: An interception involves eavesdropping on
transmissions and redirecting them for unauthorized use.
• Interruptions: An interruption causes a break in a
communication channel, which blocks the transmission of
data.
• Modifications: A modification is the alteration of data
contained in transmissions or files.

Types of Active Threats
www.jblearning.com
Birthday attacks
 Brute-force password
attacks
 Dictionary password
attacks
 IP address spoofing
 Hijacking
 Replay attacks
 Man-in-the-middle
attacks
 Masquerading
 Social engineering
 Phishing
 Phreaking
 Pharming

What Is Malicious Software?
(Malware)
Software that:
Causes damage
Escalates security privileges
Divulges (disclose) private data
Modifies or deletes data
www.jblearning.com

Virus
www.jblearning.com
 Attaches itself to or copies itself into another program
on a computer.
 Tricks the computer into following instructions not
intended by the original program developer.
 Infects a host program and may cause that host
program to replicate itself to other computers.

Worm
www.jblearning.com
A self-contained program that replicates
and sends copies of itself to other
computers without user input or action.
Does not need a host program to infect.
Is a standalone program.

Trojan Horse
www.jblearning.com
Malware that masquerades as a useful
program.
Trojans can:
• Hide programs that collect sensitive
information.
• Open backdoors into computers.
• Actively upload and download files.

Rootkit
Modifies or replaces one or more existing programs to
hide traces of attacks
Many different types of rootkits
Conceals its existence once installed
Is difficult to detect and remove
www.jblearning.com

Spyware
Type of malware that specifically threatens the
confidentiality of information
• Monitors keystrokes
• Scans files on the hard drive
• Snoops other applications
• Installs other spyware programs
• Reads cookies
• Changes default homepage on the web browser
www.jblearning.com

What Are Common Types of
Attacks?
Attacks
on
availability
www.jblearning.com
Attacks
on people
Attacks
on IT
assets

What Are Common Types of
Attacks?
www.jblearning.com
 Attacks on availability: These attacks impact access or
uptime to a critical system, application, or data.
 Attacks on people: These attacks involve using coercion
or deception to get another human to divulge information
or to perform an action (e.g., clicking on a suspicious URL
link or opening an email attachment from an unknown
email address).
 Attacks on IT assets: These attacks include penetration
testing, unauthorized access, privileged escalation, stolen
passwords, deletion of data, or performing a data breach.

Social Engineering Attacks
Authority
Dumpster diving
Hoax
Impersonation
Shoulder surfing
Vishing
Whaling
www.jblearning.com

Wireless Network Attacks
Bluejacking
Evil twin
IV attack
Packing sniffing
Replay attacks
War chalking
War driving
www.jblearning.com

Web Application Attacks
Buffer overflow
Client-side attack
Header manipulation
Lightweight Directory Access Protocol (LDAP) injection
Malicious add-ons
SQL injection
XML injection
www.jblearning.com

What Is a Countermeasure?
Countermeasures
• Detect vulnerabilities
• Prevent attacks
• Respond to the effects of successful attacks
• Get help from
• Law enforcement agencies
• Forensic experts
• Security consultants
• Security incident response teams (SIRTs)
www.jblearning.com

Countering Malware
www.jblearning.com
 Create a user education program.
 Post regular bulletins about malware problems.
 Never transfer files from an unknown or untrusted
source (unless anti-malware is installed).
 Test new programs or open suspect files on a
quarantine computer.
 Install anti-malware software, make sure it remains
current, and schedule regular malware scans.
 Use a secure logon and authentication process.

Countering Malware (cont.)
www.jblearning.com
Stay abreast of developments in malware
• National Cyber Security Alliance (NCSA)
www.staysafeonline.org
• United States Computer Emergency
Readiness Team (US-CERT)
http://us-cert.gov

Protecting Your System with
Firewalls
Firewall
Program or
dedicated
hardware
device
Inspects
network traffic
passing
through it
Denies or
permits traffic
based on a set
of rules
www.jblearning.com
Fundamentals of Information Systems Security
Page 49

Summary
www.jblearning.com
Fundamentals of Information Systems Security
Page
50
 Malicious software and countermeasures
 Common attacks and countermeasures
 Social engineering and how to reduce
risks
 Threats and types of attacks on wireless
networks
 Threats and types of attacks on web
applications

info-sys-security3.pptx

More Related Content

Similar to info-sys-security3.pptx

More from MhndHTaani

Recently uploaded

info-sys-security3.pptx