SlideShare a Scribd company logo

network security lec2 ccns

Download as PPT, PDF
D
Danish Mahmood

This chapter introduces the concepts of security threats, goals, and countermeasures. It discusses common types of attackers like hackers, criminals, and insiders. Various attack methods are covered such as malware, hacking techniques, denial of service attacks, and social engineering. Specific examples like the TJX data breach are provided to illustrate security incidents. The chapter establishes an understanding of the threat landscape as a foundation for the rest of the book, which will focus on defensive security strategies.

1 of 57
Download to read offline
Chapter 1 Raymond R. Panko Corporate Computer and Network Security, 2nd Edition Copyright Pearson Prentice-Hall, 2010
 This is a book about security defense, not how to attack ◦ Defense is too complex to focus the book mostly on specific attacks  However, this first chapter looks at the threat environment—attackers and their attacks  Unless you understand the threats you face, you cannot prepare for defense  All subsequent chapters focus on defense Copyright Pearson Prentice-Hall 2010 2
 The Threat Environment ◦ The threat environment consists of the types of attackers and attacks that companies face Copyright Pearson Prentice-Hall 2010 3
 Security Goals ◦ Confidentiality  Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is traveling across a network. Copyright Pearson Prentice-Hall 2010 4
 Security Goals ◦ Integrity  Integrity means that attackers cannot change or destroy information, either while it is on a computer or while it is traveling across a network. Or, at least, if information is changed or destroyed, then the receiver can detect the change or restore destroyed data. Copyright Pearson Prentice-Hall 2010 5
 Security Goals ◦ Availability  Availability means that people who are authorized to use information are not prevented from doing so Copyright Pearson Prentice-Hall 2010 6
 Compromises ◦ Successful attacks ◦ Also called incidents ◦ Also called breaches (not breeches) Copyright Pearson Prentice-Hall 2010 7
 Countermeasures ◦ Tools used to thwart attacks ◦ Also called safeguards, protections, and controls ◦ Types of countermeasures  Preventative  Detective  Corrective Copyright Pearson Prentice-Hall 2010 8
 The TJX Companies, Inc. (TJX) ◦ A group of more than 2,500 retail stores companies operating in the United States, Canada, England, Ireland, and several other countries ◦ Does business under such names as TJ Maxx and Marshalls Copyright Pearson Prentice-Hall 2010 9
 Discovery ◦ On December 18, 2006, TJX detected “suspicious software” on its computer systems ◦ Called in security experts who confirmed an intrusion and probable data loss ◦ Notified law enforcement immediately ◦ Only notified consumers a month later to get time to fix system and to allow law enforcement to investigate Copyright Pearson Prentice-Hall 2010 10
 Discovery ◦ Two waves of attacks, in 2005 and 2006 ◦ Company estimated that 45.7 million records with limited personal information included ◦ Much more information was stolen on 455,000 of these customers Copyright Pearson Prentice-Hall 2010 11
 The Break-Ins ◦ Broke into poorly protected wireless networks in retail stores ◦ Used this entry to break into central processing system in Massachusetts ◦ Not detected despite long presence, 80 GB data exfiltration ◦ Canadian privacy commission: poor encryption, keeping data that should not have been kept Copyright Pearson Prentice-Hall 2010 12
 The Payment Card Industry-Data Security Standard (PCI-DSS) ◦ Rules for companies that accept credit card purchases ◦ If noncompliant, can lose the ability to process credit cards ◦ 12 required control objectives ◦ TJX knew it was not in compliance (later found to meet only 3 of 12 control objectives) ◦ Visa gave an extension to TJX in 2005, subject to progress report in June 2006 Copyright Pearson Prentice-Hall 2010 13
 The Fall-Out: Lawsuits and Investigations ◦ Settled with most banks and banking associations for $40.9 million to cover card reissuing and other costs ◦ Visa levied $880,000 fine, which may later have been increased or decreased ◦ Proposed settlement with consumers ◦ Under investigation by U.S. Federal Trade Commission and 37 state attorneys general ◦ TJX has prepared for damages of $256 million as of August 2007 Copyright Pearson Prentice-Hall 2010 14
 Employees and Ex-Employees Are Dangerous ◦ Dangerous because  They have knowledge of internal systems  They often have the permissions to access systems  They often know how to avoid detection  Employees generally are trusted ◦ IT and especially IT security professionals are the greatest employee threats (Qui custodiet custodes?) Copyright Pearson Prentice-Hall 2010 15
 Employee Sabotage ◦ Destruction of hardware, software, or data ◦ Plant time bomb or logic bomb on computer  Employee Hacking ◦ Hacking is intentionally accessing a computer resource without authorization or in excess of authorization ◦ Authorization is the key Copyright Pearson Prentice-Hall 2010 16
 Employee Financial Theft ◦ Misappropriation of assets ◦ Theft of money  Employee Theft of Intellectual Property (IP) ◦ Copyrights and patents (formally protected) ◦ Trade secrets: plans, product formulations, business processes, and other info that a company wishes to keep secret from competitors Copyright Pearson Prentice-Hall 2010 17
 Employee Extortion ◦ Perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim’s interest  Sexual or Racial Harassment of Other Employees ◦ Via e-mail ◦ Displaying pornographic material ◦ … Copyright Pearson Prentice-Hall 2010 18
 Internet Abuse ◦ Downloading pornography, which can lead to sexual harassment lawsuits and viruses ◦ Downloading pirated software, music, and video, which can lead to copyright violation penalties ◦ Excessive personal use of the Internet at work Copyright Pearson Prentice-Hall 2010 19
 Carelessness ◦ Loss of computers or data media containing sensitive information ◦ Careless leading to the theft of such information  Other “Internal” Attackers ◦ Contract workers ◦ Workers in contracting companies Copyright Pearson Prentice-Hall 2010 20
 Malware ◦ A generic name for any “evil software”  Viruses ◦ Programs that attach themselves to legitimate programs on the victim’s machine ◦ Spread today primarily by e-mail ◦ Also by instant messaging, file transfers, etc. Copyright Pearson Prentice-Hall 2010 21
 Worms ◦ Full programs that do not attach themselves to other programs ◦ Like viruses, can spread by e-mail, instant messaging, and file transfers Copyright Pearson Prentice-Hall 2010 22
 Worms ◦ In addition, direct-propagation worms can jump from one computer to another without human intervention on the receiving computer ◦ Computer must have a vulnerability for direct propagation to work ◦ Direct-propagation worms can spread extremely rapidly because they do not have to wait for users to act Copyright Pearson Prentice-Hall 2010 23
 Blended Threats ◦ Malware propagates in several ways—like worms, viruses, compromised webpages containing mobile code, etc.  Payloads ◦ Pieces of code that do damage ◦ Implemented by viruses and worms after propagation ◦ Malicious payloads are designed to do heavy damage Copyright Pearson Prentice-Hall 2010 24
 Nonmobile Malware ◦ Must be placed on the user’s computer through one of a growing number of attack techniques ◦ Placed on computer by hackers ◦ Placed on computer by virus or worm as part of its payload ◦ The victim can be enticed to download the program from a website or FTP site ◦ Mobile code executed on a webpage can download the nonmobile malware Copyright Pearson Prentice-Hall 2010 25
 Trojan Horses ◦ A program that replaces an existing system file, taking its name  Trojan Horses ◦ Remote Access Trojans (RATs)  Remotely control the victim’s PC ◦ Downloaders  Small Trojan horses that download larger Trojan horses after the downloader is installed Copyright Pearson Prentice-Hall 2010 26
 Trojan Horses ◦ Spyware  Programs that gather information about you and make it available to the adversary  Cookies that store too much sensitive personal information  Keystroke loggers  Password-stealing spyware  Data mining spyware Copyright Pearson Prentice-Hall 2010 27
 Trojan Horses ◦ Rootkits  Take control of the super user account (root, administrator, etc.)  Can hide themselves from file system detection  Can hide malware from detection  Extremely difficult to detect (ordinary antivirus programs find few rootkits) Copyright Pearson Prentice-Hall 2010 28
 Mobile Code ◦ Executable code on a webpage ◦ Code is executed automatically when the webpage is downloaded ◦ Javascript, Microsoft Active-X controls, etc. ◦ Can do damage if computer has vulnerability Copyright Pearson Prentice-Hall 2010 29
 Social Engineering in Malware ◦ Social engineering is attempting to trick users into doing something that goes against security policies ◦ Several types of malware use social engineering  Spam  Phishing  Spear phishing (aimed at individuals or specific groups)  Hoaxes Copyright Pearson Prentice-Hall 2010 30
 Traditional Hackers ◦ Motivated by thrill, validation of skills, sense of power ◦ Motivated to increase reputation among other hackers ◦ Often do damage as a byproduct ◦ Often engage in petty crime Copyright Pearson Prentice-Hall 2010 31
 Anatomy of a Hack ◦ Reconnaissance probes (Figure 1-8)  IP address scans to identify possible victims  Port scans to learn which services are open on each potential victim host Copyright Pearson Prentice-Hall 2010 32
Copyright Pearson Prentice-Hall 2010 33 Corporate Site 128.171.17.13 128.171.17.47 Attacker 1. IP Address Scanning Packet Response Conf irms a Host at 128.171.17.13 3. Exploit Packet 128.171.17.22 2. Port Scanning Packet to Identif y Running Applications
 Anatomy of a Hack ◦ The exploit  The specific attack method that the attacker uses to break into the computer is called the attacker’s exploit  The act of implementing the exploit is called exploiting the host Copyright Pearson Prentice-Hall 2010 34
Copyright Pearson Prentice-Hall 2010 35 128.171.17.13 128.171.17.47 Attacker 1. Spoof ed Packet to 128.171.17.13 Source IP address = 128.171.17.47 Instead of 10.6.4.3 10.6.4.3 2. Reply goes to Host 128.171.17.47 IP Address Spoof ing Hides the Attacker's Identity . But Replies do Not Go to the Attacker, So IP address Spoof ing Cannot be Used f or All Purposes
 Chain of attack computers (Figure 1-10) ◦ The attacker attacks through a chain of victim computers ◦ Probe and exploit packets contain the source IP address of the last computer in the chain ◦ The final attack computer receives replies and passes them back to the attacker ◦ Often, the victim can trace the attack back to the final attack computer ◦ But the attack usually can only be traced back a few computers more Copyright Pearson Prentice-Hall 2010 36
Copyright Pearson Prentice-Hall 2010 37 Target Host 60.168.47.47 Attacker 1.34.150.37 Compromised Attack Host 3.35.126.7 Compromised Attack Host 123.125.33.101 Usually Can Only Trace Attack to Direct Attacker (123.125.33.101) or Second Direct Attacker (3.35.126.7) Log In Log In Attack Command For probes whose replies must be received, attacker sends probes through a chain of attack computers. Victim only knows the identity of the last compromised host (123.125.33.101) Not that of the attacker
 Social Engineering ◦ Social engineering is often used in hacking  Call and ask for passwords and other confidential information  E-mail attack messages with attractive subjects  Piggybacking  Shoulder surfing  Pretexting  Etc. ◦ Often successful because it focuses on human weaknesses instead of technological weaknesses Copyright Pearson Prentice-Hall 2010 38
 Denial-of-Service (DoS) Attacks ◦ Make a server or entire network unavailable to legitimate users ◦ Typically send a flood of attack messages to the victim ◦ Distributed DoS (DDoS) Attacks (Figure 1-11)  Bots flood the victim with attack packets  Attacker controls the bot Copyright Pearson Prentice-Hall 2010 39
Copyright Pearson Prentice-Hall 2010 40 Victim Attacker Bot Bot Bot Attack Command Attack Packets Attack Packets Attack PacketsAttack Command Attack Command
 Bots ◦ Updatable attack programs (Figure 1-12) ◦ Botmaster can update the software to change the type of attack the bot can do  May sell or lease the botnet to other criminals ◦ Botmaster can update the bot to fix bugs Copyright Pearson Prentice-Hall 2010 41
Copyright Pearson Prentice-Hall 2010 42 DOSVictim Botmaster Bot Bot Bot 1. DoSAttack Command 1. DoSAttack Packets 2. Spam E-Mail 2. Software update for Spam 3. Software update to f ix bug in the attack software 2. Spam E-Mail SpamVictims
 Skill Levels ◦ Expert attackers are characterized by strong technical skills and dogged persistence ◦ Expert attackers create hacker scripts to automate some of their work ◦ Scripts are also available for writing viruses and other malicious software Copyright Pearson Prentice-Hall 2010 43
 Skill Levels ◦ Script kiddies use these scripts to make attacks ◦ Script kiddies have low technical skills ◦ Script kiddies are dangerous because of their large numbers Copyright Pearson Prentice-Hall 2010 44
Copyright Pearson Prentice-Hall 2010 45  The Criminal Era ◦ Today, most attackers are career criminals with traditional criminal motives ◦ Adapt traditional criminal attack strategies to IT attacks (fraud, etc.)
Copyright Pearson Prentice-Hall 2010 46  The Criminal Era ◦ Many cybercrime gangs are international  Makes prosecution difficult  Dupe citizens of a country into being transshippers of fraudulently purchased goods to the attacker in another country ◦ Cybercriminals use black market forums  Credit card numbers and identity information  Vulnerabilities  Exploit software (often with update contracts)
Copyright Pearson Prentice-Hall 2010 47  Fraud ◦ In fraud, the attacker deceives the victim into doing something against the victim’s financial self- interest ◦ Criminals are learning to conduct traditional frauds and new frauds over networks ◦ Also, new types of fraud, such as click fraud
Copyright Pearson Prentice-Hall 2010 48  Financial and Intellectual Property Theft ◦ Steal money or intellectual property they can sell to other criminals or to competitors  Extortion ◦ Threaten a DoS attack or threaten to release stolen information unless the victim pays the attacker
Copyright Pearson Prentice-Hall 2010 49  Stealing Sensitive Data about Customers and Employees ◦ Carding (credit card number theft) ◦ Bank account theft ◦ Online stock account theft ◦ Identity theft  Steal enough identity information to represent the victim in large transactions, such as buying a car or even a house
Copyright Pearson Prentice-Hall 2010 50  Corporate Identity Theft ◦ Steal the identity of an entire corporation ◦ Accept credit cards on behalf of the corporation ◦ Pretend to be the corporation in large transactions ◦ Can even take ownership of the corporation
 Commercial Espionage ◦ Attacks on confidentiality ◦ Public information gathering  Company website and public documents  Facebook pages of employees, etc. ◦ Trade secret espionage  May only be litigated if a company has provided reasonable protection for those secrets  Reasonableness reflects the sensitivity of the secret and industry security practices Copyright Pearson Prentice-Hall 2010 51
 Commercial Espionage ◦ Trade secret theft approaches  Theft through interception, hacking, and other traditional cybercrimes  Bribe an employee  Hire your ex-employee and soliciting or accept trade secrets ◦ National intelligence agencies engage in commercial espionage Copyright Pearson Prentice-Hall 2010 52
 Denial-of-Service Attacks by Competitors ◦ Attacks on availability ◦ Rare but can be devastating Copyright Pearson Prentice-Hall 2010 53
 Cyberwar and Cyberterror ◦ Attacks by national governments (cyberwar) ◦ Attacks by organized terrorists (cyberterror) ◦ Nightmare threats ◦ Potential for far greater attacks than those caused by criminal attackers Copyright Pearson Prentice-Hall 2010 54
 Cyberwar ◦ Computer-based attacks by national governments ◦ Espionage ◦ Cyber-only attacks to damage financial and communication infrastructure ◦ To augment conventional physical attacks  Attack IT infrastructure along with physical attacks (or in place of physical attacks)  Paralyze enemy command and control  Engage in propaganda attacks Copyright Pearson Prentice-Hall 2010 55
 Cyberterror ◦ Attacks by terrorists or terrorist groups ◦ May attack IT resources directly ◦ Use the Internet for recruitment and coordination ◦ Use the Internet to augment physical attacks  Disrupt communication among first responders  Use cyberattacks to increase terror in physical attacks ◦ Turn to computer crime to fund their attacks Copyright Pearson Prentice-Hall 2010 56
network security lec2 ccns
Ad

Recommended

Chapter11
Chapter11Chapter11
Chapter11
Izaham
 
Computer security and
Computer security andComputer security and
Computer security and
Rana Usman Sattar
 
Discovering Computers: Chapter 11
Discovering Computers: Chapter 11Discovering Computers: Chapter 11
Discovering Computers: Chapter 11
Anna Stirling
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacy
malik1972
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
Adeel Khurram
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
eiramespi07
 
Computer security
Computer securityComputer security
Computer security
RoshanMaharjan13
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
Saqib Raza
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
Mohsin Riaz
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
Aditya Singh Rana
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
Sifat Hossain
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
Ardit Meti
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
Stefano Maria De' Rossi
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2
Royalzig Luxury Furniture
 
Computer Security
Computer SecurityComputer Security
Computer Security
Vaibhavi Patel
 
Information security
Information securityInformation security
Information security
Vijayananda Mohire
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
Online
 
Computer security privacy and ethics
Computer security privacy and ethicsComputer security privacy and ethics
Computer security privacy and ethics
geneveve_
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
Murray Security Services
 
The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking
- Mark - Fullbright
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
anonymousrider
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
Sweta Kumari Barnwal
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
Mohd Khairil Borhanudin
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
swapneel07
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Study on Zeus Banking Malware
Study on Zeus Banking MalwareStudy on Zeus Banking Malware
Study on Zeus Banking Malware
Shaik Anisa
 
Dos and Dont to be followed to protect information and technology
Dos and Dont to be followed to protect information and technologyDos and Dont to be followed to protect information and technology
Dos and Dont to be followed to protect information and technology
ssuser3baba2
 
Network security
Network securityNetwork security
Network security
mena kaheel
 
Ad

More Related Content

What's hot (20)

Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
Mohsin Riaz
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
Aditya Singh Rana
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
Sifat Hossain
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
Ardit Meti
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
Stefano Maria De' Rossi
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2
Royalzig Luxury Furniture
 
Computer Security
Computer SecurityComputer Security
Computer Security
Vaibhavi Patel
 
Information security
Information securityInformation security
Information security
Vijayananda Mohire
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
Online
 
Computer security privacy and ethics
Computer security privacy and ethicsComputer security privacy and ethics
Computer security privacy and ethics
geneveve_
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
Murray Security Services
 
The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking
- Mark - Fullbright
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
anonymousrider
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
Sweta Kumari Barnwal
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
Mohd Khairil Borhanudin
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
swapneel07
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Study on Zeus Banking Malware
Study on Zeus Banking MalwareStudy on Zeus Banking Malware
Study on Zeus Banking Malware
Shaik Anisa
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
Mohsin Riaz
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
Aditya Singh Rana
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
Sifat Hossain
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
Ardit Meti
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
Stefano Maria De' Rossi
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2
Royalzig Luxury Furniture
 
Computer Security
Computer SecurityComputer Security
Computer Security
Vaibhavi Patel
 
Information security
Information securityInformation security
Information security
Vijayananda Mohire
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
Online
 
Computer security privacy and ethics
Computer security privacy and ethicsComputer security privacy and ethics
Computer security privacy and ethics
geneveve_
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
Murray Security Services
 
The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking
- Mark - Fullbright
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
anonymousrider
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
Sweta Kumari Barnwal
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
Mohd Khairil Borhanudin
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
swapneel07
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Study on Zeus Banking Malware
Study on Zeus Banking MalwareStudy on Zeus Banking Malware
Study on Zeus Banking Malware
Shaik Anisa
 

Similar to network security lec2 ccns (20)

Dos and Dont to be followed to protect information and technology
Dos and Dont to be followed to protect information and technologyDos and Dont to be followed to protect information and technology
Dos and Dont to be followed to protect information and technology
ssuser3baba2
 
Network security
Network securityNetwork security
Network security
mena kaheel
 
2.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-112.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-11
mrmwood
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
shreyas dani
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
SujanTimalsina5
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
ZeeshanMajeed15
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
EndAlk15
 
Chapter 5.pptx
Chapter 5.pptxChapter 5.pptx
Chapter 5.pptx
Wollo UNiversity
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
SonakshiMundra
 
Week_7.pptx Computer science topic 7 Notes
Week_7.pptx Computer science topic 7 NotesWeek_7.pptx Computer science topic 7 Notes
Week_7.pptx Computer science topic 7 Notes
FrancisOdoom5
 
Notacd02
Notacd02Notacd02
Notacd02
Azmiah Mahmud
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
nazar60
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
Adebisi Tolulope
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
Bret Piatt
 
Notacd02
Notacd02Notacd02
Notacd02
cikgushaharizan
 
Lecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer ScienceLecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer Science
maqib8373
 
Information security
Information securityInformation security
Information security
IshaRana14
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Salma Zafar
 
Cyber security & Data Protection
Cyber security & Data ProtectionCyber security & Data Protection
Cyber security & Data Protection
Dr. Hemant Kumar Singh
 
Dos and Dont to be followed to protect information and technology
Dos and Dont to be followed to protect information and technologyDos and Dont to be followed to protect information and technology
Dos and Dont to be followed to protect information and technology
ssuser3baba2
 
Network security
Network securityNetwork security
Network security
mena kaheel
 
2.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-112.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-11
mrmwood
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
shreyas dani
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
SujanTimalsina5
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
ZeeshanMajeed15
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
EndAlk15
 
Chapter 5.pptx
Chapter 5.pptxChapter 5.pptx
Chapter 5.pptx
Wollo UNiversity
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
SonakshiMundra
 
Week_7.pptx Computer science topic 7 Notes
Week_7.pptx Computer science topic 7 NotesWeek_7.pptx Computer science topic 7 Notes
Week_7.pptx Computer science topic 7 Notes
FrancisOdoom5
 
Notacd02
Notacd02Notacd02
Notacd02
Azmiah Mahmud
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
nazar60
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
Adebisi Tolulope
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
Bret Piatt
 
Notacd02
Notacd02Notacd02
Notacd02
cikgushaharizan
 
Lecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer ScienceLecture 01 Information Security BS computer Science
Lecture 01 Information Security BS computer Science
maqib8373
 
Information security
Information securityInformation security
Information security
IshaRana14
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Salma Zafar
 
Cyber security & Data Protection
Cyber security & Data ProtectionCyber security & Data Protection
Cyber security & Data Protection
Dr. Hemant Kumar Singh
 
Ad

More from Danish Mahmood (7)

CCFDS - Thesis II PPT.pptx
CCFDS - Thesis II PPT.pptxCCFDS - Thesis II PPT.pptx
CCFDS - Thesis II PPT.pptx
Danish Mahmood
 
PROJECT POSTER TEM.pptx
PROJECT POSTER TEM.pptxPROJECT POSTER TEM.pptx
PROJECT POSTER TEM.pptx
Danish Mahmood
 
GSM Architecture.ppt
GSM Architecture.ppt GSM Architecture.ppt
GSM Architecture.ppt
Danish Mahmood
 
SG Data analytics.pptx
SG Data analytics.pptxSG Data analytics.pptx
SG Data analytics.pptx
Danish Mahmood
 
block chain.pptx
block chain.pptxblock chain.pptx
block chain.pptx
Danish Mahmood
 
One way functions and trapdoor functions.pptx
One way functions and trapdoor functions.pptxOne way functions and trapdoor functions.pptx
One way functions and trapdoor functions.pptx
Danish Mahmood
 
Mcse notes
Mcse notesMcse notes
Mcse notes
Danish Mahmood
 
CCFDS - Thesis II PPT.pptx
CCFDS - Thesis II PPT.pptxCCFDS - Thesis II PPT.pptx
CCFDS - Thesis II PPT.pptx
Danish Mahmood
 
PROJECT POSTER TEM.pptx
PROJECT POSTER TEM.pptxPROJECT POSTER TEM.pptx
PROJECT POSTER TEM.pptx
Danish Mahmood
 
GSM Architecture.ppt
GSM Architecture.ppt GSM Architecture.ppt
GSM Architecture.ppt
Danish Mahmood
 
SG Data analytics.pptx
SG Data analytics.pptxSG Data analytics.pptx
SG Data analytics.pptx
Danish Mahmood
 
block chain.pptx
block chain.pptxblock chain.pptx
block chain.pptx
Danish Mahmood
 
One way functions and trapdoor functions.pptx
One way functions and trapdoor functions.pptxOne way functions and trapdoor functions.pptx
One way functions and trapdoor functions.pptx
Danish Mahmood
 
Mcse notes
Mcse notesMcse notes
Mcse notes
Danish Mahmood
 
Ad

Recently uploaded (19)

Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 

network security lec2 ccns

  • 1. Chapter 1 Raymond R. Panko Corporate Computer and Network Security, 2nd Edition Copyright Pearson Prentice-Hall, 2010
  • 2.  This is a book about security defense, not how to attack ◦ Defense is too complex to focus the book mostly on specific attacks  However, this first chapter looks at the threat environment—attackers and their attacks  Unless you understand the threats you face, you cannot prepare for defense  All subsequent chapters focus on defense Copyright Pearson Prentice-Hall 2010 2
  • 3.  The Threat Environment ◦ The threat environment consists of the types of attackers and attacks that companies face Copyright Pearson Prentice-Hall 2010 3
  • 4.  Security Goals ◦ Confidentiality  Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is traveling across a network. Copyright Pearson Prentice-Hall 2010 4
  • 5.  Security Goals ◦ Integrity  Integrity means that attackers cannot change or destroy information, either while it is on a computer or while it is traveling across a network. Or, at least, if information is changed or destroyed, then the receiver can detect the change or restore destroyed data. Copyright Pearson Prentice-Hall 2010 5
  • 6.  Security Goals ◦ Availability  Availability means that people who are authorized to use information are not prevented from doing so Copyright Pearson Prentice-Hall 2010 6
  • 7.  Compromises ◦ Successful attacks ◦ Also called incidents ◦ Also called breaches (not breeches) Copyright Pearson Prentice-Hall 2010 7
  • 8.  Countermeasures ◦ Tools used to thwart attacks ◦ Also called safeguards, protections, and controls ◦ Types of countermeasures  Preventative  Detective  Corrective Copyright Pearson Prentice-Hall 2010 8
  • 9.  The TJX Companies, Inc. (TJX) ◦ A group of more than 2,500 retail stores companies operating in the United States, Canada, England, Ireland, and several other countries ◦ Does business under such names as TJ Maxx and Marshalls Copyright Pearson Prentice-Hall 2010 9
  • 10.  Discovery ◦ On December 18, 2006, TJX detected “suspicious software” on its computer systems ◦ Called in security experts who confirmed an intrusion and probable data loss ◦ Notified law enforcement immediately ◦ Only notified consumers a month later to get time to fix system and to allow law enforcement to investigate Copyright Pearson Prentice-Hall 2010 10
  • 11.  Discovery ◦ Two waves of attacks, in 2005 and 2006 ◦ Company estimated that 45.7 million records with limited personal information included ◦ Much more information was stolen on 455,000 of these customers Copyright Pearson Prentice-Hall 2010 11
  • 12.  The Break-Ins ◦ Broke into poorly protected wireless networks in retail stores ◦ Used this entry to break into central processing system in Massachusetts ◦ Not detected despite long presence, 80 GB data exfiltration ◦ Canadian privacy commission: poor encryption, keeping data that should not have been kept Copyright Pearson Prentice-Hall 2010 12
  • 13.  The Payment Card Industry-Data Security Standard (PCI-DSS) ◦ Rules for companies that accept credit card purchases ◦ If noncompliant, can lose the ability to process credit cards ◦ 12 required control objectives ◦ TJX knew it was not in compliance (later found to meet only 3 of 12 control objectives) ◦ Visa gave an extension to TJX in 2005, subject to progress report in June 2006 Copyright Pearson Prentice-Hall 2010 13
  • 14.  The Fall-Out: Lawsuits and Investigations ◦ Settled with most banks and banking associations for $40.9 million to cover card reissuing and other costs ◦ Visa levied $880,000 fine, which may later have been increased or decreased ◦ Proposed settlement with consumers ◦ Under investigation by U.S. Federal Trade Commission and 37 state attorneys general ◦ TJX has prepared for damages of $256 million as of August 2007 Copyright Pearson Prentice-Hall 2010 14
  • 15.  Employees and Ex-Employees Are Dangerous ◦ Dangerous because  They have knowledge of internal systems  They often have the permissions to access systems  They often know how to avoid detection  Employees generally are trusted ◦ IT and especially IT security professionals are the greatest employee threats (Qui custodiet custodes?) Copyright Pearson Prentice-Hall 2010 15
  • 16.  Employee Sabotage ◦ Destruction of hardware, software, or data ◦ Plant time bomb or logic bomb on computer  Employee Hacking ◦ Hacking is intentionally accessing a computer resource without authorization or in excess of authorization ◦ Authorization is the key Copyright Pearson Prentice-Hall 2010 16
  • 17.  Employee Financial Theft ◦ Misappropriation of assets ◦ Theft of money  Employee Theft of Intellectual Property (IP) ◦ Copyrights and patents (formally protected) ◦ Trade secrets: plans, product formulations, business processes, and other info that a company wishes to keep secret from competitors Copyright Pearson Prentice-Hall 2010 17
  • 18.  Employee Extortion ◦ Perpetrator tries to obtain money or other goods by threatening to take actions that would be against the victim’s interest  Sexual or Racial Harassment of Other Employees ◦ Via e-mail ◦ Displaying pornographic material ◦ … Copyright Pearson Prentice-Hall 2010 18
  • 19.  Internet Abuse ◦ Downloading pornography, which can lead to sexual harassment lawsuits and viruses ◦ Downloading pirated software, music, and video, which can lead to copyright violation penalties ◦ Excessive personal use of the Internet at work Copyright Pearson Prentice-Hall 2010 19
  • 20.  Carelessness ◦ Loss of computers or data media containing sensitive information ◦ Careless leading to the theft of such information  Other “Internal” Attackers ◦ Contract workers ◦ Workers in contracting companies Copyright Pearson Prentice-Hall 2010 20
  • 21.  Malware ◦ A generic name for any “evil software”  Viruses ◦ Programs that attach themselves to legitimate programs on the victim’s machine ◦ Spread today primarily by e-mail ◦ Also by instant messaging, file transfers, etc. Copyright Pearson Prentice-Hall 2010 21
  • 22.  Worms ◦ Full programs that do not attach themselves to other programs ◦ Like viruses, can spread by e-mail, instant messaging, and file transfers Copyright Pearson Prentice-Hall 2010 22
  • 23.  Worms ◦ In addition, direct-propagation worms can jump from one computer to another without human intervention on the receiving computer ◦ Computer must have a vulnerability for direct propagation to work ◦ Direct-propagation worms can spread extremely rapidly because they do not have to wait for users to act Copyright Pearson Prentice-Hall 2010 23
  • 24.  Blended Threats ◦ Malware propagates in several ways—like worms, viruses, compromised webpages containing mobile code, etc.  Payloads ◦ Pieces of code that do damage ◦ Implemented by viruses and worms after propagation ◦ Malicious payloads are designed to do heavy damage Copyright Pearson Prentice-Hall 2010 24
  • 25.  Nonmobile Malware ◦ Must be placed on the user’s computer through one of a growing number of attack techniques ◦ Placed on computer by hackers ◦ Placed on computer by virus or worm as part of its payload ◦ The victim can be enticed to download the program from a website or FTP site ◦ Mobile code executed on a webpage can download the nonmobile malware Copyright Pearson Prentice-Hall 2010 25
  • 26.  Trojan Horses ◦ A program that replaces an existing system file, taking its name  Trojan Horses ◦ Remote Access Trojans (RATs)  Remotely control the victim’s PC ◦ Downloaders  Small Trojan horses that download larger Trojan horses after the downloader is installed Copyright Pearson Prentice-Hall 2010 26
  • 27.  Trojan Horses ◦ Spyware  Programs that gather information about you and make it available to the adversary  Cookies that store too much sensitive personal information  Keystroke loggers  Password-stealing spyware  Data mining spyware Copyright Pearson Prentice-Hall 2010 27
  • 28.  Trojan Horses ◦ Rootkits  Take control of the super user account (root, administrator, etc.)  Can hide themselves from file system detection  Can hide malware from detection  Extremely difficult to detect (ordinary antivirus programs find few rootkits) Copyright Pearson Prentice-Hall 2010 28
  • 29.  Mobile Code ◦ Executable code on a webpage ◦ Code is executed automatically when the webpage is downloaded ◦ Javascript, Microsoft Active-X controls, etc. ◦ Can do damage if computer has vulnerability Copyright Pearson Prentice-Hall 2010 29
  • 30.  Social Engineering in Malware ◦ Social engineering is attempting to trick users into doing something that goes against security policies ◦ Several types of malware use social engineering  Spam  Phishing  Spear phishing (aimed at individuals or specific groups)  Hoaxes Copyright Pearson Prentice-Hall 2010 30
  • 31.  Traditional Hackers ◦ Motivated by thrill, validation of skills, sense of power ◦ Motivated to increase reputation among other hackers ◦ Often do damage as a byproduct ◦ Often engage in petty crime Copyright Pearson Prentice-Hall 2010 31
  • 32.  Anatomy of a Hack ◦ Reconnaissance probes (Figure 1-8)  IP address scans to identify possible victims  Port scans to learn which services are open on each potential victim host Copyright Pearson Prentice-Hall 2010 32
  • 33. Copyright Pearson Prentice-Hall 2010 33 Corporate Site 128.171.17.13 128.171.17.47 Attacker 1. IP Address Scanning Packet Response Conf irms a Host at 128.171.17.13 3. Exploit Packet 128.171.17.22 2. Port Scanning Packet to Identif y Running Applications
  • 34.  Anatomy of a Hack ◦ The exploit  The specific attack method that the attacker uses to break into the computer is called the attacker’s exploit  The act of implementing the exploit is called exploiting the host Copyright Pearson Prentice-Hall 2010 34
  • 35. Copyright Pearson Prentice-Hall 2010 35 128.171.17.13 128.171.17.47 Attacker 1. Spoof ed Packet to 128.171.17.13 Source IP address = 128.171.17.47 Instead of 10.6.4.3 10.6.4.3 2. Reply goes to Host 128.171.17.47 IP Address Spoof ing Hides the Attacker's Identity . But Replies do Not Go to the Attacker, So IP address Spoof ing Cannot be Used f or All Purposes
  • 36.  Chain of attack computers (Figure 1-10) ◦ The attacker attacks through a chain of victim computers ◦ Probe and exploit packets contain the source IP address of the last computer in the chain ◦ The final attack computer receives replies and passes them back to the attacker ◦ Often, the victim can trace the attack back to the final attack computer ◦ But the attack usually can only be traced back a few computers more Copyright Pearson Prentice-Hall 2010 36
  • 37. Copyright Pearson Prentice-Hall 2010 37 Target Host 60.168.47.47 Attacker 1.34.150.37 Compromised Attack Host 3.35.126.7 Compromised Attack Host 123.125.33.101 Usually Can Only Trace Attack to Direct Attacker (123.125.33.101) or Second Direct Attacker (3.35.126.7) Log In Log In Attack Command For probes whose replies must be received, attacker sends probes through a chain of attack computers. Victim only knows the identity of the last compromised host (123.125.33.101) Not that of the attacker
  • 38.  Social Engineering ◦ Social engineering is often used in hacking  Call and ask for passwords and other confidential information  E-mail attack messages with attractive subjects  Piggybacking  Shoulder surfing  Pretexting  Etc. ◦ Often successful because it focuses on human weaknesses instead of technological weaknesses Copyright Pearson Prentice-Hall 2010 38
  • 39.  Denial-of-Service (DoS) Attacks ◦ Make a server or entire network unavailable to legitimate users ◦ Typically send a flood of attack messages to the victim ◦ Distributed DoS (DDoS) Attacks (Figure 1-11)  Bots flood the victim with attack packets  Attacker controls the bot Copyright Pearson Prentice-Hall 2010 39
  • 40. Copyright Pearson Prentice-Hall 2010 40 Victim Attacker Bot Bot Bot Attack Command Attack Packets Attack Packets Attack PacketsAttack Command Attack Command
  • 41.  Bots ◦ Updatable attack programs (Figure 1-12) ◦ Botmaster can update the software to change the type of attack the bot can do  May sell or lease the botnet to other criminals ◦ Botmaster can update the bot to fix bugs Copyright Pearson Prentice-Hall 2010 41
  • 42. Copyright Pearson Prentice-Hall 2010 42 DOSVictim Botmaster Bot Bot Bot 1. DoSAttack Command 1. DoSAttack Packets 2. Spam E-Mail 2. Software update for Spam 3. Software update to f ix bug in the attack software 2. Spam E-Mail SpamVictims
  • 43.  Skill Levels ◦ Expert attackers are characterized by strong technical skills and dogged persistence ◦ Expert attackers create hacker scripts to automate some of their work ◦ Scripts are also available for writing viruses and other malicious software Copyright Pearson Prentice-Hall 2010 43
  • 44.  Skill Levels ◦ Script kiddies use these scripts to make attacks ◦ Script kiddies have low technical skills ◦ Script kiddies are dangerous because of their large numbers Copyright Pearson Prentice-Hall 2010 44
  • 45. Copyright Pearson Prentice-Hall 2010 45  The Criminal Era ◦ Today, most attackers are career criminals with traditional criminal motives ◦ Adapt traditional criminal attack strategies to IT attacks (fraud, etc.)
  • 46. Copyright Pearson Prentice-Hall 2010 46  The Criminal Era ◦ Many cybercrime gangs are international  Makes prosecution difficult  Dupe citizens of a country into being transshippers of fraudulently purchased goods to the attacker in another country ◦ Cybercriminals use black market forums  Credit card numbers and identity information  Vulnerabilities  Exploit software (often with update contracts)
  • 47. Copyright Pearson Prentice-Hall 2010 47  Fraud ◦ In fraud, the attacker deceives the victim into doing something against the victim’s financial self- interest ◦ Criminals are learning to conduct traditional frauds and new frauds over networks ◦ Also, new types of fraud, such as click fraud
  • 48. Copyright Pearson Prentice-Hall 2010 48  Financial and Intellectual Property Theft ◦ Steal money or intellectual property they can sell to other criminals or to competitors  Extortion ◦ Threaten a DoS attack or threaten to release stolen information unless the victim pays the attacker
  • 49. Copyright Pearson Prentice-Hall 2010 49  Stealing Sensitive Data about Customers and Employees ◦ Carding (credit card number theft) ◦ Bank account theft ◦ Online stock account theft ◦ Identity theft  Steal enough identity information to represent the victim in large transactions, such as buying a car or even a house
  • 50. Copyright Pearson Prentice-Hall 2010 50  Corporate Identity Theft ◦ Steal the identity of an entire corporation ◦ Accept credit cards on behalf of the corporation ◦ Pretend to be the corporation in large transactions ◦ Can even take ownership of the corporation
  • 51.  Commercial Espionage ◦ Attacks on confidentiality ◦ Public information gathering  Company website and public documents  Facebook pages of employees, etc. ◦ Trade secret espionage  May only be litigated if a company has provided reasonable protection for those secrets  Reasonableness reflects the sensitivity of the secret and industry security practices Copyright Pearson Prentice-Hall 2010 51
  • 52.  Commercial Espionage ◦ Trade secret theft approaches  Theft through interception, hacking, and other traditional cybercrimes  Bribe an employee  Hire your ex-employee and soliciting or accept trade secrets ◦ National intelligence agencies engage in commercial espionage Copyright Pearson Prentice-Hall 2010 52
  • 53.  Denial-of-Service Attacks by Competitors ◦ Attacks on availability ◦ Rare but can be devastating Copyright Pearson Prentice-Hall 2010 53
  • 54.  Cyberwar and Cyberterror ◦ Attacks by national governments (cyberwar) ◦ Attacks by organized terrorists (cyberterror) ◦ Nightmare threats ◦ Potential for far greater attacks than those caused by criminal attackers Copyright Pearson Prentice-Hall 2010 54
  • 55.  Cyberwar ◦ Computer-based attacks by national governments ◦ Espionage ◦ Cyber-only attacks to damage financial and communication infrastructure ◦ To augment conventional physical attacks  Attack IT infrastructure along with physical attacks (or in place of physical attacks)  Paralyze enemy command and control  Engage in propaganda attacks Copyright Pearson Prentice-Hall 2010 55
  • 56.  Cyberterror ◦ Attacks by terrorists or terrorist groups ◦ May attack IT resources directly ◦ Use the Internet for recruitment and coordination ◦ Use the Internet to augment physical attacks  Disrupt communication among first responders  Use cyberattacks to increase terror in physical attacks ◦ Turn to computer crime to fund their attacks Copyright Pearson Prentice-Hall 2010 56