Transcript Security Fundamentalsx

MODULE 2 UNIT 1
Security Fundamentals
SECURITY BASICS

Confidentiality – keeping data private

Allowing only authorized users to access private files.
Integrity – any data that is sent between users
must have a guarantee that the data has not
been tampered with during transmission.
 Authentication – all systems should prove the
identity of users


Associate users with a valid account by requesting
that they provide data unique to each user
2
Non-repudiation – once the data has been sent,
the sender must not be able to deny sending the
data.
 Ant-replay – this stops users from resending data
in an effort to pretend that they are someone
else.

3
SOCIAL ENGINEERING
The use of social tricks or psychology to gain
access to secured systems.
 The goal is to trick people into revealing
passwords and other information.

4
PHISHING AND PHARMING

Phishing involves getting a user to enter
personal information via a fake website.
Paypal
 Ebay
 yahoo


Pharming involves modifying DNS entries, which
causes users to be directed to the wrong website
when they visit a certain Web address.
5
MITIGATING SOCIAL ENGINEERING

What makes attacks effective?








Authority
Intimidation
Consensus / social proof
Scarcity
Urgency
Familiarity / liking
Trust
What makes attacks ineffective?
Policy and standard procedures
 Education and training
 Accounting (auditing and surveillance)

6
MALWARE

Malware
A general term for any type of unwanted software
that does mischief or permanent damage to your
computer.
 Malware is created by people to intentionally do
mischief of damage to your computer


Worms

A piece of computer code that is able to send itself to
many computers by taking control of a computers
ability to transport files and information. They get
into your computer via email.
7
TROJANS AND SPYWARE
Trojans get into your computer via a program
then damage and destroy programs and files.
 Spyware downloads into your computer without
you knowing that.

It can collect personal information about you such as
passwords, credit card numbers and web sites you
visit, and transmit this to a third party.
 It can also change the configuration of your
computer, or put advertisements on your computer.

8
Adware – software that displays banners or popup ads on your computer.
 It downloads to your computer when you access
certain internet sites, or when you agree to
download it when using certain freeware or
shareware.

9
ANTIVIRUS SOFTWARE

Software that detects viruses coming into your
computer and attempts to get rid of them.
10
NETWORK RECONNAISSANCE
Reconnaissance attack is a kind of information
gathering on network system and services.
 This enables the attacker to discover
vulnerabilities or weaknesses on the network.
 Active reconnaissance is a type of computer
attack in which an intruder engages with the
targeted system to gather information about
vulnerabilities.

11
FOOTPRINTING
 Footprinting - Process of collecting information about an
organization, its network, its IP address ranges and the
people who use them
 Footprinting is conducted through social engineering and
by researching information
 from printed resources
 From online resources
 Footprinting tools/techniques
 Performing web reconnaissance
 DNS interrogation
12
EAVESDROPPING
Network Eavesdropping or network sniffing is a
network layer attack consisting of capturing
packets from the network transmitted by others'
computers and reading the data content in search
of sensitive information like passwords, session
tokens, or any kind of confidential information.
 The attack could be done using tools called
network sniffers.
 These tools collect packets on the network and,
depending on the quality of the tool, analyse the
collected data like protocol decoders or stream
reassembling

13
MAN-IN-THE-MIDDLE

The man-in-the middle attack intercepts a
communication between two systems.

For example, in an http transaction the target is the
TCP connection between client and server.
Using different techniques, the attacker splits
the original TCP connection into 2 new
connections, one between the client and the
attacker and the other between the attacker and
the server.
 Once the TCP connection is intercepted, the
attacker acts as a proxy, being able to read,
insert and modify the data in the intercepted
communication.

14
MAN-IN-THE-MIDDLE
15
DENIAL OF SERVICE
A denial-of-service (DoS) or distributed denialof-service (DDoS) attack is an attempt to make
a machine or network resource unavailable to its
intended users.
 A DoS attack generally consists of efforts to
temporarily or indefinitely interrupt or suspend
services of a host connected to the Internet

16
EXPLOITS
Exploit is a piece of software, a chunk of data, or
a sequence of commands that takes advantage of
a bug or vulnerability in order to cause
unintended or unanticipated behaviour to occur
on computer software, hardware, or something
electronic (usually computerized).
 Such behaviour frequently includes things like
gaining control of a computer system,
allowing privilege escalation, or a denial-ofservice attack.

17
MANAGEMENT
Create a management and inspection plan
 Log and document management / maintenance /
system reconfiguration activities

18
INCIDENT RESPONSE
•
•
Procedures and guidelines for dealing with security
incidents
Different goals
Re-establish a secure working system
 Preserve evidence of the incident with the aim of
prosecuting the perpetrators
 Prevent reoccurrence of the incident

•
National Institute of Standards and Technology
(NIST) Computer Security Incident Handling Guide
Preparation
 Detection and Analysis
 Containment, Eradication, and Recovery
 Post-incident Activity

19
PATCH MANAGEMENT
•
•
•
Updates, patches, hotfixes, and service packs
Update policies
Windows
Automatic Updates
 Windows / Office / Microsoft Update

•
•
•
Linux / Mac OS downloadable updates
Application updates
Firmware
20
TRAINING / EDUCATION
21