it - network security .. chapter 1.1
TRANSCRIPT
-
8/10/2019 IT - Network Security .. Chapter 1.1
1/35
Introduction
There is increased dependence worldwide oninformation technology (IT) and IT-based services forpublic and private sectors.
The modern IT Infrastructure aswe know it today, has evolvedover the years.
- In the mid 1940s huge computers could not evendo what our small calculators can do today
- We then moved on to the mainframe technology
-
8/10/2019 IT - Network Security .. Chapter 1.1
2/35
-
8/10/2019 IT - Network Security .. Chapter 1.1
3/35
Objectives of IT Security
- Confidentiality
- Integrity
- Availability
- Confidentiality, integrity, and availability (CIA) is a modeldesigned to guide policies for information security within an
organization.- In this context,
- Confidentiality is a set of rules that limits access toinformation,
- Integrityis the assurance that the information istrustworthy and accurate, and
- Availabilityis a guarantee of ready access to theinformation by authorized people.
- The model is sometimes known as the CIA triad.
-
8/10/2019 IT - Network Security .. Chapter 1.1
4/35
Objectives of IT Security Confidentiality
keeping important information secret and restricted to only those
people who are authorized to access and view that information. Confidentiality prevents sensitive information from reaching the
wrong people, while making sure that the right people can in fact getit.
A good example is an account number or routing number when
banking online. Data encryption is a common method of ensuring confidentiality.
User IDs and passwords constitute a standard procedure; two-factorauthentication is becoming the norm and biometric verification is anoption as well.
In addition, users can take precautions to minimize the number ofplaces where the information appears, and the number of times it isactually transmitted to complete a required transaction. User Levels in Organizations
-
8/10/2019 IT - Network Security .. Chapter 1.1
5/35
Objectives of IT Security Integrity
Integrity involves maintaining the consistency, accuracy,
and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and steps must be
taken to ensure that data cannot be altered byunauthorized people.
In addition, some means must be in place to detect anychanges in data that might occur as a result of non-human-caused events such as an electromagnetic pulse (EMP) orserver crash. If an unexpected change occurs, a backup
copy must be available to restore the affected data to itscorrect state. Keeping information in its true form. And stopping it from
unauthorized changes. Bank Account, Someone May change balance of Account. GCUF CMS, change in Marks etc.
-
8/10/2019 IT - Network Security .. Chapter 1.1
6/35
Objectives of IT Security Availability
Availability is best ensured by carefully maintaining
all hardware, performing hardware repairs immediately whenneeded, providing a certain measure of redundancy and failover,providing adequate communications bandwidth and preventingthe occurrence of bottlenecks, implementing emergency backuppower systems, keeping current with all necessary system
upgrades, and guarding against malicious actions such as denial-of-service (DoS) attacks.
Services, applications, webpages..etc Smooth running of the network. Like Broadband
We make sure devices are always available(Resiliant) Services remain UP. Disaster Recover BCM Business Continuity Management. Making sure that business services are always running in
case of disaster , there will be another site named disater
recoverydata will be switched there.
-
8/10/2019 IT - Network Security .. Chapter 1.1
7/35
Three Foundations of
IT Security
-
8/10/2019 IT - Network Security .. Chapter 1.1
8/35
People who we are
People who use or interact with the ICT Infrastructure
include:
Share Holders / Owners
Management
Employees
Business Partners
Service providers
Contractors Customers / Clients
Regulators etc
-
8/10/2019 IT - Network Security .. Chapter 1.1
9/35
Process what we do
The processes refer to "work practices" or workflow.
Processes are the repeatable steps to accomplishbusiness objectives. Typical process in our ICTInfrastructure could include:
Helpdesk / Service management
Incident Reporting and Management
Change Requests process
Request fulfillment
Access management
Identity management
Service Level / Third-party Services Management
-
8/10/2019 IT - Network Security .. Chapter 1.1
10/35
-
8/10/2019 IT - Network Security .. Chapter 1.1
11/35
Technology.
Network Infrastructure:
Cabling, Data/Voice Networks and equipment
Telecommunications services, including VoIP services , Broadband , VideoConferencing
Server computers and associated storage devices
Operating software for server computers
Communications equipment and related hardware.
Intranet and Internet connections
VPNs and Virtual environments
Remote access services
Wireless connectivity
Application software:
Finance and assets systems, including Accounting packages, Inventorymanagement, HR systems, Assessment and reporting systems
Software as a service (Sass) - instead of software as a packaged or custom-madeproduct. Etc..
-
8/10/2019 IT - Network Security .. Chapter 1.1
12/35
-
8/10/2019 IT - Network Security .. Chapter 1.1
13/35
-
8/10/2019 IT - Network Security .. Chapter 1.1
14/35
The Threats
People
Process
Technology
-
8/10/2019 IT - Network Security .. Chapter 1.1
15/35
-
8/10/2019 IT - Network Security .. Chapter 1.1
16/35
The ThreatsPeople
Security is a chain, and People are the weakest link in the chain
Data Diddling:is the act of modifying information, programs, ordocuments to commit fraud, tampers with INPUT data.
For example if a cashier enters an amount of Rs. 40,000/= into the cashregister, but really charges the customer Rs. 60, 000/= and keeps theextra Rs. 20,000/=.
Salami attack:one in which an attacker commits several small crimes
with the hope that the overall larger crime will go unnoticed.For example, a bank employee may alter a banking software program tosubtract 5 Paisa from each of the banks customers accounts once amonth such as a debit could be represented as service charge, andmoved to some other bank account. If this happened to all of the banks50,000 customer accounts, the intruder could make up to Rs. 30,000 a
year.
Trap Door/ Maintenance hooks: An undocumented access path througha system usually made by Application Developers. This typically bypassesthe normal security mechanisms and can be used to gain access later on.
-
8/10/2019 IT - Network Security .. Chapter 1.1
17/35
The ThreatsPeople
Hackers / Crackers / phreakers:Hackers sometimes break into networks forthe thrill of the challenge (Script Kiddies), or for bragging rights in the hackercommunity. Crackers aim at financial gain, Phreakers break intotelecommunication infrastructure like Public telephone systems or company.
Publication of illegal content:Involves dissemination of unacceptablecontent online, include Racist material, terrorist literature, etc..
Shoulder Surfing:Is a technique in which the attacker looks over someone'sshoulder to obtain passwords, Information, PINs and other security codesbeing entered. Shoulder surfing can also be done long distance with the aid ofbinoculars or other vision-enhancing devices.
Wire tapping:Most communication signals can be vulnerable to some typewire tapping or eaves dropping, using tools like cellular scanners, radioreceivers; telephone tapping devices etc.
Dumpster diving:practice of go through commercial or residential trash tofind items, documents or records that have been discarded by their owners,
but which may be useful to the dumpster diver.
-
8/10/2019 IT - Network Security .. Chapter 1.1
18/35
The ThreatsPeople
-
8/10/2019 IT - Network Security .. Chapter 1.1
19/35
The Threats
People
Process
Technology
-
8/10/2019 IT - Network Security .. Chapter 1.1
20/35
The Threats - Process
Security is a chain, and People are the weakest link in the chain
This section looks at weaknesses in the businessprocesses which could lead to attacks on theInfrastructure:
Failure to develop an Information Systems securityProgram:
Organizations should develop an Information SystemsSecurity program that documents the policy, procedures,standards etc for protecting the concerned assets. Issuesthat arise due to lack of a proper security program could
include:1. Lack of security awareness
2. Concentration of duties
3. Lack of ways to detect fraud
4. Security through obscurity: Idea that attacker might fail to see
loopholes
-
8/10/2019 IT - Network Security .. Chapter 1.1
21/35
The ThreatsProcess
Security is a chain, and People are the weakest link in the chain
Excessive User Rights/ privileges:Excessive user rights or privileges,is a very common security issue that has become increasingly hard to
control. It occurs if a user has more access rights than necessary, beyond
the necessary need to know.
Unencrypted Laptops and Removable Media: Loss of laptops and
removable media has become a major liability for corporations and
government agencies as well as for general consumers.
All too frequently, a major loss of personal or identifying information is
traced back to the loss of a single laptop or piece of removable media.
-
8/10/2019 IT - Network Security .. Chapter 1.1
22/35
-
8/10/2019 IT - Network Security .. Chapter 1.1
23/35
The Threats
People
Process
Technology
-
8/10/2019 IT - Network Security .. Chapter 1.1
24/35
The Threats - Technology
Security is a chain, and People are the weakest link in the chain
Technology could be a powerful enabler of business
productivity as well as a catalyst for crime activity:
Access Control attacks:
Access control is the process that involves:
- One Identifying who they are - Ident i f icat ion
- Proving that they are, who they say they are - Authent icat ion
- Getting granted access to those areas of the system, where they aresupposed to have access - Author izat ion
This process could be compromised by any of the following attacks:
1. A dictionary attackuses a brute-force technique of successively tryingall the words in an exhaustive list (from a pre-arranged list of values)
- Brute forceis trying every possible combinations
-
8/10/2019 IT - Network Security .. Chapter 1.1
25/35
The Threats - Technology
Security is a chain, and People are the weakest link in the chain
2. Spoofing at login:A technique used by an attacker to present a fake
login screen, often tricking the user to try and login. The credentials
are stored somewhere for the attacker to use later.
-
8/10/2019 IT - Network Security .. Chapter 1.1
26/35
-
8/10/2019 IT - Network Security .. Chapter 1.1
27/35
The Threats - Technology
Security is a chain, and People are the weakest link in the chain
Man-in-the-Middle Attacks:A man-in-the-middle attack refers generallyto an attack in which the attacker positions himself between two
communicating parties and gleans information to which he should nothave access.
Zero Day Attacks:A zero day vulnerability occurs when a flaw in softwarecode has been discovered and exploits of the flaw appear before a fix or
patch is available. Once a working exploit of the vulnerability is releasedinto the wild, users of the affected software will be compromised until asoftware patch is available or some form of mitigation is taken by the user.
Phishing attackis a process of attempting to acquire sensitive
information such as usernames, passwords and credit card details bymasquerading as a trustworthy entity in an electronic communication.
Keyloggers and Screenloggers:Program installed on a victim'smachine that records every keystroke that a user makes. Used to steal
login in details.
-
8/10/2019 IT - Network Security .. Chapter 1.1
28/35
The Threats - Technology
Security is a chain, and People are the weakest link in the chain
Content Injection Attacks:Content injection refers to insertingmalicious content into a legitimate site. In addition to deceptive actions
such as redirecting to other sites, malicious content can installcrimeware on a users computer through a web browser vulnerabilityor by social engineering, such as asking a user to download and installanti-virus software that actually contains crimeware. Examples include:
1. Cross-Site Scripting (XSS):Cross site scripting, better known as XSS, is the most pernicious and easily foundweb application security issue. XSS allows attackers to deface web sites, inserthostile content, conduct phishing attacks, take over the users browser usingJavaScript malware, and force users to conduct commands not of their ownchoosing - an attack known as Cross-site Cross request forgeries (CSRF).
2. SQL Injection:
Injections, particularly SQL injections, are common in web applications. Injectionsare possible due to intermingling of user supplied data within dynamic queries orwithin poorly constructed stored procedures
-
8/10/2019 IT - Network Security .. Chapter 1.1
29/35
Cross-Site Scripting
-
8/10/2019 IT - Network Security .. Chapter 1.1
30/35
The Threats - Technology
Security is a chain, and People are the weakest link in the chain
Denial of service (DoS):is a general term for many different types of
attacks. However, each attack has one thing in common, which is the goalto deny others the service that the victim system usually provides.
Spam E-mail: Spam is anonymous, unsolicited bulk emailit iseffectively the email equivalent of physical junk mail delivered through thepost office. Spam is a problem not only because of the enormous
resources it demands, but also because it now serves as a means forother types of attack. There is also reduced system performance and thecosts of filtering e-mail, loss of employee productivity or requiredincreased usage of help desk support. Spam consumes networkbandwidth used to transmit messages or consumes disk storage used tostore messages.
Botnets:A Botnet is collection of infected and compromised computingdevices harnessed together and remotely controlled for maliciouspurposes. Thousands of systems with zombie codes can be used inDDOS (Distributed denial of Service attacks) or spammers.
-
8/10/2019 IT - Network Security .. Chapter 1.1
31/35
The Threats - Technology
Security is a chain, and People are the weakest link in the chain
Click Fraud:Online advertising networks offer the ability for a web site
operator to host third-party advertisements and collect payment for everytime a user clicks on an advertisement. Click fraud refers to variousschemes in which the number of clicks is artificially inflated..
Other Malware: software designed to cause damage to a singlecomputer, server, or computer network. These include:
- Viruses- Virus is a small application, or a string of code, that infectsapplication, requires user action to compromise a machine. .
- Spy wareSoftware that monitors user activity without user knowledgeor consent. Spyware can capture and release sensitive data, makeunauthorized changes, and decrease system performance.
- Trojan Horse- Trojan Horse is a program that is disguised as another
program, masquerades as useful application, but does harm.
- Worm - A Worm is Malware that reproduces on its own without a hostapplication. Worms can infect and take over computers without any help,bar lax security, from a victim
-
8/10/2019 IT - Network Security .. Chapter 1.1
32/35
The Threats - Technology
Security is a chain, and People are the weakest link in the chain
Wireless Networks threats: Wireless networks have now become
very common, for both organizations and individuals. Most laptopsship with wireless adaptors and organizations have also deployedwireless LANs given the easy of deployment. Some of the securityissues with wireless networks include the following:
- Accidental association: When a user turns on a computer and it latcheson to a wireless access point from a neighboring companys overlappingnetwork, this could cause security issues if the victim network is notsecure.
- War driving- War driving is the act of searching for Wi-Fi wirelessnetworks by a person in a moving vehicle, using a portable computer(laptop) or PDA. Software for war driving is freely available on the Internet,notably NetStumblerfor Windows, Kismetor SWScannerfor Linux. Thesetools can sniff for any available wireless access points (APS)
-
8/10/2019 IT - Network Security .. Chapter 1.1
33/35
The Threats - Technology
Security is a chain, and People are the weakest link in the chain Blue tooth attacks: Various security holes have already appeared in
Bluetooth, which is becoming widely used in mobile phones and high-end smart phones. Some of these are listed below:
- Bluebugging -Refers to hacking into a Bluetooth device and using thecommands of that device without notifying or alerting the user. By bluebugging, a hacker could eavesdrop on phone conversations, place phonecalls, send and receive text messages, and even connect to the Internet.
- Bluejacking- A kind of practical joke played out between Bluetooth-enabled devices, bluejacking takes advantage of a loophole in the
technology's messaging options that allows a user to send unsolicitedmessages to other nearby Bluetooth. (Similar to doorbell ditching)
-
8/10/2019 IT - Network Security .. Chapter 1.1
34/35
The Threats - Technology
Security is a chain, and People are the weakest link in the chain Physical ICT Infrastructure threats:
The threats to the Physical ICT infrastructures include Naturalenvironment threats (earthquakes floods, tornadoes), Supply systemthreats (power, Internet and Telecom outage, water, gas etc..),Manmade threats (vandalism, fraud, theft), Politically motivated threats(terrorist attacks, riots, bombings).
Other threats to look out for:
- 419 scam - Advance Fee Fraud
- Web vandalism: Attacks that deface web pages
- Fake products / Product imitations
-
8/10/2019 IT - Network Security .. Chapter 1.1
35/35