Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

Published byIsis Prentis Modified over 10 years ago

Similar presentations

Presentation on theme: "IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge."— Presentation transcript:

1

2 IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge

3 COMPUTER SECURITY COMPUTERS AND NETWORKS WERE ORIGINALLY DEVELOPED TO FACILITATE ACCESS, NOT TO RESTRICT IT. SOFTWARE/HARDWARE SYSTEMS KNOWN AS FIREWALLS ARE OFTEN USED TO PROVIDE CHOKE POINTS FOR COMPUTER SYSTEMS. THEY PREVENT UNAUTHORIZED LOGINS FROM THE OUTSIDE WORLD.THEY PREVENT UNAUTHORIZED LOGINS FROM THE OUTSIDE WORLD. THEY AUDIT THE TRAFFIC ENTERING AND EXITING THE SYSTEM.THEY AUDIT THE TRAFFIC ENTERING AND EXITING THE SYSTEM. THEY MAY BE USED TO BLOCK OUTGOING DATA TO UNAUTHORIZED DESTINATIONS.THEY MAY BE USED TO BLOCK OUTGOING DATA TO UNAUTHORIZED DESTINATIONS. IS 376 11/5/13 PAGE 2

4 IS 376 11/5/13 PAGE 3 DENIAL OF SERVICE ATTACKS DENIAL OF SERVICE ATTACKS CONSIST OF THE CONSUMPTION OF A LIMITED RESOURCE, USUALLY NETWORK CONNECTIVITY, IN AN EFFORT TO DENY LEGITIMATE ACCESS TO THAT RESOURCE. IN THIS TYPE OF ATTACK, THE ATTACKER BEGINS THE PROCESS OF ESTABLISHING A CONNECTION TO THE VICTIM MACHINE, BUT DOES IT IN SUCH A WAY AS TO PREVENT THE ULTIMATE COMPLETION OF THE CONNECTION. IN THE MEANTIME, THE VICTIM MACHINE HAS RESERVED ONE OF A LIMITED NUMBER OF DATA STRUCTURES REQUIRED TO COMPLETE THE IMPENDING CONNECTION. THE RESULT IS THAT LEGITIMATE CONNECTIONS ARE DENIED WHILE THE VICTIM MACHINE IS WAITING TO COMPLETE BOGUS "HALF-OPEN" CONNECTIONS.

5 IS 376 11/5/13 PAGE 4VIRUSES A VIRUS IS A COMPUTER PROGRAM FILE CAPABLE OF ATTACHING TO DISKS OR OTHER FILES AND REPLICATING ITSELF REPEATEDLY, TYPICALLY WITHOUT USER KNOWLEDGE OR PERMISSION. SOME VIRUSES ATTACH TO FILES SO WHEN THE INFECTED FILE EXECUTES, THE VIRUS ALSO EXECUTES. OTHER VIRUSES SIT IN A COMPUTER'S MEMORY AND INFECT FILES AS THE COMPUTER OPENS, MODIFIES OR CREATES THE FILES. SOME VIRUSES DISPLAY SYMPTOMS, AND SOME VIRUSES DAMAGE FILES AND COMPUTER SYSTEMS.

6 IS 376 11/5/13 PAGE 5 HOW DO VIRUSES WORK? A COMPUTER VIRUS PIGGYBACKS ON ANOTHER FILE TO INFECT A SYSTEM. WHEN A USER RUNS AN INFECTED PROGRAM, THE COMPUTER STARTS BY COPYING THE PROGRAM FROM THE DISK (OR THE WEB), WHERE IT IS STORED AND INACTIVE, INTO RAM, WHERE IT CAN BE EXECUTED. THE VIRAL CODE BEGINS RUNNING FIRST, WHILE THE INFECTED PROGRAM IS STILL QUIESCENT. THE VIRUS COPIES ITSELF IN A PART OF RAM SEPARATE FROM THE PROGRAM SO THAT IT CAN CONTINUE ITS WORK EVEN AFTER THE USER STARTS RUNNING OTHER SOFTWARE. ITS INITIAL WORK DONE, THE VIRUS PASSES CONTROL BACK TO THE INFECTED PROGRAM. WHEN THE USER RUNS A DIFFERENT PROGRAM, THE DORMANT VIRUS BEGINS RUNNING AGAIN. IT INSERTS A COPY OF ITSELF INTO THE PREVIOUSLY UNINFECTED SOFTWARE SO THAT THE CYCLE OF VIRULENCE CAN REPEAT.

7 IS 376 11/5/13 PAGE 6 FIGHTING VIRUSES VARIOUS TECHNIQUES HAVE BEEN DEVELOPED TO COMBAT COMPUTER VIRUSES. GENERIC ANTIVIRAL PROGRAM FLAGS ACTIVITIES - SUCH AS THE ALTERATION OF CRITICAL SITES IN RAM OR PARTICULAR FILES ON DISK - THAT ARE LIKELY TO ARISE FROM A VIRUS IN ACTION. PREVENTING THESE ILLICIT ACTS WILL NOT ELIMINATE THE VIRUS BUT CAN STOP IT FROM INFECTING ADDITIONAL PROGRAMS OR INTERFERING WITH THE COMPUTER'S NORMAL OPERATION. SIGNATURE SCANNER SEARCHES A USER'S DISKS LOOKING FOR FRAGMENTS OF PROGRAM CODE THAT APPEAR IN KNOWN VIRUSES. ANTIVIRAL SNAPSHOTS CAPTURE MATHEMATICAL "FINGERPRINTS" OF CRUCIAL PROGRAMS AND DATA. SUBSEQUENT CHANGES STRONGLY SUGGEST VIRAL INFECTION. ADVANCED ALGORITHMS CAN USE THE ORIGINAL FINGERPRINTS TO RECOVER A PRISTINE PROGRAM FROM THE VIRUS-ALTERED VERSION.

8 WORMS WORMS ARE PARASITIC COMPUTER PROGRAMS THAT REPLICATE, BUT UNLIKE VIRUSES, DO NOT INFECT OTHER COMPUTER PROGRAM FILES. WORMS CAN CREATE COPIES ON THE SAME COMPUTER, OR CAN SEND THE COPIES TO OTHER COMPUTERS VIA A NETWORK. WORMS OFTEN SPREAD VIA E-MAIL OR CHAT APPLICATIONS. IS 376 11/5/13 PAGE 7

9 IS 376 11/5/13 PAGE 8 PROTECTION AGAINST WORMS STEP ONE A WORM FINDS A TARGET BY SCANNING INTERNET ADDRESSES AT RANDOM UNTIL IT FINDS ONE LEADING TO A LOCAL NETWORK. IT THEN ISSUES REQUESTS TO A LOCAL SERVER PROGRAM, SUCH AS ONE GOVERNING E-MAIL OR FILE EXCHANGES. WHEN THE PROGRAM ANSWERS, THE WORM TRIES TO CRAWL IN. PART ONE: DETECTION STEP TWO WHEN THE WORM ATTACKS A NETWORK PROTECTED BY A DEDICATED MACHINE USING WORM-DETECTION SOFTWARE, SOME OF ITS RANDOM REQUESTS WILL TARGET THAT MACHINES ADDRESSES, WHICH ARE UNLISTED. THE MACHINE CAN THUS DETERMINE, WITH HIGH RELIABILITY, THAT THE REQUESTS ARE HOSTILE.

10 IS 376 11/5/13 PAGE 9 PROTECTION AGAINST WORMS STEP THREE THE DEDICATED MACHINE RESPONDS WITH FAKE SERVICES THAT PRESENT THE WORM WITH THE APPEARANCE OF A NETWORK FULL OF MACHINES AND SERVICES. THE FALSE FAÇADE TRICKS THE WORM INTO REVEALING ITS IDENTITY, SO THAT IT CAN BE TRACKED TO EVERY MACHINE IN THE NETWORK. PART TWO: DISINFECTION STEP FOUR ONCE THE WORM IS CORNERED, ADMINISTRATORS ISOLATE INFECTED MACHINES, CLEAN THEIR FILES OF EVERY TRACE OF THE WORM, AND PATCH THE OUTER WALL OF THE NETWORK SO THAT THE SAME KIND OF WORM CAN NEVER PENETRATE THAT FAR AGAIN.

11 IS 376 11/5/13 PAGE 10 TROJAN HORSES A TROJAN HORSE IS A MALICIOUS PROGRAM THAT PRETENDS TO BE A BENIGN APPLICATION. A TROJAN HORSE PROGRAM PURPOSEFULLY DOES SOMETHING THE USER DOES NOT EXPECT. TROJAN HORSES ARE NOT VIRUSES SINCE THEY DO NOT REPLICATE, BUT THEY CAN BE JUST AS DESTRUCTIVE. ONE TYPE OF TROJAN HORSE, KNOWN AS A LOGIC BOMB, IS SET TO EXECUTE WHENEVER A SPECIFIC EVENT OCCURS (E.G., A CHANGE IN A FILE, A PARTICULAR SERIES OF KEYSTROKES, A SPECIFIC TIME OR DATE).

12 IS 376 11/5/13 PAGE 11 PORT SCANNERS A NETWORKED COMPUTER GENERALLY HAS ONE PHYSICAL CONNECTION (E.G., A CABLE) CONNECTING IT TO THE NETWORK. BEFORE CLOGGING THE NETWORK WITH HEAVY TRAFFIC, TRANSMITTING MACHINES WILL SEND A SHORT MESSAGE TO MAKE SURE THAT THE RECEIVING MACHINE WILL ACCEPT THE TYPE OF MESSAGE BEING SENT, I.E., TO SEE IF THE RECEIVERS PORT FOR THAT TYPE OF MESSAGE IS OPEN. PORT SCANNER SOFTWARE IS USED TO DETERMINE WHETHER A MACHINE HAS ANY OPEN PORTS AND, IF SO, A MALICIOUS SENDER CAN EXPLOIT THAT VULNERABILITY BY FLOODING THE PORT WITH TRAFFIC, CAUSING A BUFFER OVERFLOW IN THE RECEIVERS MEMORY, WHICH CAN CAUSE THE MACHINES MEMORY TO BE OVERWRITTEN WITH BITS THAT CAN ALTER THE MACHINES BEHAVIOR. HOWEVER, THE MACHINE HAS SEVERAL NETWORK PORTS, 16-BIT PREFIXES THAT INDICATE WHAT KIND OF MESSAGES ARE BEING COMMUNICATED (E-MAIL, FILE TRANSFER, WEB PAGE, ETC.).

13 IS 376 11/5/13 PAGE 12 PACKET SNIFFERS ARE SOFTWARE PROGRAMS THAT INTERCEPT AND LOG TRAFFIC PASSING OVER A NETWORK. PACKET SNIFFERS COMMONLY USED BY NETWORK ADMINISTRATORS TO ANALYZE NETWORK TRAFFIC PROBLEMS AND TO DETECT ATTEMPTS AT NETWORK INTRUSION, THEY CAN ALSO BE USED TO GAIN INFORMATION TO ASSIST SOMEONE WHO WISHES TO INTRUDE, TO SPY ON OTHER NETWORK USERS, AND TO COLLECT SENSITIVE INFORMATION (E.G., PASSWORDS).

14 IS 376 11/5/13 PAGE 13 2013 DATA BREACH REPORT - A 4 Threat Overview: ACTORS

15 IS 376 11/5/13 PAGE 14 2013 DATA BREACH REPORT - A 4 Threat Overview: ACTIONS

16 IS 376 11/5/13 PAGE 15 2013 DATA BREACH REPORT - A 4 Threat Overview: ASSETS

17 IS 376 11/5/13 PAGE 16 2013 DATA BREACH REPORT - A 4 Threat Overview: ATTRIBUTES

Download ppt "IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge."

Similar presentations

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014.

ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014.
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Similar presentations

Ads by Google