Security Guide to Network Security Fundamentals Chapter 1

1
Security Guide to Network Security
FundamentalsChapter 1
2

• ?????? ???? ????????
• eyasa_at_usa.net?????? ??????????
• 0564569838 ??????
• 2152 ??? ??????

3
Learning Objectives

• Understand network security
• Understand security threat trends and their
  ramifications
• Understand the goals of network security
• Determine the factors involved in a secure
  network strategy

4
Understanding Network Security

• Network security
• Process by which digital information assets are
  protected
• Goals
• Maintain integrity
• Protect confidentiality
• Assure availability

5
Understanding Network Security

• Security ensures that users
• Perform only tasks they are authorized to do
• Obtain only information they are authorized to
  have
• Cannot cause damage to data, applications, or
  operating environment

6
Security Threats

• Identity theft
• Privacy concerns
• Wireless access

7
To Offset Security Threats

• Integrity
• Assurance that data is not altered or destroyed
  in an unauthorized manner
• Confidentiality
• Protection of data from unauthorized disclosure
  to a third party
• Availability
• Continuous operation of computing systems

8
Quiz Give real example for each information
Security principles ?

• Examples of Information Security Fundamental
  Principles
• Confidentiality Exam questions prior to exam
  must hidden from students.
• Integrity Students grades must not be modified
  by students.
• Availability Student schedules system must be
  online and available during the beginning of the
  semester.

9
(No Transcript)
10
Information Security Layers
11
Security Vulnerabilities for Sale

• Anyone can buy attack tools to take over computers

12
Examples of Security Breaches
13
(No Transcript)
14
Difficulties in Defending against Attacks
15
(No Transcript)
16
(No Transcript)
17
Information Security Terminology

• Asset
• Something that has a value
• Threat
• An event or object that may defeat the security
  measures in place and result in a loss
• Threat agent
• A person or thing that has the power to carry out
  a threat

18
Information Security Terminology

• Vulnerability
• Weakness that allows a threat agent to bypass
  security
• Exploit
• Takes advantage of a vulnerability
• Risk
• The likelihood that a threat agent will exploit a
  vulnerability
• Realistically, risk cannot ever be entirely
  eliminated

19
Information Security Terminology (continued)
20
Information Security Terminology (continued)
21
Security RamificationsCosts of Intrusion

• Causes of network security threats
• Technology weaknesses
• Configuration weaknesses
• Policy weaknesses
• Human error

22

• Ramifications ??????

23
1-Technology Weaknesses

• TCP/IP
• Operating systems
• Network equipment

24
2-Configuration Weaknesses

• Unsecured accounts
• System accounts with easily guessed passwords
• Mis-configured Internet services
• Unsecured default settings
• Mis-configured network equipment
• Trojan horse programs
• Vandals ( ????????)
• Viruses

25
3- Policy Weaknesses

• Lack of a written security policy
• Politics
• High turnover
• Concise access controls not applied
• Software and hardware installation and changes do
  not follow policy
• Proper security
• Nonexistent disaster recovery plan

26
4- Human Error

• Accident
• Ignorance
• Workload
• Dishonesty
• Impersonation ( ???????)
• Disgruntled employees ( ???????? ????????)
• Snoops ( ?????)
• Denial-of-service attacks

27
Goals of Network Security

• Achieve the state where any action that is not
  expressly permitted is prohibited
• Eliminate theft
• Determine authentication
• Identify assumptions
• Control secrets

28
Creating a Secure Network Strategy

• Address both internal and external threats
• Define policies and procedures
• Reduce risk across across perimeter security, the
  Internet, intranets, and LANs

29
Creating a Secure Network Strategy

• Human factors
• Know your weaknesses
• Limit access
• Achieve security through persistence
• Develop change management process
• Remember physical security
• Perimeter ( ????)security
• Control access to critical network applications,
  data, and services

30
Creating a Secure Network Strategy

• Firewalls
• Prevent unauthorized access to or from private
  network
• Create protective layer between network and
  outside world
• Replicate network at point of entry in order to
  receive and transmit authorized data
• Have built-in filters
• Log attempted intrusions and create reports

31
Creating a Secure Network Strategy

• Web and file servers
• Access control
• Ensures that only legitimate traffic is allowed
  into or out of the network
• Passwords
• PINs
• Smartcards

32
Creating a Secure Network Strategy

• Change management
• Document changes to all areas of IT
  infrastructure
• Encryption
• Ensures messages cannot be intercepted or read by
  anyone other than the intended person(s)

33
Creating a Secure Network Strategy

• Intrusion detection system (IDS)
• Provides 24/7 network surveillance
• Analyzes packet data streams within the network
• Searches for unauthorized activity

34
Simplicity

• Information security is by its very nature
  complex
• Complex security systems can be hard to
  understand, troubleshoot, and feel secure about
• As much as possible, a secure system should be
  simple for those on the inside to understand and
  use
• Complex security schemes are often compromised to
  make them easier for trusted users to work with
• Keeping a system simple from the inside but
  complex on the outside can sometimes be difficult
  but reaps a major benefit

35
Who Are the Attackers?

• The types of people behind computer attacks are
  generally divided into several categories
• Hackers
• Script kiddies
• Spies
• Employees
• Cybercriminals
• Cyberterrorists

36
The NSA Hacker

• Gary McKinnon hacked into NASA and the US
  Military
• He was looking for evidence about UFOs

37
Hackers

• Hacker
• Anyone who illegally breaks into or attempts to
  break into a computer system
• Although breaking into another persons computer
  system is illegal
• Some hackers believe it is ethical as long as
  they do not commit theft, vandalism, or breach
  any confidentiality
• Ethical Hacker
• Has permission from the owner to test security of
  computers by attacking them

38
Script Kiddies

• Unskilled users
• Download automated hacking software (scripts)
  from Web sites and use it to break into computers
• Image from ning.com

39
Spies

• Computer spy
• A person who has been hired to break into a
  computer and steal information
• Excellent computer skills

40
Employees

• The largest information security threat
• Motives
• An employee might want to show the company a
  weakness in their security
• Disgruntled employees may be intent on
  retaliating against the company
• Industrial espionage
• Blackmailing

41
Cybercriminals

• A loose-knit network of attackers, identity
  thieves, and financial fraudsters
• More highly motivated, less risk-averse, better
  funded, and more tenacious than hackers
• Many security experts believe that cybercriminals
  belong to organized gangs of young and mostly
  Eastern European attackers
• Cybercriminals have a more focused goal that can
  be summed up in a single word money

42
Cybercriminals

• Cybercrime
• Targeted attacks against financial networks,
  unauthorized access to information, and the theft
  of personal information
• Financial cybercrime is often divided into two
  categories
• Trafficking in stolen credit card numbers and
  financial information
• Using spam to commit fraud

43
Cyberterrorists

• Their motivation may be defined as ideology, or
  attacking for the sake of their principles or
  beliefs
• Goals of a cyberattack
• To deface electronic information and spread
  misinformation and propaganda
• To deny service to legitimate computer users
• To commit unauthorized intrusions into systems
  and networks that result in critical
  infrastructure outages and corruption of vital
  data

44
Security Tradeoffs
Security
COST
Ease of use
Functionality
45
Steps of an Attack

• The five steps that make up an attack
• Probe for information
• Penetrate any defenses
• Modify security settings
• Circulate to other systems
• Paralyze networks and devices

46
(No Transcript)
47
Defenses against Attacks

• Although multiple defenses may be necessary to
  withstand an attack
• These defenses should be based on five
  fundamental security principles
• Layering
• Limiting
• Diversity
• Obscurity
• Simplicity

48
Layering

• Information security must be created in layers
• One defense mechanism may be relatively easy for
  an attacker to circumvent
• Instead, a security system must have layers,
  making it unlikely that an attacker has the tools
  and skills to break through all the layers of
  defenses
• A layered approach can also be useful in
  resisting a variety of attacks
• Layered security provides the most comprehensive
  protection

49
Limiting

• Limiting access to information reduces the threat
  against it
• Only those who must use data should have access
  to it
• In addition, the amount of access granted to
  someone should be limited to what that person
  needs to know
• Some ways to limit access are technology-based,
  while others are procedural

50
Diversity

• Layers must be different (diverse)
• If attackers penetrate one layer, they cannot use
  the same techniques to break through all other
  layers
• Using diverse layers of defense means that
  breaching one security layer does not compromise
  the whole system

51
Obscurity ??????
52
Information Security Careers and the Security
Certification
53
Surveying Information Security Careers and the
Security Certification

• Today, businesses and organizations require
  employees and even prospective applicants
• To demonstrate that they are familiar with
  computer security practices
• Many organizations use the CompTIA Security
  certification to verify security competency

54
(No Transcript)
55
CompTIA Security Certification

• The CompTIA Security (2008 Edition)
  Certification is the premiere vendor-neutral
  credential
• The Security exam is an internationally
  recognized validation of foundation-level
  security skills and knowledge
• Used by organizations and security professionals
  around the world
• The skills and knowledge measured by the
  Security exam are derived from an industry-wide
  Job Task Analysis (JTA)

56
CompTIA Security Certification (continued)

• The six domains covered by the Security exam
• Systems Security, Network Infrastructure, Access
  Control, Assessments and Audits, Cryptography,
  and Organizational Security

57
(No Transcript)
58
Quiz What Information security protect ?

• Information Security protects
• the integrity, confidentiality, and availability
  of information
• on the devices which store, manipulate, and
  transmit the information
• through products, people and procedures