Security+ Guide to Network Security Fundamentals, Third
Download
Report
Transcript Security+ Guide to Network Security Fundamentals, Third
Security+ Guide to Network
Security Fundamentals,
Third Edition
Chapter 1
Introduction to Security
Objectives
Describe the challenges of securing information
Define information security and explain why it is
important
Identify the types of attackers that are common today
List the basic steps of an attack
Describe the five steps in a defense
Explain the different types of information security
careers and how the Security+ certification can
enhance a security career
Security+ Guide to Network Security Fundamentals, Third Edition
2
Challenges of Securing Information
There is ________________ to securing information
This can be seen through the different types of
attacks that users face everyday
Difficult and costly to defend against attacks
___________________________________ on computer
security and the cost is rising
Attacks include:
________________________
attacks due to ___________________
Phishing scams
Attacks due to __________________ etc
Security+ Guide to Network Security Fundamentals, Third Edition
3
4
Difficulties in Defending against
Attacks
Difficulties include the following:
_______________________
Greater sophistication of attacks
________________________________
Attackers can ____________________________ and more
______________________________
_______________ attack- an attack that occurs when an
attacker _______________________________________
_______________________________________
Zero days of warning
Delays in patching hardware and software products
Most attacks are now _________________, instead of
coming from only one source
User confusion
Security+ Guide to Network Security Fundamentals, Third Edition
5
Difficulties in Defending against
Attacks (summary)
Security+ Guide to Network Security Fundamentals, Third Edition
6
Defining Information Security
Information security involves the tasks of
__________________________________
On PC’s, DVD’s, USB’s etc
______________________________________
Also ensures that ______________________
__________________________________
Cannot completely prevent attacks or guarantee that a
system is totally secure
Security+ Guide to Network Security Fundamentals, Third Edition
7
Defining Information Security (continued)
Information security is intended to protect
valuable information with the following
characteristics:
____________________ ensures that ________
____________________ can view the information
__________ ensures that the information is correct
and _____________________________________
______________________ ensures that ________
____________________________________
Security+ Guide to Network Security Fundamentals, Third Edition
8
Comprehensive Definition
of Information Security
That which protects the integrity,
confidentiality, and availability of information
on the devices that store, manipulate, and
transmit the information through products,
people, and procedures
Security+ Guide to Network Security Fundamentals, Third Edition
9
Information Security Terminology
_____________
Something that has a ____________
______________
An event or object that may ___________________ in place and
result in ____________________________
_______________________
A _______________ that has the __________________________
Includes __________________ such as flood, earthquake etc
Includes man-made agents such a a _______________
____________________________
_____________ that allows a threat agent to _______________
_______________________ a weakness is known as __________
a security weakness
_______________________
The ______________ that a threat agent will _________________
Realistically, risk cannot ever be entirely eliminated
Security+ Guide to Network Security Fundamentals, Third Edition
10
Five Main Goals of Information Security
1. __________________________________
The theft of data is one of the ____________________
_________________ due to an attack
Example- data containing company research, list of
customers, list of salaries etc
Individuals can also be victims of data thievery
2. _________________________________
Identity theft involves __________________________
____________ to establish bank or credit card accounts
Cards are then left unpaid, leaving the victim with the debts
and ruining their credit rating
Best defense is to protect data from being stolen in the first
place
Security+ Guide to Network Security Fundamentals, Third Edition
11
Five Main Goals of Information Security
(continued)
3. ______________________________
A number of federal and state laws have been
enacted to protect the privacy of electronic data
_________________________________
______________________________________
Examples of laws:
HIPAA- deals with the protection of health information
Sarbanes-Oxley- fights corporate corruption
Security+ Guide to Network Security Fundamentals, Third Edition
12
Five Main Goals of Information Security
(continued)
4. ____________________________
_______________________________ such as
time and money away from normal activities
5. ________________________________
Cyberterrorism
_____________________________________________
_____________________________________________
___________________________________________
Prime targets
Utility, telecommunications, and financial services
companies
Security+ Guide to Network Security Fundamentals, Third Edition
13
Who Are the Attackers? _________
Generic sense: _______________________
or attempts to break into ________________
Narrow sense: a ____________________
_________________________ only to
expose security flaws
Possess ___________________________
Some hackers believe it is ethical- although
illegal- to break into another person’s computer
system as long as they do not commit theft,
vandalism, or breach any confidentiality
Security+ Guide to Network Security Fundamentals, Third Edition
14
Who Are the Attackers? ___________
Want to _____________________________
_____________________________
_______________________
Download _________________________
(scripts) from Web sites and use it to break
into computers
Script kiddies tend to be computer users who
have almost unlimited amounts of leisure time,
and therefore are often considered more
dangerous than hackers
Security+ Guide to Network Security Fundamentals, Third Edition
15
Who Are the Attackers? __________
Computer spy
A _____________________________________
________________________________
Spies are hired to attack a _____________
______________ that contains sensitive
information and _____________________
without drawing any attention to their actions
Possess _____________________________
Security+ Guide to Network Security Fundamentals, Third Edition
16
Who Are the Attackers? __________
One of the ____________________________ to a
business actually comes from its employees
Reasons:
An employee might want to ________________________
in their security
______________________ may be intent on retaliating
against the company
________________________________
__________________________________ into stealing
from employer
Security+ Guide to Network Security Fundamentals, Third Edition
17
Who Are the Attackers? _____________
A ______________________________
_______________ who are highly motivated
and ____________________, ___________,
and tenacious
Launch ______________________ against
financial networks, utility companies etc
Cybercriminals have a more focused goal:
____________________!
Security+ Guide to Network Security Fundamentals, Third Edition
18
Cybercrime
___________________________________,
unauthorized access to information, and the
__________________________
Financial cybercrime is often divided into two
categories
Trafficking in stolen credit card numbers and
financial information
Using spam to commit fraud
Security+ Guide to Network Security Fundamentals, Third Edition
19
Cyberterrorists
Motivation may be defined as ideology, or ________
_________________________________
May lie dormant for a period of time then strike without
warning
Goals of a cyberattack by cyberterrorists:
To ___________________________ and spread
misinformation and propaganda
To _______________________________________
To __________________________ into systems and
networks that result in critical infrastructure outages and
corruption of vital data
Security+ Guide to Network Security Fundamentals, Third Edition
20
Steps of an Attack
There are a wide variety of attacks that can be
launched against a computer or network
The ________________ are used in most attacks
1. ______________________ this ___________________ is
essential in ____________________________________
version of software etc.
2. _______________________ ex: breaking passwords
3. ________________________ AKA _________________
~ Allows attacker to _____________________________
more easily
4. ______________________________ use of compromised
system to attack other networks or computers
5. ___________________________ ex: delete or modify files,
steal data, launch a DoS attack
Security+ Guide to Network Security Fundamentals, Third Edition
21
Security+ Guide to Network Security Fundamentals, Third Edition
22
Defenses against Attacks
Protecting computers against the previous
steps in an attack calls for __________
fundamental security principles:
_________________________________ to
withstand an attack
Security+ Guide to Network Security Fundamentals, Third Edition
23
Fundamental Security Principles: Layering
Security system must have layers, making it
____________________________________
_______________________ of defenses
One defense mechanism may be relatively easy
for an attacker to circumvent
A _________________________ can also be
_________________________________
Layered security provides the ___________
______________________________
Security+ Guide to Network Security Fundamentals, Third Edition
24
Fundamental Security Principles: Limiting
Limiting access to information reduces the
threat against it
____________________________________
__________________________
In addition, the amount of access granted to
someone should be limited to ______________
______________________________
Some ways to limit access are technologybased, while others are procedural
Security+ Guide to Network Security Fundamentals, Third Edition
25
Fundamental Security Principles: Diversity
________________________________
If attackers penetrate one layer, they cannot use
the same techniques to break through all other
layers
Using diverse layers of defense means that
____________________________________
________________________________
Example- use of security products from different
vendors
Security+ Guide to Network Security Fundamentals, Third Edition
26
Fundamental Security Principles: Obscurity
AKA “Security by Obscurity”
_________________________________________
_________________________________________
can be an important way to protect information
An example of obscurity would be _____________
_______________________, software, and network
connection a computer uses
An attacker who knows that information can more easily
determine the weaknesses of the system to attack it
Security+ Guide to Network Security Fundamentals, Third Edition
27
Fundamental Security Principles: Simplicity
Information security is by its very nature
complex
Complex security systems can be hard to
understand, troubleshoot, and feel secure
about
As much as possible, a ________________
____________________________________
__________________ for a potential attacker
Complex security schemes are often
compromised by employees themselves to make
them easier for (trusted) users to work with
Security+ Guide to Network Security Fundamentals, Third Edition
28
Summary
Attacks against information security have grown
exponentially in recent years
There are several reasons why it is difficult to defend
against today’s attacks
Information security may be defined as that which
protects the integrity, confidentiality, and availability of
information on the devices that store, manipulate,
and transmit the information through products,
people, and procedures
The main goals of information security are to prevent
data theft, thwart identity theft, avoid the legal
consequences of not securing information, maintain
productivity, and foil cyberterrorism
Security+ Guide to Network Security Fundamentals, Third Edition
29
Summary (continued)
The types of people behind computer attacks
are generally divided into several categories
There are five general steps that make up an
attack: probe for information, penetrate any
defenses, modify security settings, circulate to
other systems, and paralyze networks and
devices
The demand for IT professionals who know
how to secure networks and computers from
attacks is at an all-time high
Security+ Guide to Network Security Fundamentals, Third Edition
30