INTRODUCTION TO INFORMATION SYSTEMS TECHNOLOGY
Download
Report
Transcript INTRODUCTION TO INFORMATION SYSTEMS TECHNOLOGY
MANAGING SECURITY
(Week 15, Thursday 4/19/2007)
BUS3500 - Abdou Illia, Spring 2007
1
LEARNING GOALS
Discuss the major threats to information
systems.
Describe protection systems
Describe the major components of an
information systems security plan.
2
The Security Problem
2002 Computer Crime and Security Survey
90% of large companies and government
agencies reported computer security breach
80% reported sizeable financial loss
Only 40% indicated security attacks came from
outside the company
85% reported as victim of computer virus
3
Attack strategy 1
Scanning
Use Brute Force attack or Dictionary attack
Ping messages (To know if a potential victim exist)
Supervisory messages (To know if victim available)
Tracert, Traceroute (to know about security systems)
Check the Internet (e.g. www.cert.org) for latest systems
vulnerabilities
Trying millions of usernames and passwords
Use Social engineering strategy to get other
information
Tricking employees to provide passwords, keys and other info.
4
Attack strategy 2
Examining data that responses reveal
Users login names and password
IP addresses of potential victims
Potential victim’s operating systems, version number, etc.
Deciding types of attacks
What services servers are running; different services have
different weaknesses
DoS attacks using servers valid IP addresses
Ping of Death on servers with older operating systems
Illicit content attacks using identified Open Mail servers
System intrusion on improperly configured servers
Launch the attacks
5
Major security threats
Denial of Service (DoS) attacks
Content attack
The attacker makes a target (usually a server) deny
service to legitimate users
Sending messages with illicit or malicious content
System intrusion
Getting unauthorized access to a network
6
Tear Drop DoS
Sending a stream of request messages to the
target
Making the target run very slowly or crash
Objective is to have the target deny service to
legitimate users
Legitimate request
Legitimate user
DoS requests
Server
Legitimate request
Attacker
Legitimate user
http://www.netscantools.com/nstpro_netscanner.html
7
Ping of Death attacks
Take advantage of
Some operating systems inability to handle packets
larger than 65 536 bytes
Attacker sends request message that are larger
than 65,536 bytes (i.e. oversized packets)
Most operating systems have been fixed to
prevent this type of attack from occurring, but
occurred recently on Win Server 2003 systems
8
Defense against Tear Drop DoS
Usually, Tear Drop attack messages
Include Heading fields that might hide false
identity
IP-H
TCP-H
Application Layer Message
IP-H
UDP-H
Application Layer Message
Defense systems for protecting against DoS attacks are
designed to check message headers. Could be Packet
Firewalls or Intrusion Detection Systems (IDS)
9
Firewall?
A security system that implement an access
control policy between two networks
Usually between the corporate network and an
external network.
A firewall is configured to decide:
The types of messages that enters a network
The types of messages that leaves the network
10
Content attacks
Incoming messages with:
Malicious content (or malware)
Viruses (infect files on a single computer)
Worms (Propagate across system by themselves)
Trojan horses (programs designed to damage or take
control of the host computer)
Illicit content
Pornography
Sexually or racially harassing e-mails
Spams (unsolicited commercial e-mails)
Q: Besides through emails, how can a computer system be a victim11
of a virus, worm, or Trojan horse attack.
Trojan horse
A computer program
When executed, a Trojan horse could
That appears as a useful program like a
game, a screen saver, etc.
But, is really a program designed to damage
or take control of the host computer
Format disks
Delete files
Allow a remote computer to take control of
the host computer
NetBus and SubSeven used to be
attackers’ favorite programs for target
remote control
12
Trojan horse
NetBus Interface
13
Question
How could a computer system or a network
be a victim of malicious or illicit content
attacks?
14
Open Mail Server
Most content attack messages are sent through Open
Mail Servers
Improperly configured Mail Servers that accept fake
outgoing email addresses)
Q: How can you protect a stand-alone computer or a network
against malicious content attacks?
15
Open Mail Server
16
Protection against content attacks
Antivirus controls
Application Firewalls
Catch every incoming message to check for
illicit content in its data field
If illicit content detected, message is blocked
Checked Message
Legitimate Message
Illicit Message
Attacker
Application
Firewall
Target
17
System Intrusion
Gaining unauthorized access to a computer
system by an intruder
A hacker is an intruder who breaks into a
computer system to learn about it
Not to cause damage
Not to steal information
A cracker is an intruder who breaks into a
computer system to cause damage and/or to
steal information
Script kiddies are people with little
programming skills who use publicly available
software to breach into systems
18
Intrusion Detection Systems
Software or hardware device that
Capture network activity data in log files
Generate alarms in case of suspicious
activities
19
Information Security Plan
Goal: manage the risks and lessen the
possibility that security breach occurs
Three main aspects
1) Technical Security solution
2) Security policies and procedures
3) Security education program
20
Continued…
21
22
Risk Analysis
Assess what systems get what levels of
security
Two approaches
Quantitative
Estimate probability of threat and monetary loss
Qualitative
Determines each system’s importance and the
possible threats and vulnerabilities
Organization then ranks systems
23
Roles and Responsibilities
Determine who is responsible for the two
main aspects of system security
Information security (digital security)
Physical security
Chief Security Officer
Charged with maintaining both physical and
information security in large organizations
24
Systems Configuration
Details how an organization’s information
systems should be put together and connected
Poorly written software can be a major security
vulnerability
Software must be updated frequently
CERT Advisory Mailing List
Microsoft Windows Update
Software can be configured to locate updates
automatically
25
Antivirus Controls
Each virus or worm has a unique program
structure
Key aspect of relying on antivirus software
is ensuring that antivirus definitions are
up-to-date
Norton Antivirus definitions
Updating can be scheduled regularly and
automatically – Norton LiveUpdate
26
Physical Security
Physical access control – securing the
actual space where computer systems
reside
Physical controls apply to employees as
well as outsiders
Types of physical controls
Procedural
Mechanical
Biometric (fingerprints, iris scan, voice
recognition)
27
Network Security
Multiple layers
Passwords
Firewalls
Intrusion detection systems
Policies and procedures
Monitor corporate systems for patterns of suspicious
behavior
How often users must change passwords and prohibit the
reusing of passwords
Prescriptions for length and composition of passwords
Security education
28
Data Access
Details who should be given access to
what data
Access security
Modify security
29
Summary Questions
Malaga
Notes
1) What is an illicit content attack? What is the difference
between a virus, a worm, and a Trojan horse? How
could a stand-alone computer or a network be a victim
of an illicit content attack?
2)
What is an Open Mail server? How could you protect a
stand-alone computer or a network against illicit
content attacks? What does a firewall do?
3) What is meant by systems intrusion? What is the
difference between hackers, crackers, and script
kiddies?
4) What is Social engineering? What is Brute Force attack?
5) What is the goal of an Information Security plan? What
are the three main components of an Information
Security plan?
30