Network Security: An Introduction

Questions and Answers

What key characteristic of information refers to it being accessible by authorized users?

• Utility
• Integrity
• Confidentiality
• Availability (correct)

Information security is solely focused on network security and does not include physical or personnel security.

False (B)

In the context of information security, what does the acronym C.I.A. stand for?

Confidentiality, Integrity, and Availability

The principle of ensuring that information remains whole, complete, and uncorrupted is known as ________.

integrity

Match the following roles with their responsibilities in data management:

Data Owner = Responsible for the security and use of a particular set of information Data Custodian = Responsible for the storage, maintenance, and protection of information Data User = Allowed access to information to perform daily jobs

What is the primary role of a Chief Information Security Officer (CISO) within an organization?

Assessing, managing, and implementing information security (A)

A 'threat' in information security refers only to intentional actions by malicious actors.

False (B)

Define what is an 'asset' in the context of information security.

Anything that has value for the organization

A(n) ________ is a specific instance of a general threat that could exploit a vulnerability.

threat agent

Match the risk management term with its description:

Risk Management = Involves risk identification, assessment, analysis, and control Risk Appetite = Amount of risk an organization chooses to accept Residual Risk = Risk that remains after implementing security measures

Which of the following best describes 'defense in depth'?

Implementing security in a layered approach (A)

A security perimeter is sufficient to protect against both external and internal attacks.

False (B)

What is the purpose of implementing redundancy in an information security strategy?

To implement technology in layers

The boundary that defines the outer limits of an organization's security efforts is known as the __________.

security perimeter

Match the threat perspective with the correct definition:

Software Piracy = The unauthorized copying or distribution of software. Phreaker = An individual who exploits telephone systems Cyberterrorist = Someone who uses cyber attacks to promote political or ideological ends

What is a 'Spike', as it relates to power irregularities?

A sudden, short-duration increase in voltage (B)

A computer virus is a type of malicious code that replicates and spreads without requiring a host program.

False (B)

What is the primary characteristic of a polymorphic computer worm?

Constantly changes the way it looks

________ involves bypassing access controls by attempting to guess passwords.

cracking

Match the password attack type with its description:

Brute Force Attack = Tries every possible combination of options to guess a password. Dictionary Attack = Narrows the password field by selecting specific target accounts and using a list of commonly used passwords

What is the main characteristic of a Denial-of-Service (DoS) attack?

Disrupting services by overwhelming a system with requests (D)

A Distributed Denial-of-Service (DDoS) attack originates from a single source IP address.

False (B)

Define what is 'spoofing' in the context of network security.

Sends messages to IP addresses that indicate to the recipient that the messages are coming from a trusted host

In a ________ attack, the attacker intercepts and modifies packets between two communicating parties.

man-in-the-middle

Match the email attack to its description:

Spam = Used as a means to make malicious code attacks more effective Mail Bomb = Attacker routes large quantities of e-mail to a target system

What is the primary function of a 'sniffer' in network security?

To monitor data traveling over a network (A)

Sniffers are easily detectable on a network due to their high bandwidth consumption.

False (B)

Briefly explain the goal of social engineering.

To convince people to reveal access credentials or other valuable information to the attacker

________ involves creating a fabricated scenario to trick someone into providing information.

pretexting

Match the social engineering technique with its corresponding description:

Phishing = Deceptive Emails tricking users into clicking links or providing information Baiting = Offering something enticing (e.g., USB drive with Malware) Tailgating = Physically following someone into a secure aread Quid Pro Quo = Offering a service in exchange for information

What happens in a Buffer Overflow attack?

An application receives more data than it can handle in a buffer. (D)

Information security is a one-time implementation process with a defined end state.

False (B)

What does an 'attack' represent in the context of information security?

Act that takes advantage of a vulnerability to compromise a controlled system

A main component for securing the systems that businesses use are __________ and network security.

firewalls

Match the term to its definition and purpose:

Threat = Category of object, person, or other entity that poses a potential risk of loss to an asset Asset = Anything that has value for the organization Attack = Intentional or unintentional action that could represent the unauthorized modification, damage, or loss of an information asset

According to TVA Triple, what three components are used in cyber risk assessment?

Threat, Vulnerability, Asset (A)

The definition of vulnerability is any potential danger that can exploit to harman an asset.

False (B)

What is the calculation for the level of risk, according to the slides?

Risk = Threat x Vulnerability x Asset Value

Anything of value to an organization is a definition of an ______.

asset

Match the term in the TVA triple to its correct definition:

Threat = Any potential danger that can exploit a vulnerability to harm an asset. Vulnerability = A weakness or flaw in a system that can be exploited. Asset = Anything of value to an organization (e.g., data, systems, networks, people).

Flashcards

Information security (InfoSec)

Protecting information and its critical elements using systems and hardware for storage and transmission.

Critical characteristics of information

Availability, accuracy, authenticity, confidentiality, integrity, utility, and possession.

McCumber Cube

A 3x3x3 cube model with 27 cells that represent areas to secure information systems.

Threat

Category posing a potential risk of loss to an asset.

Asset

Anything with value to the organization.

Attack

Intentional action that could cause damage or loss to an information asset.

Well-known vulnerability

A vulnerability that has been examined, documented, and published.

Exploit

A plan to exploit a system or asset.

Security Terms

Controls, safeguards, or countermeasures.

Risk

State of being unsecure and susceptible to attack, described by likelihood.

Risk management

Risk management involves identification, assessment, analysis, and control.

Risk appetite

The amount of risk an organization chooses to accept.

Residual risk

Risk remaining after precautions and controls.

Security perimeter

Boundary between an organization's security and the outside network.

Defense in depth

Layered implementation of security.

Redundancy

Redundancy: Implementing technology in layers.

TVA Triple

Combines threat, vulnerability, and asset to evaluate risk.

Vulnerability

Weakness that can be exploited.

Ways to view threats

Malicious code, software piracy, shoulder surfing, and hackers

Power irregularities

Spike, surge, sag, brownout, fault, and blackout.

Malicious code

Includes viruses, worms, Trojan horses, and active Web scripts.

Polymorphic

Constantly changes its appearance.

Cracking (passwords)

Attacker attempts to guess a password.

Brute force attack

Computing resources try every possible combo.

Dictionary attack

Narrows the field using common passwords.

Denial-of-service (DoS)

Attacker floods a target with requests.

Distributed denial-of-service (DDoS)

Requests from many locations at the same time.

Spoofing

Messages appear to be from a trusted host.

Man-in-the-middle

Attacker monitors packets, modifies, and reinserts them.

E-mail attacks

Using e-mails as a vehicle for attacks.

Sniffer

Program or device monitors data over a network.

Social engineering

Social skills used to gain valuable information.

Buffer overflow

Sending more data to a buffer than it can handle.

Phishing

Deceptive emails tricking users into clicking links or providing info

Pretexting

Creating a fabricated scenario to claim information

Baiting

Offering something enticing i.e. USB drive with malware

Tailgating

Physically following someone into a secure area

Quid Pro Quo

Offering a service in exchange for information

Study Notes

Objectives

• Information security component parts generally and specifically for network security will be explained.
• Important terms and ideas about information and network security will be defined.
• The roles of information and network security people in organizations will be defined.
• Why information and network security are important for businesses will be discussed.
• Threats to information and network security, and common attacks related to them will be identified.
• Differences between threats and attacks to information inside systems will be highlighted.

Introduction

• Network security is a very important thing for almost all organizations.
• Perimeter defense is very important for most network security plans.
• It is essential to have a firewall that works well and is set up correctly.
• Chapter 1 gives general information about information security.
• The chapter also explains how the wider scope of information security affects current changes in network security.

What Is Information Security?

• Information security (InfoSec) protects data and everything important to it.
• This involves the systems and equipment used to handle that information.
• It is a combined approach that includes:
• Network security
• Physical security
• Personnel security
• Operations security
• Communications security

C.I.A. Triangle

• The CIA triangle is the industry standard for computer security.
• It focuses on three data features which are valuable to organizations:
• Confidentiality
• Integrity
• Availability

Critical Characteristics of Information

• Availability: Data can be accessed by authorized users.
• Accuracy: Data is correct and free of errors.
• Authenticity: Data is real and original.
• Confidentiality: Data is protected from being exposed or shared.
• Integrity: Data remains complete and unchanged.
• Utility: Data has value for a specific reason.
• Possession: Data is owned or controlled by someone.

CNSS Security Model

• U.S. Committee on National Systems Security (CNSS) is the group
• National Training Standard for Information Security Professionals NSTISSI No. 4011 is also related.
• McCumber Cube is a 3x3x3 cube.
• It has 27 sections that show different areas that need to be protected in today's information systems.

Balancing Information Security and Access

• Information security should be a continuous process.
• It is important to balance protecting data and information assets with making that data available to those who are authorized.
• Security should allow people to access as appropriate.
• Security should protect from threats.

Business Needs First

• It is important to protect the organization's ability to operate.
• It is vital to enable applications to operate safely on the organization's IT systems.
• It is necessary to protect the data that the organization collects and uses.
• Need to protect the technology assets the organization uses.

Security Professionals and the Organization

• Several professionals support the complex information security program needed by a moderate or large organization.
• The chief information officer (CIO) is a senior technology officer.
• The chief information security officer (CISO):
• Is responsible for ensuring information security is assessed, managed, and implemented in the organization.

Information Security Project Team

• Champion
• Team leader
• Security policy developers
• Risk assessment specialists
• Security professionals
• Systems, network, and storage administrators
• End users

Data Management

• Data owners: Take responsibility to ensure the security of particular information and how it is used.
• Data custodians: Take responsibility to store, maintain, and protect information.
• Data users: Given permission by the data owner to use and access data as necessary for their daily tasks.

Key Information Security Terminology

• Security experts need to understand common terms.
• Necessary to effectively support information security work.

Threats and Attacks

• Threat: Anything that could cause harm to an asset.
• Asset: Anything an organization values.
• Can be physical or logical.
• Attack: Something done on purpose or by accident that could change, damage, or lose an information asset without permission.
• Subject of an attack: Active tool used to conduct the attack.
• Object of an attack: Entity being attacked.
• Direct attack: A hacker using a personal computer to break into a system.
• Indirect attack: A system is compromised and used to attack other systems.

Vulnerabilities and Exploits

• Threat agent: One specific case of a general threat.
• Well-known vulnerabilities: Examined, documented, and published vulnerabilities.
• "Exploit": When threat agents try to use weakness in a system or information asset.
• Attackers create recipes to formulate an attack.
• Controls, safeguards, or countermeasures:
• Synonymous terms
• Security steps, rules, or processes that successfully fight attacks, reduce risk, fix weak spots, and make security better in an organization.

Risk

• Risk is the state of being unsecure, either partially susceptible to attack.
• Expressed in terms of the likelihood of an event occurring.
• Risk management: includes finding risks, assessing or analyzing risks, and controlling risks.
• Risk appetite/tolerance: How much risk an organization is willing to accept.
• Residual risk: The amount of risk left after taking precautions, implementing controls, and performing other security activities.
• Controlling risk:
• Self-protection
• Risk transfer
• Self-insurance or acceptance
• Avoidance

Security Perimeter and Defense in Depth

• Security perimeter:
• Boundary between the outer limit of an organization's security and the beginning of the outside network
• Does not protect against internal attacks
• Organization may choose to set up security domains
• Defense in depth:
• Layered implementation of security
• Redundancy:
• Implementing technology in layers

Threats to Information Security

• Cybersecurity Ventures said the global annual cost of cybercrime will be 9.5 trillion USD in 2024.
• Damages from cybercrime are expected to cost $10.5 trillion by 2025.

Threats to Information Security in Malaysia

• The Cyber Incident Quarterly Summary Report Q4 2024 gives an overview of computer security incidents handled by the Cyber999 Incident Response Centre of CyberSecurity Malaysia in Q4 2024.

The TVA Triple

• The "TVA Triple" stands for Threat-Vulnerability-Asset.
• A foundational model in cyber risk assessment used to understand and evaluate potential risks to information systems.

Threat Definition

• Any potential danger that can exploit a vulnerability to harm an asset.
• Examples include: Malware, phishing attacks, insider threats, and natural disasters.

Vulnerability Definition

• A weakness or flaw in a system that can be exploited.
• Examples include: unpatched software, weak passwords, and misconfigured firewalls.

Asset Definition

• Anything of value to an organization, like data, systems, networks, and people.
• Includes customer data, servers, intellectual property, and cloud infrastructure.
• Threat exploits a Vulnerability to comprise an Asset
• Risk = Threat × Vulnerability × Asset Value
• Organize in a TVA worksheet

Other Ways to View Threats

• Perspectives:
• Intellectual property
• Software piracy
• Shoulder surfing
• Hackers
• Script kiddies
• Packet monkeys
• Cracker
• Phreaker
• Hacktivist or cyberactivist
• Cyberterrorist
• Malicious code, malicious software, or malware
• Computer virus: macro virus, boot virus
• Worms
• Trojan horses
• Backdoor, trapdoor, maintenance hook
• Rootkit
• Power irregularities
• Spike: A sudden, short-duration increase in voltage, often lasting a few microseconds. Can be caused by lightning strikes, switching loads, or electromagnetic interference.
• Surge: A temporary and relatively longer overvoltage than a spike, lasting a few milliseconds; can damage sensitive electronic equipment if not regulated.
• Sag: A short-term drop in voltage levels, typically lasting from milliseconds to a few seconds.
• Brownout: A prolonged period of reduced voltage, often lasting minutes or hours.
• Fault: An abnormal electrical current due to issues like short circuits, ground faults, or line-to-line contact.
• Blackout: A complete loss of power in an area, often unexpected and of varying duration.

Attacks on Information Assets

• Attacks occur through a specific act that may cause a potential loss.
• Includes each of the major types of attack used against controlled systems.

Malicious Code

• Malicious code
• Includes viruses, worms, Trojan horses, and active Web scripts
• Executed with the intent to destroy or steal information
• Polymorphic, multivector worm
• Constantly changes the way it looks
• Uses multiple attack vectors to exploit a variety of vulnerabilities in commonly used software

Vectors For Spreading Malicious Code

• IP scan and attack
• Web browsing
• Virus
• Unprotected shares
• Mass mail
• Simple Network Management Protocol (SNMP)

Compromising Passwords

• Controls bypassed by guessing passwords.
• Cracking:
• Attempting to guess a password
• Brute force attack:
• Application of computing and network resources to try every possible combination of options
• Dictionary attack:
• Variation on the brute force attack
• Field narrowed by selecting specific target accounts and using a list of commonly used passwords

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)

• Denial-of-service (DoS) attack
• Attacker sends a large number of connection or information requests to a target
• Target system receives too many requests.
• Distributed denial-of-service (DDoS):
• Coordinated stream of requests against a target from many locations at the same time
• Any system connected to the Internet is a potential target for denial-of-service attacks

Spoofing

• Intruder sends messages to IP addresses that indicate to the recipient that the messages are coming from a trusted host

Man-in-the-Middle

• Attacker monitors packets from the network
• Modifies them using IP spoofing techniques
• Inserts them back into the network
• Attacker is able to eavesdrop, change, redirect data, forge, or divert data

E-mail Attacks

• E-mail is the vehical.
• Spam is a means to make malicious code attacks more effective.
• Mail bomb:
• Routes large amounts of e-mail to the target system.

Sniffers

• Programs or devices that monitors data traveling over a network.
• Sniffers can be used for good security practices or stealing information.
• Mostly impossible to detect
• Can be inserted almost anywhere
• Packet sniffers work on TCP/IP networks.

Social Engineering

• Process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.
• Common techniques
• Phishing: Deceptive emails tricking users into clicking links or providing info.
• Pretexting: Creating a fabricated scenario to obtain information.
• Baiting: Offering something enticing (e.g., USB drive with malware).
• Tailgating: Physically following someone into a secure area.
• Quid Pro Quo: Offering a service in exchange for information.

Buffer Overflow

• Application error:
• Occurs when more data is sent to a buffer than it can handle
• Attacker is able to get intended target system to execute specific instructions
• Attacker can take advantage of some other unintended consequence of the failure

Summary

• Firewalls and network security are essential for securing the systems that businesses use
• Information security is protection of information and its critical elements
• Information security is a process, not a goal
• Range of professionals support the information security program
• Treat: object, person, or other entity that represents a constant danger to an asset
• Attack: act that takes advantage of a vulnerability to compromise a controlled system
• Organization must establish a functional and well-designed information security program