Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction & Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Revised by Huei Lee.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction & Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Revised by Huei Lee."— Presentation transcript:

1 Introduction & Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Revised by Huei Lee

2 2 Critical Infrastructure

3 3 Figure 1-1: CSI/FBI Computer Crime and Security Survey Survey conducted by the Computer Security Institute (http://www.gocsi.com).http://www.gocsi.com Based on replies from 503 U.S. Computer Security Professionals.

4 4 Figure 1-1: CSI/FBI Computer Crime and Security Survey ThreatPercent Reporting an Incident 1997 Percent Reporting an Incident 2002 Average Annual Loss per Firm (x1000) 1997 Average Annual Loss per Firm (x1000) 2002 Viruses82%85%$76$283 Laptop Theft 58%65%$38$89

5 5 Figure 1-1: CSI/FBI Computer Crime and Security Survey ThreatPercent Reporting an Incident 1997 Percent Reporting an Incident 2002 Average Annual Loss per Firm (x1000) 1997 Average Annual Loss per Firm (x1000) 2002 Denial of Service 24%40%$77$297 System Penetration 20%40%$132$226 Unauthorized Access by Insiders 40%38%NA

6 6 Figure 1-1: CSI/FBI Computer Crime and Security Survey ThreatPercent Reporting an Incident 1997 Percent Reporting an Incident 2002 Average Annual Loss per Firm (x1000) 1997 Average Annual Loss per Firm (x1000) 2002 Theft of Intellectual Property 20% $954$6,571 Financial Fraud 12% $958$4,632 Sabotage14%8%$164$541

7 7 Figure 1-1: CSI/FBI Computer Crime and Security Survey ThreatPercent Reporting an Incident 1997 Percent Reporting an Incident 2002 Average Annual Loss per Firm (x1000) 1997 Average Annual Loss per Firm (x1000) 2002 Telecom Fraud 27%9%NA Telecom Eaves- dropping 11%6%NA Active Wiretap 3%1%NA

8 8 What is new in CSI Survey 2007? Some of the preliminary key findings from the 2007 Survey include:  The average annual loss reported more than doubled, from $168,000 in last year’s report to $350,424 in this year’s survey. Reported losses have not been this high in the last five years.  Financial fraud overtook virus attacks as the source of the greatest financial loss. Virus losses, which had been the leading cause of loss for seven straight years, fell to second place.  Almost one-fifth of those respondents who suffered one or more kinds of security incident said they'd suffered a "targeted attack," i.e. a malware attack aimed exclusively at a specific organization or at a small group of organizations.

9 9 Identity Theft The stealing of another person’s information for financial gain. See the video http://abcnews.go.com/Video/playerIndex?id=5523911

10 10 Software that covertly gathers information about a user is called ______. Adware Malware Spyware Shareware Freeware Spyware is sometimes hidden within freeware or shareware programs. In other instances, it is embedded within a Web site and is downloaded to the user’s computer, without the user’s knowledge, in order to track data about the user for marketing and advertisement purposes

11 11 When receiving warnings of viruses, or requests to donate money to victims of some disaster, you should always check if it is a ____ before reacting to it. Trick Hoax Prank Joke Spam Some spam e-mails are hoaxes, asking you to donate money to nonexistent causes or warning you of viruses and other Internet dangers that do not exist. You should always check before forwarding such messages to your friends

12 12 Figure 1-2: Other Empirical Attack Data Riptech  Analyzed 5.5 billion firewall log entries in 300 firms in five-month period  Detected 128,678 attacks—an annual rate of 1,000 per firm  Only 39% of attacks after viruses were removed were directed at individual firms

13 13 Figure 1-2: Other Empirical Attack Data SecurityFocus  Data from 10,000 firms in 2001  Attack Frequency 129 million network scanning probes (13,000 per firm) 29 million website attacks (3,000 per firm) 6 million denial-of-service attacks (600 per firm)

14 14 Figure 1-2: Other Empirical Attack Data SecurityFocus  Attack Targets 31 million Windows-specific attacks 22 million UNIX/LINUX attacks 7 million Cisco IOS attacks All operating systems are attacked!

15 15 Figure 1-3: Attack Trends Growing Incident Frequency  Incidents reported to the Computer Emergency Response Team/Coordination Center  1997: 2,134  1998: 3,474 (75% growth from previous year)  1999: 9,859 (164% growth)  2000: 21,756 (121% growth)  2001: 52,658 (142% growth)  Tomorrow?

16 16 Attack Trends

17 17 Figure 1-3: Attack Trends Growing Randomness in Victim Selection  In the past, large firms were targeted  Now, targeting is increasingly random  No more security through obscurity for small firms and individuals

18 18 Figure 1-3: Attack Trends Growing Malevolence  Most early attacks were not malicious  Malicious attacks are becoming the norm

19 19 Figure 1-3: Attack Trends Growing Attack Automation  Attacks are automated, rather than humanly- directed  Essentially, viruses and worms are attack robots that travel among computers  Attack many computers in minutes or hours

20 20 Why You need to take this course? Most network software is designed for security. This course teaches you fundamental concepts of security and infrastructure. Some governmental IT jobs requires that you have security training.

21 21 Figure 1-4: Framework for Attackers Elite Hackers  Hacking: intentional access without authorization or in excess of authorization  Some call this cracking, not hacking, which they equate to any skilled computer use  Characterized by technical expertise and dogged persistence, not just a bag of tools Use attack scripts to automate actions, but this is not the essence of what they do  Deviants and often part of hacker groups that reinforce deviant behavior

22 22 Figure 1-4: Framework for Attackers You may hear the terms “white hat” (good guys) and “black hat” bad guys Black hat hackers break in for their own purposes “White hat” can mean multiple things  Strictest: Hack only by invitation as part of vulnerability testing  Some who hack without permission but report vulnerabilities (not for pay) also call themselves white hat hackers

23 23 Figure 1-4: Framework for Attackers You will also hear the term “ethical hacker”  Some hack only by invitation as part of vulnerability testing  Others hack without invitation but have a “code of ethics” Do no damage or limited damage Some “hacker codes” allow considerable victimization

24 24 Figure 1-4: Framework for Attackers Hats, Ethical Codes of Conduct, and Criminality  If hack without explicit authorization, it is criminal  Motive for hacking is not part of the law—only intentionally accessing without authorization or in excess of authorization

25 25 Figure 1-4: Framework for Attackers Virus Writers and Releasers  Virus writers versus virus releasers  Only releasing viruses is punishable

26 26 Figure 1-4: Framework for Attackers Script Kiddies  Use pre-written attack scripts (kiddie scripts)  Viewed as lamers and script kiddies  Large numbers make dangerous  Noise of kiddie script attacks masks more sophisticated attacks

27 27 Figure 1-4: Framework for Attackers Criminals  Many attackers are ordinary garden-variety criminals  Credit card and identity theft  Stealing trade secrets (intellectual property)  Extortion

28 28 Figure 1-4: Framework for Attackers Employees, Consultants, and Contractors  Have access and knowledge  Financial theft  Theft of trade secrets (intellectual property)  Sabotage  IT and security staff  Consultants

29 29 Figure 1-4: Framework for Attackers Cyberterrorism and Cyberwar  New level of danger  Infrastructure destruction IT Infrastructure Use IT to damage physical infrastructure  Cyberterrorists versus cyberwar by national governments  Amateur information warfare is also a danger

30 30 Figure 1-5: Framework for Attacks Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Dialog Attacks -- Eavesdropping Impersonation Message Alteration Penetration Attacks Social Engineering -- Opening Attachments Password Theft Information Theft Scanning (Probing) Break-in Denial of Service Malware -- Viruses Worms

31 31 Figure 1-6: Social Engineering Attacks and Defenses Social Engineering  Tricking an employee into giving out information or taking an action that reduces security or harms a system  Opening an e-mail attachment that may contain a virus  Asking for a password claiming to be someone with rights to know it  Asking for a file to be sent to you

32 32 Figure 1-6: Social Engineering Attacks and Defenses Social Engineering Defenses  Training  Enforcement through sanctions (punishment)

33 33 Figure 1-7: Eavesdropping on a Dialog Client PC Bob Server Alice Dialog Attacker (Eve) intercepts and reads messages Hello

34 34 Figure 1-8: Encryption for Confidentiality Client PC Bob Server Alice Attacker (Eve) intercepts but cannot read “100100110001” Encrypted Message “100100110001” Original Message “Hello” Decrypted Message “Hello”

35 35 Figure 1-9: Impersonation and Authentication Client PC Bob Server Alice Attacker (Eve) I’m Bob Prove it! (Authenticate Yourself)

36 36 Figure 1-10: Message Alteration Client PC Bob Server Alice Dialog Attacker (Eve) intercepts and alters messages Balance = $1 Balance = $1 Balance = $1,000,000 Balance = $1,000,000

37 37 Figure 1-11: Secure Dialog System Client PC Bob Server Alice Secure Dialog Attacker cannot read messages, alter messages, or impersonate Automatically Handles Negation of Security Options Authentication Encryption Integrity

38 38 Figure 1-12: Network Penetration Attacks and Firewalls Attack Packet Internet Attacker Hardened Client PC Hardened Server Internal Corporate Network Passed Packet Dropped Packet Internet Firewall Log File

39 39 Figure 1-13: Scanning (Probing) Attacks Probe Packets to 172.16.99.1, 172.16.99.2, etc. Internet Attacker Corporate Network Host 172.16.99.1 No Host 172.16.99.2 No Reply Reply from 172.16.99.1 Results 172.16.99.1 is reachable 172.16.99.2 is not reachable …

40 40 Figure 1-14: Single-Message Break- In Attack 1. Single Break-In Packet 2. Server Taken Over By Single Message Attacker

41 41 Figure 1-15: Denial-of-Service (DoS) Flooding Attack Message Flood Server Overloaded By Message Flood Attacker

42 42 Figure 1-16: Intrusion Detection System 1. Suspicious Packet Internet Attacker Network Administrator Hardened Server Corporate Network 2. Suspicious Packet Passed 3. Log Packet 4. Alarm Intrusion Detection System Log File

43 43 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment  Operational execution  Enforcement

44 44 Figure 1-17: Security Management Comprehensive Security  Closing all avenues of attack  Asymmetrical warfare Attacker only has to find one opening  Defense in depth Attacker must get past several defenses to succeed  Security audits Run attacks against your own network

45 45 Figure 1-17: Security Management General Security Goals (CIA)  Confidentiality Attackers cannot read messages if they intercept them  Integrity If attackers change messages, this will be detected  Availability System is able to server users

46 46 Figure 1-18: The Plan—Protect— Respond Cycle Planning  Need for comprehensive security (no gaps)  Risk analysis Enumerating threats Threat severity = estimated cost of attack X probability of attack Value of protection = threat severity – cost of countermeasure Prioritize countermeasures by value of prioritization

47 47 Figure 1-19: Threat Severity Analysis StepThreat 1 2 3 4 5 Cost if attack succeeds Probability of occurrence Threat severity Countermeasure cost Value of protection Apply countermeasure? Priority 6 7 A $500,000 80% $400,000 $100,000 $300,000 Yes 1 B $10,000 20% $2,000 $3,000 ($1,000) No NA C $100,000 5% $5,000 $2,000 $3,000 Yes 2 D $10,000 70% $7,000 $20,000 ($13,000) No NA

48 48 Figure 1-18: The Plan—Protect— Respond Cycle Planning  Security policies drive subsequent specific actions  Access control  Technical security architectures Tools for comprehensive security (firewalls, etc.) Central management  Awareness and procedure training  Punishment

49 49 Figure 1-18: The Plan—Protect— Respond Cycle Protecting  Installing protections: firewalls, IDSs, host hardening, etc.  Updating protections as the threat environment changes  Testing protections: security audits

50 50 Figure 1-18: The Plan—Protect— Respond Cycle Responding  Planning for response (Computer Emergency Response Team)  Incident detection and determination Procedures for reporting suspicious situations Determination that an attack really is occurring Description of the attack

51 51 Figure 1-18: The Plan—Protect— Respond Cycle Responding  Recovery The first priority Stop the attack Repair the damage  Punishment Forensics Prosecution Employee Punishment  Fixing the vulnerability that allowed the attack

52 52 Security Certification The most widely recognized security certification: CISSP and SSCP  CISSP of the International Information Systems Security Certification Consortium (ISC 2 )  SSCP: System Security Certified Practitioners.  Problems: need working experience CISCO Certificated Security Professional (CCSP)

53 53 CCNA Prerequisites  No prerequisites Content:  http://www.cisco.com/en/US/learning/le3/current_ exams/640-801.html http://www.cisco.com/en/US/learning/le3/current_ exams/640-801.html

54 54 Other Certificates in CISCO Cisco Certificated Internetworking Expert Cisco Certified Network Professional

Download ppt "Introduction & Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Revised by Huei Lee."

Similar presentations

Attacks Framework Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Dialog Attacks -- Eavesdropping Impersonation Message Alteration.

Attacks Framework Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Dialog Attacks -- Eavesdropping Impersonation Message Alteration.
Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
BUSINESS PLUG-IN B6 Information Security.

BUSINESS PLUG-IN B6 Information Security.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
DIYTP 2009. What is Cybercrime?  Using the Internet to commit a crime.  Identity Theft  Hacking  Viruses  Facilitation of traditional criminal activity.

DIYTP What is Cybercrime?  Using the Internet to commit a crime.  Identity Theft  Hacking  Viruses  Facilitation of traditional criminal activity.

Similar presentations

Ads by Google