Principles of Computer Security, Sixth Edition
Introduction and Security
Trends
Chapter 1
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Objectives
• Define computer security
• Discuss common threats and recent computer crimes
that have been committed
• List and discuss recent trends in computer security
• Describe common avenues of attacks
• Describe approaches to computer security
• Discuss the relevant ethical issues associated with
computer security
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Key Terms (1 of 2)
• Advanced persistent
threat (APT)
• Computer security
• Critical infrastructure
• Cybersecurity kill chain
• Elite hacker
• Hacker
• Hacking
• Hacktivist
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
• Highly structured threat
• Information Sharing and
Analysis Center (ISAC)
• Information Sharing and
Analysis Organization
(ISAO)
• Information warfare
• Open source intelligence
(OSINT)
Principles of Computer Security, Sixth Edition
Key Terms (2 of 2)
•
•
•
•
Script kiddie
State actors
Structured threat
Tactics, techniques, and
procedures (TTPs)
• Threat Intelligence
• Unstructured threat
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
The Computer Security Problem (1 of 2)
• Fifty years ago companies did not conduct business
across the Internet
– Today millions of people perform online transactions every
day
– Companies rely on the Internet to operate and conduct
business
– Vast amounts of money are transferred via networks, in
the form of either bank transactions or simple credit card
purchases
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
The Computer Security Problem (2 of 2)
• There are many different ways to attack computers
and networks
– Identity theft is so common today that most everyone
knows somebody who’s been a victim of such a crime, if
they haven’t been a victim themselves
– Many other types of criminal activity and all are on the rise
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Definition of Computer Security (1 of 2)
• Computer security is not a simple concept to define
– If one is referring to a computer, then it can be considered
secure when the computer does what it is supposed to do
and only what it is supposed to do
– The security emphasis has shifted from the computer to
the information being processed
• Information security is defined by the information
being protected from unauthorized access or
alteration
– Available to authorized individuals when required
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Definition of Computer Security (2 of 2)
• Information is stored, processed, and transferred
between machines
– All of these different states require appropriate protection
schemes
– Information assurance is a term used to describe not just
the protection of information, but a means of knowing the
level of protection that has been accomplished
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Historical Security Incidents (1 of 3)
• Electronic crime can take a number of different forms
– Two basic categories
• Crimes in which the computer was the target
• Incidents in which a computer was used to perpetrate
the act (e.g., bank fraud)
• Virus activity existed prior to 1988
– Started in the early 1980s
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Historical Security Incidents (2 of 3)
• The Morris Worm
(November 1988)
• Citibank and Vladimir
Levin (June–October
1994)
• Kevin Mitnick (February
1995)
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
• Worcester Airport and
“Jester” (March 1997)
• The Melissa Virus
(March 1999)
• The Love Letter Virus
(May 2000)
Principles of Computer Security, Sixth Edition
Historical Security Incidents (3 of 3)
• The Code Red Worm
(2001)
• The Slammer Worm
(2003)
• Cyberwar? (2007)
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
• Operation Bot Roast
(2007)
• Conficker (2008–2009)
• U.S. Electric Power Grid
(2009)
• Fiber Cable Cut (2009)
Principles of Computer Security, Sixth Edition
The Current Threat Environment (1 of 2)
• More organized elements of cybercrime have
entered the picture along with nation-states
– From 2009 and beyond, the cyber threat landscape
became considerably more dangerous, with new
adversaries out to:
• Deny the use of your computer systems
• Use systems for financial gain including theft of
intellectual property or financial information including
personally identifiable information
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
The Current Threat Environment (2 of 2)
• Advanced Persistent
Threats (APTs)
• GhostNet (2009)
• Operation Aurora
(2009)
• Stuxnet, Duqu, and
Flame (2009–2012)
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
• Sony (2011)
• Saudi Aramco
(Shamoon, 2012)
• Data Breaches
(2013–present)
• Nation-State Hacking
(2013–present)
Principles of Computer Security, Sixth Edition
Infrastructure Attacks (1 of 2)
• Ukraine electric grid
– Cyber-attacked on December 23, 2015
– Full restoration took more than a year
– May be attributable to Russian government using
BlackEnergy3 malware
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Infrastructure Attacks (2 of 2)
• Safety Instrumentation System Attack (TRITON)
– In 2017, security technicians discovered a new form of
malware in a Saudi Arabian petrochemical plant
• Targeted the plant’s safety instrumentation systems,
making this an interesting attack because, on its face, it
does nothing
– In the event of something going wrong with the plant
operations, the safety instrumentation system is there to
protect life and property
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Ransomware
• Ransomware originated back to the mid-to-late
1990s
– Now represents a $1 billion/year criminal enterprise
– Most current attacks use a hybrid encrypting scheme,
locking files on a victim’s computer until a ransom is paid
• Major attacks
– WannaCry
– NotPetya
– SolarWinds attack
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Threats to Security
• There are a number of ways we can break down the
various threats
– External versus internal threats
– Sophistication of the attacks: script kiddies versus elite
hackers
– Highly structured threats to unstructured threats
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Viruses and Worms (1 of 2)
• Generally you will not have to worry about your
employees writing or releasing viruses and worms
• Organization may be exposed to viruses and worms
as a result of employees not following certain
practices or procedures
– It is important to draw a distinction between the writers of
malware and those who release malware
– Debates over the ethics of writing viruses permeate the
industry, but simply writing them is not considered a
criminal activity
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Viruses and Worms (2 of 2)
• Viruses and worms are the most common problem
that an organization faces
– Literally thousands of them have been created and
released
– Antivirus software and system patching can eliminate the
largest portion of this threat
• Viruses and worms generally are nondiscriminating
threats
– Typically are also highly visible once released
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Intruders (1 of 4)
• Hacking: act of deliberately accessing computer
systems and networks without authorization
– Also applies to the act of exceeding one’s authority in a
system
– Hackers: individuals who conduct this activity
• Intruders are extremely patient
– Process takes persistence and dogged determination
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Intruders (2 of 4)
• Attacks by an individual or even a small group of
attackers fall into the unstructured threat category
– Attacks at this level generally:
• Are conducted over short periods of time (lasting at
most a few months)
• Do not involve a large number of individuals
• Have little financial backing
• Are accomplished by insiders or outsiders who do not
seek collusion with insiders
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Intruders (3 of 4)
• Intruders definitely come in many different varieties
and have varying degrees of sophistication
– Script kiddies do not have the technical expertise to
develop scripts or discover new vulnerabilities in software
– At the next level are those people who are capable of
writing scripts to exploit known vulnerabilities
– At the top are highly technical individuals, often referred
to as elite hackers
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Intruders (4 of 4)
Figure 1.1 Distribution of attacker skill levels
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Insiders
• Insiders are more dangerous in many respects than
outside intruders
– Have the access and knowledge necessary to cause
immediate damage to an organization
– Frequently have knowledge of the security systems in
place and are better able to avoid detection
• Numerous other individuals have physical access to
company facilities
– Custodial crews, contractors, or partners
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Criminal Organizations
• Criminal activity on the Internet is basically no
different from criminal activity in the physical world
– One difference is the level of organization that criminal
elements employ in their attack
• Attacks by criminal organizations usually fall into the
structured threat category
–
–
–
–
Greater amount of planning
Longer period of time to conduct the activity
More financial backing to accomplish it
Possibly corruption of, or collusion with, insiders
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Nation-States, Terrorists,
and Information Warfare (1 of 2)
• Many nations today have developed to some extent
the capability to conduct information warfare
– Warfare conducted against the information and
information processing equipment used by an adversary
• Information warfare falls into the highly structured
threat category
– Much longer period of preparation (years not uncommon)
– Tremendous financial backing
– Large and organized group of attackers
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Nation-States, Terrorists,
and Information Warfare (2 of 2)
• An interesting aspect of information warfare is the
list of possible targets available
– Military forces are still a key target in information warfare
– Critical infrastructures are those whose loss would have
severe repercussions on the nation
• Water, electricity, oil and gas refineries and distribution,
banking and finance, telecommunications
• Dependent on computer systems
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Brand-Name Attacks
• In an effort to develop markets and brands, groups
have developed sets of malware
–
–
–
–
–
–
Energetic Bear
Sandworm
Shadow Brokers
Equation Group
Regin
Cozy Bear and Fancy Bear
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
- Vault7
- Lazarus Group
- Comment Crew
- Anonymous
Principles of Computer Security, Sixth Edition
Attributes of Actors
• Other ways to differentiate threat actors besides by
abilities are by:
–
–
–
–
Location (internal or external)
Level of sophistication
Level of resources
Intent
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Security Trends
• The computing environment has transformed from
large mainframes to a highly interconnected network
of smaller systems
– There is a switch from a closed operating environment to
one in which access to a computer can occur from almost
anywhere on the planet
• Greatly complicated the job of the security professional
• Attackers have become more focused on gain over
notoriety
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Targets and Attacks
• Two general reasons a particular system is attacked
– It is specifically targeted by the attacker
– It is an opportunistic target
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Specific Target
• Attacker has chosen the target not because of the
hardware or software the organization is running but
for another reason, perhaps a political reason
– An individual in one country attacking a government
system in another
– Attacker targeting the organization as part of a hacktivist
attack
– E.g., company website that sells fur coats defaced because
the attacker feels that using animals in this way is unethical
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Opportunistic Target
• Attack is conducted against a site that has software
that is vulnerable to a specific exploit
– The attackers are not targeting the organization
• They have learned of a vulnerability and are simply
looking for an organization with this vulnerability that
they can exploit
– An attacker might be targeting a given sector and looking
for a target of opportunity in that sector
• Targeted attacks are more difficult and take more time
than attacks on a target of opportunity
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Minimizing Possible Avenues of Attack
• There are multiple elements to a solid computer
defense, but two key elements involve limiting
avenues of attack
– Administrator can ensure that all patches for the operating
system and applications are installed
– Administrator can perform system hardening by limiting
the services that are running on the system
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Approaches to Computer Security (1 of 2)
• Correctness: ensuring the system is fully up to date
– All patches installed and proper security controls in place
• Isolation: protecting a system from unauthorized use
– Access control and physical security
• Obfuscation: making it difficult for an adversary to
know when they have succeeded
– Increasing the workload of an attacker makes it more
difficult for them to succeed in their attack
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Approaches to Computer Security (2 of 2)
• Cybersecurity kill chain
– Step-by-step process that attacks follow to target and
achieve results on victim systems
• Threat intelligence
– Set of actions taken to properly utilize resources to target
the actual threats an enterprise is facing
– Basis of understanding adversary tactics, techniques, and
procedures (TTPs)
• Open source intelligence
– Processes used to collect threat intelligence information
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Ethics
• Commonly defined as a set of moral principles that
guides an individual’s or group’s behavior
– Information security efforts frequently involve trusting
people to keep secrets that could cause harm if revealed
– Trust is a foundational element in the people side of
security
– Trust is built upon a code of ethics, a norm that allows
everyone to understand expectations and responsibilities
Copyright © 2022 by McGraw-Hill Education. All rights reserved.
Principles of Computer Security, Sixth Edition
Chapter Summary
• Define computer security
• Discuss common threats and recent computer crimes
that have been committed
• List and discuss recent trends in computer security
• Describe common avenues of attacks
• Describe approaches to computer security
• Discuss the relevant ethical issues associated with
computer security
Copyright © 2022 by McGraw-Hill Education. All rights reserved.