Threats, Vulnerabilities, and Risk Exposure - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Threats, Vulnerabilities, and Risk Exposure

Description:

... infected pgm (malware) in an e-mail to an employee (internal intermediary) who ... Malware Viruses, Worms, Trojan Horses, Backdoors, Web Hoaxes, and other ruses ... – PowerPoint PPT presentation

Number of Views:558
Avg rating:3.0/5.0
Slides: 14
Provided by: jod2
Category:

less

Transcript and Presenter's Notes

Title: Threats, Vulnerabilities, and Risk Exposure


1
Chapter 3
  • Threats, Vulnerabilities, and Risk Exposure

2
Introduction
  • In Security planning an organization must first
    know what it needs to protect against
  • Companies must be aware of type and severity of
    threats and vulnerabilities
  • Vulnerability Exposure to a risk or threat see
    def on pg. 209
  • Could be a weakness in HW, SW, or people
  • Could be IP protocol exposing a computer or user
    to an exploit or malware threat
  • What is an exploit?
  • Look at Cyberbrief on pg. 34 (top)

3
Classification of Computer Threats and
Vulnerabilities
  • The taxonomy of threats and viruses is
    abbreviated (TTV)
  • Intrusion any type of intrusion, attack, or
    exploit
  • Vulnerabilities exist b/c of human error
  • Vulnerabilities exist b/c of complexity of sw
    that can result in misconfiguration, programming
    errors, flaws
  • Most intrusions will fit into multiple categories
  • Hacker (external intruder) can send infected pgm
    (malware) in an e-mail to an employee (internal
    intermediary) who opens it b/c of enticing
    subject line (social engineering) which installs
    a backdoor (malware) to gain access to records
    (deliberate attack) for financial gain (economic
    motive)

4
Uses of TTV
  • The TTV is a guide to help understand an
    organizations risk exposure resulting from
    weaknesses in cyber defenses
  • Can assist in estimating expected damages
  • Intrusion Detection Systems introduced when
    properly deployed can provide warnings indicating
    that system is under attack
  • Can look at all traffic in and out of network
    with IDS to stop internal and external intrusions
  • An intrusion not detected and which persist for a
    long period of time can have higher expected cost
    that those detected early

5
TTV (2)
  • Direct attacks or targeted attacks will also have
    higher expected costs
  • B/C there is such a diverse range of threats the
    design of defenses should include education,
    training, strict acceptable use policies,
    extensive auditing, and access controls
  • Look at the TTV chart on pg. 35
  • How would you use it to assess a virus attack on
    campus?
  • Look too at the end of the TTV on pg. 36?
  • What can you think to do with this TTV if you
    work in an organization?
  • Look at cyberbrief bottom pg. 36

6
Origin of the Intrusion or Threat
  • External Threats and Vulnerabilities
  • You should read this section closely all terms
    may be on test
  • Weve already discussed much of this section
  • Hackers, buffer overflow
  • Sophisticated Hackers, root access, sniffers, log
    file cleaners
  • Script Kiddies
  • Malware Viruses, Worms, Trojan Horses,
    Backdoors, Web Hoaxes, and other ruses
  • Internal threats and vulnerabilities
  • People, Current and former managers and ex
    employees
  • Look at numbers in this section on pg. 41

7
Problems in Dealing w/ Internal Threats
  • Problems in dealing w/ internal threats (read
    parts of this paragraph)
  • Internal Threats stemming from employees or other
    insiders
  • Read through this list
  • Class, provide an example (or two) of each of
    these from what you know of or have heard in real
    life
  • The list continues onto pg. 43
  • Briefly look at Insider threats on pg. 43

8
Wireless Threats and Vulnerabilities
  • Pg. 44 read last two paragraphs (especially)

9
External Threats with Internal Intervention
  • Social Engineering
  • A network intrusion technique based on trickery
  • Look at 2nd paragraph

10
Internet Protocol Vulnerabilities and Threats
  • IP address forgery
  • The IP provides for two functions
  • A datagram that can be routed through the
    Internet, and provides a means for fragmenting
    those datagrams into packets for transport across
    the Internet and then reassemble them into the
    original datagrams at the destination computer
  • Look at last paragraph of pg. 45

11
How can IP Address Forgery Be Used
  • A method of deception
  • To Conceal - identity
  • To Camouflage make a site appear to be another
    to convince victim attack is from a legitimate
    site
  • To Deceive trick victim into believing that an
    intrusion is somewhere else
  • Misdirect victimized organization into wasting
    limited resources

12
Success of Hackers and Malware
  • Read Complexity of Software and Configurations
  • Review bulleted list on Why Hack Attacks Succeed
    so often pg. 47

13
Threats, Vulnerabilities, and First-Party and
Third-Party Risks
  • First-party risks are those that concern the
    company itself
  • Third-party risks are threats to the companys
    customers, suppliers, business partners or
    competitors that may seek legal redress by
    lawsuit
  • You can review the lists of First-Party Risks and
    the list Third-Party Risks we have discussed most
    of this already this semester
  • End of Chapter
  • Look at Review Questions
  • All of them are excellent!!
Write a Comment
User Comments (0)
About PowerShow.com