Chapter 1 - Security Concepts

7/30/2019 Chapter 1 - Security Concepts

1/26

INTRODUCTION TO SECURITY INTRODUCTION TO INTERNET SECURITY AND

SECURITY FROM INTERNET SOURCES SECURITY POLICIES AND PROCEDURE STATEMENTS SECURITY THREATS


2/26


SECURITY FROM INTERNET SOURCES SECURITY POLICIES AND PROCEDURE STATEMENTS SECURITY THREATS


3/26

Protection of network & their services

Protects from: unauthorized modification,destruction, disclosure

Ensures the network performs it functionscorrectly & no harmful side effect


4/26

To protect company assets. To gain a competitive advantage.

To comply with regulatory requirements andfiduciary responsibilities.

To keep your job


5/26

In 1999, a survey conducted jointly by the AmericanSociety for Industrial Security and Pricewaterhouse-Coopers (ASIS/PWC) reported that:-

Fortune 1000 companies lost more than $45 billion fromtheft of "proprietary information.

45% of the respondents said that they had suffered afinancial loss as a result of information loss, theft, ormisappropriation.

On average, the responding companies reported 2.45incidents with an estimated cost of $500,000 per incident.

The number of reported incidents per month hadincreased over the last 17 months.


6/26

The FBI/CSI survey received 521 responses fromindividuals in the computer security field. 30 % of the respondents reported an intrusion from an outside

source.

55% of the respondents reported an unauthorized intrusion by asource inside the organization.

Of those respondents that reported a loss, the average lossfrom the theft of proprietary information increased from$1,677,000 in 1998 to $1,847,652 in 1999.

The average loss from financial fraud rose from $388,000 in1998 to over $1,400,000 in 1999.

The total financial losses due to computer-related crime for the521 respondents amounted to more than $120 million.


7/26

From Message Labs - 17 Jan, 2004

Processing between 50,000 and 60,000 new

copies per hour, "W32/Mydoom.A has exceededthe infamous SoBig.F virus in terms of copiesintercepted, and the number continues to rise."

Message Labs collected over 1.2 Million copies of

W32/Mydoom.A-mm At its peak infection rate, about 1 in 12 emails on

the Internet were MyDoom Viruses


8/26

From Trend Micro - 16 Jan, 2004

It is estimated that PC Viruses cost businesses

approximately $55 Billion in damages in 2003. The same calculations in were done in 2002 and

2001, at $20-30 Billion and $13 Billion,

respectively.


9/26

Top 10 viruses1. The Morris Worm2. The Concepts Virus

3. CIH4. The Anna Kournikova Worm5. Iloveyou6. The Melissa Virus

7. The Blaster Worm8. Netsky And Sasser9. OSX/Rsplug Trojan10. Storm Worm

*** Information courtesy of Sophos


10/26

Top 10 Spyware Malware1. New.net W32/Sdbot.ftp2. Cydoor W32/Netsky.P.worm

3. BetterInet Trj/Qhost.gen4. Altnet W32/Gaobot.gen.worm5. Petro-Line Trj/Citifraud.A6. MarketScore Trj/Zapchast.D

7. Virtumonde W32/Parite.B8. Media-motor W32/Netsky.D.worm9. Aveo-Attune W32/Sasser.ftp10. Aureate-Radiate VBS/Psyme.C

Sources : spotlightingnews.com 2006


11/26

Logon using strong password (encryptedlogin)

File system install security patches

regularly (install firewall) Data Communication restricted

connection (do not open the network to thepublic without any monitoring)

Administrative depending to the networksecurity personnel (monitor the networktraffic all the time)


12/26


SECURITY FROM INTERNET SOURCES SECURITY POLICIES AND PROCEDURE STATEMENTS

SECURITY THREATS


13/26

Electronic Mail and News File transfer Remote Access to hosts Real time conferencing


14/26

Information Theft Information theft, one disgruntled (dissatisfied)

employee who has either the desire to harm his or her

employer or is motivated by financial gain to presentan insider threat to the organization.

Unauthorised Disclosure That an organization suspects some of its employees

of leaking confidential information to its competitor.It is also usually believed that its competitor actuallyplanted spies within the organization in order totarget and steal new product plans.


15/26

Information Warfare Information warfare is the offensive and defensive use

of information and information system to deny,

exploit, corrupt or destroy and adversarysinformation ,information-based processes,information systems and computer-based networkswhile protecting ones own.

Accidental data loss Most common data loss cause, simply accidentally

deleting a file that wasn't supposed to be deleted.Caused by a careless employee or an untrainedemployee who did not know better.


16/26



SECURITY THREATS


17/26

A security policy is a formal statement of the rules bywhich people who are given access to anorganization's technology and information assets

must abide. Addresses the constraints on behavior of its members

as well as constraints imposed on adversaries bymechanisms such as doors, locks, keys and walls.

For systems, the security policy addresses constraintson functions and flow among them, constraints onaccess by external systems and adversaries includingprograms and access to data by people.


18/26

To inform users, staff and managers of theirobligatory requirements for protecting

technology and information assets. To provide a baseline from which to acquire,

configure and audit computer systems andnetworks for compliance with the policy.


19/26

Site security administrator Information technology technical staff (e.g.,

Staff from computing center)

Administrators of large user groups within theorganization (e.g., Business divisions, computerscience department within a university, etc.)

Security incident response team Representatives of the user groups affected by

the security policy Responsible management Legal counsel (if appropriate)


20/26

At a minimum, a good security usage policy should Be readily accessible to all members of the organization. Define a clear set of security goals. Accurately define each issue discussed in the policy.

Clearly show the organizations position on each issue. Describe the justification of the policy regarding each issue. Define under what circumstances the issue is applicable. State the roles and responsibilities of organizational members with

regard to the described issue. Spell out the consequences of noncompliance with the described

policy. Provide contact information for further details or clarification

regarding the described issue. Define the users expected level of privacy. Include the organizations stance on issues not specifically defined.


21/26

Access to Internet-based Web server resources shall onlybe allowed for the express purpose of performing work-related duties. This policy is to insure the effective use ofnetworking resources and shall apply equally to allemployees. This policy shall be enforced during bothproduction and non-production time periods. All Webserver access can be monitored by networkingpersonnel, and employees may be required to justifyWeb server access to their direct supervisor. Failure tocomply with this policy will result in the issuance of awritten warning. For more information regarding what isconsidered appropriate Web server access of Internetresources, please consult your direct supervisor.


22/26



SECURITY THREATS


23/26

Insecure Architectures

A misconfigured network is a primary entry pointfor unauthorized users.

Broadcast Networks Using hardware (hubs, switch, router) without

implement protection to save the data that has

been processed there

Centralized Servers

central server can allow access to the entire

network.


24/26

An attacker is someone who looks to steal ordisrupt your assets.

A hacker is someone with a deepunderstanding of computers and/ornetworking.


25/26

Internal threats Mobile and remote users

Internet and TCP/IP Physical Phone attacks Social engineering


26/26

Authentication compromises. Improper input validation.

Sniffing activities. Denial of Services (DoS) Exploiting physical access. Viruses, malware and Trojans.

Chapter 1 - Security Concepts

Documents