FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd Edition Chapter 1 Introduction to Information Security
FIREWALLS & NETWORK SECURITY
with Intrusion Detection and VPNs,
2nd Edition
Chapter 1
Introduction to
Information Security
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 2 Firewalls & Network Security, 2nd ed. - Chapter 1
Learning Objectives
Upon completion of this chapter, you should be able to:
Explain the relationship among the component parts of information
security, especially network security
Define the key terms and critical concepts of information and
network security
Describe the organizational roles of information and network
security professionals
Understand the business need for information and network security
Identify the threats posed to information and network security, as
well as the common attacks associated with those threats
Differentiate threats to information within systems from attacks
against information within systems
Slide 3 Firewalls & Network Security, 2nd ed. - Chapter 1
Introduction
Firewalls and network security are critical
components in securing day-to-day operations
of nearly every organization in business today
Before learning to plan, design, and implement
firewalls and network security, it is important to
understand the larger topic of information
security and how these two components fit into
it
Slide 4
What Is Information Security?
Information security (InfoSec) is defined by
standards published by CNSS as the protection
of information and its critical elements, including
the systems and hardware that use, store, and
transmit that information
To protect information and related systems,
organizations must implement policy,
awareness training and education, and
technology
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 4
Slide 5 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 5
Figure 1-1
Components of Information Security
Slide 6
What is Information Security?
(continued)
C.I.A. triangle consists of Confidentiality,
Integrity, and Availability
List of characteristics has expanded over time,
but these three remain central
Successful organization maintains multiple
layers of security:
– Network security
– Physical security
– Personal security
– Operations security
– Communications security Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 6
Slide 7 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 7
Critical Characteristics of Information
Availability enables authorized users to access
information without interference or obstruction
and to receive it in required format
Accuracy means information is free from error
and has the value the end user expects
Authenticity is quality or state of being genuine
or original, rather than reproduced or fabricated;
information is authentic when it is what was
originally created, placed, stored, or transferred
Slide 8
Critical Characteristics of Information
(continued)
Confidentiality is when information is protected
from exposure to unauthorized entities
Integrity is when information remains whole,
complete, and uncorrupted
Utility of information is quality or state of having
value for some end purpose; information must
be in a format meaningful to end user
Possession is ownership or control of some
object or item; information is in one’s
possession if one obtains it, independent of
format or other characteristics Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 8
Slide 9 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 9
Figure 1-2
The CIA Triad and the McCumber Cube
Slide 10
Securing Components
When computer is subject of an attack, it is
used as active tool to conduct attack
When computer is object of an attack, it is entity
being attacked
Direct attack is when hacker uses a computer to
break into a system
Indirect attack is when a system is
compromised and used to attack other systems,
such as a botnet or other distributed denial-of-
service attack
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 10
Slide 11
Figure 1-3 Computer as the
Subject and Object of an Attack
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 11
Slide 12
Balancing Information Access and
Security
Information security cannot be an absolute; it is
a process, not a goal
Information security should balance protection
and availability
To achieve balance—to operate information
system to satisfaction of users and security
professionals—level of security must allow
reasonable access, yet protect against threats
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 12
Slide 13
Balancing Information Access and
Security (continued)
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 13
Slide 14
Business Needs First
Information security performs four important
organizational functions:
Protects organization’s ability to function
Enables safe operation of applications
implemented on organization’s IT systems
Protects data the organization collects and uses
Safeguards technology assets in use at the
organization
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 14
Slide 15
Security Professionals and the
Organization
Chief Information Officer
– Senior technology officer
– Primarily responsible for advising senior
executive(s) for strategic planning
Chief Information Security Officer
– Individual primarily responsible for assessment,
management, and implementation of securing
information in the organization
– May also be referred to as Manager for Security,
Security Administrator, or a similar title
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 15
Slide 16
Security Professionals and the
Organization (continued)
Information security project team should consist of
individuals experienced in one or more facets of
vast array of technical and nontechnical areas:
Champion
Team leader
Security policy developers
Risk assessment specialists
Security professionals
System, network, and storage administrators
End users
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 16
Slide 17 Firewalls & Network Security, 2nd ed. - Chapter 1 17
Data Ownership
Data owner: responsible for the security and
use of a particular set of information
Data custodian: responsible for the storage,
maintenance, and protection of the information
Data users: the end systems users who work
with the information to perform their daily jobs
supporting the mission of the organization
Slide 18
Threats
Sun Tzu Wu:
―If you know the enemy and know yourself, you
need not fear the result of a hundred battles.
If you know yourself but not the enemy, for
every victory gained you will also suffer a
defeat.
If you know neither the enemy nor yourself, you
will succumb in every battle.‖
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 18
Slide 19
Threats (continued)
To make sound decisions about information
security, management must be informed about
the various threats facing the organization, its
people, applications, data, and information
systems—that is, the enemy
In the context of information security, a threat is
an object, person, or other entity that represents
a constant danger to an asset
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 19
Slide 20
Threats (continued)
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 20
Slide 21 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 21
Human Error or Failure
Includes acts done without malicious intent
Caused by: inexperience, improper training, incorrect assumptions, and other circumstances
Employees are greatest threats to information security—closest to organizational data
Employee mistakes can easily lead to: – Revelation of classified data
– Entry of erroneous data
– Accidental deletion or modification of data
– Storage of data in unprotected areas
– Failure to protect information
Slide 22
Human Error or Failure (continued)
Many of these can be prevented with controls
Slide 22 Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 23 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 23
Figure 1-5 Human Error or Failure
Slide 24 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 24
Compromises to Intellectual Property
Intellectual property is ―the ownership of ideas
and control over the tangible or virtual
representation of those ideas‖
Many organizations create intellectual property—
trade secrets, copyrights, trademarks, patents
Most common IP breach is software piracy
Watchdog organizations that investigate include:
– Software & Information Industry Association (SIIA)
– Business Software Alliance (BSA)
Slide 25
Compromises to Intellectual Property
(continued)
Copyright enforcement is attempted with
technical security mechanisms and online
registration
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 25
Slide 26 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 26
Espionage or Trespass
Category of activities that breach confidentiality
Unauthorized accessing of information
Competitive intelligence vs. espionage
Shoulder surfing can occur any place a person
is accessing confidential information
Controls are implemented to mark the
boundaries of an organization’s virtual territory,
giving notice to trespassers that they are
encroaching on the organization’s cyberspace
Slide 27
Espionage or Trespass (continued)
Hackers use skill, guile, or fraud to steal the
property of someone else
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 27
Slide 28 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 28
Figure 1-6 Shoulder Surfing
Slide 29 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 29
Figure 1-7 Hacker Profiles
Slide 30 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 30
Espionage or Trespass (continued)
Generally two skill levels among hackers:
– Expert hacker
• Develops software scripts and codes exploits
• Usually a master of many skills
• Often creates attack software to share with others
– Unskilled hackers (script kiddies)
• Hackers of limited skill
• Use expert-written software to exploit a system
• Do not usually fully understand systems they hack
Slide 31
Espionage or Trespass (continued)
Other terms for system rule breakers:
– Cracker: ―cracks‖ or removes protection
designed to prevent unauthorized duplication
– Phreaker: hacks the public telephone network
Slide 31 Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 32 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 32
Information Extortion
Information extortion is an attacker or formerly
trusted insider stealing information from a
computer system and demanding compensation
for its return or non-use
Extortion found in credit card number theft
Slide 33 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 33
Sabotage or Vandalism
Individual or group who wants to deliberately sabotage operations of a computer system or business or perform acts of vandalism to either destroy an asset or damage image of the organization
Threats can range from petty vandalism to organized sabotage
Organizations rely on image so Web defacing can lead to dropping consumer confidence and sales
Rising threat of hacktivist or cyber-activist operations; most extreme version is cyber-terrorism
Slide 34 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 34
Theft
Illegal taking of another’s property—physical,
electronic, or intellectual
Value of information suffers when it is copied
and taken away without the owner’s knowledge
Physical theft can be controlled—wide variety of
measures used from locked doors to guards or
alarm systems
Electronic theft is more complex problem to
manage and control; organizations may not
even know it has occurred
Slide 35 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 35
Software Attacks
When an individual or group designs software to attack systems, they create malicious code called malware
Designed to damage, destroy, or deny service to target systems
Includes: – Virus (macro virus or boot virus )
– Worms
– Trojan horses
– Back door or trap door
– Polymorphic
– Virus and worm ―hoaxes‖
Slide 36 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 36
Figure 1-8 Trojan Horse Attack
Slide 37 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 37
Forces of Nature
Forces of nature, force majeure, or acts of God are dangerous because they are unexpected and can occur with very little warning
Can disrupt not only the lives of individuals, but also the storage, transmission, and use of information
Include fire, flood, earthquake, and lightning as well as electrostatic discharge
Since it is not possible to avoid many of these threats, management must implement controls to limit damage and also prepare contingency plans for continued operations
Slide 38 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 38
Deviations in Quality of Service
Situations of product or services not delivered
as expected
Information system depends on many inter-
dependent support systems
Service issues that dramatically affect the
availability of information and systems include:
– Internet service
– Communications service
– Power irregularities
Slide 39 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 39
Internet Service Issues
Loss of Internet service can lead to considerable loss in availability of information since organizations have customer sales staff and telecommuters working at remote locations
When an organization outsources its Web servers, outsourcer assumes responsibility for all Internet services as well as for hardware and operating system software used to operate the Web site
Slide 40 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 40
Communications and Other Service
Provider Issues
Other utility services have potential impact
Among these are:
– Telephone
– Water & wastewater
– Trash pickup
– Cable television
– Natural or propane gas
– Custodial services
The threat of loss of services can lead to
inability to function properly
Slide 41 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 41
Power Irregularities
Power irregularities are common and lead to fluctuations such as:
– Spike: momentary increase
– Surge: prolonged increase
– Sag: momentary low voltage
– Brownout: prolonged drop
– Fault: momentary loss of power
– Blackout: prolonged loss
Electronic equipment is susceptible to fluctuations; controls can be applied to manage power quality
Slide 42 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 42
Hardware Failures or Errors
Technical hardware failures or errors occur
when manufacturer distributes to users
equipment containing flaws
These defects can cause system to perform
outside of expected parameters, resulting in
unreliable service or lack of availability
Some errors are terminal, in that they result in
unrecoverable loss of equipment; some errors
are intermittent, in that they only periodically
manifest, resulting in faults that are not easily
repeated
Slide 43 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 43
Software Failures or Errors
This category of threats comes from purchasing
software with unrevealed faults
Large quantities of computer code are written,
debugged, published, and sold only to
determine that not all bugs were resolved
Sometimes, unique combinations of certain
software and hardware reveal new bugs
Sometimes, these items aren’t errors, but are
purposeful shortcuts left by programmers for
honest or dishonest reasons
Slide 44 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 44
Obsolescence
When infrastructure becomes antiquated or outdated, it leads to unreliable and untrustworthy systems
Management must recognize that when technology becomes outdated, there is a risk of loss of data integrity to threats and attacks
Ideally, proper planning by management should prevent risks from technology obsolesce, but when obsolescence is identified, management must take action
Slide 45 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 45
Attacks
An attack is a deliberate act that exploits
vulnerability
Accomplished by threat agent to damage or
steal organization’s information or physical
asset
– Exploit is a technique to compromise a system
– Vulnerability is an identified weakness of a
controlled system whose controls are not present
or are no longer effective
– Attack is the use of an exploit to achieve the
compromise of a controlled system
Slide 46 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 46
Malicious Code
This kind of attack includes the execution of
viruses, worms, Trojan horses, and active Web
scripts with the intent to destroy or steal
information
The state of the art in attacking systems is the
multi-vector worm using up to six attack vectors
to exploit a variety of vulnerabilities in commonly
found information system devices
Slide 47 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 47
Table 1-2 Attack Replication Vectors
New Table
Slide 48 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 48
Attack Descriptions
―Hoaxes‖: a more devious approach to attacking
computer systems is transmission of a virus
hoax, with a real virus attached
Back doors: using a known or previously
unknown and newly discovered access
mechanism, an attacker can gain access to a
system or network resource
Password crack: attempting to reverse calculate
a password
Slide 49 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 49
Attack Descriptions (continued)
Brute force: the application of computing and
network resources to try every possible
combination of options of a password
Dictionary: the dictionary password attack
narrows the field by selecting specific accounts
to attack and uses a list of commonly used
passwords (the dictionary) to guide guesses
Slide 50 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 50
Attack Descriptions (continued)
Denial-of-service (DoS): attacker sends a large
number of connection or information requests to
a target; so many requests are made that the
target system cannot handle them successfully
along with other, legitimate requests for service
– May result in a system crash or merely an
inability to perform ordinary functions
Distributed denial-of-service (DDoS): attack in
which a coordinated stream of requests is
launched against a target from many locations
at the same time
Slide 51 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 51
Figure 1-9 Denial-of-Service Attacks
Slide 52 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 52
Attack Descriptions (continued)
Spoofing: technique used to gain unauthorized access whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host
Man-in-the-Middle: in this attack, an attacker sniffs packets from the network, modifies them, and inserts them back into the network; also called TCP hijacking
Spam: unsolicited commercial e-mail; while many consider spam a nuisance rather than an attack, it is emerging as a vector for some attacks
Slide 53 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 53
Figure 1-10 IP Spoofing
Slide 54 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 54
Figure 1-11 Man-in-the-Middle
Slide 55 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 55
Attack Descriptions (continued)
Mail-bombing: another form of e-mail attack that is also a DoS, in which an attacker routes large quantities of e-mail to the target
Sniffer: program and/or device that can monitor data traveling over a network; can be used for both legitimate network management and for stealing information from a network
Social engineering: within the context of information security, the process of using social skills to convince people to reveal access credentials or other valuable information
Slide 56 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 56
Figure 1-12 The Nigerian National
Petroleum Company
Slide 57 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 57
Attack Descriptions (continued)
―People are the weakest link. You can have the
best technology; firewalls, intrusion-detection
systems, biometric devices ... and somebody
can call an unsuspecting employee. That's all
she wrote, baby. They got everything.‖
– Kevin Mitnick
Slide 58 Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 58
Attack Descriptions (continued)
Buffer overflow: application error occurs when more data is sent to buffer than it can handle; when buffer overflows, attacker can make target system execute instructions or attacker can take advantage of some other unintended consequence of the failure
Timing attack: relatively new, works by exploring contents of Web browser’s cache; can allow collection of information on access to password-protected sites
– Another attack by the same name involves attempting to intercept cryptographic elements to determine keys and encryption algorithms
Slide 59
Chapter Summary
Firewalls and network security are essential
components for securing systems that
businesses use to run day-to-day operations
Information security is protection of information
and its critical elements, including systems and
hardware that use, store, and transmit that data
C.I.A. triangle based on confidentiality, integrity,
availability of info and systems that process it
CNSS Security model (McCumber Cube)
provides graphical description of approach used
in computer and information security
Firewalls & Network Security, 2nd ed. - Chapter 1 59
Slide 60
Chapter Summary (continued)
Computer can be subject of attack or object of
attack; two types of attacks: direct and indirect
Information security not an absolute: a process,
not a goal; should balance reasonable access
and availability while protecting against threats
Information security performs four functions:
– Protects organization’s ability to function
– Enables safe operation of applications
implemented on organization’s IT systems
– Protects data that organization collects and uses
– Safeguards technology assets of organization
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 60
Slide 61
Chapter Summary (continued)
Requires wide range of professionals and skill
sets to support information security program
Information security project team includes: team
leader, security policy developers, risk
assessment specialists, security professionals,
systems, network and storage administrators,
and end users
Three types of data ownership: data owner,
data custodian, and data user
Threat is object, person, or other entity that
represents a constant danger to assets
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 61
Slide 62
Chapter Summary (continued)
Attack is deliberate act or action that takes
advantage of vulnerability to compromise
controlled system
Vulnerability is identified weakness in controlled
system
Major types of attacks include: malicious code,
―hoaxes‖ of malicious code, back doors,
password cracking, DoS, DDoS, spoofing, man-
in-the-middle, spam, mail bombing, sniffers,
social engineering, buffer overflow, and timing
attacks
Firewalls & Network Security, 2nd ed. - Chapter 1 Slide 62