1 / 95

SE 441 Information Systems Security

SE 441 Information Systems Security. Malicious Attacks, Threats, and Vulnerabilities. What Are You Trying to Protect?. In a word, you are trying to protect assets . An asset is any item that has value.

trent
Télécharger la présentation

SE 441 Information Systems Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SE 441Information Systems Security Malicious Attacks, Threats, and Vulnerabilities

  2. What Are You Trying to Protect? • In a word, you are trying to protect assets. • An asset is any item that has value. • Although all items in an organization have some value, the term asset generally applies to those items that have substantial value.

  3. What Are You Trying to Protect? • An organization’s assets can include the following: • IT and network infrastructure—Hardware, software, and services • Intellectual property—Sensitive data like patents, source code, formulas, or engineering plans • Finances and financial data—Bank accounts, credit card data, and financial transaction data • Service availability and productivity—The ability of computing services and software to support productivity for humans and machinery • Reputation—Corporate compliance and brand image

  4. IT and Network Infrastructure • Hardware and software are key pieces of any organization’s infrastructure. • Recall the seven domains of the IT infrastructure; Components in each domain may connect to a network or to the Internet, and can be vulnerable to malicious attacks. • Hardware and software damaged by malicious attacks such as Trojan horses or worms cost corporations time and money to lix or replace.

  5. IT and Network Infrastructure • Malicious attacks on hardware and software can also lead to more widespread problems. • These problems can include loss of critical data or theft of financial information or intellectual property. • Unprotected IT and network infrastructure assets can offer attackers and cybercriminals the widest opening to access sensitive resources.

  6. Intellectual Property • IP is the unique knowledge a business possesses that gives it a competitive advantage over similar companies in similar industries. • Examples of IP include such things as patents, drug formulas, engineeringplans, scientific formulas, and recipes. • In some cases, you can also consider business practices and processes to be intellectual property.

  7. Intellectual Property • Suppose a restaurant chain has a unique process for quickly preparing and delivering food. • If the rest of the industry knew about that process, it would remove the restaurant’s competitive advantage. • The core issue from an IT security perspective is protecting the theft of intellectual property and preventing its release to competitors or to the public.

  8. Intellectual Property • The theft of intellectual property can nullify an organization’s competitive advantage.

  9. Finances and Financial Data • Financial assets are among the highest-profile assets in any organization. • These assets can take various forms. • They can be real financial assets, such as bank accounts, trading accounts, purchasing accounts, corporate credit cards, and other direct sources of money or credit.

  10. Finances and Financial Data • Alternatively, they can be data that allows access to real financial assets. • Financial data can include customer credit card numbers, personal financial information, or usernames and passwords for banking or investment accounts. • Loss of financial assets due to malicious attacks is a worst-case scenario for all organi­zations.

  11. Service Availability and Productivity • Computer applications provide specific services that help organizations conduct business operations. • It is important that critical services be available for use when organizations need them. • Availability; Uptimeanddowntimeissues, considered in previouschapter • Unintentional downtime is usually the result of technical failure, human error, or attack.

  12. Reputation • One of the most important things that information security professionals try to protect is their organization's reputation and brand image. • For example, a security breach that allows attackers to steal customer credit card data and distribute them internationally would do significant harm to that company’s reputation and brand image.

  13. Hackers • Black-hat hackerstryto break IT security for the challenge and to prove technical prowess. • Black-hat hackers generally use special software tools to exploit vulnerabilities. • Black-hat hackers generally poke holes in systems, but do not attempt to disclose vulnerabilities they find to the administrators of those systems.

  14. Hackers • White-hat hackers, or ethical hackers, areinformation security or network professionalswho use various penetration-test tools to uncover vulner­abilities so they can be fixed.7 • The difference between white-hat hackers and black-hat hackers is that white-hat hackers are mainly concerned with finding weaknesses,for the purpose of fixing them, • Andblack-hat hackers want to find weaknesses just for the fun of it or to exploit them.

  15. Hackers • Gray-hat hacker—Also called a wannabe, is a hacker with average abilities who may one day become a black-hat hacker, but could also opt to become a white-hat hacker.

  16. Attack Tools • Protecting an organization’s computing resources requires that you have some idea what tools your enemy will be using. • Knowing how attackers work makes it possible to defend against their attacks. • In fact, many organizations use the same tools that attackers use to help identify weaknesses they need to address.

  17. Attack Tools • Computer criminals and malicious individuals use a number of hardware and software tools to help carry out attacks. • Vulnerability scanners • Port scanners • Sniffers • Wardialers • Keyloggers

  18. Attack Tools • Vulnerability scanners • Collectsinformation about any known weaknesses on a target computer or network. • The scanner works by sending specially crafted messages to select computers. • How a computer responds indicates whether a specific weakness exists. • Attackers use the results of these scans to decide what types of attacks would work best.

  19. Attack Tools • Port Scanners • Attackers also use port scanners to help identify weaknesses. Port scanners connect to a computer to determine which ports are open, or available to access the computer. • Port scanning enables attackers to see which ports are active on a computer, which helps them figure out which applications are running.

  20. Attack Tools • Port Scanners • Attackers can then use this infor­mation to design an attack for that computer. • For example. HTTP traffic commonly uses port 80. • If a port scanner determines that port 80 is open on a particular computer and that there is a service monitoring that port, then an attacker might deduce that a Web server is likely running on the computer and develop an attack accordingly.

  21. Attack Tools • Sniffers • Itis a software program that captures traffic as it travels across a network. • For attackers, passwords and private data are the most valuable information. • Sniffers come in hardware versions, software versions, or versions that are a combination or both. • Because a sniffer operates in an open mode, it is usually invisible to the user.

  22. Attack Tools • Wardialers • Before launching an attack, an attacker must identify the target. One way to do so is use a war dialer. • It is a computer program that dials telephone numbers, looking for a computer on the other end. • The program works by automatically dialing a defined range of phone numbers.

  23. Attack Tools • Wardialers • It then logs and enters into a database those numbers that successfully connect to the modem. • Some wardialers can also identify the operating system running on a computer, as well as conduct automated penetration testing. • In such cases, the wardialer runs through a predetermined list of common usernames and passwords in an attempt to gain access to the system.

  24. Attack Tools • Wardialers • Although wardialing is a rather old attack method, it is still useful for finding access points to computers. Many computer networks and voice systems have modems attached to phone lines. • These modems are often attached either for direct access for support purposes or by people attempting to bypass network-access restrictions. • Successfully connecting to a computer using a modem makes it possible to access the rest of the organization’s network.

  25. Attack Tools • Keyloggers • Itis a type of surveillance software that can record every keystroke a user makes with a keyboard to a log file. • The keylogger can then send the log file to a specified receiver or retrieve it mechanically. • Employers might use keyloggers to ensure that employees use work computers for business purposes only.

  26. Attack Tools • Keyloggers • However, spyware can also embed keylogger software, enabling it to transmit information to an unknown third party.

  27. What Is a Security Breach? • In spite of the most aggressive steps to protect computers from attacks, attackers sometimes get through. • Any event that results in a violation of any of the A-I-C security tenets is a security breach. • Some security breaches disrupt system services on purpose. • Others are accidental, and may result from hardware or software failures.

  28. What Is a Security Breach? • Regardless of whether a security breach is accidental or malicious, it can affect an organization’s ability to conduct business as well as the organization’s credibility.

  29. What Is a Security Breach? • Activities that can cause a security breach include the following: • Denial of service (DoS) attacks • Distributed denial of service (DDoS) attacks • Unacceptable Web-browsing behavior • Wiretapping • Use of a backdoor to access resources • Accidental data modifications

  30. Security Breach: Denial of Service (DoS) • (DoS) attacks result in legitimate users not having access to a system resource. • A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task. • This excessive activity makes the system unavailable to perform legitimate operations. • When a disk fills up, the system locks an account out. a computer crashes, or a CPU slows down, the result is denial of service

  31. Security Breach: Denial of Service (DoS) • DoS attacks generally originate from a single computer. • Two common types of DoS attacks are as follows: • Logic attacks—Logic attacks use software flaws to crash or seriously hinder the performance of remote servers. You can prevent many of these attacks by installing the latest patches to keep your software up to date. • Flooding attacks—Flooding attacks overwhelm the victim computer’s CPU, memory, or network resources by sending large numbers of useless requests to the machine.

  32. Security Breach: Denial of Service (DoS) • One of the best defenses against DoS attacks is to use intrusion prevention system (IPS) software or devices to detect and stop the attack. • Without a defense against DoS attacks, they can quickly overwhelm servers, desktops, and network hardware, slowing computing in your organization to a grinding halt. • In some cases, these attacks can cripple an entire infrastructure.

  33. Security Breach: Denial of Service (DoS) • Most DoS attacks target weaknesses in the overall system architecture rather than a software bug or security flaw. • Attackers can launch DoS attacks using common Internet protocols such as TCP and Internet Control Message Protocol (ICMP). • A DoS attack launched through one of these protocols can bring down one or more network servers or devices by flooding it with useless packets and providing false information about the status of network services.

  34. Security Breach: Denial of Service (DoS) • One of the popular techniques for launching a packet flood is a SYN flood. SYN is a TCP control bit used to synchronize sequence numbers. • In a SYN flood, the attacker sends a large number of packets requesting connections to the victim computer. • The victim computer records each request and reserves a place for the connection in a local table in memory. • The victim computer then sends an acknowledgment back to the attacker.

  35. Security Breach: Denial of Service (DoS) • The attacker never responds, the result being that the victim computer fills up its connec­tions table waiting for all the request acknowledgments. • In the meantime, no legitimate users can connect to the victim computer because the SYN llood has filled the connection table. • The victim computer will remain unavailable until the connection requests time out.

  36. Security Breach: Distributed Denial of Service (DDoS) • The DDoS attack is a type of DoS attack. • It involves flooding one or more target computers with false requests. • This overloads the computers and prevents legitimate users from gaining access. • In a DDoS attack, attackers hijack hundreds or even thousands of Internet computers, planting automated attack agents on those systems.

  37. Security Breach: Distributed Denial of Service (DDoS) • The attacker then instructs the agents to bombard the target site with forged messages. • This overloads the site and blocks legitimate traffic. • The key here is strength in numbers. • The attacker does more damage by distributing the attack across multiple computers.

  38. Security Breach: Distributed Denial of Service (DDoS) • Larger companies and universities tend to be attractive targets for attackers launching DDoS attacks. • Researchers have estimated that attackers issue thousands of DDoS attacks against networks each week. • This threat is so serious that preventing such attacks is a top priority in many organizations, including security product vendors.

  39. Security Breach: Unacceptable Web Browsing • Unacceptable Web browsing describes the use of a Web browser in an unacceptable manner. • Each organization should have an acceptable use policy (AUP) that clearly states what behavior is acceptable and what is not. • Unacceptable use can include unauthorized users searching files or storage directories for data and information they are not supposed to read, or users simply visiting prohibited Web sites.

  40. Security Breach: Wiretapping • Attackers can tap telephone lines and data-communication lines. • Wiretapping can be active, where the attacker makes modifications to the line. • It can also be passive, where an unauthorized user simply listens to the transmission without changing the contents.

  41. Security Breach: Wiretapping • Two methods of active wiretapping are as follows: • Between-the-lines wiretapping—This type of wiretapping does not alter the messages sent by the legitimate user, but inserts additional messages into the communication line when the legitimate user pauses. • Piggyback-entry wiretapping—This type of wiretapping intercepts and modifies the original message by breaking the communications line and routing the message to another computer that acts as a host.

  42. Security Breach: Wiretapping • Although the term wiretapping is generally associated with voice telephone communi­cations, attackers can also use wiretapping to intercept data communications. (sniffing)

  43. Security Breach: Backdoor • Software developers sometimes include hidden access methods in their programs, called backdoors. • Backdoors give developers or support personnel easy access to a system, without having to struggle with security controls. • The problem is that backdoors don’t always stay hidden.

  44. Security Breach: Backdoor • When an attacker discovers a backdoor, he or she can use it to bypass existing security controls such as passwords, encryption, and so on. • Where legitimate users log on through front doors using a user ID and password, attackers use backdoors to bypass these normal access controls.

  45. Security Breach: Backdoor • Attackers can also compromise a system by installing their own backdoor program on it. • Attackers can use this type of backdoor to bypass controls that the administrator has put in place to protect the computer system. • The netcat utility is one of the most popular backdoor tools in use today.

  46. Security Breach: Data Modifications • Problems with data integrity, including accidental partial data modifications and the storage of incorrect data values, can also cause a security breach. • An incompletemodification can occur when multiple processes attempt to update data without observing basic data-integrity constraints.

  47. Security Breach: Data Modifications • The best way to avoid data-modification issues is to validate data before storing it and to ensure that your programs adhere to strict data-integrity rules.

  48. Security Breach: Additional Security Challenges • Spam • Hoax • Spyware • Cookies

  49. Security Breach: Spam • Spam is unwanted e-mail or instant messages. • Most spam is commercial advertising— often for get-rich-quick schemes, dubious products, or other services. • Sending spam costs very little because the recipient covers most of the costs associated with spam.

  50. Security Breach: Spam • It costs money for ISPs and online services to transmit spam. • Processing large volumes of unwanted messages is expensive. • In addition, spamming forces the receiving user to waste administrative time on cleanup and monitoring of their received messages.

More Related