Guide to Network Defense and Countermeasures Third Edition Chapter 1 Network Defense Fundamentals
© Cengage Learning 2014
What is Information Security?
• Protection of information and its critical elements
– Systems and hardware that use, store, and transmit information
• Information security includes:
– Information security management
– Computer and data security
– Network security
2
© Cengage Learning 2014
What is Information Security? (cont’d.)
• Security layers
– Network security
• Protect components, connections, and contents
– Physical items or areas
– Personal security
• Protect people
– Operations security
• Protect details of activities
– Communications security
• Protect media, technology, and content
3
© Cengage Learning 2014
Information Security Terminology
• Asset
– Organizational resource being protected
• Attack
– Act that causes damage to information or systems
• Control, safeguard, or countermeasure
– Security mechanisms, policies, or procedures
• Exploit
– Technique used to compromise a system
• Exposure
– Condition or state of being exposed to attack
4
© Cengage Learning 2014
Information Security Terminology
• Risk
– Probability that something unwanted will happen
• Subject
– Agent used to conduct the attack
• Threat
– Entity presenting danger to an asset
• Vulnerability
– Weakness or fault in a system
– Opens up the possibility of attack or damage
5
© Cengage Learning 2014
Critical Characteristics of Information
• Availability
– Ability to access information without obstruction
• Accuracy
– Information is free from errors
• Authenticity
– Quality or state of being genuine
• Confidentiality
– Protection from disclosure to unauthorized
individuals or systems
• Integrity
– Information remains whole, complete, uncorrupted6
© Cengage Learning 2014Guide to Network Defense and Countermeasures, 3rd Edition 7
Overview of Threats to Network
Security
• Network intrusions cause:
– Loss of data
– Loss of privacy
– Other problems
• Businesses must actively address information security
© Cengage Learning 2014Guide to Network Defense and Countermeasures, 3rd Edition 8
Threats to Network Security
• Knowing the types of attackers helps you anticipate
• Motivation to break into systems
– Status
– Revenge
– Financial gain
– Industrial espionage
© Cengage Learning 2014Guide to Network Defense and Countermeasures, 3rd Edition 9
Threats to Network Security
• Hackers
– Attempt to gain access to unauthorized resources
• Circumventing passwords, firewalls, or other
protective measures
• Disgruntled employees
– Usually unhappy over perceived injustices
– Steal information to give confidential information to
new employees
– When an employee is terminated, security measures should be taken immediately
© Cengage Learning 2014Guide to Network Defense and Countermeasures, 3rd Edition 10
Threats to Network Security
• Terrorists
– Attack computer systems for several reasons
• Making a political statement
• Achieving a political goal
– Example: release of a jailed comrade
• Causing damage to critical systems
• Disrupting a target’s financial stability
• Government Operations
– A number of countries see computer operations as a spying technique