Information

Security

Information Security
Principles of Information Security, Michael E., Whitman &
Mattord, H. J., Cengage Learning, 2017.

1
Learning Objectives
• Demonstrate that organizations have a business need for
information security.
• Identify the threats posed to information security and the
more common attacks associated with those threats.

Information Security
2
Business Needs?
• Information security performs four important
functions for an organization:
1. Protecting the organization’s ability to function
2. Enabling the safe operation of applications

Information Security
running on the organization’s IT systems
3. Protecting the data the organization collects and
uses
4. Safeguarding the organization’s technology
assets
3
Organization Information security

• To protect Organization Information system:

1. Know yourself: that is, be familiar with the
information to be protected and the systems
that store, transport, and process it;

Information Security
2. know the threats you face

4
Threats
• a threat is an object, person, or other entity that
presents an ongoing danger to an asset.
• A potential for violation of security, which exists
when there is a circumstance, capability, action,

Information Security
or event, that could breach security and cause
harm.
• Threats are divided into fourteen general
categories that represent clear and present
dangers to an organization’s people, information,
and systems. 5
6

Information Security
Compromises of Intellectual
Property
• Intellectual property rights are the rights given to
persons over the creations of their minds.
• They usually give the creator an exclusive right over the
use of his/her creation for a certain period of time.

Information Security
• Intellectual property can be trade secrets, copyrights,
trademarks, and patents.
• The unauthorized appropriation of IP constitutes a threat
to information security.
• The most common IP breach is the unlawful use or
duplication of software-based intellectual property, more
commonly known as software piracy. 7
Compromises of Intellectual
Property
• Software licenses are strictly enforced by a number of
regulatory and private organizations, and software
publishers use several control mechanisms to prevent
copyright infringement.

Information Security
• Software & Information Industry Association (SIIA)
formerly known as the Software Publishers Association,
and the Business Software Alliance (BSA) are the two
watchdog organizations investigate allegations of
software abuse.
• Another effort to combat piracy is the online registration
8
process.
Deliberate Software Attack
• Deliberate software attacks occur when an individual or
group designs and deploys software to attack ,danger,
destroy, or deny service to the target systems.
• Most of this software is referred to as malicious code or

Information Security
malicious software, or sometimes malware.
• Viruses
• Worms
• Macros
• Trojan horses
• Logic bombs
• Back doors. 9
Virus
• A computer virus consists of segments of code that perform
malicious actions.
• The code attaches itself to an existing program and takes
control of that program’s access to the targeted computer.
• The virus-controlled target program then carries out the virus’s

Information Security
plan by replicating itself into additional targeted systems.
• Just as their namesakes are passed among living bodies,
computer viruses are passed from machine to machine via
physical media, e-mail, or other forms of computer data
transmission.
• Common methods of virus transmission is via e-mail
attachment files. 10
• Macro virus, boot virus
Worms
• A worm is a malicious program that replicates itself constantly,
without requiring another program environment.
• Worms can continue replicating themselves until they completely
fill available resources, such as memory, hard drive space, and
network bandwidth.

Information Security
• Worms can be initiated with or without the user downloading or
executing the file.
• Once the worm has infected a computer, it can redistribute itself to
all e-mail addresses found on the infected system.
• Furthermore, a worm can deposit copies of itself onto all Web
servers that the infected system can reach, so that users who
subsequently visit those sites become infected.
• can jump from one device to another through different means, be 11
that an email attachment, malicious link, or local area network
(LAN).
Trojan Horses
• Trojan horses are software programs that hide their true
nature and reveal their designed behavior only when
activated.
• Attacker hide malicious code within legitimate software

Information Security
to try and gain users' system access with their software.

12
Trojan Horses
• Prevention:
• Never download or install software from a source you don’t
trust completely
• Never open an attachment or run a program sent to you in an
email from someone you don’t know.

Information Security
• Keep all software on your computer up to date with the latest
patches
• Make sure a Trojan antivirus is installed and running on your
computer

13
 Information Security
14
Back Door or Trap Door
• A virus or worm can installs a back door or trap door
component in a system, which allows the attacker to access
the system at will with special privileges. Examples of these
kinds of payloads include Subseven and Back Orifice.

Information Security
15
Polymorphic Threats
• A polymorphic threat is one that over time changes the
way it appears to antivirus software programs, making it
undetectable by techniques.
• These viruses and worms actually evolve, changing their

Information Security
size and other external file characteristics to elude
detection by antivirus software programs.

16
Virus and Worm Hoaxes
• A hoax is not a virus. But we include hoaxes here
because they make reference to viruses.
• Hoaxes are false (virus) warnings.
• People can disrupt the harmony and flow of an

Information Security
organization when they send group e-mails warning of
supposedly dangerous viruses that don’t exist.

17
Deviation in Quality of Services
• Organization’s information system depends on the
operation of many interdependent support systems,
including power grids, telecom networks, parts suppliers,
service vendors, and even the janitorial staff and garbage
haulers.

Information Security
• This degradation of service is a form of availability
disruption.
• Following Irregularities that can affect the availability of
information and systems are:
• Internet Service Issues
• Communications and Other Service Provider Issues 18
• Power Irregularities
Espionage or trespass
• Espionage or trespass is a well-known and broad
category of electronic and human activities that can
breach the confidentiality of information.
• Unauthorized individual gains access to the information

Information Security
an organization is trying to protect.
• Attackers can use many different methods to access the
information stored in an information system.
• Some information gathering techniques are quite legal,
for example, using a Web browser to perform market
research. These legal techniques are called, collectively,
competitive intelligence. 19
Espionage or trespass
• When information gatherers employ techniques that
cross the threshold of what is legal or ethical, they are
conducting industrial espionage.
• Some forms of espionage are :

Information Security
• Shoulder surfing
• Hackers(Skilled, unskilled,
expert)

20
Forces of Nature
• Forces of nature, or acts of God can present some of the
most dangerous threat, usually occur with very little
warning and are beyond the control of people.
• Fires, floods, earthquakes, and lightning as well as
volcanic eruptions and insect infestations, can disrupt not

Information Security
only the lives of individuals but also the storage,
transmission, and use of information.
• Impossible to avoid force of nature threats, organizations
must implement controls to limit damage.
• Prepare contingency plans for continued operations, such
as disaster recovery plans, business continuity plans, and
incident response plans. 21
Information extortion
• Information extortion occurs when an attacker or trusted
insider steals information from a computer system and
demands compensation for its return or for an
agreement not to disclose it.

Information Security
22
Sabotage or vandalism
• Threat involves the deliberate sabotage of a computer system
or business, or acts of vandalism to either destroy an asset or
damage the image of an organization.

Information Security
23
Attack
• An attack is an act that takes advantage of a vulnerability to
compromise a controlled system.
• is a deliberate attempt to evade security services and violate
the security policy of a system.

Information Security
24
Types of attack
1. Malicious code
2. Hoaxes
3. Back Door
4. Password Cracks
5. Brute Force

Information Security
6. Dictionary
7. Denial-of-service (DoS) and Distributed-denial-of-service (DDoS)
8. Spoofing
9. Man in the middle Attcak
10. Spam
11. Mail Bombing
12. Sniffers
13. Social Engineering
14. Phishing 25
15. Pharming
16. Timing Attack
Malicious code
• Malicious code attack includes the execution of viruses,
worms, Trojan horses, and active Web scripts with the
intent to destroy or steal information.
• Spyware, Adware

Information Security
26
Hoaxes
• A more devious attack on computer systems is the
transmission of a virus hoax with a real virus attached.
• Attack is masked in a seemingly legitimate message,
unsuspecting users more readily distribute it.

Information Security
• Even though these users are trying to do the right thing
to avoid infection, they end up sending the attack on to
their coworkers and friends and infecting many users
along the way.

27
Backdoors
• Entry points to system by sidestepping authentication
process.
• known or previously unknown and newly discovered
access mechanism.

Information Security
• An attacker can gain access to a system or network
resource through a back doors.
• These entries are left behind by system designers or
maintenance staff, and thus are called trap doors.
• Hard to detect, because very often the programmer who
puts it in place also makes the access exempt from the
usual audit logging features of the system. 28
Password Cracks
• Attempting to reverse-calculate a password is often
called cracking.
• When a copy of the Security Account Manager (SAM)
data file, which contains hashed representation of the

Information Security
user’s password, can be obtained.
• A password can be hashed using the same algorithm and
compared to the hashed results. If same, the password
has been cracked.

29
Brute Force Attack
• Try every possible password combination is called a brute
force attack.
• often used to obtain passwords to commonly used
accounts, also called a password attack.

Information Security
• Password attacks are rarely successful against systems,
because of Controls that limit the number of
unsuccessful access attempts allowed per unit of elapsed
time are very effective against brute force attacks.

30
DoS and DDoS Attcak

• DoS attack is so many requests are made that the target

system becomes overloaded and cannot respond to
legitimate requests for service.
• System may crash or unable to perform ordinary functions.

Information Security
• A distributed denial of-service (DDoS) is an attack in which
a coordinated stream of requests is launched against a
target from many locations at the same time.
• DDoS attacks are preceded by a preparation phase in
which many systems, perhaps thousands, are
compromised.
• Any system connected to the Internet and providing TCP-
31
based network services (such as a Web server, FTP server,
or mail server) is vulnerable to DoS attacks.
 Information Security
32
Spoofing
• “the act of pretending to be someone, or copying the style of
someone or something “
• Spoofing is a technique used to gain unauthorized access to
computers, wherein the intruder sends messages with a
source IP address that has been forged to indicate that the

Information Security
messages are coming from a trusted host.
• Hackers use a variety of techniques to obtain trusted IP
addresses, and then modify the packet headers to insert these
forged addresses.
• Newer routers and firewall arrangements can offer protection
against IP spoofing.
33
Man in the Middle
• Man-in-the-middle or TCP hijacking attack, an attacker
monitors (or sniffs) packets from the network, modifies them,
and inserts them back into the network.

Information Security
34
Mail Bombing
• Another form of e-mail attack that is also a DoS is called
a mail bomb, in which an attacker routes large quantities
of e-mail to the target.
• Accomplished by means of social engineering (to be

Information Security
discussed shortly) or by exploiting various technical flaws
in the Simple Mail Transport Protocol (SMTP).
• Target of the attack receives an unmanageably large
volume of unsolicited e-mail.
• If many such systems are tricked into participating in the
event, the target e-mail address is buried under
thousands or even millions of unwanted e-mails. 35
Sniffers
• A sniffer is a program or device that can monitor data traveling
over a network.
• Sniffers can be used both for legitimate network management
functions and for stealing information.
• Impossible to detect and can be inserted almost anywhere.

Information Security
• A sniffer program shows all the data going by, including
passwords, the data inside files—such as word-processing
documents—and screens full of sensitive data from
applications.

36
Pharming
• Manipulates the Domain Name System
(DNS) to redirect a user's legitimate
request to a fraudulent website without
their knowledge.

Information Security
37
 Questions

Information Security
38