E-Learning -
Download
Report
Transcript E-Learning -
Fundamentals of Information
Systems Security
Lesson 1
Information Systems Security
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
www.jblearning.com
All rights reserved.
All rights reserved.
Page 1
Learning Objective
Explain the concepts of information
systems security (ISS) as applied to an IT
infrastructure.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 2
Key Concepts
Confidentiality, integrity, and availability (C-I-A)
concepts
Layered security solutions implemented for the
seven domains of a typical IT infrastructure
Common threats for each of the seven domains
IT security policy framework
Impact of data classification standard on the
seven domains
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 3
Introducing ISS
ISS
Information
Systems
Information
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 4
Introducing ISS
Information is a person’s private data, a company’s
intellectual property, or a country’s national security
interest.
Information Systems are the hardware, operating
system, software, and applications that make up a system
to provide access to information.
ISS (Information Systems Security) protects the system
and the information stored in the system. It also enables
transmission and archival of information. It also takes care
of accessibility of information to users. ISS deals with
risks, threats, and vulnerabilities.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 5
The C-I-A Triad
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 6
Confidentiality
Personal Data and Information
• Credit card account numbers and bank account numbers
• Social security numbers and address information
Intellectual Property
• Copyrights, patents, and secret formulas
• Source code, customer databases, and technical
specifications
National Security
• Military intelligence
• Homeland security and government-related information
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 7
Integrity
Maintain valid, uncorrupted, and accurate
information.
User names
and passwords
Patents and copyrights
Source code
Diplomatic information
Financial data
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 8
Integrity (Cont.)
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 9
Availability
X
X
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
X
Page 10
Availability
Availability refers to the measurement of time applied to how and whether
systems, applications, and data can be used.
Availability measurements include the following:
• Uptime: The total amount of time that a system, application, and data is
available for use. It is typically measured in seconds, minutes, and hours
per calendar month.
• Downtime: The total amount of time that a system, application, or data is
not available. This is also measured in seconds, minutes, and hours per
calendar month.
• Availability: (Total Uptime) divided by (Total Uptime + Total Downtime)
• Mean Time to Failure (MTTF): The average amount of time between
failures for a particular system. MTTF varies according to the type of system
being measured.
• Mean Time to Repair (MTTR): The average amount of time it takes to
repair a system, application, or component.
• Recovery Time Objective (RTO): The amount of time it takes to recover
and make systems, applications, and data available after an outage.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 11
Risks, Threats, and Vulnerabilities
Risk: The likelihood that something bad will happen
to an asset (e.g., loosing data, loosing business
after a disaster, failing to comply with laws or
regulations).
Threat: Any action that could damage an asset
(e.g., theft, fire, hacking)
Vulnerability: A weakness that allows a threat to be
realized or have an effect on an asset (e.g., not
painting the walls of computer center with material
to withstand fire, giving an important password to a
non-trustable employee)
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 12
Compliance Laws Driving ISS
Health Insurance Portability and
Accountability Act (HIPAA)
Sarbanes-Oxley (SOX) Act
Children’s Internet Protection Act (CIPA)
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 13
Compliance Laws Driving ISS
Corporations and other entities must comply with a number of
U.S. and international regulations related to data and privacy.
More focus on compliance means more focus on information
security, driving the demand for security professionals.
Cover the following:
• HIPAA requires healthcare providers to secure patient
data.
• SOX requires corporations to produce accurate and
reliable financial reports. It requires direct security controls
to protect the integrity of reporting.
• CIPA requires public schools to use and enforce an
Internet safety policy.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 14
IT Security Policy Framework
POLICY
Standard
A short written statement that defines a
course of action that applies to the entire
organization
A detailed written definition of how
software and hardware are to be used
Procedure
Written instructions for how to use
the policy and standard
Guideline
Suggested course of action for using
the policy, standard, or procedure
An IT security policy framework is a hierarchical framework for
documenting and implementing a set of IT security policies.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 15
Seven Domains of a Typical IT Infrastructure
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 16
Seven Domains of a Typical IT Infrastructure
User domain: Made up of typical IT users and the hardware, software, and
data they use
Workstation domain: The “desktop domain” where most users enter the IT
infrastructure
LAN domain: Small network organized by function or department, allowing
access to all resources on the LANs
LAN-to-WAN domain: The point at which the IT infrastructure joins a WAN
and the Internet
WAN domain: The point at which the WAN connects to other WANs via the
Internet
Remote Access domain: Connects remote employees and partners to the IT
infrastructure
Systems/Applications domain: Holds all of the mission-critical systems,
applications, and data
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 17
Common Threats in the User Domain
Lack of user awareness
User apathy toward policies
User violating security policy
User inserting CD/DVD/USB with
personal files
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 18
Mitigation of Common Threats in the User Domain
Lack of user awareness: Conduct security awareness
training, display security awareness posters, insert reminders
in banner greetings, and send e-mail reminders to employees.
User apathy toward policies: Conduct annual security
awareness training, implement AUP, update staff manual and
handbook, and discuss status during performance reviews.
User violating security policy: Place employee on
probation, review AUP and employee manual, and discuss
status during performance reviews.
User inserting CD/DVD/USB with personal files: Enable
automatic antivirus scans for inserted media drives, files, and
e-mail attachments. An antivirus scanning system examines
all new files on your computer’s hard drive for viruses. Enable
e-mail antivirus scanning for e-mails with attachments.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 19
Common Threats in the User
Domain (Continued)
User downloading photos, music, or videos
User destructing systems, applications, and
data
Disgruntled employee attacking organization
or committing sabotage
Employee blackmail or extortion
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 20
Mitigation of Common Threats in the User Domain (Continued)
User downloading photos, music, or videos: Enable content filtering and
antivirus scanning on e-mail attachments. Content filtering security
appliances configured to permit or deny specific domain names in
accordance with AUP definition.
User destructing systems, applications, and data: Restrict access for
users to only those systems, applications, and data needed to perform their
job. Minimize write or delete permissions to the data owner only.
Disgruntled employee attacking organization or committing sabotage:
Track and monitor abnormal employee behavior, erratic job performance,
and use of IT infrastructure during off-hours. Begin IT access control lockout
procedures based on AUP monitoring and compliance.
Employee blackmail or extortion: Track and monitor abnormal employee
behavior and use of IT infrastructure during off-hours. Enable intrusion
detection system/intrusion prevention system (IDS/IPS) monitoring for
sensitive employee positions and access. IDS/IPS security appliances
examine the Internet Protocol (IP) data streams for inbound and outbound
traffic. Alarms and alerts programmed within an IDS/IPS help identify
abnormal traffic and can block IP traffic per policy definition.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 21
Common Threats in the
Workstation Domain
Unauthorized workstation access
Unauthorized access to systems, applications,
and data
Desktop or laptop operating system
vulnerabilities
Desktop or laptop application software
vulnerabilities or patches
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 22
Mitigation of Common Threats in the Workstation Domain
Unauthorized workstation access: Enable password protection on
workstations for access.
Unauthorized access to systems, applications, and data: Define strict
access control policies, standards, procedures, and guidelines. Implement
a second-level test to verify a user’s right to gain access.
Desktop or laptop operating system vulnerabilities: Define workstation
operating system vulnerability window policy. A vulnerability window is the
gap in time that you leave a computer unpatched with a security update.
Start periodic workstation domain vulnerability tests to find gaps.
Desktop or laptop application software vulnerabilities or patches:
Define a workstation application software vulnerability window policy.
Update application software and security patches according to defined
policies, standards, procedures, and guidelines.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 23
Common Threats in the
Workstation Domain (Continued)
Viruses, malicious code, and other malware
User inserting CD/DVD/USB with personal
files
User downloading photos, music, or videos
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 24
Mitigation of Common Threats in the Workstation
Domain (Continued)
Viruses, malicious code, and other malware: Use workstation antivirus and
malicious code policies, standards, procedures, and guidelines. Enable an
automated antivirus protection solution that scans and updates individual
workstations with proper protection.
User inserting CD/DVD/USB with personal files: Deactivate all CD-ROM,
DVD, and USB ports. Enable automatic virus scans for all installed media
containing files.
User downloading photos, music, or videos: Enable user content filtering
and antivirus scanning at Internet entry and exit points. Enable workstation
auto-scans and auto-quarantine for unknown file types.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 25
Common Threats in the LAN
Domain
Unauthorized physical access to LAN
Unauthorized access to systems, applications,
and data
LAN server operating system vulnerabilities
LAN server application software vulnerabilities
and software patch
updates
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 26
Mitigation of Common Threats in the LAN Domain
Unauthorized physical access to LAN: Make sure wiring closets, data
centers, and computer rooms are secure. No access is there without proper
credentials.
Unauthorized access to systems, applications, and data: Strict access
control policies, standards, procedures, and guidelines should be
implemented. Second-level identity required to access sensitive systems,
applications, and data.
LAN server operating system vulnerabilities: Define vulnerability window
policies, standards, procedures, and guidelines. Conduct LAN domain
vulnerability assessments.
LAN server application software vulnerabilities and software patch
updates: Define a strict software vulnerability window policy requiring quick
software patching.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 27
Common Threats in the LAN
Domain (Continued)
Rogue users on WLANs
Confidentiality of data on WLANs
LAN server configuration guidelines and
standards
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 28
Mitigation of Common Threats in the LAN Domain (Continued)
Rogue users on WLANs: Eliminate rogue users from unauthorized access.
Use WLAN network keys that require a password for wireless access. Turn
off broadcasting on wireless access points (WAPs). Enable second-level
authentication prior to granting WLAN access.
Confidentiality of data on WLANs: Maintain confidentiality of data
transmissions. Implement encryption between workstation and WAP to
maintain confidentiality.
LAN server configuration guidelines and standards: LAN servers have
different hardware, operating systems, and software, making it difficult to
manage and troubleshoot consistently.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 29
Common Threats in the
LAN-to-WAN Domain
Unauthorized probing and port scanning
Unauthorized access
Internet Protocol (IP) router, firewall, and
network appliance operating system
vulnerability
Local users downloading
unknown file types from unknown
sources
WAN
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 30
Mitigation of Common Threats in the LAN-to-WAN Domain
Unauthorized probing and port scanning: Disable ping, probing,
and port scanning on all exterior IP devices within the LAN-to-WAN
domain. Ping uses the Internet Control Message Protocol (ICMP)
echo-request and echo-reply protocol. Disallow IP port numbers used
for probing and scanning and monitor with intrusion detection
system/intrusion prevention system (IDS/IPS).
Unauthorized access: Apply strict security monitoring controls for
intrusion detection and prevention. Monitor traffic and block it right
away if malicious.
IP router, firewall, and network appliance operating system
vulnerability: Define a strict zero-day vulnerability window definition.
Update devices with security fixes and software patches right away.
Local users downloading unknown file types from unknown
sources: Apply file transfer monitoring, scanning, and alarming for
unknown file types/sources.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 31
Common Threats in the WAN
Domain
Open, public, and accessible data
Most of the traffic being sent as clear text
Vulnerable to eavesdropping
Vulnerable to malicious attacks
Vulnerable to denial of service
WAN
(DoS) and distributed denial of
service (DDoS) attacks
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 32
Mitigation of Common Threats in the WAN Domain
Open, public, and accessible data: Apply AUPs modeled after RFC 1087,
Ethics and the Internet.
Most of the traffic being sent as clear text: Stop the use of the Internet for
private communications unless encryption and virtual private network (VPN)
tunnels are used. Enforce the organization’s data classification standard.
Vulnerable to eavesdropping: Use encryption and VPN tunneling for secure
IP communications.
Vulnerable to malicious attacks: Deploy layered LAN-to-WAN security
countermeasures.
Vulnerable to DoS and DDoS attacks: Apply filters on exterior IP stateful
firewalls and IP router WAN interfaces.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 33
Common Threats in the WAN
Domain (Continued)
Vulnerable to corruption of information and
data
Insecure Transmission Control
Protocol/Internet Protocol
(TCP/IP) applications
Hackers and attackers e-mailing
WAN
Trojans, worms, and malicious
software freely and constantly
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 34
Mitigation of Common Threats in the WAN Domain (Continued)
Vulnerable to corruption of information and data: Encrypt IP data
transmission with VPNs. Back up and store data in offline data vaults. Test
regularly.
Insecure TCP/IP applications: Never use TCP/IP applications for private
transmission without proper encryption. Create a network management
Virtual LAN (VLAN).
Hackers and attackers e-mailing Trojans, worms, and malicious
software freely and constantly: Scan all e-mail attachments for type,
antivirus, and malicious software at the LAN-to-WAN domain.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 35
Common Threats in the Remote
Access Domain
Brute-force user ID and password attacks
Multiple logon retries and access control attacks
Unauthorized remote access to
IT systems, applications, and data
Confidential data compromised
remotely
Internet
Data leakage in violation of data
classification standards
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 36
Mitigation of Common Threats in the Remote Access Domain
Brute force user ID and password attacks: Define user ID and password
policy definitions. Use of passwords must be strictly more than eight
characters and alphanumeric.
Multiple logon retries and access control attacks: Set automatic blocking
for attempted for logon retries.
Unauthorized remote access to IT systems, applications, and data: Apply
first-level and second-level security for remote access to sensitive systems
and data. http://www.cl.cam.ac.uk/~lp15/papers/Bella/certified-email.pdf
Confidential data compromised remotely: Encrypt all confidential data in
the database or hard drive. If the data is stolen, it’s encrypted and can’t be
used.
Data leakage in violation of data classification standards: Apply security
countermeasures in the LAN-to-WAN domain.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 37
Common Threats in the
Systems/Applications Domain
Unauthorized access to data centers, computer
rooms, and wiring closets
Difficult-to-manage servers that require high
availability
Server operating systems software
vulnerability management
Security required by cloud computing
virtual environments
Cloud
Corrupt or lost data
Computing
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 38
Mitigation of Common Threats in the
Systems/Applications Domain
Unauthorized access to data centers, computer rooms, and wiring
closets: Apply policies, standards, procedures, and guidelines for staff and
visitors to secure facilities.
Difficult-to-manage servers that require high availability: Create a system
that brings together servers, storage, and networking.
Server operating systems software vulnerability management: Define
vulnerability window for server operating system environments. Maintain
hardened production server operating systems.
Security required by cloud computing virtual environments: Implement
virtual firewalls and server segmentation on separate VLANs. A virtual firewall
is a software-based firewall used in virtual environments.
Corrupt or lost data: Implement daily data backups and off-site data storage
for monthly data archiving. Define data recovery procedures based on defined
Recovery Time Objectives (RTOs).
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 39
DISCOVER: PROCESS
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 40
Layered security solution to an IT infrastructure
• The next three slides explain the process of
applying a layered security solution to an IT
infrastructure and conforming to the C-I-A triad.
• The key point is how the process is a layered
solution in which all parts of the C-I-A triad are
served only when layered together across the
entire infrastructure.
• Security policy examples are given on the left of
each slide.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 41
Implementing the C-I-A Triad
Confidentiality
AUP
Security Awareness
Policy
Enhanced Access
Control
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 42
Implementing the C-I-A Triad
(Continued)
Integrity
AUP
Threat Assessment
and Monitoring
Security Awareness
Policy
Vulnerability Assessment
and Management
Enhanced Access Control
Asset Protection Policy
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 43
Implementing the C-I-A Triad
(Continued)
Data Classification
Standard
Availability
AUP
Threat Assessment
and Monitoring
Security Awareness
Policy
Vulnerability Assessment
and Management
Enhanced Access
Control
Asset Protection Policy
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 44
DISCOVER: ROLES
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 45
Who Implements the C-I-A Triad?
Confidentiality
User
IT administrator
Network
administrator
Human
resources
Senior
management
Fundamentals of Information Systems Security
Integrity
Availability
User
IT administrator
Network
administrator
Human
resources
Senior
management
IT administrator
Network
administrator
Third-party
vendor, for
example,
telecommunication
company
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 46
•DAD Triad
•Disclosure
•Alteration
•Denial
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 47
DISCOVER: RATIONALE
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 48
Cyberspace: The New Frontier
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 49
Conduct and Ethics in ISS
ISS is a classic battle of “good vs. evil.”
No global laws, rules, or regulations govern
cyberspace.
U.S. government and Internet Architecture
Board (IAB) have developed joint Internet
acceptable use policy (AUP).
Security professionals are in high demand as
the “good guys.”
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 50
Hacking and Ethical hacking
• In this lesson, you discovered the risks,
threats, and vulnerabilities within the seven
domains of a typical IT infrastructure. You
also learned that a proper security policy
framework includes comprehensive mitigation
strategies. One of the most common risks to
organizations comes from unauthorized access
via the LAN-to-WAN domain.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 51
Hacking and Ethical hacking
• Hackers, will first attempt to perform network
probing and port scanning to identify IP hosts,
open ports, and services that might be
vulnerable.
• Ethical hackers must follow the same route to
do “Performing Reconnaissance and Probing
Using Common Tools”, by using Wireshark to
capture and analyze network traffic, use
OpenVAS to scan a network, and review the
collected data using NetWitness Investigator.
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 52
Hacking and Ethical hacking
• To use OpenVAS to scan a network, visit:
http://www.openvas.org then choose OpenVas
via Greenbone for Windows and download it.`
• Review the collected data using NetWitness
Investigator. To install version 9.5 go to:
http://netwitnessinvestigator.software.informer.com/9.5/
Check this video:
http://www.emc.com/collateral/demos/microsites/
mediaplayer-video/rsa-advanced-cyber-defensepractice-cyber-attack-protection-emc.htm#!
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 53
Hacking and Ethical hacking
• Before using Wireshark to capture and
analyze network traffic, make sure that you
have WinPcap software on your machine.
• If you don’t have it visit:
http://www.winpcap.org and install version
4.1.3
• To use Wireshark visit:
http://www.wireshark.org
• Download the 32 bit version 1.12.0
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 54
Hacking and Ethical hacking
• Then the hackers will use Zenmap
(http://nmap.org/zenmap/) to perform a
targeted IP subnetwork Intense Scan, which
will identify what hosts are available on the
network, what services (application name and
version) those hosts are offering, what
operating systems (and OS versions) they are
running, and what type of packet filters or
firewalls are in use. Hackers perform this
same type of scan as part of their initial
reconnaissance to learn about a target before
an attack.”
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 55
Summary
Terms associated with ISS include risks,
threats, and vulnerabilities
Layered security strategy protects an IT
infrastructure’s C-I-A
IT policy framework includes policies,
standards, procedures, and guidelines
Data classification standard defines how data
is to be handled within an IT infrastructure
Fundamentals of Information Systems Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 56