Security+ Guide to Network Security Fundamentals, Third

Download Report

Transcript Security+ Guide to Network Security Fundamentals, Third

Security+ Guide to Network
Security Fundamentals,
Third Edition
Chapter 1
Introduction to Security
Objectives






Describe the challenges of securing information
Define information security and explain why it is
important
Identify the types of attackers that are common today
List the basic steps of an attack
Describe the five steps in a defense
Explain the different types of information security
careers and how the Security+ certification can
enhance a security career
Security+ Guide to Network Security Fundamentals, Third Edition
2
Challenges of Securing Information


There is ________________ to securing information
This can be seen through the different types of
attacks that users face everyday

Difficult and costly to defend against attacks


___________________________________ on computer
security and the cost is rising
Attacks include:




________________________
attacks due to ___________________
Phishing scams
Attacks due to __________________ etc
Security+ Guide to Network Security Fundamentals, Third Edition
3
4
Difficulties in Defending against
Attacks

Difficulties include the following:




_______________________
Greater sophistication of attacks
________________________________
Attackers can ____________________________ and more
______________________________

_______________ attack- an attack that occurs when an
attacker _______________________________________
_______________________________________




Zero days of warning
Delays in patching hardware and software products
Most attacks are now _________________, instead of
coming from only one source
User confusion
Security+ Guide to Network Security Fundamentals, Third Edition
5
Difficulties in Defending against
Attacks (summary)
Security+ Guide to Network Security Fundamentals, Third Edition
6
Defining Information Security

Information security involves the tasks of
__________________________________



On PC’s, DVD’s, USB’s etc
______________________________________
Also ensures that ______________________
__________________________________

Cannot completely prevent attacks or guarantee that a
system is totally secure
Security+ Guide to Network Security Fundamentals, Third Edition
7
Defining Information Security (continued)

Information security is intended to protect
valuable information with the following
characteristics:



____________________ ensures that ________
____________________ can view the information
__________ ensures that the information is correct
and _____________________________________
______________________ ensures that ________
____________________________________
Security+ Guide to Network Security Fundamentals, Third Edition
8
Comprehensive Definition
of Information Security
That which protects the integrity,
confidentiality, and availability of information
on the devices that store, manipulate, and
transmit the information through products,
people, and procedures
Security+ Guide to Network Security Fundamentals, Third Edition
9
Information Security Terminology



_____________
 Something that has a ____________
______________
 An event or object that may ___________________ in place and
result in ____________________________
_______________________
 A _______________ that has the __________________________




Includes __________________ such as flood, earthquake etc
Includes man-made agents such a a _______________
____________________________
 _____________ that allows a threat agent to _______________
 _______________________ a weakness is known as __________
a security weakness
_______________________
 The ______________ that a threat agent will _________________
 Realistically, risk cannot ever be entirely eliminated
Security+ Guide to Network Security Fundamentals, Third Edition
10
Five Main Goals of Information Security
1. __________________________________

The theft of data is one of the ____________________
_________________ due to an attack


Example- data containing company research, list of
customers, list of salaries etc
Individuals can also be victims of data thievery
2. _________________________________

Identity theft involves __________________________
____________ to establish bank or credit card accounts


Cards are then left unpaid, leaving the victim with the debts
and ruining their credit rating
Best defense is to protect data from being stolen in the first
place
Security+ Guide to Network Security Fundamentals, Third Edition
11
Five Main Goals of Information Security
(continued)
3. ______________________________



A number of federal and state laws have been
enacted to protect the privacy of electronic data
_________________________________
______________________________________
Examples of laws:


HIPAA- deals with the protection of health information
Sarbanes-Oxley- fights corporate corruption
Security+ Guide to Network Security Fundamentals, Third Edition
12
Five Main Goals of Information Security
(continued)
4. ____________________________

_______________________________ such as
time and money away from normal activities
5. ________________________________

Cyberterrorism


_____________________________________________
_____________________________________________
___________________________________________
Prime targets
Utility, telecommunications, and financial services
companies
Security+ Guide to Network Security Fundamentals, Third Edition
13
Who Are the Attackers? _________



Generic sense: _______________________
or attempts to break into ________________
Narrow sense: a ____________________
_________________________ only to
expose security flaws
Possess ___________________________

Some hackers believe it is ethical- although
illegal- to break into another person’s computer
system as long as they do not commit theft,
vandalism, or breach any confidentiality
Security+ Guide to Network Security Fundamentals, Third Edition
14
Who Are the Attackers? ___________



Want to _____________________________
_____________________________
_______________________
Download _________________________
(scripts) from Web sites and use it to break
into computers

Script kiddies tend to be computer users who
have almost unlimited amounts of leisure time,
and therefore are often considered more
dangerous than hackers
Security+ Guide to Network Security Fundamentals, Third Edition
15
Who Are the Attackers? __________

Computer spy



A _____________________________________
________________________________
Spies are hired to attack a _____________
______________ that contains sensitive
information and _____________________
without drawing any attention to their actions
Possess _____________________________
Security+ Guide to Network Security Fundamentals, Third Edition
16
Who Are the Attackers? __________


One of the ____________________________ to a
business actually comes from its employees
Reasons:




An employee might want to ________________________
in their security
______________________ may be intent on retaliating
against the company
________________________________
__________________________________ into stealing
from employer
Security+ Guide to Network Security Fundamentals, Third Edition
17
Who Are the Attackers? _____________

A ______________________________
_______________ who are highly motivated
and ____________________, ___________,
and tenacious

Launch ______________________ against
financial networks, utility companies etc

Cybercriminals have a more focused goal:
____________________!
Security+ Guide to Network Security Fundamentals, Third Edition
18
Cybercrime


___________________________________,
unauthorized access to information, and the
__________________________
Financial cybercrime is often divided into two
categories


Trafficking in stolen credit card numbers and
financial information
Using spam to commit fraud
Security+ Guide to Network Security Fundamentals, Third Edition
19
Cyberterrorists

Motivation may be defined as ideology, or ________
_________________________________


May lie dormant for a period of time then strike without
warning
Goals of a cyberattack by cyberterrorists:



To ___________________________ and spread
misinformation and propaganda
To _______________________________________
To __________________________ into systems and
networks that result in critical infrastructure outages and
corruption of vital data
Security+ Guide to Network Security Fundamentals, Third Edition
20
Steps of an Attack


There are a wide variety of attacks that can be
launched against a computer or network
The ________________ are used in most attacks
1. ______________________ this ___________________ is
essential in ____________________________________
version of software etc.
2. _______________________ ex: breaking passwords
3. ________________________ AKA _________________
~ Allows attacker to _____________________________
more easily
4. ______________________________ use of compromised
system to attack other networks or computers
5. ___________________________ ex: delete or modify files,
steal data, launch a DoS attack
Security+ Guide to Network Security Fundamentals, Third Edition
21
Security+ Guide to Network Security Fundamentals, Third Edition
22
Defenses against Attacks

Protecting computers against the previous
steps in an attack calls for __________
fundamental security principles:






_________________________________ to
withstand an attack
Security+ Guide to Network Security Fundamentals, Third Edition
23
Fundamental Security Principles: Layering

Security system must have layers, making it
____________________________________
_______________________ of defenses



One defense mechanism may be relatively easy
for an attacker to circumvent
A _________________________ can also be
_________________________________
Layered security provides the ___________
______________________________
Security+ Guide to Network Security Fundamentals, Third Edition
24
Fundamental Security Principles: Limiting


Limiting access to information reduces the
threat against it
____________________________________
__________________________


In addition, the amount of access granted to
someone should be limited to ______________
______________________________
Some ways to limit access are technologybased, while others are procedural
Security+ Guide to Network Security Fundamentals, Third Edition
25
Fundamental Security Principles: Diversity

________________________________


If attackers penetrate one layer, they cannot use
the same techniques to break through all other
layers
Using diverse layers of defense means that
____________________________________
________________________________

Example- use of security products from different
vendors
Security+ Guide to Network Security Fundamentals, Third Edition
26
Fundamental Security Principles: Obscurity



AKA “Security by Obscurity”
_________________________________________
_________________________________________
can be an important way to protect information
An example of obscurity would be _____________
_______________________, software, and network
connection a computer uses

An attacker who knows that information can more easily
determine the weaknesses of the system to attack it
Security+ Guide to Network Security Fundamentals, Third Edition
27
Fundamental Security Principles: Simplicity



Information security is by its very nature
complex
Complex security systems can be hard to
understand, troubleshoot, and feel secure
about
As much as possible, a ________________
____________________________________
__________________ for a potential attacker

Complex security schemes are often
compromised by employees themselves to make
them easier for (trusted) users to work with
Security+ Guide to Network Security Fundamentals, Third Edition
28
Summary




Attacks against information security have grown
exponentially in recent years
There are several reasons why it is difficult to defend
against today’s attacks
Information security may be defined as that which
protects the integrity, confidentiality, and availability of
information on the devices that store, manipulate,
and transmit the information through products,
people, and procedures
The main goals of information security are to prevent
data theft, thwart identity theft, avoid the legal
consequences of not securing information, maintain
productivity, and foil cyberterrorism
Security+ Guide to Network Security Fundamentals, Third Edition
29
Summary (continued)



The types of people behind computer attacks
are generally divided into several categories
There are five general steps that make up an
attack: probe for information, penetrate any
defenses, modify security settings, circulate to
other systems, and paralyze networks and
devices
The demand for IT professionals who know
how to secure networks and computers from
attacks is at an all-time high
Security+ Guide to Network Security Fundamentals, Third Edition
30