Transcript Chapter 3
Chapter 3 Threats, Vulnerabilities, and Risk Exposure Introduction In Security planning an organization must first know what it needs to protect against Companies must be aware of type and severity of threats and vulnerabilities Vulnerability: Exposure to a risk or threat – see def on pg. 209 – Could be a weakness in HW, SW, or people – Could be IP protocol exposing a computer or user to an exploit or malware threat – What is an exploit? – Look at Cyberbrief on pg. 34 (top) Classification of Computer Threats and Vulnerabilities The taxonomy of threats and viruses is abbreviated (TTV) Intrusion: any type of intrusion, attack, or exploit Vulnerabilities exist b/c of human error Vulnerabilities exist b/c of complexity of sw that can result in misconfiguration, programming errors, flaws Most intrusions will fit into multiple categories – Hacker (external intruder) can send infected pgm (malware) in an e-mail to an employee (internal intermediary) who opens it b/c of enticing subject line (social engineering) which installs a backdoor (malware) to gain access to records (deliberate attack) for financial gain (economic motive) Uses of TTV The TTV is a guide to help understand an organizations risk exposure resulting from weaknesses in cyber defenses Can assist in estimating expected damages Intrusion Detection Systems introduced – when properly deployed can provide warnings indicating that system is under attack – Can look at all traffic in and out of network with IDS to stop internal and external intrusions An intrusion not detected and which persist for a long period of time can have higher expected cost that those detected early TTV (2) Direct attacks or targeted attacks will also have higher expected costs B/C there is such a diverse range of threats the design of defenses should include education, training, strict acceptable use policies, extensive auditing, and access controls Look at the TTV chart on pg. 35 How would you use it to assess a virus attack on campus? Look too at the end of the TTV on pg. 36? What can you think to do with this TTV if you work in an organization? Origin of the Intrusion or Threat External Threats and Vulnerabilities – You should read this section closely all terms may be on test – We’ve already discussed much of this section – Hackers, buffer overflow – Sophisticated Hackers, root access, sniffers, log file cleaners – Script Kiddies – Malware – Viruses, Worms, Trojan Horses, Backdoors, Web Hoaxes, and other ruses Internal threats and vulnerabilities – People, Current and former managers and ex employees – Look at numbers in this section on pg. 41 Problems in Dealing w/ Internal Threats Problems in dealing w/ internal threats (read parts of this paragraph) Internal Threats stemming from employees or other insiders Read through this list – Class, provide an example (or two) of each of these from what you know of or have heard in real life – The list continues onto pg. 43 Briefly look at Insider threats on pg. 43 Wireless Threats and Vulnerabilities Pg. 44 read last two paragraphs (especially) External Threats with Internal Intervention Social Engineering – A network intrusion technique based on trickery Look at 2nd paragraph Internet Protocol Vulnerabilities and Threats IP address forgery – The IP provides for two functions – A datagram that can be routed through the Internet, and provides a means for fragmenting those datagrams into packets for transport across the Internet and then reassemble them into the original datagrams at the destination computer Look at last paragraph of pg. 45 How can IP Address Forgery Be Used A method of deception To Conceal - identity To Camouflage – make a site appear to be another to convince victim attack is from a legitimate site To Deceive – trick victim into believing that an intrusion is somewhere else – Misdirect victimized organization into wasting limited resources Success of Hackers and Malware Read Complexity of Software and Configurations Review bulleted list on Why Hack Attacks Succeed so often pg. 47 Threats, Vulnerabilities, and First-Party and Third-Party Risks First-party risks are those that concern the company itself Third-party risks are threats to the company’s customers, suppliers, business partners or competitors that may seek legal redress by lawsuit You can review the lists of First-Party Risks and the list Third-Party Risks we have discussed most of this already this semester End of Chapter Look at Review Questions – All of them are excellent!!