Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

File

advertisement 
Chapter 1

Security Problem

Virus and Worms

Intruders

Types of Attack

Avenues of Attack
Prepared by Mohammed Saher
Hasan
2

Terrorists and Terrorism is a real treat.

They have targeted people and physical structure.

Average citizens are more likely to be the targets
of an attack on their computers rather then to be
the direct victims of a terrorist attack.
Prepared by Mohammed Saher
Hasan
3
Prepared by Mohammed Saher
Hasan
4

Fifteen year ago:
◦ Few people had access to a computer system or a
network.
◦ Securing these systems was easier.
◦ Companies did not conduct business over the Internet.

Today, companies rely on the Internet to operate
and conduct business.
Prepared by Mohammed Saher
Hasan
5

Networks are used to transfer vast amounts of
money in the form of bank transactions or credit
card purchases.

When money is transferred via networks, people
try to take advantage of the environment to
conduct fraud or theft.
Prepared by Mohammed Saher
Hasan
6

There are various ways to attack computers and
networks to take advantage of what has made
shopping, banking, investment, and leisure
pursuits a matter of “dragging and clicking” for
many people.
◦ Identity theft is common today.
Prepared by Mohammed Saher
Hasan
7

Electronic crime can take different forms.

The two categories of electronic crimes are:
◦ Crimes in which the computer is the target of the attack.
◦ Incidents in which the computer is a means of
perpetrating a criminal act.
Prepared by Mohammed Saher
Hasan
8

In a highly networked world, new threats have
developed.

There are a number of ways to break down the
various threats.
Prepared by Mohammed Saher
Hasan
9

To break down threats, users need to:
◦ Categorize external threats versus internal threats.
◦ Examine the various levels of sophistication of the
attacks from “script kiddies” to “elite hackers.”
◦ Examine the level of organization for the various threats
from unstructured to highly structured threats.
Prepared by Mohammed Saher Hasan
10

Employees in an organization may not follow
certain practices or procedures because of which
an organization may be exposed to viruses and
worms.

However, organizations generally do not have to
worry about their employees writing or releasing
viruses and worms.
Prepared by Mohammed Saher
Hasan
11
Viruses and worms:

Are expected to be the most common problem
that an organization will face as thousands of
them have been created.

Are also generally non-discriminating threats that
are released on the Internet and are not targeted
at a specific organization.
Prepared by Mohammed Saher
Hasan
12

The act of deliberately accessing computer
systems and networks without authorization is
called “hacking”.

The term may also be used to refer to the act of
exceeding one’s authority in a system.

Intruders are very patient as it takes persistence
and determination to gain access to a system.
Prepared by Mohammed Saher
Hasan
13

Intruders, or those who are attempting to conduct
an intrusion, are of various types and have varying
degrees of sophistication.
Prepared by Mohammed Saher
Hasan
14

At the low end technically are script kiddies.

They do not have the technical expertise to
develop scripts or discover new vulnerabilities in
software.

They have just enough understanding of computer
systems to be able to download and run scripts
that others have developed.
Prepared by Mohammed Saher
Hasan
15

Script kiddies are generally not as interested in
attacking specific targets.

Script kiddies look for any organization that may not
have patched a newly discovered vulnerability for
which they have located a script to exploit.

At least 85 to 90% of the individuals conducting
“unfriendly” activities on the Internet are probably
accomplished by these individuals.
Prepared by Mohammed Saher
Hasan
16

These individuals are capable of writing scripts to
exploit known vulnerabilities.

They are more technically competent than script
kiddies.

They account for an estimated 8 to 12% of the
individuals conducting intrusive activity on the
Internet.
Prepared by Mohammed Saher
Hasan
17

Elite hackers are highly technical individuals and
are able to:
◦ Write scripts that exploit vulnerabilities.
◦ Discover new vulnerabilities.

This group is the smallest accounting for only 1 to
2% of the individuals conducting intrusive activity.
Prepared by Mohammed Saher
Hasan
18
Elite Hackers
Sophisticated Intruders
Script Kiddies
Prepared by Mohammed Saher
Hasan
19
Insiders:

Are more dangerous than outside intruders.

Have the access and knowledge necessary to
cause immediate damage to an organization.
Prepared by Mohammed Saher
Hasan
20

Most security is designed to protect against
outside intruders and thus lies at the boundary
between the organization and the rest of the
world.

Besides employees, insiders also include a
number of other individuals who have physical
access to facilities.
Prepared by Mohammed Saher
Hasan
21

Attacks by individuals or even small groups of
attackers fall into the unstructured threat category.

Attacks at this level are generally conducted over
short periods of time (lasting at most a few months).

They do not involve a large number of individuals, and
have little financial backing.

They do not include collusion with insiders.
Prepared by Mohammed Saher
Hasan
22

Criminal activity on the Internet at its most basic is
not different than criminal activity in the physical
world.

A difference between criminal groups and the
“average” hacker is the level of organization that
criminal elements may employ in their attack.
Prepared by Mohammed Saher
Hasan
23
Attacks by criminal organizations can fall into the
structured threat category, which is characterized
by:
◦ Planning.
◦ Long period of time to conduct the activity.
◦ More financial backing.
◦ Corruption of or collusion with insiders.
Prepared by Mohammed Saher
Hasan
24

As nations become dependent on computer
systems and networks, essential elements of the
society might become a target.

They might be attacked by organizations or
nations determined to adversely affect another
nation.
Prepared by Mohammed Saher
Hasan
25

Many nations today have developed to some
extent the capability to conduct information
warfare.

Information warfare is warfare conducted against
information and the information-processing
equipment used by an adversary.
Prepared by Mohammed Saher
Hasan
26

Highly structured threats are characterized by:
◦ A long period of preparation (years is not uncommon).
◦ Tremendous financial backing.
◦ A large and organized group of attackers.

These threats may not only include attempts to
subvert insiders, but also include attempts to plant
individuals inside potential targets before an attack.
Prepared by Mohammed Saher
Hasan
27

In information warfare, military forces are certainly
still a key target

Other likely targets can be the various
infrastructures that a nation relies on for its daily
existence.
Prepared by Mohammed Saher
Hasan
28

Critical infrastructures are those infrastructures whose
loss would have a severe detrimental impact on a
nation.

Examples:
◦ Water.
◦ Electricity.
◦ Oil and gas refineries and distribution.
◦ Banking and finance.
◦ Telecommunications.
Prepared by Mohammed Saher
Hasan
29

Many countries have already developed a
capability to conduct information warfare.

Terrorist organizations can also accomplish
information warfare.
Prepared by Mohammed Saher
Hasan
30

Terrorist organizations are highly structured
threats that:
◦ Are willing to conduct long-term operations.
◦ Have tremendous financial support.
◦ Have a large and organized group of attackers.
Prepared by Mohammed Saher
Hasan
31

The type of individual who attacks a computer
system or a network has also evolved over the last
30 years.
◦ The rise of non-affiliated intruders, including “scriptkiddies,” has greatly increased the number of individuals
who probe organizations looking for vulnerabilities to
exploit.
Prepared by Mohammed Saher
Hasan
32

Another trend that has occurred is: as the level of
sophistication of attacks has increased, the level
of knowledge necessary to exploit vulnerabilities
has decreased.
Prepared by Mohammed Saher
Hasan
33

The two most frequent types of attacks have
remained constant with viruses and insider abuse
of net access being the most common.
Prepared by Mohammed Saher
Hasan
34

When a computer system is attacked, it is either
specifically targeted by the attacker, or it is an
opportunistic target.
Prepared by Mohammed Saher
Hasan
35

In the first case, the attacker chooses the target
not because of the hardware or software the
organization is running but for some other reason,
such as a political reason.
Prepared by Mohammed Saher
Hasan
36

The second type of attack, an attack against a target
of opportunity, is conducted against a site that has
hardware or software that is vulnerable to a specific
exploit.

The attackers, in this case, are not targeting the
organization. Instead, they have learned of a
vulnerability and are looking for an organization with
this vulnerability that they can exploit.
Prepared by Mohammed Saher
Hasan
37

Targeted attacks are more difficult and take more
time than attacks on a target of opportunity.
◦ The second type of attack relies on the fact that with any
piece of widely distributed software, there will almost
always be somebody who has not patched the system.
Prepared by Mohammed Saher
Hasan
38

The steps an attacker takes in attempting to
penetrate a targeted network are similar to the
ones that a security consultant performing a
penetration test would take.

The attacker will need to gather as much
information about the organization as possible.
Prepared by Mohammed Saher
Hasan
39

There are numerous web sites that provide
information on vulnerabilities in specific application
programs and operating systems.
Prepared by Mohammed Saher
Hasan
40

In addition to information about specific
vulnerabilities, some sites may also provide tools
that can be used to exploit vulnerabilities.

An attacker can search for known vulnerabilities
and tools that exploit them, download the
information and tools, and then use them against
a site.
Prepared by Mohammed Saher
Hasan
41

The first step in the technical part of an attack is
often to determine what target systems are
available and active.

This is often done with a ping sweep, which sends
a “ping” (an ICMP echo request) to the target
machine. If the machine responds, it is reachable.
Prepared by Mohammed Saher
Hasan
42

The next step is to perform a port scan. This will
help identify the ports that are open, which gives
an indication of the services running on the target
machine.
Prepared by Mohammed Saher
Hasan
43

After determining the services available, the
attacker needs to determine the operating system
running on the target machine and specific
application programs.
Prepared by Mohammed Saher
Hasan
44

The attack may be successful if the administrator
for the targeted system has not installed the
correct patch.

The attacker will move on to the next possible
vulnerability if the patch has been installed.
Prepared by Mohammed Saher
Hasan
45

There are different ways in which a system can be
attacked.
◦ Gathering as much information as possible about the target
(using both electronic and non-electronic means).
◦ Gathering information about possible exploits based on the
information about the system, and then systematically
attempting to use each exploit.

If the exploits do not work, other, less system-specific,
attacks may be attempted.
Prepared by Mohammed Saher
Hasan
46

Understanding the steps an attacker will take
enables to limit the exposure of the system and
minimize the avenues an attacker might possibly
exploit.
Prepared by Mohammed Saher
Hasan
47

The first step an administrator can take to minimize the
possible attacks is to ensure that all patches for the
operating system and the applications are installed.

The second step an administrator can take is to limit the
services running on a system.

Another step that can be taken to minimize the possible
avenues of attack is to provide as little information as
possible on an organization and its computing resources.
Prepared by Mohammed Saher
Hasan
48

There are a number of ways that a computer system or a
network can be attacked.

Attacks can result in one of a few general consequences:
◦ A loss of confidentiality where information is disclosed to
unauthorized individuals.
◦ A loss of integrity where information is modified by unauthorized
individuals.
◦ A loss of availability where information or the systems processing
it are not available for authorized users.
Prepared by Mohammed Saher
Hasan
49
Related documents
Internet Applications
Internet Applications
Adaptive Strategizing
Adaptive Strategizing
Mohammed`s story
Mohammed`s story
Curriculum Vitae - Philadelphia University
Curriculum Vitae - Philadelphia University
S.E. Dr. Rayed Khaled a. Krimly, Ambasciatore del Regno in Italia
S.E. Dr. Rayed Khaled a. Krimly, Ambasciatore del Regno in Italia
Auto CAD (Structural Drawing), Etab, MS Office
Auto CAD (Structural Drawing), Etab, MS Office
English at Home example lesson plan 2 – Mid Level
English at Home example lesson plan 2 – Mid Level
Full Day Data Sharing Course Outline - Ibrahim Hasan
Full Day Data Sharing Course Outline - Ibrahim Hasan
Open-Ended Definition of Diversity
Open-Ended Definition of Diversity
Download
advertisement