Information Systems Security Essentials PDF

Information Systems Security Essentials (ISS611S) Chapter 1 - Introduction Outline 1. IT Systems security 2. Threats 3. CIA 4. Attacks 5. Malicious Software Information Technology System What is an information technology system? Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. Also includes computers, ancillary equipment, software, firmware, and similar procedures, services (including support services), and related resources. - source - https://definedterm.com/information_technology_system System Components Data – Documents – Photos http://www.rightstreamit.co.uk/services.htm – Music – Videos – Email Hardware – Computers – Devices – Network gear Software – OS – Utilities(antivirus) – Apps – commercial and individual; Terminology A Vulnerability is a weakness in an IT system that might be exploited to cause loss or harm Types – Technological: Weaknesses inherent in computers and network technologies such as operating systems, network protocols like TCP/IP, ICMP, OSPF, etc. – Configuration: This results from improper computer and network configurations – Security Policy: This is a result of users not following security policies or poor policy enforcement procedures. Terminology A threat to an IT system is set of circumstances that have the potential to cause harm/loss/danger/damage – Non-human threats Natural disasters, loss of electrical power, failure of components – Human threats Non malicious malicious Malicious Threats Termed malicious attack Random – Harm any computer or user – Virus – Denial of Service (DoS) Directed – Harm specific computers – DoS – Advanced Persistent threat – Impersonation – Ransomware?? Terminology Attack: An assault on system security that is a deliberate attempt to evade security services and violate the security policy of a system. Exploit: Software or commands that take advantage of a vulnerability in order to carry out an attack Attackers Individual Hacker Organized Organised Crime Terrorists Script Kiddies Questions? ? 10 Attack Types Reconnaissance Access Attacks Denial of Service Malware Attacks Reconnaissance Reconnaissance also known as information gathering is the unauthorized discovery and mapping of systems, services, or vulnerabilities. In most cases, precedes an access or DoS attack Reconnaissance attacks can consist of the following: – Internet information queries – Ping sweeps – Port scans – Packet sniffers – Social engineering cisco Reconnaissance Internet information queries: DNS queries can reveal information such as who owns a particular domain and what addresses have been assigned to that domain. Use tools such as whois, nslookup Ping Sweeps: A ping sweep, or ICMP sweep, scans to determine which range of IP addresses map to live hosts. Port Scan: Consists of sending a message to each port, one port at a time. Cisco Reconnaissance Packet Sniffer: Software application that uses a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. Packet sniffers can only work in the same collision domain as the network being attacked. Wireshark is an example of a packet sniffer. Cisco Social Engineering Access Attacks Access attacks can be performed in a number of different ways, including: – Password attacks – Port redirection – Man-in-the-middle attacks – Buffer overflow Access Attacks Password attacks: – Brute force: Trying as many password combinations as possible until hitting on the right one – Dictionary Based: In this type of attack, long lists of words of a particular language called dictionary files are searched to find a match to the encrypted password – Trojan horse programs – IP spoofing – Packet sniffers Port redirection: Man-in-the-middle attacks: Buffer overflow: Port Redirection A port redirection attack is a type of trust exploitation attack that uses a compromised host to pass traffic through a firewall that would otherwise have been dropped. – Port redirection bypasses the firewall rule sets by changing the normal source port for a type of network traffic. – You can mitigate port redirection by using proper trust models that are network-specific. – Assuming a system is under attack, an IPS can help detect a hacker and prevent installation of such utilities on a host. “Man-in-the-Middle” Attacks Man-in-the-middle attacks have these purposes: – Theft of information – Hijacking of an ongoing session to gain access to your internal network resources – Traffic analysis to obtain information about your network and network users – DoS – Corruption of transmitted data – Introduction of new information into network sessions An example of a man-in-the-middle attack is when someone working for your ISP gains access to all network packets that transfer between your network and any other network. DoS and DDoS Attacks A DDoS attack and the simpler version of a DoS attack on a server, send extremely large numbers of requests over a network or the Internet. – These many requests cause the target server to run well below optimum speeds. – Consequently, the attacked server becomes unavailable for legitimate access and use. – By overloading system resources, DoS and DDoS attacks crash applications and processes by executing exploits or a combination of exploits. – DoS and DDoS attacks are the most publicized form of attack and are among the most difficult to completely eliminate. Distributed Denial of Service Attack (DoS) DDoS attacks are designed to saturate network links with spurious data which can overwhelm a link causing legitimate traffic to be dropped. – DDoS uses attack methods similar to standard DoS attacks but operates on a much larger scale. – Typically hundreds or thousands of attack points attempt to overwhelm a target. Malware “Malicious software” is software designed to infiltrate a computer without the owner's informed consent. Malware includes: – Computer viruses – Worms – Trojan horses – Rootkits – Backdoors (Method of bypassing normal authentication procedures and usually installed using Trojan horses or worms.) – For profit (Spyware, botnets, keystroke loggers, and dialers) Viruses A computer virus is a malicious computer program (executable file) that can copy itself and infect a computer without permission or knowledge of the user. A virus can only spread from one computer to another by: – Sending it over a network as a file or as an email payload. – Carrying it on a removable medium. Viruses need USER INTERVENTION to spread … Viruses Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Worms Worms are a particularly dangerous type of hostile code. – They replicate themselves by independently exploiting vulnerabilities in networks. – Worms usually slow down networks. Worms DO NOT NEED USER INTERVENTION! – Worms do not require user participation and can spread extremely fast over the network. Questions? ? 26 Threat or Vulnerability? 1. Computer with no passwords 2. Misconfigured firewall 3. A hacker 4. Computer virus Controls Is a means to counter harm – Prevent it – Deter it – Deflect it – Mitigate it – Detect it – recover Types of Control Types of Control Physical Procedural/adminstrative technical Information System Security? Source - http://www.upenn.edu/computing/security/ IT System Security? Source - http://www.thestaffingstream.com/2015/01/14/information-security-the-impact-of-the-breach-in-skills/ IT System Security? Is the protection of information and its critical characteristics( confidentiality, integrity, availability), including the systems and hardware that use, store and transmit information CIA Triad Confidentiality IT systems Integrity Availability CIA Confidentiality – the ability of a system to ensure that information is viewed only by authorized parties Integrity – the ability of a system to ensure that an asset is modified only by authorized parties – System Integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system – Data Integrity: Assures that digital information can only be accessed and modified by authorized personnel/processes. Data integrity assures information is changed only in a specified and authorised manner. Availability- Assures that systems work promptly and service is not denied to authorized users Additional Properties Authorisation – defines what a user has been specifically and explicitly allowed to do. Accountability - Actions of an entity to be traced uniquely to that entity (person or automated process). non –repudiation - assures that an entity involved in a communication cannot deny having participated in all or part of the communication. Exercise Classify each of the following as a violation of confidentiality, integrity, availability, or non-repudiation 1. Mandume copies Hilma’s homework 2. John crashes Esther’s OS 3. Ndinelao changes the amount on Mwilima’s cheque from $100 to $1000 4. Niku does not honour the contract between him and Lucky Questions? ? 38 References for this Chapter Pfleeger, C. P., & Pfleeger, L. S. (2015). Security in computing (5th ed.). New Jersey, USA: Pearson Education Inc Whitman, M., & Mattord, H. (2017). Principles of information security (6th ed.). CENGAGE Learning Custom Publishing. Summary Summary 40

Information Systems Security Essentials PDF

Document Details

Tags

Related

Summary

Full Transcript