Lecture 2 - Part I (2) PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document details the basics of computer systems, including centralized computing (mainframes), distributed computing (client-server and cloud computing), and the advantages and disadvantages of each. It also touches on the concept of knowledge security, successful companies, and information technology services.
Full Transcript
THE BASICS COMPUTER SYSTEMS o Early 60’s o Centralized Computing o Mainframes o Distributed Computing o Client-Server o Cloud Computing Cybersecurity and Digital Forensics 6 MAINFRAME Advantages - Centralized - Handle very large...
THE BASICS COMPUTER SYSTEMS o Early 60’s o Centralized Computing o Mainframes o Distributed Computing o Client-Server o Cloud Computing Cybersecurity and Digital Forensics 6 MAINFRAME Advantages - Centralized - Handle very large quantity of data Disadvantages - Large in Size - Hard to manage - Costly Cybersecurity and Digital Forensics 7 CLIENT-SERVER Cybersecurity and Digital Forensics 8 CLOUD COMPUTING Cybersecurity and Digital Forensics 9 WHICH SOLUTION IS BETTER? Mainframes Cloud Solutions o Benefits o Benefits o Reliability and Uptime o Cost Efficiency ⑪ o Performance and Scalability o Flexibility and Agility o Maintenance and Management o Security o Security o Legacy Systems and o Business Continuity and Disaster Applications Recovery o Data Sovereignty and Compliance o Concerns o Integration and Control o Dependency on Internet o Latency and Proximity Connectivity o Security and Privacy Concerns o Limited Control and Flexibility o Concerns o Unexpected Cost Management o Cost Considerations o Downtime and Service Reliability o Skill Availability and Expertise o Data Transfer Costs Cybersecurity and Digital Forensics 10 KNOWLEDGE Purpose and Importance SECURITY KNOWLEDGE 4 efintions : I- o Knowledge is defined as a justified, true belief that meets specific -- criteria for being considered certain or reliable. - o Knowledge is the fact or condition of being aware of something. : o Knowledge is the familiarity, awareness, or understanding of facts, skills, or concepts, acquired through education, training, or experience. 4o Knowledge refers to the body of facts, theories, and principles that - --- have been systematically acquired and validated through observation, experimentation, and reasoning within the scientific method method. using Cybersecurity and Digital Forensics 12 KNOWLEDGE IS POWER? -2 o Gaining knowledge is vital to any organization o Knowledge and knowing certain things is what sets an organization apart from others o Companies that have the best information are often successful Cybersecurity and Digital Forensics 13 SUCCESSFUL COMPANIES D o Provided they can utilize knowledge in the most effective manner ② o As companies attempt to understand what their competitors know o They want toBdefend and keep their knowledge secretive Cybersecurity and Digital Forensics 14 KNOWLEDGE SHARING- PROTECTION CHALLENGE THE CHALLENGE o A company must find effective ways of allowing their employees to share their knowledge o Create a comprehensive body of knowledge that can be used throughout the company o However, this must be done in a secure way o Once the knowledge is available to competitors, the advantage of being the sole owner is lost Cybersecurity and Digital Forensics 16 INFORMATION TECHNOLOGY SERVICES Cybersecurity and Digital Forensics DOS & DDOS ATTACKS DOS DEFINITION o DoS is an acronym for: o Denial of Service o A DoS is defined as an act of making one or more computer systems unavailable o The system cannot perform its normal function o e.g. System cannot take orders for products, or Ex o taking donations at a charity organization, or o isplaying information, etc. Cybersecurity and Digital Forensics 19 DOS DEFINITION o A DoS is defined as an act of making one or more computer systems unavailable o The system cannot perform its normal function o E.g. System cannot take orders for products, or o Taking donations at a charity organization, or o Displaying information, etc. Cybersecurity and Digital Forensics 20 DOS TYPES Logic attack Flooding attack Cybersecurity and Digital Forensics 21 DOS TYPES Logic attack Exploits the SW vulnerabilities to remotely crash servers Flooding attack Cybersecurity and Digital Forensics 22 DOS TYPES Logic attack Exploits the SW vulnerabilities to remotely crash servers Flooding attack Flood victim’s resources by massive number of bogus requests Cybersecurity and Digital Forensics 23 DOS EXAMPLES AND SOURCE(S) o Logic attack o( Ping of Death o very large packet o crashing victim’s server o Flooding attack o Buffer overflow ! o ICMP flood oS SYN flood o Sources o One machine (DoS) o Multiple machines (DDoS) (more common and effective) Cybersecurity and Digital Forensics 24 DOS ATTACK METHODS IN SUMMARY o Bandwidth Reap o SYN Attack o SMURF Attack o FRAGGLE Attack o Ping Flooding Attack o UDP Flooding Attack o BONK and Teardrop Attacks Cybersecurity and Digital Forensics 26 1. BANDWIDTH REAP o The attacker floods the network beyond its bandwidth o Attackers use many machines to generate bogus requests o Overwhelming the network o Preventing legitimate users from accessing resources Cybersecurity and Digital Forensics 27 2. SYN ATTACK o Makes use of the TCP handshake process o The attacker sends the connection request (SYN) o The victim machine responds back (SYN/ACK) o Waiting for acknowledgment from sender (ACK) o The attacker never sends the final acknowledgment o The connection table fills up quickly and legitimate users cannot gain access Cybersecurity and Digital Forensics 28 2. SYN ATTACK o Makes use of the TCP handshake process o The attacker sends the connection request (SYN) o The victim machine responds back (SYN/ACK) o Waiting for acknowledgment from sender (ACK) o The attacker never sends the final acknowledgment o The connection table fills up quickly and legitimate users cannot gain access Cybersecurity and Digital Forensics 29 3. SMURF ATTACK o Third-party server attacks the victim machine by acting as a simple proxy on behalf of the attacker o This process requires 3 machines; the attacker, the proxy, and the victim o The attacker uses ICMP packets to proxy machines with source IP spoofed to that of target machine o The proxy machine responds to the spoofed IP with the unsolicited responses Cybersecurity and Digital Forensics 30 4. FRAGGLE ATTACK o Like SMURF o But uses UDP echo packets instead of ICMP Cybersecurity and Digital Forensics 31 5. PING FLOODING ATTACK - o Simply, sends a massive number of& ICMP ping requests to the target machine o More effective when the attacking machine has a higher bandwidth than the target machine Cybersecurity and Digital Forensics 32 6. UDP FLOODING ATTACK - & o The attacker sends a huge number of UDP packets to consume the target’s resources o Since it is a UDP, it does not require a connection setup first o The attacker sends the UDP packet with a random port of target machine o The target machine replies with a “port unreachable” o The target machine crashes when enough UDP packets are sent by the attacker Cybersecurity and Digital Forensics 33 6. UDP FLOODING ATTACK o The attacker sends a huge number of UDP packets to consume the target’s resources o Since it is a UDP, it does not require a connection setup first o The attacker sends the UDP packet with a random port of target machine o The target machine replies with a “port unreachable” o The target machine crashes when enough UDP packets are sent by the attacker Cybersecurity and Digital Forensics 34 7. BONK AND TEARDROP ATTACKS o Old-style attacks against old Windows OSs o TearDrop manipulates the offset fields of a fragment in a TCP/IP packet o The target machine tries to reconstruct the packet, but fails o BONK is like TearDrop but it manipulates the fragment offset to make the packet seems too large to reassemble o Both methods cause the machine to crash Cybersecurity and Digital Forensics 35 7. BONK AND TEARDROP ATTACKS o Old-style attacks against old Windows OSs o TearDrop manipulates the offset fields of a fragment in a TCP/IP packet o The target machine tries to reconstruct the packet, but fails o BONK is like TearDrop but it manipulates the fragment offset to make the packet seems too large to reassemble o Both methods cause the machine to crash Cybersecurity and Digital Forensics 36 ATTACK MITIGATION DOS CHARACTERISTICS o DoS can be launched easily but is hard to defend o DoS does not provide the attackers access to computing devices of victims, but denies access to legitimate users o Causes capital expenditure loss Cybersecurity and Digital Forensics 5 DOS CHARACTERISTICS o DDoS tools are available widely o Some tools can be used to mitigate and protect against DoS attacks (e.g. filtering), and possibly identify the attackers o Knowledgeable individuals may be capable of launching attacks by themselves without compromising third-party computers Cybersecurity and Digital Forensics 6 TOOLS AVAILABILITY o Many tools are available to perpetrate a DoS attack o Some tools are built-in in OS kernel (e.g. ping) o Some tools are provided with GUI o Preventive measures are needed to stop these attacks Cybersecurity and Digital Forensics 7 SYMPTOMS It is normal that a popular site experience spikes in regular traffic However, certain indicators of probable attack should be noticed Programs running slowly High failure rates for HTTP services Large number of connection requests arrive from various networks Users’ complaints about slow or no site access The machine experience an unexpected very high CPU load Cybersecurity and Digital Forensics 8 PREVENTIVE MEASURES o Strict adherence to some fundamental security policies and procedures o Keeping up-to-date systems (always apply vendor patches once available) o Continuous monitoring of the system to discover any intrusions o Check incoming traffic packets for source IP addresses; if not valid the router should drop the packets Cybersecurity and Digital Forensics 9 UNDER ATTACK MEASURES o Now, you are under attack … o What to do? o Trace back the packets to know the source o May not be helpful if the source IP address is spoofed o Once found, put a filter to block the traffic (time consuming effort) Cybersecurity and Digital Forensics 10 UNDER ATTACK MEASURES o You can limit the rate of the traffic if the type of the traffic is known (bandwidth limit) o Black hole filtering: ISP can send the offending traffic to a null location Cybersecurity and Digital Forensics 11 ATTACK MITIGATION TECHNIQUES 1 Bandwidth limitations o o Traceback suspicious sources of attacks 2a 3 o Mitigation ② - D o Offered by vendors like VeriSign, Symantec o Uses traffic cleaning center at peering points on the - internet o These nodes scrub the traffic and directing only clean traffic to web servers Cybersecurity and Digital Forensics 12 ISSUES AND CONCERNS DISTRIBUTED COMPUTING CONCERNS o Without prepared and effective information security plan, organizations face important challenges o Especially, when dealing with distributed computing and knowledge security Cybersecurity and Digital Forensics 14 DISTRIBUTED COMPUTING CONCERNS o Known issues: o Costs and risks associated with data leaking o Determining responsible parties o Creating a security culture fostering employee accountability and liability o Ongoing, recurring costs of management Cybersecurity and Digital Forensics 15 KEY ISSUES IN THE PROTECTION OF DATA WHAT DO YOU KNOW ABOUT WIKILEAKS? DATA CLASSIFICATION o The incident of WikiLeaks was a wakeup call for all government organizations responsible for safeguarding sensitive information o IT personnel can protect information easily by instituting strong data classification controls o Two Data Classifications i o Military-based In data classification o Public data classification 2 - Cybersecurity and Digital Forensics 18 TSCSU 1 MILITARY-BASED CLASSIFICATION - o Top Secret o Never disclose; damage can be grave oS Secret o Serious damage can be caused if disclosed oC Confidential o Damage can be caused if disclosed - o Sensitive but unclassified S o Avoid disclosure - oS Unclassified o No damage can be caused if released - Cybersecurity and Digital Forensics 19 CPSP 2 = PUBLIC DATA CLASSIFICATION o Confidential o Highest level of sensitivity and disclosure could cause serious damage to company o Private o Only for company use - o Sensitive o Requires protection - - o Public o No damage caused if disclosed - Cybersecurity and Digital Forensics 20 METHODS OF PROTECTION PROTECTION METHODS o Current methods for protecting distributed computing environments and knowledge security include, but not limited to: o Establishing trust in employees, computers, and resources o Technical solutions are not always the answer to establish trusts. o How to trust employees?!! o Background check?! Seems ok.. but … o What about the future? o Creating a security policy and fostering a security culture o Protecting data through encryption and data classification 7 7 Cybersecurity and Digital Forensics 22 MITIGATION SOLUTIONS o A few solutions exist o Only a small percentage of organizations have changed their structure: o Moving large, organizational structures to smaller, manageable units o Determining how to transition employee motivations from altruistic to extrinsic reasons o Reevaluating security policies and adding effective preventative measures Cybersecurity and Digital Forensics 23