9781435420168_PPT_CH01

Download Report

Transcript 9781435420168_PPT_CH01

FIREWALLS & NETWORK SECURITY
with Intrusion Detection and VPNs,
2nd Edition
Chapter 1
Introduction to
Information Security
Learning Objectives
Upon completion of this chapter, you should be able to:
 Explain the relationship among the component parts of information
security, especially network security
 Define the key terms and critical concepts of information and
network security
 Describe the organizational roles of information and network
security professionals
 Understand the business need for information and network security
 Identify the threats posed to information and network security, as
well as the common attacks associated with those threats
 Differentiate threats to information within systems from attacks
against information within systems
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 2
Introduction
 Firewalls and network security are critical
components in securing day-to-day operations
of nearly every organization in business today
 Before learning to plan, design, and implement
firewalls and network security, it is important to
understand the larger topic of information
security and how these two components fit into
it
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 3
What Is Information Security?
 Information security (InfoSec) is defined by
standards published by CNSS as the protection
of information and its critical elements, including
the systems and hardware that use, store, and
transmit that information
 To protect information and related systems,
organizations must implement policy,
awareness training and education, and
technology
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 4
Figure 1-1
Components of Information Security
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 5
What is Information Security?
(continued)
 C.I.A. triangle consists of Confidentiality,
Integrity, and Availability
 List of characteristics has expanded over time,
but these three remain central
 Successful organization maintains multiple
layers of security:
–
–
–
–
–
Network security
Physical security
Personal security
Operations security
Communications security
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 6
Critical Characteristics of Information
 Availability enables authorized users to access
information without interference or obstruction
and to receive it in required format
 Accuracy means information is free from error
and has the value the end user expects
 Authenticity is quality or state of being genuine
or original, rather than reproduced or fabricated;
information is authentic when it is what was
originally created, placed, stored, or transferred
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 7
Critical Characteristics of Information
(continued)
 Confidentiality is when information is protected
from exposure to unauthorized entities
 Integrity is when information remains whole,
complete, and uncorrupted
 Utility of information is quality or state of having
value for some end purpose; information must
be in a format meaningful to end user
 Possession is ownership or control of some
object or item; information is in one’s
possession if one obtains it, independent of
format or other characteristics
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 8
Figure 1-2
The CIA Triad and the McCumber Cube
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 9
Securing Components
 When computer is subject of an attack, it is
used as active tool to conduct attack
 When computer is object of an attack, it is entity
being attacked
 Direct attack is when hacker uses a computer to
break into a system
 Indirect attack is when a system is
compromised and used to attack other systems,
such as a botnet or other distributed denial-ofservice attack
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 10
Figure 1-3 Computer as the
Subject and Object of an Attack
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 11
Balancing Information Access and
Security
 Information security cannot be an absolute; it is
a process, not a goal
 Information security should balance protection
and availability
 To achieve balance—to operate information
system to satisfaction of users and security
professionals—level of security must allow
reasonable access, yet protect against threats
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 12
Security Professionals and the
Organization
 Chief Information Officer
– Senior technology officer
– Primarily responsible for advising senior
executive(s) for strategic planning
 Chief Information Security Officer
– Individual primarily responsible for assessment,
management, and implementation of securing
information in the organization
– May also be referred to as Manager for Security,
Security Administrator, or a similar title
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 13
Security Professionals and the
Organization (continued)
Information security project team should consist of
individuals experienced in one or more facets of
vast array of technical and nontechnical areas:
Champion
Team leader
Security policy developers
Risk assessment specialists
Security professionals
System, network, and storage administrators
End users
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 14
Data Ownership
 Data owner: responsible for the security and
use of a particular set of information
 Data custodian: responsible for the storage,
maintenance, and protection of the information
 Data users: the end systems users who work
with the information to perform their daily jobs
supporting the mission of the organization
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 15
Threats
Sun Tzu Wu:
 “If you know the enemy and know yourself, you
need not fear the result of a hundred battles.
 If you know yourself but not the enemy, for
every victory gained you will also suffer a
defeat.
 If you know neither the enemy nor yourself, you
will succumb in every battle.”
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 16
Threats (continued)
 To make sound decisions about information
security, management must be informed about
the various threats facing the organization, its
people, applications, data, and information
systems—that is, the enemy
 In the context of information security, a threat is
an object, person, or other entity that represents
a constant danger to an asset
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 17
Threats (continued)
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 18
Figure 1-5 Human Error or Failure
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 19
Figure 1-6 Shoulder Surfing
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 20
Figure 1-7 Hacker Profiles
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 21
Espionage or Trespass (continued)
 Generally two skill levels among hackers:
– Expert hacker
• Develops software scripts and codes exploits
• Usually a master of many skills
• Often creates attack software to share with others
– Unskilled hackers (script kiddies)
• Hackers of limited skill
• Use expert-written software to exploit a system
• Do not usually fully understand systems they hack
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 22
Espionage or Trespass (continued)
 Other terms for system rule breakers:
– Cracker: “cracks” or removes protection
designed to prevent unauthorized duplication
– Phreaker: hacks the public telephone network
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide
Slide 23
23
Information Extortion
 Information extortion is an attacker or formerly
trusted insider stealing information from a
computer system and demanding compensation
for its return or non-use
 Extortion found in credit card number theft
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 24
Software Attacks
 When an individual or group designs software to
attack systems, they create malicious code called
malware
 Designed to damage, destroy, or deny service to
target systems
 Includes:
–
–
–
–
–
–
Virus (macro virus or boot virus )
Worms
Trojan horses
Back door or trap door
Polymorphic
Virus and worm “hoaxes”
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 25
Figure 1-8 Trojan Horse Attack
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 26
Forces of Nature
 Forces of nature, force majeure, or acts of God
are dangerous because they are unexpected
and can occur with very little warning
 Can disrupt not only the lives of individuals, but
also the storage, transmission, and use of
information
 Include fire, flood, earthquake, and lightning as
well as electrostatic discharge
 Since it is not possible to avoid many of these
threats, management must implement controls
to limit damage and also prepare contingency
plans for continued operations
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 27
Deviations in Quality of Service
 Situations of product or services not delivered
as expected
 Information system depends on many interdependent support systems
 Service issues that dramatically affect the
availability of information and systems include:
– Internet service
– Communications service
– Power irregularities
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 28
Power Irregularities
 Power irregularities are common and lead to
fluctuations such as:
–
–
–
–
–
–
Spike: momentary increase
Surge: prolonged increase
Sag: momentary low voltage
Brownout: prolonged drop
Fault: momentary loss of power
Blackout: prolonged loss
 Electronic equipment is susceptible to
fluctuations; controls can be applied to manage
power quality
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 29
Malicious Code
 This kind of attack includes the execution of
viruses, worms, Trojan horses, and active Web
scripts with the intent to destroy or steal
information
 The state of the art in attacking systems is the
multi-vector worm using up to six attack vectors
to exploit a variety of vulnerabilities in commonly
found information system devices
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 30
Table 1-2 Attack Replication Vectors
New Table
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 31
Attack Descriptions
 “Hoaxes”: a more devious approach to attacking
computer systems is transmission of a virus
hoax, with a real virus attached
 Back doors: using a known or previously
unknown and newly discovered access
mechanism, an attacker can gain access to a
system or network resource
 Password crack: attempting to reverse calculate
a password
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 32
Attack Descriptions (continued)
 Brute force: the application of computing and
network resources to try every possible
combination of options of a password
 Dictionary: the dictionary password attack
narrows the field by selecting specific accounts
to attack and uses a list of commonly used
passwords (the dictionary) to guide guesses
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 33
Attack Descriptions (continued)
 Denial-of-service (DoS): attacker sends a large
number of connection or information requests to
a target; so many requests are made that the
target system cannot handle them successfully
along with other, legitimate requests for service
– May result in a system crash or merely an
inability to perform ordinary functions
 Distributed denial-of-service (DDoS): attack in
which a coordinated stream of requests is
launched against a target from many locations
at the same time
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 34
Figure 1-9 Denial-of-Service Attacks
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 35
Attack Descriptions (continued)
 Spoofing: technique used to gain unauthorized
access whereby the intruder sends messages to
a computer with an IP address indicating that
the message is coming from a trusted host
 Man-in-the-Middle: in this attack, an attacker
sniffs packets from the network, modifies them,
and inserts them back into the network; also
called TCP hijacking
 Spam: unsolicited commercial e-mail; while
many consider spam a nuisance rather than an
attack, it is emerging as a vector for some
attacks
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 36
Figure 1-10 IP Spoofing
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 37
Figure 1-11 Man-in-the-Middle
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 38
Attack Descriptions (continued)
 Mail-bombing: another form of e-mail attack that
is also a DoS, in which an attacker routes large
quantities of e-mail to the target
 Sniffer: program and/or device that can monitor
data traveling over a network; can be used for
both legitimate network management and for
stealing information from a network
 Social engineering: within the context of
information security, the process of using social
skills to convince people to reveal access
credentials or other valuable information
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 39
Attack Descriptions (continued)
 “People are the weakest link. You can have the
best technology; firewalls, intrusion-detection
systems, biometric devices ... and somebody
can call an unsuspecting employee. That's all
she wrote, baby. They got everything.”
 “Brick attack”: the best configured
firewall in the world can’t stand up to a
well-placed brick
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 40
Attack Descriptions (continued)
 Buffer overflow: application error occurs when
more data is sent to buffer than it can handle;
when buffer overflows, attacker can make target
system execute instructions or attacker can take
advantage of some other unintended
consequence of the failure
 Timing attack: relatively new, works by exploring
contents of Web browser’s cache; can allow
collection of information on access to passwordprotected sites
– Another attack by the same name involves
attempting to intercept cryptographic elements to
determine keys and encryption algorithms
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 41
Chapter Summary
 Firewalls and network security are essential
components for securing systems that
businesses use to run day-to-day operations
 Information security is protection of information
and its critical elements, including systems and
hardware that use, store, and transmit that data
 C.I.A. triangle based on confidentiality, integrity,
availability of info and systems that process it
 CNSS Security model (McCumber Cube)
provides graphical description of approach used
in computer and information security
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 42
Chapter Summary (continued)
 Computer can be subject of attack or object of
attack; two types of attacks: direct and indirect
 Information security not an absolute: a process,
not a goal; should balance reasonable access
and availability while protecting against threats
 Information security performs four functions:
– Protects organization’s ability to function
– Enables safe operation of applications
implemented on organization’s IT systems
– Protects data that organization collects and uses
– Safeguards technology assets of organization
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 43
Chapter Summary (continued)
 Requires wide range of professionals and skill
sets to support information security program
 Information security project team includes: team
leader, security policy developers, risk
assessment specialists, security professionals,
systems, network and storage administrators,
and end users
 Three types of data ownership: data owner,
data custodian, and data user
 Threat is object, person, or other entity that
represents a constant danger to assets
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 44
Chapter Summary (continued)
 Attack is deliberate act or action that takes
advantage of vulnerability to compromise
controlled system
 Vulnerability is identified weakness in controlled
system
 Major types of attacks include: malicious code,
“hoaxes” of malicious code, back doors,
password cracking, DoS, DDoS, spoofing, manin-the-middle, spam, mail bombing, sniffers,
social engineering, buffer overflow, and timing
attacks
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 45