Chapters 1 to 4.pdf
Document Details
Uploaded by TrendyMoldavite7542
Mapúa University
Tags
Related
- ICTE 10083 - 2nd & 3rd Lecture -Cybersecurity & Attacks.pdf
- 4_Overview about cyber security and cyber data analytics.pdf
- The-Critical-Importance-of-Cybersecurity-in-Todays-Digital-Landscape.pdf
- Chapter 15 - 02 - Discuss Various Data Security Controls - 13_ocred_fax_ocred.pdf
- Chapter 15 - 03 - Discuss Data Backup, Retention, and Destruction - 03_ocred_fax_ocred.pdf
- Avalor Competitive Differentation.docx
Full Transcript
Chapter 1: Cybersecurity - A World of Experts and Criminals Cybersecurity Essentials v1.0 Presentation_ID © 2008 Cisco...
Chapter 1: Cybersecurity - A World of Experts and Criminals Cybersecurity Essentials v1.0 Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12 Chapter 1 - Sections & Objectives 1.1 The Cybersecurity World Describe the common characteristics comprising the cybersecurity world 1.2 Cyber Criminals vs Cybersecurity Specialists Differentiate the characteristics of cyber criminals and cybersecurity specialists 1.3 Common Threats Compare how cybersecurity threats affect individuals, businesses, and organizations 1.4 Spreading Cybersecurity Threats Analyze the factors that lead to the spread and growth of cybercrime 1.5 Creating More Experts Analyze the organizations and efforts committed to expanding the cybersecurity workforce Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13 © 2006, Cisco Systems, Inc. All rights reserved. 1 Presentation_ID.scr 1.1 The Cybersecurity World Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14 The Cybersecurity World Cybersecurity Domains Websites and Power of Data Great businesses have been created by collecting and harnessing the power of data and data analytics These businesses have the responsibility to protect this data from misuse and unauthorized access The growth of data has created great opportunities for cybersecurity specialists Domains Business large and small have recognized the power of big data and data analytics Organizations like Google, LinkedIn, Amazon provide important services and opportunity for their customers The growth in data collection and analytics poses great risks to individuals and modern life if precautions are not taken to protect sensitive data from criminals or others who have intent to harm Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15 © 2006, Cisco Systems, Inc. All rights reserved. 2 Presentation_ID.scr The Cybersecurity World Cybersecurity Domains (Cont.) Cyber experts now have the technology to track worldwide weather trends, monitor the oceans, and track the movement and behavior of people, animals and objects in real time. New technologies, such as Geospatial Information Systems (GIS) and the Internet of Everything (IoE), have emerged. Each depends on collecting and analyzing tremendous amounts of data. This growing collection of data can help people save energy, improve efficiencies, and reduce safety risks. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16 1.2 Cybersecurity Criminals versus Cybersecurity Specialists Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17 © 2006, Cisco Systems, Inc. All rights reserved. 3 Presentation_ID.scr Cybersecurity Criminals vs Cybersecurity Specialists Cybersecurity Criminals Hackers – This group of criminals breaks into computers or networks to gain access for various reasons. White hat attackers break into networks or computer systems to discover weaknesses in order to improve the security of these systems. Gray hat attackers are somewhere between white and black hat attackers. The gray hat attackers may find a vulnerability and report it to the owners of the system if that action coincides with their agenda. Black hat attackers are unethical criminals who violate computer and network security for personal gain, or for malicious reasons, such as attacking networks. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18 Cybersecurity Criminals versus Cybersecurity Specialists Cybersecurity Criminals (Cont.) Criminals come in many different forms. Each have their own motives: Script Kiddies - Teenagers or hobbyists mostly limited to pranks and vandalism, have little or no skill, often using existing tools or instructions found on the Internet to launch attacks. Vulnerability Brokers - Grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards. Hacktivists - Grey hat hackers who rally and protest against different political and social ideas. Hacktivists publicly protest against organizations or governments by posting articles, videos, leaking sensitive information, and performing distributed denial of service (DDoS) attacks. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19 © 2006, Cisco Systems, Inc. All rights reserved. 4 Presentation_ID.scr Cybersecurity Criminals versus Cybersecurity Specialists Cybersecurity Criminals (Cont.) Criminals come in many different forms. Each have their own motives: Cyber Criminals - These are black hat hackers who are either self- employed or working for large cybercrime organizations. Each year, cyber criminals are responsible for stealing billions of dollars from consumers and businesses. State Sponsored Hackers - Depending on a person’s perspective, these are either white hat or black hat hackers who steal government secrets, gather intelligence, and sabotage networks. Their targets are foreign governments, terrorist groups, and corporations. Most countries in the world participate to some degree in state-sponsored hacking. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20 Cybersecurity Criminals versus Cybersecurity Specialists Cybersecurity Specialists Thwarting the cyber criminals is a difficult task, company, government and international organizations have begun to take coordinated actions to limit or fend off cyber criminals. The coordinated actions include: Vulnerability Database: The Nation Common Vulnerabilities and Exposures (CVE) database is an example of the development of a national database. The CVE National Database was developed to provide a publicly available database of all know vulnerabilities. http://www.cvedetails.com/ Early Warning Systems: The Honeynet project is an example of creating Early Warning Systems. The project provides a HoneyMap which displays real-time visualization of attacks. https://www.honeynet.org/node/960 Share Cyber Intelligence: InfraGard is an example of wide spread sharing of cyber intelligence. The InfraGard program is a partnership between the and the private sector. The participants are dedicated to sharing information and intelligence to prevent hostile cyberattacks. https://www.infragard.org/ Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21 © 2006, Cisco Systems, Inc. All rights reserved. 5 Presentation_ID.scr Cybersecurity Criminals versus Cybersecurity Specialists Cybersecurity Specialists (Cont.) ISM Standards: The ISO 27000 standards are an example of Information Security Management Tools for Thwarting Standards. The standards provide a framework for Cybercrime implementing cybersecurity measures within an organization. http://www.27000.org/ New Laws: The ISACA group track law enacted related to cyber security. These laws can address individual privacy to protection of intellectual property. Examples of these laws include: Cybersecurity Act, Federal Exchange Data Breach Notification Act and the Data Accountability and Trust Act. http://www.isaca.org/cyber/pages/cybersecuritylegis lation.aspx Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22 1.3 Common Threats Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23 © 2006, Cisco Systems, Inc. All rights reserved. 6 Presentation_ID.scr Common Threats Threat Arenas Cybersecurity specialists possess the insight to recognize the influence of data and harness that power to build great organizations, provide services and protect people from cyberattacks Cybersecurity specialists recognize the threat that data poses if used against people A cybersecurity threat is the possibility that a harmful event, such as an attack, will occur Cyber vulnerability is a weakness that makes a target susceptible to an attack Cyber threats are particularly dangerous to certain industries and the type of information they collect and protect Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24 Common Threats Threat Arenas (Cont.) The following examples are just a few sources of data that can come from established organizations: Personal Information Medical Records Education Records Employment and Financial Records Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25 © 2006, Cisco Systems, Inc. All rights reserved. 7 Presentation_ID.scr Common Threats Threat Arenas (Cont.) Network services like DNS, HTTP and Online Databases are prime targets for cyber criminals. Criminals use packet-sniffing tools to capture data streams over a network. Packet sniffers work by monitoring and recording all information coming across a network. Criminals can also use rogue devices, such as unsecured Wi-Fi access points. Packet forgery (or packet injection) interferes with an established network communication by constructing packets to appear as if they are part of a communication. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26 Common Threats Threat Arenas (Cont.) Domains include: Manufacturing Industry Controls Automation SCADA Energy Production and Distribution Electrical Distribution and Smart Grid Oil and Gas Communication Phone Email Messaging Transportation systems Air Travel Rail Over the Road Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27 © 2006, Cisco Systems, Inc. All rights reserved. 8 Presentation_ID.scr Common Threats Threat Arenas (Cont.) On a personal level, everyone needs to safeguard his or her identity, data, and computing devices. At the corporate level, it is the employees’ responsibility to protect the organization’s reputation, data, and customers. At the state level, national security and the citizens’ safety and well-being are at stake. In the U.S., the National Security Agency (NSA) is responsible for intelligence collection and surveillance activities. The efforts to protect people’s way of life often conflicts with their right to privacy. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28 1.4 Spreading Cybersecurity Threats Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29 © 2006, Cisco Systems, Inc. All rights reserved. 9 Presentation_ID.scr Spreading Cybersecurity Threats How Threats Spread Attacks can originate from within an organization or from outside of the organization, as shown in the figure. Internal Security Threats An internal user, such as an employee or contract partner, can accidently or intentionally Internal threats have the potential to cause greater damage than external threats because internal users have direct access to the building and its infrastructure devices. Internal attackers typically have knowledge of the corporate network, its resources, and its confidential data. They may also have knowledge of security countermeasures, policies and higher levels of administrative privileges. External Security Threats External threats from amateurs or skilled attackers can exploit vulnerabilities in networked devices, or can use social engineering, such as trickery, to gain access. External attacks exploit weaknesses or vulnerabilities to gain access to internal resources. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30 Spreading Cybersecurity Threats How Threats Spread (Cont.) Vulnerabilities of Mobile Devices - In the past, employees typically used company-issued computers connected to a corporate LAN. Today, mobile devices such as iPhones, smartphones, tablets, and thousands of other devices, are becoming powerful substitutes for, or additions to, the traditional PC. More and more people are using these devices to access enterprise information. Bring Your Own Device (BYOD) is a growing trend. The inability to centrally manage and update mobile devices poses a growing threat to organizations that allow employee mobile devices on their networks. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31 © 2006, Cisco Systems, Inc. All rights reserved. 10 Presentation_ID.scr Spreading Cybersecurity Threats How Threats Spread (Cont.) Emergence Internet-of-Things - The Internet of Things (IoT) is the collection of technologies that enable the connection of various devices to the Internet. IoT technologies enable people to connect billions of devices to the Internet. These devices include appliances, locks, motors, and entertainment devices, to name just a few. This technology affects the amount of data that needs protection. Users access these devices remotely, which increases the number of networks requiring protection. With the emergence of IoT, there is much more data to be managed and secured. All of these connections, plus the expanded storage capacity and storage services offered through the Cloud and virtualization, has led to the exponential growth of data. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32 Spreading Cybersecurity Threats How Threats Spread (Cont.) Impact of Big Data – Big data is the result of data sets that are large and complex, making traditional data processing applications inadequate. Big data poses both challenges and opportunities based on three dimensions: The volume or amount of data The velocity or speed of data The variety or range of data types and sources There are numerous examples of big corporate hacks in the news. As a result, enterprise systems require dramatic changes in security product designs and substantial upgrades to technologies and practices. Additionally, governments and industries are introducing more regulations and mandates that require better data protection and security controls to help guard big data. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33 © 2006, Cisco Systems, Inc. All rights reserved. 11 Presentation_ID.scr Spreading Cybersecurity Threats Threat Complexity Advanced Weapons Advanced persistent threat (APT) is a continuous computer hack that occurs under the radar against a specific object. Criminals usually choose an APT for business or political motives. Algorithm attacks can track system self-reporting data, like how much energy a computer is using, and use that information to select targets or trigger false alerts. Algorithmic attacks are more devious because they exploit designs used to improve energy savings, decrease system failures, and improve efficiencies. Intelligent selection of victims. In the past, attacks would select the low hanging fruit or most vulnerable victims. Many of the most sophisticated attacks will only launch if the attacker can match the signatures of the targeted victim. Broader Scope and Cascade Effect Federated identity management refers to multiple enterprises that let their users use the same identification credentials gaining access to the networks of all enterprises in the group. The goal of federated identity management is to share identity information automatically across castle boundaries. The most common way to protect federated identity is to tie login ability to an authorized device. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34 Spreading Cybersecurity Threats Threat Complexity (Cont.) Safety Implications There are many safety implication associated with the dark forces of cyber security including emergency call centers in the U.S. are vulnerable to cyberattacks that could shut down 911 networks, jeopardizing public safety. A telephone denial of service (TDoS) attack uses phone calls against a target telephone network tying up the system and preventing legitimate calls from getting through. The next generation 911 call centers are vulnerable because they use Voice- over-IP (VoIP) systems rather than traditional landlines. Heightened Recognition of Cybersecurity Threats The defenses against cyberattacks at the start of the cyber era were low. A smart high school student or script kiddie could gain access to systems. Now, countries across the world have become more aware of the threat of cyberattacks. The threat posed by cyberattacks now head the list of greatest threats to national and economic security in most countries. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35 © 2006, Cisco Systems, Inc. All rights reserved. 12 Presentation_ID.scr 1.5 Creating More Experts Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36 Creating More Experts A Workforce Framework for Cybersecurity Addressing the Shortage of Cybersecurity Specialists In the U.S., the National Institute of Standards and Technologies (NIST) created a framework for companies and organizations in need of cybersecurity professionals. The framework enables companies to identify the major types of responsibilities, job titles, and workforce skills needed. The Seven Categories of Cybersecurity Work The Workforce Framework categorizes cybersecurity work into seven categories. Operate and Maintain includes providing the support, administration, and maintenance required to ensure IT system performance and security Protect and Defend includes the identification, analysis, and mitigation of threats to internal systems and networks Investigate includes the investigation of cyber events and/or cyber crimes involving IT resources Collect and Operate includes specialized denial and deception operations and the collection of cybersecurity information Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37 © 2006, Cisco Systems, Inc. All rights reserved. 13 Presentation_ID.scr Creating More Experts A Workforce Framework for Cybersecurity (Cont.) Analyze includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence Oversight and Development provides for leadership, management, and direction to conduct cybersecurity work effectively Securely Provision includes conceptualizing, designing, and building secure IT systems Within each category, there are several specialty areas. The specialty areas then define common types of cybersecurity work. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38 Creating More Experts Online Cybersecurity Communities Professional Organizations Cybersecurity specialists must collaborate with professional colleagues frequently. International technology organizations often sponsor workshops and conferences. Visit each site with your class and explore the resources available. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39 © 2006, Cisco Systems, Inc. All rights reserved. 14 Presentation_ID.scr Creating More Experts Online Cybersecurity Communities (Cont.) Cybersecurity Student Organizations and Competitions Cybersecurity specialists must have the same skills as hackers, especially black hat hackers, in order to protect against attacks. How can an individual build and practice the skills necessary to become a cybersecurity specialist? Student skills competitions are a great way to build cybersecurity knowledge skills and abilities. There are many national cybersecurity skills competitions available to cybersecurity students. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40 Creating More Experts Cybersecurity Certifications Industry Certifications In a world of cybersecurity threats, there is a great need for skilled and knowledgeable information security professionals. The IT industry established standards for cybersecurity specialists to obtain professional certifications that provide proof of skills, and knowledge level. CompTIA Security+ - Security+ is a CompTIA-sponsored testing program that certifies the competency of IT administrators in information assurance. EC-Council Certified Ethical Hacker (CEH) – CEH is an intermediate-level certification asserts that cybersecurity specialists holding this credential possess the skills and knowledge for various hacking practices. SANS GIAC Security Essentials (GSEC) - The GSEC certification is a good choice for an entry-level credential for cybersecurity specialists who can demonstrate that they understand security terminology and concepts and have the skills and expertise required for “hands-on” security roles. The SANS GIAC program offers a number of additional certifications in the fields of security administration, forensics, and auditing. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41 © 2006, Cisco Systems, Inc. All rights reserved. 15 Presentation_ID.scr Creating More Experts Cybersecurity Certifications (Cont.) (ISC)^2 Certified Information Systems Security Professional (CISSP) - The CISSP certification is a vendor-neutral certification for those cybersecurity specialists with a great deal of technical and managerial experience. It is also formally approved by the U.S. Department of Defense (DoD) and is a globally recognized industry certification in the security field. ISACA Certified Information Security Manager (CISM) – Cybersecurity specialists responsible for managing, developing and overseeing information security systems at the enterprise level or for those developing best security practices can qualify for CISM. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42 Creating More Experts Cybersecurity Certifications (Cont.) Company Sponsored Certifications - Another important credential for cybersecurity specialists are company-sponsored certifications. These certifications measure knowledge and competency in installing, configuring, and maintaining vendor products. Cisco and Microsoft are examples of companies with certifications that test knowledge of their products. Click here to explore the matrix of the Cisco certifications shown in the figure. Cisco Certified Network Associate Security (CCNA Security) - The CCNA Security certification validates that a cybersecurity specialist has the knowledge and skills required to secure Cisco networks. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43 © 2006, Cisco Systems, Inc. All rights reserved. 16 Presentation_ID.scr Creating More Experts Cybersecurity Certifications (Cont.) How to Become a Cybersecurity Specialist Cybersecurity specialists must be able to respond to threats as soon as they occur. This means that the working hours can be somewhat unconventional. Cybersecurity specialists also analyze policy, trends, and intelligence to understand how cyber criminals think. Many times, this may involve a large amount of detective work. Here is good advice for becoming a cybersecurity specialist: Study: Learn the basics by completing courses in IT. Be a life-long learner. Cybersecurity is an ever-changing field, and cybersecurity specialists must keep up. Pursue Certifications: Industry and company sponsored certifications from organizations such as Microsoft and Cisco prove that one possesses the knowledge needed to seek employment as a cybersecurity specialist. Pursue Internships: Seeking out a security internship as a student can lead to opportunities down the road. Join Professional Organizations: Join computer security organizations, attend meetings and conferences, and join forums and blogs to gain knowledge from the experts. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44 1.6 Chapter Summary Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45 © 2006, Cisco Systems, Inc. All rights reserved. 17 Presentation_ID.scr Chapter Summary Summary This chapter explained the structure of the cybersecurity world and the reason it continues to grow with data and information as the prized currency. It explored the motivation of cyber criminals. It explored the spread of threats due to the ever-expanding technical transformations taking place throughout the world. It provided details on how to become a cybersecurity specialist to help defeat the cyber criminals. It surveyed the resources available to help create more cybersecurity experts. It explained that cyber professionals must have the same skills as the cyber criminals. If you would like to further explore the concepts in this chapter, please check out the Additional Resources and Activities page in Student Resources. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46 Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47 © 2006, Cisco Systems, Inc. All rights reserved. 18 Presentation_ID.scr Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48 © 2006, Cisco Systems, Inc. All rights reserved. 19 Presentation_ID.scr Chapter 2: The Cybersecurity Cube Cybersecurity Essentials v1.0 Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12 Chapter 2 - Sections & Objectives 2.1 The Cybersecurity Cube Describe the three dimensions of the McCumber Cube (Cybersecurity Cube). 2.2 CIA TRIAD Describe the principles of confidentiality, integrity, and availability. 2.3 States of Data Differentiate the three states of data. 2.4 Cybersecurity Countermeasures Compare the types of cybersecurity countermeasures. 2.5 IT Security Management Framework Describe the ISO Cybersecurity Model Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13 © 2006, Cisco Systems, Inc. All rights reserved. 1 Presentation_ID.scr 2.1 The Three Dimensions of the Cybersecurity Cube Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14 The Three Dimensions of the Cybersecurity Cube The Three Dimensions The Principles of Security The first dimension of the cybersecurity cube identifies the goals to protect the cyber world. The goals identified in the first dimension are the foundational principles of the cybersecurity world. These three principles are confidentiality, integrity and availability. The principles provide focus and enable cybersecurity specialists to prioritize actions in protecting the cyber world. Use the acronym CIA to remember these three principles. The States of Data The cyber world is a world of data; therefore, cybersecurity specialists focus on protecting data. The second dimension of the cybersecurity cube focuses on the problems of protecting all of the states of data in the cyber world. Data has three possible states: 1) Data at rest or in storage 2) Data in transit 3) Data in process Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15 © 2006, Cisco Systems, Inc. All rights reserved. 2 Presentation_ID.scr The Three Dimensions of the Cybersecurity Cube The Three Dimensions (Cont.) Cybersecurity Safeguards The third dimension of the cybersecurity sorcery cube defines the types of powers used to protect the cyber world. The sorcery cube identifies the three types of powers: Technologies - devices, and products available to protect information systems and fend off cyber criminals. Policies and Practices - procedures, and guidelines that enable the citizens of the cyber world to stay safe and follow good practices. People - Aware and knowledgeable about their world and the dangers that threaten their world. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16 2.2 CIA TRIAD Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17 © 2006, Cisco Systems, Inc. All rights reserved. 3 Presentation_ID.scr CIA TRIAD Confidentiality The Principle of Confidentiality Confidentiality prevents the disclosure of information to unauthorized people, resources and processes. Another term for confidentiality is privacy. Organizations need to train employees about best practices in safeguarding sensitive information to protect themselves and the organization from attacks. Methods used to ensure confidentiality include data encryption, authentication, and access control. Protecting Data Privacy Organizations collect a large amount of data and much of this data is not sensitive because it is publicly available, like names and telephone numbers. Other data collected, though, is sensitive. Sensitive information is data protected from unauthorized access to safeguard an individual or an organization. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18 CIA TRIAD Confidentiality (Cont.) Controlling Access Access control defines a number of protection schemes that prevent unauthorized access to a computer, network, database, or other data resources. The concepts of AAA involve three security services: Authentication, Authorization and Accounting. Authentication verifies the identity of a user to prevent unauthorized access. Users prove their identity with a username or I.D. Authorization services determine which resources users can access, along with the operations that users can perform. Authorization can also control when a user has access to a specific resource. Accounting keeps track of what users do, including what they access, the amount of time they access resources, and any changes made. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19 © 2006, Cisco Systems, Inc. All rights reserved. 4 Presentation_ID.scr CIA TRIAD Confidentiality (Cont.) Confidentiality and privacy seem interchangeable, but from a legal standpoint, they mean different things. Most privacy data is confidential, but not all confidential data is private. Access to confidential information occurs after confirming proper authorization. Financial institutions, hospitals, medical professionals, law firms, and businesses handle confidential information. Confidential information has a non-public status. Maintaining confidentiality is more of an ethical duty. Privacy is the appropriate use of data. When organizations collect information provided by customers or employees, they should only use that data for its intended purpose. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20 CIA TRIAD Integrity Principle of Data Integrity Integrity is the accuracy, consistency, and trustworthiness of data during its entire life cycle. Another term for integrity is quality. Methods used to ensure data integrity include hashing, data validation checks, data consistency checks, and access controls. Need for Data Integrity The need for data integrity varies based on how an organization uses data. For example, Facebook does not verify the data that a user posts in a profile. A bank or financial organization assigns a higher importance to data integrity than Facebook does. Transactions and customer accounts must be accurate. Protecting data integrity is a constant challenge for most organizations. Loss of data integrity can render entire data resources unreliable or unusable. Integrity Checks An integrity check is a way to measure the consistency of a collection of data (a file, a picture, or a record). The integrity check performs a process called a hash function to take a snapshot of data at an instant in time. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21 © 2006, Cisco Systems, Inc. All rights reserved. 5 Presentation_ID.scr CIA TRIAD Availability Data availability is the principle used to describe the need to maintain availability of information systems and services at all times. Cyberattacks and system failures can prevent access to information systems and services. Methods used to ensure availability include system redundancy, system backups, increased system resiliency, equipment maintenance, up-to-date operating systems and software, and plans in place to recover quickly from unforeseen disasters. High availability systems typically include three design principles: eliminate single points of failure, provide for reliable crossover, and detect failures as they occur. Organizations can ensure availability by implementing the following: 1. Equipment maintenance 2. OS and system updates 3. Test backups 4. Plan for disasters 5. Implement new technologies 6. Monitor unusual activity 7. Test to verify availability Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22 2.3 States of Data Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23 © 2006, Cisco Systems, Inc. All rights reserved. 6 Presentation_ID.scr States of Data Data at Rest Stored data refers to data at rest. Data at rest means that a type of storage device retains the data when no user or process is using it. A storage device can be local (on a computing device) or centralized (on the network). A number of options exist for storing data. Direct-attached storage (DAS) is storage connected to a computer. A hard drive or USB flash drive is an example of direct-attached storage. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24 States of Data Data at Rest (Cont.) Redundant array of independent disks (RAID) uses multiple hard drives in an array, which is a method of combining multiple disks so that the operating system sees them as a single disk. RAID provides improved performance and fault tolerance. A network attached storage (NAS) device is a storage device connected to a network that allows storage and retrieval of data from a centralized location by authorized network users. NAS devices are flexible and scalable, meaning administrators can increase the capacity as needed. A storage area network (SAN) architecture is a network-based storage system. SAN systems connect to the network using high-speed interfaces allowing improved performance and the ability to connect multiple servers to a centralized disk storage repository. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25 © 2006, Cisco Systems, Inc. All rights reserved. 7 Presentation_ID.scr States of Data Data In Transit Data transmission involves sending information from one device to another. There are numerous methods to transmit information between devices including: Sneaker net – uses removable media to physically move data from one computer to another Wired networks – uses cables to transmit data Wireless networks – uses the airwaves to transmit data The protection of transmitted data is one of the most challenging jobs of a cybersecurity professional. The greatest challenges are: Protecting data confidentiality – cyber criminals can capture, save and steal data in-transit. Protecting data integrity – cyber criminals can intercept and alter data in- transit. Protecting data availability - cyber criminals can use rogue or unauthorized devices to interrupt data availability. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26 States of Data Data In Process The third state of data is data in process. This refers to data during initial input, modification, computation, or output. Protection of data integrity starts with the initial input of data. Organizations use several methods to collect data, such as manual data entry, scanning forms, file uploads, and data collected from sensors. Each of these methods pose potential threats to data integrity. Data modification refers to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failing resulting in data modification. Processes like encoding/decoding, compression/decompression and encryption/decryption are all examples of data modification. Malicious code also results in data corruption. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27 © 2006, Cisco Systems, Inc. All rights reserved. 8 Presentation_ID.scr 2.4 Cybersecurity Countermeasures Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28 Cybersecurity Countermeasures Technologies Software-based Technology Safeguards Software safeguards include programs and services that protect operating systems, databases, and other services operating on workstations, portable devices, and servers. There are several software-based technologies used to safeguard an organization’s assets. Hardware-based Technology Safeguards Hardware based technologies are appliances that are installed within the network faculties. They can include: Firewall appliances, Intrusion Detection Systems (IDS),Intrusion Prevention Systems (IPS) and Content filtering systems. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29 © 2006, Cisco Systems, Inc. All rights reserved. 9 Presentation_ID.scr Cybersecurity Countermeasures Technologies Network-based Technology Safeguards Technological countermeasures can also include network-based technologies. Virtual Private Network (VPN) is a secure virtual network that uses the public network (i.e., the Internet). The security of a VPN lies in the encryption of packet content between the endpoints that define the VPN. Network access control (NAC) requires a set of checks before allowing a device to connect to a network. Some common checks include up-to-data antivirus software or operating system updates installed. Wireless access point security includes the implementation of authentication and encryption. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30 Cybersecurity Countermeasures Technologies Cloud-based Technology Safeguards Technological countermeasures now also include cloud-based technologies. Cloud-based technologies shift the technology component from the organization to the cloud provider. Software as a Service (SaaS) allows users to gain access to application software and databases. Cloud providers manage the infrastructure. Users store data on the cloud provider’s servers. Infrastructure as a Service (IaaS) provides virtualized computing resources over the Internet. The provider hosts the hardware, software, servers, and storage components. Virtual security appliances run inside a virtual environment with a pre-packaged, hardened operating system running on virtualized hardware. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31 © 2006, Cisco Systems, Inc. All rights reserved. 10 Presentation_ID.scr Cybersecurity Countermeasures Implementing Cybersecurity Education and Training A security awareness program is extremely important for an organization. An employee may not be purposefully malicious but just unaware of what the proper procedures are. There are several ways to implement a formal training program: Make security awareness training a part of the employee’s onboarding process Tie security awareness to job requirements or performance evaluations Conduct in-person training sessions Complete online courses Security awareness should be an ongoing process since new threats and techniques are always on the horizon. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32 Cybersecurity Countermeasures Cybersecurity Policies and Procedures A security policy is a set of security objectives for a company that includes rules of behavior for users and administrators and specifies system requirements. These objectives, rules, and requirements collectively ensure the security of a network, the data, and the computer systems within an organization. Standards help an IT staff maintain consistency in operating the network. Standards provide the technologies that specific users or programs need in addition to any program requirements or criteria that an organization must follow. Guidelines are a list of suggestions on how to do things more efficiently and securely. They are similar to standards, but are more flexible and are not usually mandatory. Guidelines define how standards are developed and guarantee adherence to general security policies. Procedure documents are longer and more detailed than standards and guidelines. Procedure documents include implementation details that usually contain step-by-step instructions and graphics. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33 © 2006, Cisco Systems, Inc. All rights reserved. 11 Presentation_ID.scr 2.5 IT Security Management Framework Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34 Security Management Framework The ISO Model Security professionals need to secure information from end-to-end within the organization. This is a monumental task, and it is unreasonable to expect one individual to have all of the requisite knowledge. The International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) developed a comprehensive framework to guide information security management. The ISO cybersecurity model is to cybersecurity professionals what the OSI networking model is to network engineers. Both provide a framework for understanding and approaching complex tasks. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35 © 2006, Cisco Systems, Inc. All rights reserved. 12 Presentation_ID.scr Security Management Framework The ISO Model (Cont.) ISO/IEC 27000 is an information security standard published in 2005 and revised in 2013. ISO publishes the ISO 27000 standards. Even though the standards are not mandatory, most countries use them as a de facto framework for implementing information security. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36 Security Management Framework Using the ISO Cybersecurity Model The ISO 27000 is a universal framework for every type of organization. In order to use the framework effectively, an organization must narrow down which domains, control objectives, and controls apply to its environment and operations. The ISO 27001 control objectives serve as a checklist. The first step an organization takes is to determine if these control objectives are applicable to the organization. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37 © 2006, Cisco Systems, Inc. All rights reserved. 13 Presentation_ID.scr Security Management Framework Using the ISO Cybersecurity Model (Cont.) The ISO Cybersecurity Model and the States of Data Different groups within an organization may be responsible for data in each of the various states. For example, the network security group is responsible for data during transmission. Programmers and data entry people are responsible for data during processing. The hardware and server support specialists are responsible for stored data. The ISO Controls specifically address security objectives for data in each of the three states. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38 Security Management Framework Using the ISO Cybersecurity Model (Cont.) The ISO Cybersecurity Model and Safeguards The ISO 27001 control objectives relate directly to the organization’s cybersecurity policies, procedures and guidelines which upper management determines. The ISO 27002 controls provide technical direction. For example, upper management establishes a policy specifying the protection of all data coming in to or out of the organization. Implementing the technology to meet the policy objectives would not involve upper management. It is the responsibility of IT professionals to properly implement and configure the equipment used to fulfill the policy directives set by upper management. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39 © 2006, Cisco Systems, Inc. All rights reserved. 14 Presentation_ID.scr 2.6 Chapter Summary Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40 Chapter Summary Summary This chapter discussed the three dimensions of the cybersecurity sorcery cube. The central responsibility of a cybersecurity specialist is to protect an organization’s systems and data. The chapter explained how each of the three dimensions contributes to that effort. The chapter also discussed the ISO cybersecurity model. The model represents an international framework to standardize the management of information systems. This chapter explored the twelve domains. The model provides control objectives that guide the high-level design and implementation of a comprehensive information security management system (ISMS). The chapter also discussed how security professionals use controls to identify the technologies, devices, and products to protect the organization. If you would like to further explore the concepts in this chapter, please check out the Additional Resources and Activities page in Student Resources. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41 © 2006, Cisco Systems, Inc. All rights reserved. 15 Presentation_ID.scr Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42 Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43 © 2006, Cisco Systems, Inc. All rights reserved. 16 Presentation_ID.scr Chapter 3: Cybersecurity Threats, Vulnerabilities, and Attacks Cybersecurity Essentials v1.0 Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12 Chapter 3 - Sections & Objectives 3.1 Malware and Malicious Code Differentiate the types of malware and malicious code. 3.2 Deception Describe the tactics, techniques and procedures used by cyber criminals. 3.3 Attacks Compare the different methods used in social engineering. Compare different types of cyberattacks. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13 © 2006, Cisco Systems, Inc. All rights reserved. 1 Presentation_ID.scr 3.1 Malware and Malicious Code Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14 Malware and Malicious Code Types of Malware Cyber criminals target user’s end devices through the installation of malware. Viruses - A virus is malicious executable code attached to another executable file, such as a legitimate program. Most viruses require end-user initiation, and can activate at a specific time or date. Worms - Worms are malicious code that replicates by independently exploiting vulnerabilities in networks. Worms usually slow down networks. Whereas a virus requires a host program to run, worms can run by themselves. Other than the initial infection, worms no longer require user participation. Trojan horse - A Trojan horse is malware that carries out malicious operations under the guise of a desired operation such as playing an online game. This malicious code exploits the privileges of the user that runs it. A Trojan horse differs from a virus because the Trojan binds itself to non-executable files, such as image files, audio files, or games. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15 © 2006, Cisco Systems, Inc. All rights reserved. 2 Presentation_ID.scr Malware and Malicious Code Types of Malware (Cont.) Logic Bomb - A logic bomb is a malicious program that uses a trigger to awaken the malicious code. For example, triggers can be dates, times, other programs running, or the deletion of a user account. The logic bomb remains inactive until that trigger event happens. Once activated, a logic bomb implements a malicious code that causes harm to a computer. Ransomware - Ransomware holds a computer system, or the data it contains, captive until the target makes a payment. Ransomware usually works by encrypting data in the computer with a key unknown to the user. Backdoors and Rootkits - A backdoor or rootkit refers to the program or code introduced by a criminal who has compromised a system. The backdoor bypasses the normal authentication used to access a system. A rootkit modifies the operating system to create a backdoor. Attackers then use the backdoor to access the computer remotely. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16 Malware and Malicious Code Email and Browser Attacks (Cont.) Email is a universal service used by billions worldwide. As one of the most popular services, email has become a major vulnerability to users and organizations. Spam - Spam, also known as junk mail, is unsolicited email. In most cases, spam is a method of advertising. However, spam can send harmful links, malware, or deceptive content. Spyware - Spyware is software that enables a criminal to obtain information about a user’s computer activities. Spyware often includes activity trackers, keystroke collection, and data capture. In an attempt to overcome security measures, spyware often modifies security settings. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17 © 2006, Cisco Systems, Inc. All rights reserved. 3 Presentation_ID.scr Malware and Malicious Code Email and Browser Attacks (Cont.) Adware - Adware typically displays annoying pop-ups to generate revenue for its authors. The malware may analyze user interests by tracking the websites visited. It can then send pop-up advertising pertinent to those sites. Scareware - Scareware persuades the user to take a specific action based on fear. Scareware forges pop- up windows that resemble operating system dialogue windows. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18 Malware and Malicious Code Email and Browser Attacks (Cont.) Phishing - Phishing is a form of fraud. Cyber criminals use email, instant messaging, or other social media to try to gather information such as login credentials or account information by masquerading as a reputable entity or person. Phishing occurs when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source. The message intent is to trick the recipient into installing malware on his or her device or into sharing personal or financial information. Spear phishing - Spear phishing is a highly targeted phishing attack. While phishing and spear phishing both use emails to reach the victims, spear phishing sends customized emails to a specific person. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19 © 2006, Cisco Systems, Inc. All rights reserved. 4 Presentation_ID.scr Malware and Malicious Code Email and Browser Attacks (Cont.) Vishing - Vishing is phishing using voice communication technology. Criminals can spoof calls from legitimate sources using voice over IP (VoIP) technology. Victims may also receive a recorded message that appears legitimate. Pharming - Pharming is the impersonation of a legitimate website in an effort to deceive users into entering their credentials. Whaling - Whaling is a phishing attack that targets high profile targets within an organization such as senior executives. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20 Malware and Malicious Code Email and Browser Attacks (Cont.) Plugins - The Flash and Shockwave plugins from Adobe enable the development of interesting graphic and cartoon animations that greatly enhance the look and feel of a web page. Plugins display the content developed using the appropriate software. SEO Poisoning - Search engines such as Google work by ranking pages and presenting relevant results based on users’ search queries. Depending on the relevancy of web site content, it may appear higher or lower in the search result list. SEO, short for Search Engine Optimization, is a set of techniques used to improve a website’s ranking by a search engine. While many legitimate companies specialize in optimizing websites to better position them, SEO poisoning uses SEO to make a malicious website appear higher in search results. Browser Hijacker - A browser hijacker is malware that alters a computer's browser settings to redirect the user to websites paid for by the cyber criminals' customers. Browser hijackers usually install without the user's permission and is usually part of a drive-by download. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21 © 2006, Cisco Systems, Inc. All rights reserved. 5 Presentation_ID.scr 3.2 Deception Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22 Deception The Art of Deception Social Engineering - Social engineering is a completely non- technical means for a criminal to gather information on a target. Social engineering is an attack that attempts to manipulate individuals into performing actions or divulging confidential information. Social engineers often rely on people’s willingness to be helpful but also prey on people’s weaknesses. These are some types of social engineering attacks: Pretexting - This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data. An example involves an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient. Something for Something (Quid pro quo) - This is when an attacker requests personal information from a party in exchange for something, like a gift. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23 © 2006, Cisco Systems, Inc. All rights reserved. 6 Presentation_ID.scr Deception Types of Deception Shoulder Surfing and Dumpster Diving – refers to picking up PINs, access codes or credit card numbers. An attacker can be in close proximity to his victim or the attacker can use binoculars or closed circuit cameras to shoulder surf. Impersonation and Hoaxes - Impersonation is the action of pretending to be someone else. For example, a recent phone scam targeted taxpayers. A criminal, posing as an IRS employee, told the victims that they owed money to the IRS. Piggybacking and Tailgating - Piggybacking occurs when a criminal tags along with an authorized person to gain entry into a secure location or a restricted area. Tailgating is another term that describes the same practice. Online, Email, and Web-based Trickery - Forwarding hoax emails and other jokes, funny movies, and non-work- related emails at work may violate the company's acceptable use policy and result in disciplinary actions. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24 3.3 Attacks Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25 © 2006, Cisco Systems, Inc. All rights reserved. 7 Presentation_ID.scr Attacks Types of Cyber Attacks Denial-of-Service (DoS) Attacks - are a type of network attack. A DoS attack results in some sort of interruption of network services to users, devices, or applications. DoS attacks are a major risk because they can easily interrupt communication and cause significant loss of time and money. These attacks are relatively simple to conduct, even by an unskilled attacker. Sniffing - Sniffing is similar to eavesdropping on someone. It occurs when attackers examine all network traffic as it passes through their NIC, independent of whether or not the traffic is addressed to them or not. Criminals accomplish network sniffing with a software application, hardware device, or a combination of the two. Spoofing - Spoofing is an impersonation attack, and it takes advantage of a trusted relationship between two systems. If two systems accept the authentication accomplished by each other, an individual logged onto one system might not go through an authentication process again to access the other system. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26 Attacks Types of Cyber Attacks Man-in-the-middle - A criminal performs a man-in-the-middle (MitM) attack by intercepting communications between computers to steal information crossing the network. The criminal can also choose to manipulate messages and relay false information between hosts since the hosts are unaware that a modification to the messages occurred. MitM allows the criminal to take control over a device without the user’s knowledge. Zero-Day Attacks - A zero-day attack, sometimes referred to as a zero-day threat, is a computer attack that tries to exploit software vulnerabilities that are unknown or undisclosed by the software vendor. The term zero hour describes the moment when someone discovers the exploit. Keyboard Logging - Keyboard logging is a software program that records or logs the keystrokes of the user of the system. Criminals can implement keystroke loggers through software installed on a computer system or through hardware physically attached to a computer. The criminal configures the key logger software to email the log file. The keystrokes captured in the log file can reveal usernames, passwords, websites visited, and other sensitive information. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27 © 2006, Cisco Systems, Inc. All rights reserved. 8 Presentation_ID.scr Attacks Wireless and Mobile Attacks (Cont.) Grayware and SMiShing Grayware includes applications that behave in an annoying or undesirable manner. Grayware may not have recognizable malware concealed within, but it still may pose a risk to the user. Grayware is becoming a problem area in mobile security with the popularity of smartphones. SMiShing is short for SMS phishing. It uses Short Message Service (SMS) to send fake text messages. The criminals trick the user into visiting a website or calling a phone number. Unsuspecting victims may then provide sensitive information such as credit card information. Visiting a website might result in the user unknowingly downloading malware that infects the device. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28 Attacks Wireless and Mobile Attacks (Cont.) Rogue Access Points - A rogue access point is a wireless access point installed on a secure network without explicit authorization. A rogue access point can be set up in two ways. RF Jamming - Wireless signals are susceptible to electromagnetic interference (EMI), radio-frequency interference (RFI), and may even be susceptible to lightning strikes or noise from fluorescent lights. Wireless signals are also susceptible to deliberate jamming. Radio frequency (RF) jamming disrupts the transmission of a radio or satellite station so that the signal does not reach the receiving station. Bluejacking and Bluesnarfing - Bluejacking is the term used for sending unauthorized messages to another Bluetooth device. Bluesnarfing occurs when the attacker copies the victim's information from his device. This information can include emails and contact lists. Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29 © 2006, Cisco Systems, Inc. All rights reserved. 9 Presentation_ID.scr Attacks Wireless and Mobile Attacks (Cont.) WEP and WPA Attack
