Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.
-
Upload
horace-ray -
Category
Documents
-
view
223 -
download
1
Transcript of Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.
![Page 1: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/1.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Chapter OneIntroduction to Information Security
![Page 2: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/2.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Objectives
• Explain the component parts of information security in general and network security in particular
• Define the key terms and critical concepts of information and network security
• Describe the organizational roles of information and network security professionals
• Discuss the business need for information and network security
2
![Page 3: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/3.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Objectives (cont’d.)
• Identify the threats posed to information and network security, as well as the common attacks associated with those threats
• Differentiate threats to information within systems from attacks against information within systems
3
![Page 4: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/4.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Introduction
• Network security – Critical activity for almost every organization
• Perimeter defense– Cornerstone of most network security programs– Effective firewall
• Properly configured to be safe and efficient
• Chapter 1– Overview of the entire field of information security – How that broader field influences current trends in
network security
4
![Page 5: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/5.jpg)
Guide to Firewalls and VPNs, 3rd Edition
What Is Information Security?
• Information security (InfoSec) – Protection of information and its critical elements, – Includes the systems and hardware that use, store,
and transmit that information
• Unified process encompasses– Network security– Physical security– Personnel security– Operations security– Communications security
5
![Page 6: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/6.jpg)
Guide to Firewalls and VPNs, 3rd Edition
What Is Information Security? (cont’d.)
• C.I.A. triangle– Industry standard for computer security – Based on the three characteristics of information that
make it valuable to organizations:• Confidentiality
• Integrity
• Availability
6
![Page 7: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/7.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Critical Characteristics of Information
• Availability– Information is accessible by authorized users
• Accuracy– Information is free from mistakes or errors
• Authenticity– Information is genuine or original
• Confidentiality– Information is protected from disclosure or exposure
7
![Page 8: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/8.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Critical Characteristics of Information (cont’d.)
• Integrity– Information remains whole, complete, and
uncorrupted
• Utility– Information has value for some purpose or end
• Possession– Information object or item is owned or controlled by
somebody
8
![Page 9: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/9.jpg)
Guide to Firewalls and VPNs, 3rd Edition
CNSS Security Model
• U.S. Committee on National Systems Security (CNSS)
• National Training Standard for Information Security Professionals NSTISSI No. 4011
• McCumber Cube– 3 x 3 x 3 cube, with 27 cells representing the various
areas that must be addressed to secure today’s information systems
9
![Page 10: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/10.jpg)
Guide to Firewalls and VPNs, 3rd Edition
CNSS Security Model
10
Figure 1-1 The McCumber Cube
@ Cengage Learning 2012
![Page 11: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/11.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Balancing Information Security and Access
• Information security – Process, not an end state
• Balance protection of information and information assets with the availability of that information to authorized users
• Security must allow reasonable access– Yet protect against threats
11
![Page 12: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/12.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Business Needs First
• Protect the organization’s ability to function
• Enable the safe operation of applications implemented on the organization’s IT systems
• Protect the data the organization collects and uses
• Safeguard the technology assets in use at the organization
12
![Page 13: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/13.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Security Professionals and the Organization
• Wide range of professionals to support the complex information security program needed by a moderate or large organization
• Chief information officer (CIO)– Senior technology officer
• Chief information security officer (CISO)– Responsible for the assessment, management, and
implementation of information security in the organization
13
![Page 14: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/14.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Security Professionals and the Organization (cont’d.)
• Information security project team – Champion– Team leader– Security policy developers– Risk assessment specialists– Security professionals– Systems, network, and storage administrators– End users
14
![Page 15: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/15.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Data Management
• Data owners– Responsible for the security and use of a particular
set of information
• Data custodians– Responsible for the storage, maintenance, and
protection of the information
• Data users– Allowed by the data owner to access and use the
information to perform their daily jobs
15
![Page 16: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/16.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Key Information Security Terminology
• Security professional must be familiar with common terms– To effectively support any information security effort
16
![Page 17: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/17.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Threats and Attacks
• Threat – Category of object, person, or other entity that poses
a potential risk of loss to an asset
• Asset– Anything that has value for the organization– Can be physical or logical
• Attack – Intentional or unintentional action that could
represent the unauthorized modification, damage, or loss of an information asset
17
![Page 18: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/18.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Threats and Attacks (cont’d.)
• Subject of an attack– Used as an active tool to conduct the attack
• Object of an attack– Entity being attacked
• Direct attack – Hacker uses a personal computer to break into a
system
• Indirect attack – System is compromised and used to attack other
systems
18
![Page 19: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/19.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Vulnerabilities and Exploits
• Threat agent – Specific instance of a general threat
• Well-known vulnerabilities– Vulnerabilities that have been examined,
documented, and published
• “Exploit”– Threat agents attempt to exploit a system or
information asset– Specific recipe that an attacker creates to formulate
an attack
19
![Page 20: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/20.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Vulnerabilities and Exploits (cont’d.)
• Controls, safeguards, or countermeasures– Synonymous terms– Security mechanisms, policies, or procedures that
can successfully counter attacks, reduce risk, resolve vulnerabilities, and generally improve the security within an organization
20
![Page 21: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/21.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Risk
• State of being unsecure, either partially or totally, and thus susceptible to attack
• Described in terms of likelihood
• Risk management– Involves risk identification, risk assessment or
analysis, and risk control
• Risk appetite or risk tolerance– Amount of risk an organization chooses to live with
21
![Page 22: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/22.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Risk (cont’d.)
• Residual risk– Amount of risk that remains after an organization
takes precautions, implements controls and safeguards, and performs other security activities
• To control risk:– Self-protection– Risk transfer– Self-insurance or acceptance– Avoidance
22
![Page 23: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/23.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Security Perimeter and Defense in Depth
• Security perimeter– Defines the boundary between the outer limit of an
organization’s security and the beginning of the outside network
– Perimeter does not protect against internal attacks– Organization may choose to set up security domains
• Defense in depth– Layered implementation of security
• Redundancy– Implementing technology in layers
23
![Page 24: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/24.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Security Perimeter and Defense in Depth (cont’d.)
24
Figure 1-3 Security Perimeter@ Cengage Learning 2012
![Page 25: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/25.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Security Perimeter and Defense in Depth (cont’d.)
25
Figure 1-4 Defense in Depth
@ Cengage Learning 2012
![Page 26: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/26.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Threats to Information Security
• Table 1-1– Reveals how many organizations have experienced
the listed types of attack or misuse
• Table 1-2– 12 categories that represent a clear and present
danger to an organization’s people, information, and systems
26
![Page 27: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/27.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Threats to Information Security (cont’d.)
27
Table 1-1 CSI/FBI Computer Crime and Security Survey (continues)
![Page 28: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/28.jpg)
Guide to Firewalls and VPNs, 3rd Edition 28
Table 1-1 CSI/FBI Computer Crime and Security Survey (continues)
![Page 29: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/29.jpg)
Guide to Firewalls and VPNs, 3rd Edition 29
Table 1-1 CSI/FBI Computer Crime and Security Survey (continues)
![Page 30: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/30.jpg)
Guide to Firewalls and VPNs, 3rd Edition 30
Table 1-1 CSI/FBI Computer Crime and Security Survey (continued)
![Page 31: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/31.jpg)
Guide to Firewalls and VPNs, 3rd Edition 31
Table 1-2 Threats to Information Security
![Page 32: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/32.jpg)
Guide to Firewalls and VPNs, 3rd Edition
The TVA Triple
• “TVA Triple” of Threat-Vulnerability-Asset – Use to prioritize your work– T1-V1-A1—Vulnerability 1 that exists between
Threat 1 and Asset 1– T1-V2-A1—Vulnerability 2 that exists between
Threat 1 and Asset 1– T1-V1-A2—Vulnerability 1 that exists between
Threat 1 and Asset 2
• Organize in a TVA worksheet
32
![Page 33: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/33.jpg)
Guide to Firewalls and VPNs, 3rd Edition 33
Table 1-3 Sample TVA spreadsheet
![Page 34: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/34.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Other Ways to View Threats
• Perspectives:– Intellectual property– Software piracy– Shoulder surfing– Hackers– Script kiddies– Packet monkeys– Cracker– Phreaker– Hacktivist or cyberactivist– Cyberterrorist
34
![Page 35: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/35.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Other Ways to View Threats (cont’d.)
• Malicious code, malicious software, or malware– Computer virus: macro virus, boot virus– Worms– Trojan horses– Backdoor, trapdoor, maintenance hook– Rootkit
35
![Page 36: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/36.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Other Ways to View Threats (cont’d.)
• Power irregularities– Spike (momentary increase)– Surge (prolonged increase)– Sag (momentary decrease)– Brownout (prolonged decrease)– Fault (momentary complete loss)– Blackout (prolonged complete loss)
36
![Page 37: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/37.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Attacks on Information Assets
• Attacks occur through a specific act that may cause a potential loss
• Each of the major types of attack used against controlled systems discussed
37
![Page 38: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/38.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Malicious Code
• Malicious code – Includes viruses, worms, Trojan horses, and active
Web scripts – Executed with the intent to destroy or steal
information
• Polymorphic, multivector worm– Constantly changes the way it looks – Uses multiple attack vectors to exploit a variety of
vulnerabilities in commonly used software
38
![Page 39: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/39.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Malicious Code
39
Table 1-4 Attack Vectors
![Page 40: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/40.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Compromising Passwords
• Bypass access controls by guessing passwords
• Cracking– Obtaining passwords from hash values
• Brute force attack– Application of computing and network resources to try
every possible combination of characters
• Dictionary attack– Variation on the brute force attack
– Narrows the field by selecting specific target accounts and using a list of commonly used passwords
40
![Page 41: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/41.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)
• Denial-of-service (DoS) attack– Attacker sends a large number of connection or
information requests to a target– So many requests are made that the target system
cannot handle them along with other, legitimate requests for service
• Distributed denial-of-service (DDoS) – Coordinated stream of requests against a target
from many locations at the same time
• Any system connected to the Internet is a potential target for denial-of-service attacks
41
![Page 42: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/42.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Spoofing
• Intruder sends messages to IP addresses that indicate to the recipient that the messages are coming from a trusted host
42
Figure 1-6 IP Spoofing@ Cengage Learning 2012
![Page 43: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/43.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Man-in-the-Middle
• Attacker monitors (or sniffs) packets from the network– Modifies them using IP spoofing techniques– Inserts them back into the network
• Allows the attacker to eavesdrop, change, delete, reroute, add, forge, or divert data
43
![Page 44: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/44.jpg)
Guide to Firewalls and VPNs, 3rd Edition
E-mail Attacks
• E-mail – Vehicle for attacks rather than the attack itself
• Spam– Used as a means to make malicious code attacks
more effective
• Mail bomb – Attacker routes large quantities of e-mail to the
target system
44
![Page 45: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/45.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Sniffers
• Sniffer – Program or device that can monitor data traveling
over a network– Used both for legitimate network management
functions and for stealing information from a network
• Impossible to detect
• Can be inserted almost anywhere
• Packet sniffers– Work on TCP/IP networks
45
![Page 46: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/46.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Social Engineering
• Process of using social skills to convince people to reveal access credentials or other valuable information to the attacker
• “People are the weakest link. You can have the best technology, [then] somebody call[s] an unsuspecting employee. That’s all she wrote, baby. They got everything”– Kevin Mitnick
46
![Page 47: Guide to Firewalls and VPNs, 3 rd Edition Chapter One Introduction to Information Security.](https://reader036.fdocuments.in/reader036/viewer/2022062321/56649efb5503460f94c0e974/html5/thumbnails/47.jpg)
Guide to Firewalls and VPNs, 3rd Edition
Buffer Overflow
• Application error – Occurs when more data is sent to a buffer than it can
handle
• Attacker can make the target system execute instructions
• Attacker can take advantage of some other unintended consequence of the failure
47