Principles of Security - 1911194 - PDF

Summary

This document appears to be course notes for a class on principles of security, specifically covering various threats and attacks in information security. It discusses topics such as the need for security in organizations, the role of information security in organizational operations, and different types of attacks like denial-of-service and malware.

Full Transcript

Principles of Security - 1911194

Topic2: The Need of Security
Learning Objectives
Upon completion of this topic:
Discuss the organizational need for information security
Explain why a successful information security program is the shared
responsibility of an organization’s departments
List and describe the threats posed to information security
Linux operating system, distributions, and their use in Security
Business need First
The need for Security: Information security performs four
important functions for an organization:
- Protecting the organization's ability to function
- Protecting the data and information the organization collects and use
- Enabling the safe operation of applications running on the
organization's IT systems
- Safeguarding the organization's technology assets from threats and
attacks
Protecting the Functionality of an Organization

Organizations should have Security Management as well as an IT
departments who implement the management’s security plan and
instructions
Management is responsible for facilitating security program.
Implementing information security has more to do with management
than technology as it requires good management plans
Management should appreciate the importance information security in
terms of business impact and cost, as security failures will disturb the
business operation and will cause a high cost.
Protecting the data that the organization collect
and use
Without data, an organization will lose its record of transactions and
will not be able to deliver value to its customers.
Protecting data in transmission, in processing, and in storage is a
critical aspect of information security.
Enabling the safe operation of Applications

Organization needs environments that safeguard applications using IT
systems.
General management must control different operations done by
different departments and assure that they comply with their security
plan.
This is done with coordination with IT department.
Safeguarding Technology Assets in an
Organization from threats and attacks
Organizations must employ secure infrastructure hardware and
software appropriate to the size and scope of the enterprise.
Additional security services may be needed as the organization grows.
General Management must continue to oversee available infrastructure
and continue to maintain proper development. This is done with
coordination with IT department
Threats and Attacks.
Key Terms
Attack: An intentional or unintentional act that can damage or
otherwise compromise information and the systems that support it.
Attacks can be active or passive and direct or indirect.
Active Attack: In an active attack, an attacker tries to modify the
content of the messages or affect system resources operations. Active
attacks involve some modification of the data stream or the creation of
false statements. Types of active attacks include:
Threats and Attacks

Management must be informed about the various threats to an
organization's people, applications, data, information systems, and
physical assets.
Despite that we can improve the security of the organization
assets, the number of potential threats and attacks also increases
especially with the increase of Internet users worldwide.
The number of users has reached to 4.9 Billions user in 2021. Quoted from
The 12 Main Threats on Information Security
Compromises on intellectual property
Deviation in Quality of Service
Espionage or Trespass (‫)اﻟﺘﺠﺴﺲ أو اﻟﺘﻌﺪي‬
Forces of Nature
Human error or failure
Information Extortion (‫)اﻧﺗزاع‬
Sabotage or Vandalism (‫)اﻟﺘﺨﺮﯾﺐ‬
Software Attack
Technical Hardware Failure or Error
The 12 Main Threats on Information Security

Technical Software Failure or Error
Technological obsolescence (‫)اﻟﺘﻘﺎدم اﻟﺘﻜﻨﻮﻟﻮﺟﻲ‬
Theft
Compromises on intellectual property
Intellectual property (IP): creation, ownership, and control of original
ideas as well as the representation of those ideas.
The most common IP breaches (‫ )ﺧﺮوﻗﺎت‬involve software piracy
(‫)ﻗﺮﺻﻨﺔ اﻟﺒﺮﻣﺠﯿﺎت‬.
software piracy means illegal copying and distribution of software
without a formal license from the software vendor (developer).
Deviation in Quality of Service
Information system of an organization depends on the successful
operation of many interdependent support systems mainly: Internet
service providers (ISPs), communication and electrical power.
Loss of these services can affect an organization's ability to function
and to provide its services
Internet service, communications, and power irregularities (‫)اﻟﻤﺨﺎﻟﻔﺎت‬
dramatically affect the availability of information and systems.
Internet service provider (ISP) failures can considerably undermine
the availability of the information system.
Deviation in Quality of Service
Communications systems failures (i.e. telephone, and internet) will
make ISPs less effect and the organization loses the ability to
communicate and provide services.
Electrical Power system fluctuations, shortages, and losses can reduce
the functionality and utilization of different resources within the
organization. It may also cause damages for sensitive electronic
equipment.
ISPs, communication and power quality of services may vary
among countries. Hence, Organizations are affected by their
location.
Espionage or Trespass ‫[اﻟﺘﺠﺴﺲ أو اﻟﺘﻌﺪي‬1]
It occurs when an unauthorized individual attempts to gain illegal
access to organizational information.
It is also called industrial espionage which is the illegal and unethical
theft of business data/information for use by a competitor to achieve a
competitive advantage. It is often done by hackers or crackers for the
benefit of the competitors
Espionage or Trespass ‫[اﻟﺘﺠﺴﺲ أو اﻟﺘﻌﺪي‬1]
Competitive intelligence is a type of Espionage which is legal: It
refers to the ability to gather, analyze, and use information collected
on competitors, customers, and other market factors that contribute to
a business's competitive advantage.
Espionage or Trespass
Hackers: is an individual who uses computer, networking or other skills to
gain unauthorized access to systems or networks in order to steal valuable
data/information.. They are either expert or unskilled.
Expert hackers
- Develop software scripts and program exploits
– Usually a master of many skills
– Will often create attack software and share with others
Unskilled hackers
- Many more unskilled hackers than expert hackers
– Use already written software to exploit a system
- Do not usually fully understand the systems they hack
Espionage or Trespass
Cracker: are those who cracks or removes software protection
designed to prevent unauthorized duplication.
Hackers v.s crackers: Hackers in many cases work with good
intentions for figuring out different system vulnerabilities. Whereas
crackers always work for bad intension.
Espionage or Trespass
Hackers or crackers usually attack passwords in order to gain
unauthorized access by:
Brute force: a cryptographic hack that uses trial-and-error to guess possible
combinations for passwords used for logins, encryption keys, or hidden web
pages
Dictionary attack: Using people’s tendencies in choosing passwords such as
words and numbers from personal life. (date or place of birth, preferred car or
color…etc.)
Social Engineering: uses social skills to convince people to reveal access
credentials or other valuable information to an attacker (ex. Phishing: forget
password)
Espionage or Trespass

Long Password that uses special characters are not easy to be guessed by brutal force
Espionage or Trespass

Long Password that uses special characters are not easy to be guessed by brutal force
Force of Nature

Forces of nature can present some of the most dangerous threats.
They disrupt not only individual lives but also storage, transmission,
and use of information.
Organizations must implement controls to limit damage and
prepare contingency plans for continued operations.
Human error or failure
Includes acts performed without malicious intent (‫ )ﻧﯿﺔ ﺧﺒﯿﺜﺔ‬or in
ignorance (‫ )ﺟﮭﻞ‬causes. This includes employees mistakes due:
- Inexperience
- Improper training
- Incorrect assumptions
Employees are among the greatest threats to an organization's data
Human error or failure

Employee mistakes can easily lead to:
- Disclosing data
- Entry of erroneous data
- Accidental data deletion or modification
-Data storage in unprotected
- Failure to protect data and information
- Inexperienced employees are also liable for Social engineering attacks such
phishing
Human error or failure

Phishing: is a type of social engineering attack that involves using
legitimate-seeming backgrounds to urge victims to enter their valuable
information such login credentials (username/password) and credit
card numbers to be stealed by the attacker
Information Extortion
Attacker steals information from a computer system and demands
compensation for its return or nondisclosure.
Also known as cyberextortion.
Commonly done in credit card number theft
Sabotage or Vandalism ‫[اﻟﺘﺨﺮﯾﺐ‬1]
sabotage and vandalism are deliberate (‫ )ﻣﺘﻌﻤﺪ‬acts that involve
defacing an organization's Web site, possibly damaging the
organization's image and causing its customers to lose faith
Software Attack
Malicious software (malware) is used to overwhelm the processing
capabilities of online systems or to gain access to protected systems
via hidden means.
Software attacks occur when an individual or a group designs and
deploys software to attack a system.
Software Attack
Types of attacks include:
Malware (malicious code): It includes the execution of viruses,
worms, Trojan horses, and active web scripts with the intent to destroy
or steal information.
Virus: It consists of code segments that attach to existing program and take
control of access to the targeted computer.
Worms: They replicate themselves until they completely fill available
resources such as memory and hard drive space.
Trojan horses: malicious code or software that looks legitimate but can take
control of your computer.
Software Attack
Back doors: gaining access to system or network using known or
previously unknown/newly discovered access mechanism
Denial-of-service (DoS): An attacker sends a large number of
connection or information requests to a target.
The target system becomes overloaded and cannot respond to legitimate
requests for service.
It may result in system crash or inability to perform ordinary functions.
Software Attack
Distributed denial-of-service (DDoS): A coordinated stream of
requests is launched against a target from many locations
simultaneously.
Mail bombing (also a DoS): An attacker routes large quantities of e-
mail to target to overwhelm the receiver.
Spam emails that may include some malicious attacks and social
engineering attacks.
Packet sniffer: It monitors data traveling over network; it can be used
both for legitimate management purposes and for stealing information
from a network.
Software Attack
Software Attack
Spoofing: a network attack where intruder (network attacker) as an
unknown source of communication becomes a trusted source.
Exmaples like (IP Spoofing) Will be discussed in network security
Pharming: It attacks a browser's address bar to redirect users to an
illegitimate site for the purpose of obtaining private information
Man-in-the-middle: An attacker monitors the network packets,
modifies them, and inserts them back into the network where they
continue to their original destination.
Software Attack

Man in the middle attack
Software Attack
Rootkits: are malicious software bundle designed to give unauthorized
access to a computer or other software.
Rootkits are hard to detect and can conceal their presence within an
infected system.
Hackers use rootkit malware to remotely access your computer,
manipulate it, and steal data.
Continue – Threats and Attacks
1- Denial of Service (DoS):
ØIt prevents the normal use of communication facilities. This attack
may have a specific target. For example, an entity may suppress all
messages directed to a particular destination. Another form of service
denial is the disruption of an entire network either by disabling the
network or by overloading it with messages so as to degrade
performance. For example, Black Friday sales, when thousands of
users are demanding for a deal, often cause a denial of service. But
they can also be malicious. In this case, an attacker purposefully tries
to exhaust the site's resources, denying legal user’s access.
Threats and Attacks - Continue

2- Distributed Denial of Service (DDoS).

A distributed denial-of-service (DDoS) attack occurs when multiple
machines are operating together to attack one target. Once in control, an
attacker can command their botnet to conduct DDoS on a target.
Threats and Attacks - Continue
3- Session replay.
It involves the passive capture of a message and its subsequent
transmission to produce an authorized effect. In this attack, the basic
aim of the attacker is to save a copy of the data originally present on
that particular network and later on use this data for personal uses.
Threats and Attacks - Continue
4- Masquerade.
1- A masquerade attack takes place when one entity pretends to be a different
entity.
2- A Masquerade attack involves one of the other forms of active attacks.
3- If an authorization procedure isn’t always absolutely protected, it is able to
grow to be liable to a masquerade assault.
4- Masquerade assaults may be performed using the stolen passwords and
logins, with the aid of using finding gaps in programs, or with the aid of using
locating a manner across the authentication process.
Threats and Attacks - Continue

Masquerade Attack
Threats and Attacks - Continue
5- Message modification.
It means that some portion of a message is altered or that message is
delayed or reordered to produce an unauthorized effect.
Modification is an attack on the integrity of the original data.
It basically means that unauthorized parties not only gain access to
data but also spoof the data by triggering denial-of-service attacks,
such as altering transmitted data packets or flooding the network with
fake data. Manufacturing is an attack on authentication.
For example, a message meaning “Allow JOHN to read confidential
file X” is modified as “Allow Smith to read confidential file X”.
Threats and Attacks - Continue

Passive Attack: In a passive attack, an attacker observes the messages
and copies them. Passive attackers aim to collect information about the
target; they don't steal or change data. However, passive attacks are
often part of the steps an attacker takes in preparation for an active
attack.
Threats and Attacks - Continue
Examples of passive attacks include:
War-driving: This is a wireless network reconnaissance method that
involves driving or walking around with a laptop computer and
portable Wi-Fi-enabled wireless Ethernet card to find unsecured
wireless networks.
Dumpster - diving. This passive attack involves intruders searching
for information on discarded devices or for notes containing
passwords in trash bins. For example, the attacker can retrieve
information from hard drives or other storage media that have not been
properly erased.
Threats and Attacks - Continue
Direct Attack: A direct attack is perpetrated by a hacker using a PC to
break into a system.
Indirect Attack: An indirect attack is a hacker compromising a system
and using it (this system) to attack other systems. For example, as part
of Botnet (Robot network)
Exploit: A technique used to compromise a system.
Vulnerability: A potential weakness in an asset or its defensive
control system(s).
Malware
Malware: [Malicious softWare] software (worms or viruses) that is
specifically designed to disrupt, damage, or gain unauthorized access
to a computer system.
What are the different types of Malware? Examples of Malware
Most common types of malware include: computer viruses,
computer worms, Ransomware, Keyloggers, Trojan horses,
spyware and other forms of malicious software. Others include
Fileless Malware, Spyware Adware, Rootkits, Bots, RAM scraper,
Mobile Malware.
Malware - Continue

Viruses: Computer viruses are one of the most common types of
malware that, when executed, self-replicate by modifying legitimate
programs or host files by inserting their code. When this replication
works successfully, it is the program or target file that is infected with
malware.
Malware - Continue

Computer Worms: A computer worm is a self-replicating malicious
program that can spread through a network by cloning itself. Just by
simply clicking on a worm-infested email, the infection could spread
through an entire company. Computer worms originated in the 1990s by
email. History reports that worms arriving as attachments in emails
about a decade ago, computer security measures were breached.
Malware - Continue

Ransomware: Ransomware is amongst the most common types of
malware attacks these days, where files and users are locked out until a
ransom is paid. It is a targeted approach aimed at controlling a target’s
computer and locking software and files. The ransom attacker will ask
for a payment to get files back and regain access to a computer.
Supposedly, once they receive the payment, they will send a unique key
to release it.
Malware - Continue

Keyloggers: Keyloggers are known to monitor user keystrokes. Upon
installation, keyloggers can steal sensitive information such as
passwords, user IDs, banking details, etc. It is mainly used to steal
information and monitor user activity. It can be introduced into a system
through social engineering, phishing or malicious downloads from
infected websites.
Malware - Continue

Trojan Horse: A trojan horse disguises itself as legitimate software,
tricking users into executing malicious code hidden inside this program.
Social engineering propagated Trojan horses via spam emails, and they
are now the preferred weapon choice for cybercriminals replacing
computer worms.
Malware - Continue

Spyware: Spyware is amongst the malware types that collect user
activity and account information without their knowledge. There are
different types of Spyware. Their usage is limited to cybercriminals and
used by private organizations as these programs are used to keep track
of a user, device or computer activities.
Technical Hardware Failure or Error
They occur when a manufacturer distributes equipment containing
known or unknown flaw (‫)ﺧﻠﻞ‬
They can cause the system to perform outside of expected parameters
resulting in unreliable service and lack of availability.
Technical software of failure or error
Large quantities of Computer code are written, debugged, published,
and sold before all bugs are detected and resolved.
Combinations of certain software and hardware may create new
software bugs.
Technological Obsolescence ‫[ اﻟﺘﻘﺎدم اﻟﺘﻜﻨﻮﻟﻮﺟﻲ‬1]
Old/outdates infrastructure can lead to unreliable, untrustworthy
systems.
Proper managerial planning should prevent Technological
Obsolescence
IT plays a large role for solving the problem.
Theft and physical attacks
Theft: is illegal taking of others physical, electronic, intellectual
property assets.
Physical attacks: are intentional offensive actions which aim to
destroy, alter, disable, steal or gain unauthorised access to physical
assets such as infrastructure, hardware, network devices, Computers,
servers…etc.
Defense in Depth
Defense in Depth (DiD)
information security approach in which a series of security mechanisms
and controls are thoughtfully layered throughout the entire information
system and the computer network to protect the confidentiality,
integrity, and availability of the network and the data within.
Linux operating system
A Linux-based system is a modular Unix-like operating system,
deriving much of its basic design from principles established in Unix
during the 1970s and 1980s.
It is an open source operating system: you can create your own
distribution
www.Linux.org is their main website
Linux operating system
Linux v.s. Windows:
Linux offers great speed and security,
Windows offers great ease of use, so that even all people can work
easily on personal computers.
Linux is employed by many corporate organizations as servers and OS
for security purpose
Windows is mostly employed by business users and gamers
Linux operating system
Most common Distributions:
Ubuntu: is one of the most common Linux distributions used by
people for home and office use
Fedora: Developed by Red Hat. User friendly distribution.
Linux Mint
Debian
Linux operating system
Most common Distributions in Cybersecurity:
Kali Linux: focused Linux distribution for Penetration Testing and
Ethical Hacking. It contains many tools.
https://www.kali.org/ for free courses and download
CSI Linux: focused Linux distribution for digital forensics. It
developed an open-source 'theme park' for the cyber security industry.
It has tons of capabilities for investigations, analysis and response!
https://csilinux.com/
https://training.csilinux.com/
References
Quoted from Textbook
https://www.statista.com/
https://www.investopedia.com/
https://www.techtarget.com/searchsecurity/definition/hacker
https://byjus.com/
https://www.varonis.com/blog/brute-force-attack
https://www.imperva.com/
https://www.ques10.com/p/48137/deliberate-threats-to-information-systems-1/
https://us.norton.com/internetsecurity-malware-what-is-a-trojan.html
https://itlaw.fandom.com/
https://www.geeksforgeeks.org/need-of-information-security/
References
https://www.techtarget.com/searchsecurity/feature/Top-10-types-of-information-security-threats-for-IT-
teams
https://securitytrails.com/blog/hacker-vs-cracker
https://www.keycdn.com/support/ddos-attack
https://www.wallarm.com/what/what-is-mitm-man-in-the-middle-attack
https://www.avast.com/c-rootk
https://en.wikipedia.org/wiki/Linux
https://www.softwaretestinghelp.com/linux-vs-windows/
https://www.geeksforgeeks.org/top-linux-distros-to-consider-in-2021/
https://www.cisecurity.org/insights/spotlight/cybersecurity-spotlight-defense-in-depth-did