CSF_Week_2_Assignment
Computer Security Fundamentals
Chuck Easttom
Chapter 1 Introduction to to Computer Security
*
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Chapter 1 Objectives
- Identify top threats to a computer network
- Assess the likelihood of an attack
- Define key terms like cracker, sneaker, firewall, and authentication
- Compare and contrast perimeter and layered approaches to network security
- Use online resources
*
Identify the top threats to a computer network: malware, intrusion, Denial of service attacks
Assess the likelihood of an attack on your personal computer and network
Define key terms such as cracker, sneaker, firewall and authentication
Compare and contrast perimeter and layered approaches to network security
Use online resources to secure your network
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Introduction
- Computer systems and networks are all around us.
- Online banking
- Automated supermarket checkouts
- Online classes
- Online shopping
- Online travel resources
*
Computer systems are everywhere.
- Online banking, ATMs, debit cards
- E-Bay, Amazon, Half.com for textbooks
- Expedia, Travelocity, airplane e-tickets
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Introduction (cont.)
- How is personal information safeguarded?
- What are the vulnerabilities?
- What secures these systems?
*
How is my online personal information safeguarded?
Passwords, account numbers, etc.
What are the vulnerabilities to these systems?
Web site security
What steps are taken to ensure that these systems and data are safe?
SSL, Encryption, etc.
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
How Seriously Should You Take Threats to Network Security?
- Which group do you belong to?
- “No one is coming after my computer.”
- “The sky is falling!”
- Middle ground.
*
Which group do you belong to?:
“No one is coming after me/my computer.”
Prove to me that I am at risk
Ostrich Theory
“The sky is falling!!”
Prove to me that I am not at risk
Paranoia
Middle Ground
An educated awareness of true risk
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Identifying Types of Threats
- Malware: MALicious softWARE
- Security Breaches
- DoS: Denial of Service attacks
- Web Attacks
- Session Hijacking
- DNS Poisoning
- Insider Threats
*
Malware – MALicious softWARE, the most common threat to your system
Intrusions – an attempt to gain unauthorized access to your system
DoS – Denial of Service attacks, attempts to deny authorized users access to the system
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Malware
- Software with a malicious purpose
- Virus
- Trojan horse
- Spyware
- Logic Bomb
*
Virus – “a small program that replicates itself and hides itself inside other programs, usually without your knowledge” (Symantec, 2003)
Trojan horse - a malicious program disguised as something desirable or harmless
Spyware – the fastest-growing category of malware
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Malware (cont.)
Virus
- One of the two most common types
- Usually spreads through e-mail
- Uses system resources, causing slowdown or stoppage
*
One of the two most common types of malware
Usually spreads itself through unsuspecting user’s e-mail
Even without malicious payload, rapid replication uses system resources, causing slow down or stoppage
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Malware (cont.)
Trojan Horse
- The other most common kind of malware
- Named after the wooden horse of ancient history
*
The other most common kind of malware
Named after the famous wooden horse of ancient history
It disguises itself as something benign, something you need or want, i.e. a game, screen saver, account logon, etc
It captures your information and returns it to the intruder
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Malware (cont.)
Spyware
- The most rapidly growing types of malware
- Cookies
- Key logger
*
Spyware is the most rapidly growing type of malware.
Cookies: initially a good idea to help users surf the Web, now misused to spy on users
Key logger: both in software and hardware, captures all the user’s typing and logs it, capturing passwords, account numbers, credit card numbers, etc.
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Malware (cont.)
Logic Bomb
- Lays dormant until some logical condition is met, often a specific date.
*
Spyware is the most rapidly growing type of malware.
Cookies: initially a good idea to help users surf the Web, now misused to spy on users
Key logger: both in software and hardware, captures all the user’s typing and logs it, capturing passwords, account numbers, credit card numbers, etc.
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Compromising System Security
Intrusions
- Attacks that break through system resources
- Hackers
- Crackers
- Social engineering
- War-driving
*
Intrusions are attacks that break through your system’s resources without authorization
Hackers – early internet joy riders, by intent not malevolent
Crackers – system intruders, with malevolent intent
Social Engineering – intruding into a system using human nature, not technology
War driving – driving around looking for unprotected wireless networks
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Denial of Service Attacks
- The attacker does not intrude into the system but just blocks access by authorized users.
*
The attacker does not actually intrude into the system, just blocks access from authorized users
Keeps your customers from purchasing on your Web site, denying you sales
Keeps your employees from purchasing e-tickets to a trade show, making them use a travel agent, which costs more money than you had planned
Keeps you from transferring the money from your business Line of Credit to your business account to pay for the tickets, causing your account to be overdrawn
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Web Attacks
- The attacker attempts to breach a web application. Common attacks of this type are SQL injection and Cross Site Scripting.
*
The attacker does not actually intrude into the system, just blocks access from authorized users
Keeps your customers from purchasing on your Web site, denying you sales
Keeps your employees from purchasing e-tickets to a trade show, making them use a travel agent, which costs more money than you had planned
Keeps you from transferring the money from your business Line of Credit to your business account to pay for the tickets, causing your account to be overdrawn
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Session Hijacking
- This is a complex attack that involves actually taking over an authenticated session.
*
The attacker does not actually intrude into the system, just blocks access from authorized users
Keeps your customers from purchasing on your Web site, denying you sales
Keeps your employees from purchasing e-tickets to a trade show, making them use a travel agent, which costs more money than you had planned
Keeps you from transferring the money from your business Line of Credit to your business account to pay for the tickets, causing your account to be overdrawn
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
DNS Poisoning
- This involves altering DNS records on a DNS server to redirect client traffic to malicious websites, usually for identity theft.
*
The attacker does not actually intrude into the system, just blocks access from authorized users
Keeps your customers from purchasing on your Web site, denying you sales
Keeps your employees from purchasing e-tickets to a trade show, making them use a travel agent, which costs more money than you had planned
Keeps you from transferring the money from your business Line of Credit to your business account to pay for the tickets, causing your account to be overdrawn
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Assessing the Likelihood of an Attack on Your Network
- Viruses
- Catch up on new and refurbished viruses
- Unauthorized use of systems
- DoS attacks
- Intrusions
- Employee misuse
*
Viruses are most common network attacks
Check any AV vendor Web site to catch up on new and refurbished viruses
Unauthorized use of systems is the next most common attack
DoS attacks
Intrusions
Employee misuse, either deliberate or accidental
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Basic Security Terminology
People:
- Hackers
- White hats
- Black hats
- Gray hats
- Script kiddies
- Sneakers
- Ethical hackers
*
People
Hackers – anyone who studies a system through analyzing its flaws
White hats – Consider themselves the “good guys”
Black hats – Or “crackers” are definitely the “bad guys”
Gray hats – Not a common term; refers to individuals who operate out side of the law on occasion
Script kiddies – Inexperienced; consider themselves hackers, but only copy the work of others
Ethical hackers – Consultants who are hired to do vulnerability assessments on company systems
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Basic Security Terminology (cont.)
Devices
- Firewall
- Filters network traffic
- Proxy server
- Disguises IP address of internal host
- Intrusion Detection System
- Monitors traffic, looking for attempted attacks
*
Firewalls – Found in a router or a server or as a stand-alone device, it filters ingress and egress network traffic.
Proxy server – This sits between a client and an application, acting as the host on your network, disguising the IP address of your internal host.
Intrusion Detection System – IDS monitors traffic, looking for attempted attacks.
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Basic Security Terminology (cont.)
Activities
- Authentication
- Auditing
*
Phreaking – A subspecialty of hacking, breaking into telephone systems, it gave Kevin Mitnick his start down the road to prison.
Authentication – Process todetermine if the credentials given by a user are authorized to access system resources.
Auditing – Process of reviewing logs, records, and procedures to ensure established standards are being met; tedious but critical.
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Network Security Paradigms
- How will youprotect your network?
- CIA Triangle
- Least Privileges
- Perimeter security approach
- Layered security approach
- Proactive versus reactive
- Hybrid security method
*
How will youprotect our network?
Perimeter security approach
Perimeter Defense is the most popular because it used to be clearly defined, but as companies hire mobile workers, home workers, and contract workers, the perimeter is becoming less and less clearly defined.
Layered security approach
Not only the perimeter but separate sections of the network are protected to the security level assigned to them.
Proactive Versus Reactive
Are your security measures active or passive?
Do you have a security plan, or are you part of someone else’s plan to intrude on you?
Hybrid Security Method
Only a thorough and ongoing risk assessment and vulnerability can keep you informed about what combination of postures will benefit your network the most.
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
How Do Legal Issues Impact Network Security?
- The Computer Security Act of 1987
- OMB Circular A-130
- See www.alw.nih.gov/Security/FIRST/papers/ legal/statelaw.txt for state computer laws
- Health Insurance Portability and Accountability Act of 1996, HIPAA
*
The Computer Security Act of 1987, the first piece of U.S. legislation to affect computer systems
OMB Circular A-130, a more specific federal law that addresses the idea of security standards
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Online Security Resources
- CERT
- www.cert.org
- Microsoft Security Advisor
- www.microsoft.com/security/default.mspx
- F-Secure
- www.f-secure.com
- SANS
- www.sans.org
*
CERT
Computer Emergency Response Team, sponsored by Carnegie-Mellon University, the first computer incident response team
Microsoft Security Advisor
Microsoft security information, tools, and updates
F-Secure
Information on virus outbreaks
SANS
Documentation on computer security issues
© 2016 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security
*
Summary
- Network security is a constantly changing field.
- You need three levels of knowledge.
- Take the courses necessary to learn the basic techniques.
- Learn your enterprise system intimately, with all its strengths and vulnerabilities.
- Keep current in the ever-changing world of threats and exploits.
*