CSA 223 network and web security Chapter one What is information security. Look at: Define information security Define security as process, not.

CSA 223network and web security

Chapter one

What is information security. Look at:

Define information securityDefine security as process , not point product.

Define information security

Information is a knowledge obtained from investigation , study ,instruction ,news or facts .

Security is freedom from danger , safety ;freedom from fear.

Information security measures adopted to prevent the unauthorized use ,misuse ,modification, or denial of use of knowledge , facts ,data , or capability.

Or it is the steps you take to guard your information.

Define information security People are the weakest link in securing the

organization information. Information security will not guarantee the

safety of the organization , information ,or computer systems.

Security is a process , not a product A single layer of security cannot ensure good

security .effective security is achieved by combination of all security disciplines.

Do not rely on a single product for all security you must use layered approach.

Define information security

Information security is mindset; examine the threats to the organization .with this mindset, the user of information should feel confident and comfortable with the security process used by an organization.

There is currently no effective process to certify computer system.

History of security Physical security : • all assets and important information were

physical.• to protect these assets , physical security was

used, such as walls , moats , and guards. Communication security :• Use of encryption system (cipher) to allowed to send

messages that could not be read if they were interception.

Emissions security. Computer security. Network security. Information security.

Define security as process Many different products and types of products

are necessary to fully protect an organization some of these technologies and products include :

1.Anti-virus software.2.Access controls.3. policy management4.Firewalls.5.Biometrics6.Vulnerability scanning.7.Encryption.

Anti-virus

the goal of anti-virus is to reduce the exposure of the organization to malicious code.

anti-virus software will not protect organization from an intruder who misuses a legitimate program to gain access to the system .

Access control Capability to restrict access to files based on

the ID of the user. Access control can restrict legitimate users

from accessing files they should not have access to.

Authenticating a user’s access is accomplished by using any combination of something you know , something you have , or something you are.

Policy management and intrusion detection Policies and procedures are important

components of a good security program , and the management of policies across computer systems is equally important.

Using of a policy management system , an organization can be made aware of any system that does not confirm to policy.

Intrusion detection identify when someone doing something wrong and stop them.

Intrusion detection systems are not foolprof and cannot replace security practices

Firewalls Firewalls are access control devices for the

network and can assist in protecting an organization’s internal network from external attacks.

By their nature , firewalls are border security products ,meaning that they exist on the border between the internal network and the external network

Although firewalls provide protection from attackers , they cannot prevent an attack from using an allowed connection.

Biometrics

Biometrics uses a biological elements to authenticate the user’s access.

Biometrics are yet another authentication mechanism and they too can reduce the risk of someone guessing a password.

Types of Biometrics scanners include fingerprints ,face recognition and voice. Each method usually required some type of device to identify human characteristics.

Encryption Encryption is the primary mechanism for

communications security. Encryption might even protect information

that is in storage by encrypting files. The encryption system will not differentiate

between legitimate and illegitimate users if both present the same keys to the encryption algorithm . Therefore ,encryption by itself will not provide security.

Encryption need to controls on the Encryption keys and the system at hole.

Vulnerability scanning and Physical security Scanning computer system for vulnerabilities is

an important part of a good security program. Vulnerability scanning will not detect legitimate

users who may have inappropriate access . Physical security is the one product category that

could provide complete protection to computer systems and information employees must have access to computers and information in order for the organization to function therefore, the physical security must allow some people to gain access in this case physical security will not protect system from attacks that use legitimate access.

Chapter two types of attacks

Look at :

Access attacks. Modification attacks Denial-of-service attacks Repudiation attacks

Types of attacks

There are four primary categories of attacks:1. Access attacks.2. Modification attacks3. Denial-of-service attacks4. Repudiation attacks

2.1 Access attack An access is an attempt to gain information

that the attacker is not authorized to see. This attack can occur wherever the

information resides or may exist during transmission.

This type of attack is an attack against the confidentiality of the information.

There are three kinds of these attack:1. Snooping2. Eavesdropping3. interception

2.1.1Snooping Snooping is looking through information files in

the hopesSomething interesting. If the files are on a computer system , an attacker

may attempt to open one file after another until information is found.

information stored on media

Information on local hard drive and left in the office or on backups

taken off-site

desktop computer

2.1.2 Eavesdropping When someone listens in on a conversation that

they are not a part of , that is Eavesdropping. To gain unauthorized access to information , an

attacker must position himself at a location where information of interest is likely to pass by.

Wireless networks has increased the opportunity to perform Eavesdropping. Mainframe

attacker’s computer

Traffic from the desktop to

The mainframe travels over

The local area network.

the attacker can listen on the

session from the desktop by attaching to the same local area network

2.1.3 Interception Interception is an active attack against the

information. When an attacker Interception information he

is inserting him self in the path of the information and capturing it before it reaches its destination.

Attacker may allow the information to continue to its destination or not.

Information access using Interception is the most difficult option for an attacker.

How access attacks are accomplished If access control permission are set properly , the

unauthorized individual should be denied access . Correct permissions will prevent most casual

snooping. There are many vulnerabilities in that let attacker to

success on access to the unauthorized data. Attacker used a sniffer to Eavesdropping on the

transmission. A sniffer is a computer that is configured to capture

all the traffic on the network. A sniffer can be installed after an attacker has

increased his privileges on a system or if the attacker is allowed to connect his own system to the network.

2.2 modification attack A modification attack is an attempt to modify

information that an attacker is not authorized to modify.

Attacker may do one of the following :1. Changes: one type of modification attack is to change

existing information , such as an attacker changing an existing employee’s salary.

2. Insertion : when an insertion attack is made , information that did not previously exist is added. For example , an attacker might choose to add transaction in a banking system that moves funds from customer’s account to his own.

3. Deleting : a delete attack is the removal of existing information

How modification attacks are accomplished If the attacker has access to files ,

modification can be made. If the attacker does not have authorized

access to files the attacker would first have to increase his access to the system or remove the permission on the file.

Attacker use vulnerability on the computer system to access the system or files. Then attacker can modify the file data.

The attacker exploits vulnerability on the server and replace homepage with something new.

Define Denial-of-Service Attacks Define Denial-of-Service (DoS)Attacks are attacks

that deny the use of resources to legitimate users of the system , information , or capabilities.

(DoS) nothing more than vandalism . Denial of Access may occurs on:1. Information : Denial of Access to information causes

the information to be unavailable.2. Application : Denial of Access to applications

normally an attack against a computer system running the application.

3. Systems : Denial of Access to systems cause all information that stored on the system become unavailable.

How Denial-of-Service Attacks are accomplished

DoS attacks against the information can be made by simply turning off the system turning of system will also cause an attack against system.

DoS attacks against the application attacker send a predefined set of commands to the application that the application is not able to process properly . The application will likely crash.

Repudiation Repudiation attack is an attempt to give false

information or to deny that real event or transaction should have occurred.

An attacker may masquerade as another person to collect information or interrupt normal operations.