Beruflich Dokumente
Kultur Dokumente
1
Learning Objectives
Upon completion of this lecture, you should be able to:
• Understand the need for information security.
• Understand a successful information security program is the
responsibility of an organization’s general management and
IT management.
• Understand the threats posed to information security and
the more common attacks associated with those threats.
• Differentiate threats to information systems from attacks
against information systems.
Slide 2
Business Needs First, Technology Needs Last
Slide 3
Protecting the Ability to Function
• General Management & IT Management is responsible for
implementing IS
• Information security is
• a management issue
• a people issue
• Communities of interest must argue for information security in
terms of impact and cost.
Slide
Enabling Safe Operation
• Organizations must create integrated, efficient, and capable
applications
• Organization need environments that safeguard applications
using organizations IT Systems
• Applications OS platforms, E-mails, instant messaging
application
• Management must not abdicate to the IT department its
responsibility to make choices and enforce decisions
Slide 5
Protecting Data
Slide 6
Safeguarding Technology Assets
Slide 7
Threats
• Management must be informed
of the various kinds of threats
facing the organization
• A threat is an object, person,
or other entity that
represents a constant danger
to an asset
• By examining each threat
category in turn, management
effectively protects its
information through policy,
education and training, and
technology controls
Slide 8
Threats
• The CSI/FBI survey found:
• 90% of organizations responding detected computer security breaches within
the last year
• 80% lost money to computer breaches, totaling over $455,848,000 up from
$377,828,700 .
• The number of attacks that came across the Internet rose from 70% to 74% .
• Only 34% of organizations reported their attacks to law enforcement
Slide 9
Threats to Information Security
Slide 10
1. Acts of Human Error or Failure
• Includes acts done without
malicious intent
• Caused by:
• Inexperience
• Improper training
• Incorrect assumptions
• Other circumstances
• Employees are greatest threats
to information security – They
are closest to the organizational
data
Slide 11
1. Acts of Human Error or Failure
• Employee mistakes can easily
lead to the following:
• revelation of classified data
• entry of erroneous data
• accidental deletion or modification
of data
• storage of data in unprotected
areas
• failure to protect information
• Many of these threats can be
prevented with controls
Slide 12
Slide 13
Examples: Sony Pictures Entertainment
• The 2014 breach against Sony Pictures Entertainment began when attackers sent many of
Sony's top executives fake Apple ID verification emails. Each email led to a phishing site
that stole a target's Apple credentials.
• In the hope that someone had reused their Apple ID information across multiple accounts,
the hackers abused those usernames and passwords in conjunction with employees'
LinkedIn profiles to guess their way onto Sony's network.
• Upon gaining access, the hackers used Wiper malware to cripple the company's computer
networks and make off with 100 terabytes of data. The hackers, who the United States
believes were working for North Korea, eventually posted much of that information online.
• Sony Pictures Entertainment spent $35 million repairing its IT system, though the total cost
of the breach could be significantly higher than that amount.
14
Target
• On November 15, 2013, attackers broke into Target's network using network credentials
stolen from Fazio Mechanical Services, a provider of refrigeration and HVAC systems.
• Two sources close to the investigation told that attackers used Citadel, a password-stealing
malware which is a derivative of the ZeuS banking trojan.
• After gaining access to the retailer's network, the attackers installed malware on the point-
of-sale (POS) terminals at one of Target's stores.
• That malware facilitated the theft of 40 million credit- and debit-card records, as well as an
additional 70 million customer records (including addresses and phone numbers).
• Accounting for tax deductions and insurance reimbursement, the breach cost Target
approximately $105 million.
15
Five major categories, covering employee
security mistakes
1. Weak Password Security
o Using simple password
o Sharing passwords
2. Careless handling of data
o Sending data via email by mistake
o Accidentally deleting files
3. Inadequate software security
o Neglecting updates
o Intentionally disabling security features
4. Low security awareness
o Clicking on malicious email links
o Using and downloading unauthorized software
o Plugging unknown or insecure devices
5. Ineffective data access management
o Having too many privileges
o Performing unauthorized system changes
16
2. Compromises to Intellectual
Property(IP)
• Intellectual property is “the ownership of ideas and control over the tangible or
virtual representation of those ideas”
• Many organizations are in business to create intellectual property
• Trade secrets - Trade secrets are like copyright, except that it's about reasonable
protections to protect something that gives you a competitive advantage. Examples
include client lists and strategy plans, or the formula to Coca-Cola.
• Copyrights - Copyright protects the expression of an idea, not the idea itself.
• Trademarks - A trademark is a word or symbol that designates the source or
sponsorship of a particular good or service.
• Patents - Patents cover IDEAS themselves, not just (as copyright does) an idea's
expression. Patents can be methods, devices, new ways, new uses, new applications.
• The most common IP breach is the unlawful use or duplication of software
based IP , known as software piracy.
Slide 17
3. Espionage/Trespass
Broad category of electronic and human activities that breach confidentiality
of information.
Unauthorized user accessing of information
Attackers use many different techniques, some are legal some are illegal.
Slide 18
Slide 19
3. Espionage/Trespass
Slide 20
Slide 21
3. Espionage/Trespass
Slide 22
Examples
23
2. Snowden
• is an American computer professional, former Central Intelligence Agency (CIA) employee,
and former contractor for the United States government who copied and leaked classified
information from the National Security Agency (NSA) in 2013 without authorization.
• His disclosures revealed numerous global surveillance programs, many run by the
NSA with the cooperation of telecommunication companies and European governments.
• On May 20, 2013, Snowden flew to Hong Kong after leaving his job at an NSA facility in
Hawaii, and in early June he revealed thousands of classified NSA documents to journalists.
• On June 21, 2013, the U.S. Department of Justice unsealed charges against Snowden of two
counts of violating the Espionage Act of 1917 and theft of government property
24
4. Information Extortion
• Information extortion is an
attacker or formerly trusted
insider stealing information
from a computer system and
demanding compensation for
its return or non-use
• Extortion found in credit card
number theft
Slide 25
5. Sabotage or Vandalism
• Individual or group who want to deliberately sabotage/damage the operations of a
computer system or business, or perform acts of vandalism to either destroy an
asset or damage the image of the organization.
• These threats can range from petty vandalism to organized sabotage
• Organizations rely on image so Web defacing can lead to dropping consumers
confidence and sales.
• Vandalism within the network is more malicious.
Hacktivist/Cyberactivists:
• Another form of online Vandalism.
• Which disrupt system to protest the
Operations, policies, actions of an
organization or govt agency.
Cyberterrorism:
• they hack system to conduct terrorist
activities via network.
Slide 26
6. Deliberate Acts of Theft
Slide 27
7. Deliberate Software Attacks
• When an individual or group designs software to attack
systems, they create malicious code/software called malware
• Designed to damage, destroy, or deny service to the target
systems
• Includes:
• macro virus
• boot virus Trojan
• worms Horse
• Trojan horses M
• logic bombs R
• back door or trap door
O
W Virus
• denial-of-service attacks
• polymorphic
• hoaxes
Bomb
Slide 28
7. Deliberate Software Attacks
VIRUS
• Virus is a computer program or segment of codes that attaches itself to an
executable file or application.
• It can replicate itself, usually through an executable program attached to an e-
mail.
• Viruses can be passes from machine to machine via physical media as email,
data transmission devices.
• You must prevent viruses from being installed on computers in your
organizations.
Slide 29
Contd…
30
7. Deliberate Software Attacks
WORM
• worm is a malicious program that replicates itself without having to attach itself to
a host until they completely fill the available resource .
• Infected sources can be memory , hard drive space & network bandwidth.
• Most infamous worms are Code Red and Nimda.
• Cost businesses millions of dollars in damage as a result of lost productivity
• Computer downtime and the time spent recovering lost data, reinstalling
programming's, operating systems, and hiring or contracting IT personnel.
Slide 31
32
7. Deliberate Software Attacks
Trojan Horses
• It is a program in which malicious or harmful code is contained inside an
apparently harmless or useful code.
• Software programs that hide their true nature & reveal their designed
behavior only when activated.
• Trojan Programs disguise themselves as useful computer programs or
applications and can install a backdoor or rootkit on a computer.
• Backdoors or rootkits are computer programs that give attackers a
means of regaining access to the attacked computer later.
Slide 33
Slide 34
7. Deliberate Software Attacks
35
7. Deliberate Software Attacks
36
7. Deliberate Software Attacks
• Spyware
• A Spyware program sends info from the infected computer to the
person who initiated the spyware program on your computer
• Spyware program can register each keystroke entered.
• Adware
• Main purpose is to determine a user’s purchasing habits so that Web
browsers can display advertisements tailored to that user.
• Slow down the computer it’s running on.
• Adware sometimes displays a banner that notifies the user of its
presence
• Both programs can be installed without the user being aware
of their presence
Slide 38
7. Protecting against Deliberate Software
Attacks
Slide 39
8.Forces of Nature
• Forces of nature, or acts of God are dangerous because they are unexpected and
can occur with very little warning
• Can disrupt not only the lives of individuals, but also the storage, transmission,
and use of information
• Include fire, flood, earthquake, and lightning as well as volcanic eruption and
Windstorm. Floods Earthquakes
• Since it is not possible toWindstorms
avoid many of these threats, management must
Thunderstorms
implement controls toHumidity
limit damage and also prepare Tornadoes
contingency plans for
continued operations
Avalanche Volcanoes
Landslides Hurricanes
Fire Snowstorms
Slide 40
9. Deviations in Quality of Service by Service Providers
Slide 41
9. Internet Service Issues
Slide 42
9. Communications and Other
Services
• Other utility services have potential impact
• Among these are
• telephone
• water & wastewater
• trash pickup
• cable television
• natural or propane gas
• custodial services
• The threat of loss of services can lead to inability to function
properly
Slide 43
9. Power Irregularities
Slide 44
10. Technical Hardware Failures
or Errors
Slide 45
11. Technical software Failure or Errors
Slide 46
12.Technological Obsolescence
Slide 47
Attacks
Slide 48
Types of Attacks
1. Malicious codes
2. Hoaxes
3. Back Doors
4. Password Crack
Brute force
Dictionary
Rainbow
5. Denial-of-service (DoS) and Distributed Denial-of-service (DDoS)
6. Spoofing
7. Man-in-the-Middle
8. Spam
9. Mail Bombing
10. Sniffers
11. Social Engineering
49
1. Malicious
Code
• This kind of attack includes the execution of viruses, worms, Trojan horses, and active
web scripts with the intent to destroy or steal information.
• The multi-vector worm using up to six attack vectors to exploit a variety of vulnerabilities
in commonly found information system devices.
Slide 50
Attack Vectors
Slide 51
2. Virus Hoaxes
52
Characteristics
• Most hoaxes are sensational in nature and easily identified by the fact that they indicate
that the virus will do nearly impossible things, like blow up the recipient's computer and
set it on fire, or less sensationally, delete everything on the user's computer.
• They often include fake announcements claimed to originate from reputable computer
organizations together with mainstream news media.
• These bogus sources are quoted in order to give the hoax more credibility.
• Typically, the warnings use emotive language, stress the urgent nature of the threat and
encourage readers to forward the message to other people as soon as possible.
• Examples of this type include the jdbgmgr.exe virus hoax and the SULFNBK.EXE hoax.
53
Examples
• There have been famous virus hoax examples that have raised awareness of this issue
including:
• Good Times (was supposedly an e-mail virus that would delete the contents of your hard
disk);
• Pen Pal Greetings (was supposedly an e-mail borne virus that would infect the boot sector
of your PC and delete the contents of your hard drive);
• Deeyenda (supposedly an e-mail virus that re-writes your hard drive);
• Sulfnbk.exe - particularly destructive because it requested users to delete (of which many
did) this executable which is used to restore and backup long file names in Windows
95/98.;
• Bud Frogs – claims that if you download the screen saver it will crash your hard drive
54
Damage/Cost
55
3. Back Doors - Attack Descriptions
Slide 56
Types of backdoors
Considering relative risk, exposure and damage – the unconventional backdoors are more
dangerous
57
Common backdoors
58
4. Password Crack
59
1. Brute Force
• Brute force password attacks are a last resort to cracking a password as they are the least
efficient.
• In the most simple terms, brute force means to systematically try all the combinations for
a password.
• This method is quite efficient for short passwords, but would start to become infeasible to
try, even on modern hardware, with a password of 7 characters or larger.
• Assuming only alphabetical characters, all in capitals or all in lower-case, it would take
267 (8,031,810,176) guesses.
• This also assumes that the cracker knows the length of the password. Other factors include
number, case-sensitivity, and other symbols on the keyboard.
• The complexity of the password depends upon the creativity of the user and the
complexity of the program that is using the password.
• The upside to the brute force attack is that it will ALWAYS find the password, no matter it's
complexity. The downside is whether or not you will still be alive when it finally guesses it.
• Example of program that use brute force attacks: John the Ripper.
60
6. Dictionary
• Dictionary Attacks are a method of using a program to try a list of words on the interface or
program that is protecting the area that you want to gain access to.
• The most simple password crackers using dictionary attacks use a list of common single
words, ie., a "dictionary".
• More advanced programs often use a dictionary on top of mixing in numbers or common
symbols at the beginning or end of the guessed words.
• Some can even be given a set of personal information or a profile of the user and pick out
important words to guess, even if they are not proper words, such as pronouns like last
names and names of relatives.
• A weakness of dictionary attacks is that it obviously relies on words supplied by a user,
typically real words, to function.
• If the password is misspelled, is in another language, or very simply uses a word that is not
in the dictionary or profile, it cannot succeed. Most of the time, even using two words in
one password can thwart a dictionary attack.
• Examples of programs that use dictionary attacks: John the Ripper, L0phtCrack, and Cain
And Abel.
61
• Rainbow tables are a type of pre-computed password attack.
• The previous two attacks, Dictionary and Brute-Force, enter a password into the locked
program, the program then hashes the entry and compares the hash to the correct
password hash.
• Rainbow tables compute hashes for each word in a dictionary, store all of the hashes into a
hash table, retrieve the hash of the password to be cracked, and do a comparison between
each password hash and the real password hash.
• This method assumes that you can retrieve the hash of the password to be guessed and
that the hashing algorithm is the same between the rainbow table and the password.
• Rainbow tables have only become an efficient technique recently, as the hard drive space
needed to store the hashes was slightly cumbersome until memory became cheaper
62
• To give you an idea of how large a rainbow table can be:
Examples of programs that use rainbow tables: OphCrack, Oracle, and RainbowCrack
63
• To give an idea of the speed of modern password crackers, brute-force mode, takes:
64
7. Denial-of-service (DoS)
• DOS is an attack used to deny legitimate users access to a resource such as accessing a website, network, emails,
etc. or making it extremely slow.
• DoS is the acronym for Denial of Service.
• This type of attack is usually implemented by hitting the target resource such as a web server with too many
requests at the same time.
• This results in the server failing to respond to all the requests.
• The effect of this can either be crashing the servers or slowing them down.
• Cutting off some business from the internet can lead to significant loss of business or money.
• The internet and computer networks power a lot of businesses.
• Some organizations such as payment gateways, e-commerce sites entirely depend on the internet to do business.
Slide 65
Types of Dos Attacks
66
DDOS attack
67
Slide 68
Five common types of DOS attacks
• Ping of Death - Attacker creates an ICMP packet that is larger than the maximum allowed 65,535
bytes. The large packet is fragmented into smaller packets and reassembled at its destination.
• Smurf - A large numbers of Internet Control Message Protocol (ICMP) packets with the intended
victim's spoofed source IP are broadcast to a computer network using an IP broadcast address.
Most devices on a network will, by default, respond to this by sending a reply to the source IP
address.
• Buffer Overflow - Application error occurs when more data is sent to a buffer than it can
handle
• Teardrop - Involves sending fragmented packets to a target machine.
Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP
fragmentation reassembly, the packets overlap one another, crashing the target network device.
• SYN attack - Attacker sends a succession of SYN requests to a target's system in an attempt to
consume enough server resources to make the system unresponsive to legitimate traffic.
69
Symptoms of DoS
70
Spoofing
• These types of spoofing attacks are typically used to attack networks, spread malware and
to access confidential information and data.
71
Example
72
Slide 73
Man-in-the-Middle Attack
• MITM is one in which the attacker secretly intercepts and relays messages between two
parties who believe they are communicating directly with each other.
• A man-in-the-middle attack allows a malicious actor to intercept, send and receive data
meant for someone else, or not meant to be sent at all, without either outside party knowing
until it is too late.
• The goal of an attack is to steal personal information, such as login credentials, account details
and credit card numbers.
• Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and
other websites where logging in is required.
• Information obtained during an attack could be used for many purposes, including identity
theft, unapproved fund transfers or an illicit password change.
Slide 74
Example
75
Slide 76
11. Sniffers
• A sniffer is an application or device that can read, monitor, and capture network data exchanges and
read network packets.
• If the packets are not encrypted, a sniffer provides a full view of the data inside the packet.
• Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the
attacker does not have access to the key.
• Using a sniffer, an attacker can do any of the following:
1. Analyze your network and gain information to eventually cause your network to crash or to become
corrupted.
2. Read your communications.
Slide 77
12.Social Engineering
• Social engineering is the term used for a broad range of malicious activities accomplished
through human interactions.
• It uses psychological manipulation to trick users into making security mistakes or giving
away sensitive information.
• Social engineering attacks happen in one or more steps.
• A perpetrator first investigates the intended victim to gather necessary background
information, such as potential points of entry and weak security protocols, needed to
proceed with the attack.
• Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent
actions that break security practices, such as revealing sensitive information or granting
access to critical resources.
• What makes social engineering especially dangerous is that it relies on human error, rather
than vulnerabilities in software and operating systems.
• Mistakes made by legitimate users are much less predictable, making them harder to
identify and thwart than a malware-based intrusion.
78
79
Social engineering attack techniques
• Social engineering attacks come in many different forms and can be performed anywhere
where human interaction is involved.
• The following are the most common forms of digital social engineering assaults.
1. Baiting
• As its name implies, baiting attacks use a false promise to pique a victim’s greed or
curiosity.
• They lure users into a trap that steals their personal information or inflicts their systems
with malware. Eg: The most reviled form of baiting uses physical media to disperse
malware.
2. Phishing
• As one of the most popular social engineering attack types, phishing scams are email and
text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims.
• It then prods them into revealing sensitive information, clicking on links to malicious
websites, or opening attachments that contain malware.
80
3. Spear phishing
• This is a more targeted version of the phishing scam whereby an attacker chooses specific
individuals or enterprises.
• They then tailor their messages based on characteristics, job positions, and contacts
belonging to their victims to make their attack less conspicuous.
• Spear phishing requires much more effort on behalf of the perpetrator and may take
weeks and months to pull off.
• They’re much harder to detect and have better success rates if done skillfully.
81
Timing Attack
• relatively new
• works by exploring the contents of a web browser’s cache
• can allow collection of information on access to password-protected sites
• another attack by the same name involves attempting to intercept cryptographic elements to
determine keys and encryption algorithms
Slide 82