Transcript SetNo11
Security+ Guide to Network
Security Fundamentals
Chapter 1
المدرس :اياس القواسمة
البريد االلكتروني [email protected] :
الهاتف 0564569838:
رقم المكتب2152 :
Learning Objectives
Understand network security
Understand security threat trends and their
ramifications
Understand the goals of network security
Determine the factors involved in a secure
network strategy
Understanding Network Security
Network security
Process by which digital information assets are
protected
Goals
Maintain integrity
Protect confidentiality
Assure availability
Understanding Network Security
Security ensures that users:
Perform only tasks they are authorized to do
Obtain only information they are authorized to have
Cannot cause damage to data, applications, or
operating environment
Security Threats
Identity theft
Privacy concerns
Wireless access
To Offset Security Threats
Integrity
Confidentiality
Assurance that data is not altered or destroyed
in an unauthorized manner
Protection of data from unauthorized
disclosure to a third party
Availability
Continuous operation of computing systems
Quiz: Give real example for each
information Security principles ?
•
Examples of Information Security Fundamental
Principles:
–
–
–
Confidentiality: Exam questions prior to exam must
hidden from students.
Integrity: Students grades must not be modified by
students.
Availability: Student schedules system must be online
and available during the beginning of the semester.
Information Security Layers
Security Vulnerabilities for Sale
Anyone can buy
attack tools to
take over
computers
Examples of
Security Breaches
Difficulties in Defending against Attacks
Information Security Terminology
Asset
Threat
Something that has a value
An event or object that may defeat the security
measures in place and result in a loss
Threat agent
A person or thing that has the power to carry out a
threat
Information Security Terminology
Vulnerability
Exploit
Weakness that allows a threat agent to bypass security
Takes advantage of a vulnerability
Risk
The likelihood that a threat agent will exploit a
vulnerability
Realistically, risk cannot ever be entirely eliminated
Information Security Terminology
(continued)
Information Security Terminology
(continued)
Security Ramifications:
Costs of Intrusion
Causes of network security threats
1.
2.
3.
4.
Technology weaknesses
Configuration weaknesses
Policy weaknesses
Human error
Ramifications: تشعبات
1-Technology Weaknesses
TCP/IP
Operating systems
Network equipment
2-Configuration Weaknesses
Unsecured accounts
System accounts with easily guessed passwords
Mis-configured Internet services
Unsecured default settings
Mis-configured network equipment
Trojan horse programs
Vandals ( )المخربين
Viruses
3- Policy Weaknesses
Lack of a written security policy
Politics
High turnover
Concise access controls not applied
Software and hardware installation and changes
do not follow policy
Proper security
Nonexistent disaster recovery plan
4- Human Error
Accident
Ignorance
Workload
Dishonesty
Impersonation ( )التمثيل
Disgruntled employees ( )الموظفين الساخطين
Snoops ( )يتطفل
Denial-of-service attacks
Goals of Network Security
Achieve the state where any action that is
not expressly permitted is prohibited
Eliminate theft
Determine authentication
Identify assumptions
Control secrets
Creating a Secure Network Strategy
Address both internal and external threats
Define policies and procedures
Reduce risk across across perimeter
security, the Internet, intranets, and LANs
Creating a Secure Network Strategy
Human factors
Know your weaknesses
Limit access
Achieve security through persistence
Develop change management process
Remember physical security
Perimeter ( )محيطsecurity
Control access to critical network applications, data,
and services
Creating a Secure Network Strategy
Firewalls
Prevent unauthorized access to or from private
network
Create protective layer between network and
outside world
Replicate network at point of entry in order to
receive and transmit authorized data
Have built-in filters
Log attempted intrusions and create reports
Creating a Secure Network Strategy
Web and file servers
Access control
Ensures that only legitimate traffic is allowed
into or out of the network
Passwords
PINs
Smartcards
Creating a Secure Network Strategy
Change management
Document changes to all areas of IT infrastructure
Encryption
Ensures messages cannot be intercepted or read by
anyone other than the intended person(s)
Creating a Secure Network Strategy
Intrusion detection system (IDS)
Provides 24/7 network surveillance
Analyzes packet data streams within the
network
Searches for unauthorized activity
Simplicity
Information security is by its very nature complex
Complex security systems can be hard to understand,
troubleshoot, and feel secure about
As much as possible, a secure system should be simple
for those on the inside to understand and use
Complex security schemes are often compromised to
make them easier for trusted users to work with
Keeping a system simple from the inside but complex on
the outside can sometimes be difficult but reaps a major
benefit
Who Are the Attackers?
The types of people behind computer attacks
are generally divided into several categories
Hackers
Script kiddies
Spies
Employees
Cybercriminals
Cyberterrorists
The NSA Hacker
Gary McKinnon
hacked into NASA
and the US Military
He was looking for
evidence about UFOs
Hackers
Hacker
Although breaking into another person’s
computer system is illegal
Anyone who illegally breaks into or attempts to break
into a computer system
Some hackers believe it is ethical as long as they do
not commit theft, vandalism, or breach any
confidentiality
Ethical Hacker
Has permission from the owner to test security of
computers by attacking them
Script Kiddies
Unskilled users
Download automated hacking software
(scripts) from Web sites and use it to break
into computers
Image from ning.com
Spies
Computer spy
A person who has been hired to break into a
computer and steal information
Excellent computer skills
Employees
The largest information security threat
Motives
An employee might want to show the company a
weakness in their security
Disgruntled employees may be intent on retaliating
against the company
Industrial espionage
Blackmailing
Cybercriminals
A loose-knit network of attackers, identity
thieves, and financial fraudsters
More highly motivated, less risk-averse, better
funded, and more tenacious than hackers
Many security experts believe that cybercriminals
belong to organized gangs of young and mostly
Eastern European attackers
Cybercriminals have a more focused goal that
can be summed up in a single word: money
Cybercriminals
Cybercrime
Targeted attacks against financial networks,
unauthorized access to information, and the theft
of personal information
Financial cybercrime is often divided into two
categories
Trafficking in stolen credit card numbers and
financial information
Using spam to commit fraud
Cyberterrorists
Their motivation may be defined as ideology, or
attacking for the sake of their principles or beliefs
Goals of a cyberattack:
To deface electronic information and spread
misinformation and propaganda
To deny service to legitimate computer users
To commit unauthorized intrusions into systems and
networks that result in critical infrastructure outages
and corruption of vital data
Security Tradeoffs
Security
COST
Ease of
use
Functionality
Steps of an Attack
The five steps that make up an attack
Probe for information
Penetrate any defenses
Modify security settings
Circulate to other systems
Paralyze networks and devices
Defenses against Attacks
Although multiple defenses may be necessary
to withstand an attack
These defenses should be based on five
fundamental security principles:
Layering
Limiting
Diversity
Obscurity
Simplicity
Layering
Information security must be created in layers
One defense mechanism may be relatively easy
for an attacker to circumvent
Instead, a security system must have layers, making it
unlikely that an attacker has the tools and skills to
break through all the layers of defenses
A layered approach can also be useful in resisting
a variety of attacks
Layered security provides the most
comprehensive protection
Limiting
Limiting access to information reduces the
threat against it
Only those who must use data should have
access to it
In addition, the amount of access granted to
someone should be limited to what that person
needs to know
Some ways to limit access are technologybased, while others are procedural
Diversity
Layers must be different (diverse)
If attackers penetrate one layer, they cannot use the
same techniques to break through all other layers
Using diverse layers of defense means that
breaching one security layer does not
compromise the whole system
Obscurity الغموض
INFORMATION SECURITY CAREERS
AND THE SECURITY+ CERTIFICATION
Surveying Information Security Careers
and the Security+ Certification
Today, businesses and organizations require
employees and even prospective applicants
To demonstrate that they are familiar with
computer security practices
Many organizations use the CompTIA
Security+ certification to verify security
competency
CompTIA Security+ Certification
The CompTIA Security+ (2008 Edition)
Certification is the premiere vendor-neutral
credential
The Security+ exam is an internationally
recognized validation of foundation-level
security skills and knowledge
Used by organizations and security professionals
around the world
The skills and knowledge measured by the
Security+ exam are derived from an industrywide Job Task Analysis (JTA)
CompTIA Security+ Certification
(continued)
The six domains covered by the Security+
exam:
Systems Security, Network Infrastructure, Access
Control, Assessments and Audits, Cryptography,
and Organizational Security
Quiz: What Information security protect ?
•
Information Security protects
–
–
–
the integrity, confidentiality, and availability of
information
on the devices which store, manipulate, and
transmit the information
through products, people and procedures