Introduction To Information Security PDF

Introduction To Information Security Defining Information Security Information security, refers to the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. Information security is often used to describe the tasks of securing digital information, whether it is: manipulated by a microprocessor (such as on a personal computer), preserved on a storage device (such as a hard drive or USB flash drive), or transmitted over a network (such as a local area network or the Internet). 2 CIA Triad When we have these three components attained, that’s mean our data or information has a good security But, if we lose one of them that’s become a vulnerability and the attacker can exploit it 3 AAA of Security 4 Information security layers 5 Security Cycle Three Keywords: 1. Threats THREATS A cyber threat is a malicious act that seeks to steal or damage data or discompose the digital network or system SECURITY CYCLE 2. Vulnerabilities COUNTERMEASURES VULNERABILITIES Is a point where a system is susceptible to attack 3. Countermeasures Technology, Policies , Tools, People that protecting system 6 Who Are the Threat Actors? In cybersecurity, a threat actor (also called a malicious actor) is an individual or entity responsible for cyber incidents against the technology equipment of enterprises and users. The generic term attacker is also commonly used. 7 Vulnerabilities and Attacks In cybersecurity, a vulnerability is a flaw in a system’s design, security procedures, internal controls, or uneducated people etc., that can be exploited by cybercriminals Cybersecurity vulnerabilities can be categorized into 1. Platforms, 2. Configurations, 3. Third parties, 4. Patches, and 5. Zero-day vulnerabilities. 8 1. Platforms Several vulnerabilities are the result of the platform being used, (A computer platform is a system that consists of the hardware device and an operating system (OS) that runs software such as applications, programs, or processes.) Although all platforms have vulnerabilities to some degree, some platforms by their very nature have more serious vulnerabilities, These include legacy platforms, on-premises platforms, and cloud platforms. One type of platform that is well known for its vulnerabilities is a legacy platform. A legacy platform is no longer in widespread use, often because it has been replaced by an updated version of the earlier technology. Note: Modern OS software, such as Microsoft Windows, Apple mac OS, and Linux, continually evolve and are updated with new enhancements and—most critically—fixes to uncovered vulnerabilities. 9 1. Platforms ….cont. 1. On-premises platforms, which are software and technology within an enterprise's data center, were once considered secure due to firewalls protecting servers and data. However, organizations often added more servers, network resources, and software, leading to provisioned resources not adequately configured for security. Additionally, numerous entry points from outside sources make protecting the platform a constant challenge. 10 1. Platforms ….cont. 2. Cloud Platforms Known as a cloud platform, this is a pay-per-use computing model in which customers pay only for the online computing resources they need. As computing needs increase or decrease, cloud computing resources can be scaled up or scaled back. 11 1. Platforms ….cont. However, cloud platforms have proven to have significant vulnerabilities. The vulnerabilities are most often based on misconfigurations by the company personnel responsible for securing the cloud platform. Cloud resources are, by definition, accessible from virtually anywhere, putting cloud computing platforms constantly under attack from threat actors probing for vulnerabilities! 12 2. Configurations Modern hardware and software platforms provide an array of features and security settings that must be properly configured to repel attacks. However, the configuration settings are often not properly implemented, resulting in weak configurations. Table 1-3 lists several weak configurations that can result in vulnerabilities. 13 2. Configurations … cont. 14 2. Configurations … cont. 15 3. Third Parties 1. Companies often hire outside help, like IT services, to save money and let employees work from anywhere. 2. Managing these outside helpers is important through vendor management, especially since they need access to the company's computer system. 3. These helpers sometimes need to connect their systems with the company's, but this can create security problems. 4. Not all companies are good at connecting these systems, which can make them vulnerable to attacks. 5. If attackers find a weak spot in any part of the system, they can break in and cause trouble. 16 4. Patches Operating systems, originally created for running programs, have become more complicated over time, adding features and graphical interfaces, which unintentionally make them vulnerable to attacks. Developers release software fixes like security patches to address these vulnerabilities, but applying them can be tricky. Firmware, which controls hardware, is difficult to update and needs special procedures. Outside of major software, patches for application software are rare, and delays in updating operating systems can lead to new issues. Organizations often wait to install patches until they're sure they won't cause problems with their custom programs. Sometimes patches can even make software stop working properly! Despite these challenges, keeping operating systems secure relies on regularly applying patches. 17 5. Zero Day As noted earlier, patches are created and distributed when the software developer learns of a vulnerability and corrects it. What happens if it is not the developer who uncovers the vulnerability, but a threat actor who finds it first? In this case, the vulnerability can be exploited by attackers before anyone else even knows it exists. This type of vulnerability is called a zero day because it provides zero days of warning. Zero-day vulnerabilities are considered extremely serious: systems are open to attack with no specific patches available. However, other protections can mitigate a zero-day attack , For example, some protections use machine learning to collect data from previously detected exploits and create a baseline of safe system behavior that may help detect an attack based on a zero-day vulnerability. 18 Security Attacks Def. ◦ Any action that compromises the security of information owned by an organization and break on the CIA. ◦ Attacks Classified into ❑ Passive attacks ❑ Active Attacks 10/20/2024 AL-ZAYTOONAH UNIVERSITY 19 Security Attacks – Passive Attacks Attempts to learn or make use of information from the system but does not affect system resources Difficult to detect because they do not involve any alternation of the data Two types of passive attacks ❑ Obtain message contents ❑ Traffic analysis (monitor traffic flows) 10/20/2024 AL-ZAYTOONAH UNIVERSITY 20 Passive Attacks 10/20/2024 AL-ZAYTOONAH UNIVERSITY 21 Security Attacks - Active Attacks Attempts to alter system resources or affect their operation ◦ Subdivided into four categories ◦ Masquerade, when one entity pretends to be another entity ◦ Reply, capture the message then retransmit ◦ Modification, alter some portion of the message ◦ Denial of service, prevents or inhibits the normal use or management of communication facilities 10/20/2024 AL-ZAYTOONAH UNIVERSITY 22 Active Attacks 10/20/2024 AL-ZAYTOONAH UNIVERSITY 23 Passive and Active Attacks - Discussion Differentiate between the Active and passive attacks. Q. Is it hard or simple to detect passive attacks? Q. How can we avoid passive attacks? How can we prevent them? Q. Is it hard or simple to detect active attacks? Why? Q. Can we prevent the active attacks? How? 10/20/2024 AL-ZAYTOONAH UNIVERSITY 24 Attack Vectors An attack vector is a method used by a threat actor to enter a system. These vectors can be categorized into email, wireless, removable media, direct access, social media, and cloud. ❑ Email is the primary vector for malware, with 94% of all malware being delivered through email. ❑ Wireless data transmissions can be intercepted and altered if not properly protected. ❑ Removable media devices like USB flash drives are common attack vectors. ❑ Direct access occurs when a threat actor gains physical access to a computer, inserting a USB flash drive with an alternative operating system and rebooting the computer under the alternate OS. ❑ Social media is another vector for attacks. For example, an attacker may read social media posts to determine when an employee will be on vacation and then call the organization’s help desk pretending to be that employee to ask for “emergency” access to an account. ❑ Cloud systems are also exploited by attackers to find security weaknesses. 25 Social Engineering Attacks Social engineering is a method of gathering information through individuals' weaknesses, often relying on psychological principles or physical procedures. 26 Social engineering Social engineering psychological approaches involve impersonation, phishing, redirection, spam, hoaxes, and watering hole attacks. Impersonation involves masquerading as a real or fictitious character and playing the role of that person with a victim. The threat actor must know as much about the victim as possible to appear genuine. Phishing is a common form of social engineering, sending emails or web announcements that falsely claim to be from a legitimate enterprise. Users are asked to update personal information, but the email or website is actually an imposter site set up to steal the information. Invoice scams involve fictitious overdue invoices demanding immediate payment. Phishing is more successful today due to the difficulty of distinguishing between legitimate emails and fake websites due to their similar logos, color schemes, and wording. 27 Figure 1-4 illustrates an actual phishing email message that looks like it came from a legitimate source. 28 Spam Spam is unsolicited email sent to large recipients, with spammers making a large profit. Most spam is sent from botnets, which can be used by spammers to launch attacks. Even if only a small percentage of responses are received, the spammer still makes a large profit. For instance, if a spammer sends spam to 6 million users for a product with a sale price of $50, and only receives 0.001% of responses, they would still make over $270,000 in profit. 29 Physical Procedures While some social engineering attacks rely on psychological manipulation, other attacks rely on physical acts. These attacks take advantage of user actions that can result in compromised security. Three of the most common physical procedures are ❑ Dumpster diving ❑ Tailgating ❑ Shoulder surfing. Dumpster Diving involves digging through trash receptacles to find information that can be useful in an attack. Table 1-5 lists the different items that can be retrieved—many of which appear to be useless—and how they can be used. 30 31 Physical Procedures Shoulder Surfing If an attacker cannot enter a building as a tailgater without raising suspicion, an alternative is to watch an individual entering the security code on a keypad. Known as shoulder surfing, this technique can be used in any setting that allows an attacker to casually observe someone entering secret information, such as the security codes on a door keypad. Attackers are also using webcams and smartphone cameras to "shoulder surf" users of ATM machines to record keypad entries. 32 Impacts of Attacks A successful attack always results in several negative impacts: These impacts can be classified as data impacts and effects on the organization. 1. Data Impacts Whereas the goal of some attacks may be harm to a system, such as manipulating an industrial control system to shut down a water filtration facility, most attacks focus on data as the primary target. 2. Effects on the Enterprise A successful attack can also have grave consequences for an enterprise. First, the attack may make systems inaccessible (availability loss). This results in lost productivity, which can affect the normal tasks for generating income (financial loss). The consequences of a successful attack on data are listed in Table 1-6. 33 34

Introduction To Information Security PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue