PRSE Module 1 Slides.pdf

Full Transcript

MODULE 1 OBJECTIVES

LO1: Define information security.
LO2: Discuss the importance of securing information.
LO3: Describe the challenges of securing
information.
LO4: Distinguish between various threat actors.
LO5: Discuss various types of security vulnerabilities
and attacks using examples.

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
WHAT IS INFORMATION SECURITY?
The first step in understanding security is to define exactly what it is
Understanding Security
Security is:
To be free from danger, which is the goal of security
The process that achieves that freedom
As security is increased, convenience is often decreased
The more secure something is, the less convenient it may become to use

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
DEFINING INFORMATION SECURITY (1 OF 2)
Information security describes the tasks of securing digital information, whether it is:
Manipulated by a microprocessor
Preserved on a storage device
Transmitted over a network
There are three types of information protection (often called the CIA Triad) :
Confidentiality
Only approved individuals may access information
Integrity
Ensures information is correct and unaltered
Availability
Ensures information is accessible to authorized users

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
DEFINING INFORMATION SECURITY (2 OF 2)

Figure 1-2 Information security layers
WHO ARE THE THREAT ACTORS?
A threat actor is an individual or entity responsible for cyber incidents against the technology
equipment of enterprises and users
The generic term attacker is also commonly used
Financial crime is often divided into three categories based on targets:
Individual users
Enterprises
Governments
There are three types of hackers
Black hat hackers
White hat hackers
Gray hat hacker

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
SCRIPT KIDDIES

Script kiddies are individuals who want to
perform attacks, yet lack technical knowledge to
carry them out
They download freely available automated
attack software and use it to attack

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
HACKTIVISTS
Individuals that are strongly motivated by ideology (for the sake of their principles or beliefs) are
hacktivists
The types of attacks by hacktivists often involved breaking into a website and changing its contents
as a means of a political statement
Other attacks were retaliatory: hacktivists have disabled a bank’s website that didn’t allow online
payments deposited into accounts belonging to groups supported by hacktivists

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
STATE ACTORS
Governments are increasingly employing their own state-sponsored attackers for launching
cyberattacks against their foes
These attackers are known as state actors
Many security researchers believe that state actors might be the deadliest of any threat actors
State actors are often involved in multiyear intrusion campaigns targeting highly sensitive economic,
proprietary, or national security information
A new class of attacks called advanced persistent threat (APT)
APTs are most commonly associated with state actors

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
INSIDERS
Employees, contractors, and business partners can pose an insider threat of manipulating data
from the position of a trusted employee
These attacks are harder to recognize because they come from within the enterprise
Six out of 10 enterprises reported being a victim of at least one insider attack during 2019
The focus of the insiders was:
Intellectual property (IP) theft – 43%
Sabotage – 41%
Espionage – 32%

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
OTHER THREAT ACTORS
Threat Actor Description Explanation

Competitors Launch attacks against an opponent’s system May steal new product research or a list
to steal classified information. of current customers to gain a competitive
advantage.

Criminal syndicates Move from traditional criminal activities to Usually run by a small number of
more rewarding and less risky online attacks. experienced online criminal networks that
do not commit crimes themselves but act as
entrepreneurs.

Shadow IT Employees become frustrated with the Installing personal equipment, unauthorized
slow pace of acquiring technology, so they software, or using external cloud resources
purchase and install their own equipment or can create a weakness or expose sensitive
resources in violation of company policies. corporate data.

Brokers Sell their knowledge of a weakness to other Individuals who uncover weaknesses do
attackers or governments. not report it to the software vendor but
instead sell them to the highest bidder who
is willing to pay a high price for the unknown
weakness.

Cyberterrorists Attack a nation’s network and computer Targets may include a small group of
infrastructure to cause disruption and panic computers or networks that can affect
among citizens. the largest number of users, such as the
computers that control the electrical power
grid of a state or region.

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
VULNERABILITIES AND ATTACKS
One of the most successful types of attack is social engineering
Social engineering does not even exploit technology vulnerabilities
Each successful attack has serious ramifications

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
VULNERABILITIES (1 OF 4)
A vulnerability is the state of being exposed to the possibility of being attacked or harmed
Cybersecurity vulnerabilities can be categorized into platforms, configurations, third parties,
patches, and zero-day vulnerabilities
Platforms
A computer platform is a system that consists of the hardware device and an OS that runs
software
All platforms have vulnerabilities to some degree, some platforms have serious vulnerabilities
including:
Legacy platforms
On-premises platforms
Cloud platforms

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
VULNERABILITIES (2 OF 4)
Configuration settings are often not properly implemented
Results in weak configurations
See Table 1-3 for a list of several weak configurations that can result in vulnerabilities

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
VULNERABILITIES (3 OF 4)
Third Parties
Almost all businesses use external entities known as third parties
Examples of third parties include: outsourced code development, data storage facilities
Vendor management is the process organizations use to monitor and manage the interactions
with all of their external third parties
Connectivity between the organization and the third party is known as system integration
One of the major risks of third-party system integration involves the principle of the weakest
link

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
VULNERABILITIES (4 OF 4)
Patches
As important as patches are, they can create vulnerabilities:
Difficulty patching firmware
Few patches for application software
Delays in patching OSs
Zero Day
Vulnerabilities can be exploited by attackers before anyone else even knows it exists
This type of vulnerability is called a zero day because it provides zero days of warning
Zero-day vulnerabilities are considered extremely serious

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
ATTACK VECTORS
An attack vector is a pathway or avenue used by a threat actor to penetrate a system
Attack vectors can be grouped into the following general categories:
Email
Wireless
Removable media
Direct access
Social media
Supply chain
Cloud

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
SOCIAL ENGINEERING ATTACKS (1 OF 8)
Social engineering is a means of eliciting information (gathering data) by relying on the
weaknesses of individuals
It is also used as influence campaigns to sway attention and sympathy in a particular direction
These campaigns can be found exclusively on social media or may be combined with other
sources
Psychological Principles
Attackers use a variety of techniques to gain trust:
Provide a reason
Project confidence
Use evasion and diversion
Make them laugh

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
SOCIAL ENGINEERING ATTACKS (2 OF 8)
Social engineering psychological approaches often involve:
Impersonation is masquerading as a real or fictitious character and then playing the role of
that person with a victim
Phishing is sending an email message or displaying a web announcement that falsely claims to
be from a legitimate enterprise in an attempt to trick the user into surrender private
information or taking action
Variations on phishing attacks:
▶ Spear phishing
▶ Whaling
▶ Vishing
▶ Smishing

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
SOCIAL ENGINEERING ATTACKS (3 OF 8)
Social engineering psychological approaches often involve (continued):
Redirection is when an attacker directs a user to a fake lookalike site filled with ads for which
the attacker receives money for traffic generated to the site
Attackers purchase fake sites because the domain names of sites are spelled similarly to
actual sites (called typo squatting)
Another redirection technique is pharming where the attacker attempts to exploit how a
URL is converted into its corresponding IP address
Spam is unsolicited email that is sent to a large number of recipients
Text-based spam messages can be filtered
Image spam cannot be filtered
Spim is spam delivered through instant messaging (IM) instead of email

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
SOCIAL ENGINEERING ATTACKS (4 OF 8)

Figure 1-6 Image spam

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
SOCIAL ENGINEERING ATTACKS (5 OF 8)
Social engineering psychological approaches often involve (continued):
Hoaxes are false warnings, often contained in an email message claiming to come from the IT
department
The hoax purports that there is a “deadly virus” circulating through the Internet and the
recipient should erase specific files or change security configurations
A watering hole attack is directed toward a smaller group of specific individuals

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
SOCIAL ENGINEERING ATTACKS (6 OF 8)
Physical Procedures
Physical attacks take advantage of user actions that can result in compromised security
Three of the most common physical procedures are dumpster diving, tailgating, and shoulder
surfing
Dumpster Diving involves digging through trash receptacles to find information that can be
useful in an attack
An electronic variation of physical dumpster diving is to use the Google search engine to
look for documents and data posted online that can be used in an attack (called Google
dorking)

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
SOCIAL ENGINEERING ATTACKS (7 OF 8)
Item retrieved Why useful

Calendars A calendar can reveal which employees are out of town
at a particular time.

USB flash drives, These devices are often improperly disposed of and
might contain valuable information.
portal hard drives
Memos Seemingly unimportant memos can often provide small
bits of useful information for an attacker who is building
an impersonation.

Organizational These identify individuals within the organization who
are in positions of authority.
charts
Phone directories A phone directory can provide the names and telephone
numbers of individuals in the organization to target or
impersonate.

Policy manuals These may reveal the true level of security within the
organization.

System manuals A system manual can tell an attacker the type of
computer system that is being used so that other
research can be conducted to pinpoint vulnerabilities.

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
SOCIAL ENGINEERING ATTACKS (8 OF 8)
Physical Procedures (continued)
Tailgating occurs when an authorized person opens an entry door, one or more individuals
can follow behind and also enter
Shoulder Surfing allows an attacker to casually observe someone entering secret information,
such as the security codes on a door keypad

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
IMPACTS OF ATTACKS (1 OF 3)
A successful attack always results in several negative impacts
These impacts can be classified as:
Data impacts
Effects on the organization

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
 IMPACTS OF ATTACKS (2 OF 3)
Impact Description Example

Data loss Destroying data so that it cannot be Maliciously erasing patient data used
recovered for
cancer research
Data exfiltration Stealing data to distribute it to other Taking a list of current customers and
parties selling it
to a competitor
Data breach Stealing data to disclose it in an Stealing credit card numbers to sell to
unauthorized other
fashion threat actors
Identity theft Taking personally identifiable Stealing a Social Security number to
information to secure a
impersonate someone bank loan in the victim’s name

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
IMPACTS OF ATTACKS (3 OF 3)
Effects on the Enterprise
The attack may make systems inaccessible (availability loss)
This results in lost productivity (financial loss)
Attacks may effect the public perception of the enterprise (reputation)

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
SUMMARY (1 OF 2)
Attacks against information security have grown astronomically in recent years
The information security workforce is usually divided into two broad categories: information
security managerial personnel and information security technical personnel
Security can be defined as the necessary steps to protect from harm
The threat actors fall into several categories and exhibit different attributes
Script kiddies do their work by downloading automated attack software from websites and using it
to break into computers
Cybersecurity vulnerabilities are often categorized into five broad categories: platforms,
configurations, third parties, patches, and zero-day vulnerabilities
Modern hardware and software platforms provide a wide array of features and security settings

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
SUMMARY (2 OF 2)
An attack vector is a pathway or avenue used by a threat actor to penetrate a system
Social engineering is a means of eliciting information by relying on the weaknesses of individuals
A successful attack always results in several negative impacts: data loss, data exfiltration, data
breach, and identity theft

Mark Ciampa, CompTIA Security+ Guide to Network Security Fundamentals, 7th Edition. © 2022 Cengage. All Rights
Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.