Handling Security Incidents

Slides:



Advertisements
Similar presentations
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Computer Viruses.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security, Privacy, and Ethics Online Computer Crimes.
Hands-On Ethical Hacking and Network Defense
Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Threats and Attacks Principles of Information Security, 2nd Edition
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
APA of Isfahan University of Technology In the name of God.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
FORESEC Academy FORESEC Academy Security Essentials (II)
 a crime committed on a computer network, esp. the Internet.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides.
Computer Crimes 8 8 Chapter. The act of using a computer to commit an illegal act Authorized and unauthorized computer access. Examples- o Stealing time.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Chapter 5: General Computer Topics Department of Computer Science Foundation Year Program Umm Alqura University, Makkah Computer Skills /1436.
Operating system Security By Murtaza K. Madraswala.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Security CS Introduction to Operating Systems.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Topic 5: Basic Security.
Chap1: Is there a Security Problem in Computing?.
Malicious Software.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Computer Security By Duncan Hall.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
Role Of Network IDS in Network Perimeter Defense.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
© SYBEX Inc All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”
Threats to computers Andrew Cormack UKERNA.
Operating system Security
Security in Networking
WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.
Introduction to Computer Forensics
12: Security The Security Problem Authentication Program Threats
Chap 10 Malicious Software.
Faculty of Science IT Department By Raz Dara MA.
Security.
Intrusion Detection system
Chap 10 Malicious Software.
Operating System Concepts
Operating System Concepts
Chapter Goals Discuss the CIA triad
Presentation transcript:

Handling Security Incidents Chapter 7

Attack Terms and Concepts An attack is any attempt to Gain unauthorized access to a system Deny authorized users from accessing a system The purpose of an attack is to Bring about data disclosure, alteration, or destruction An attacker is an individual (or group) who strives to violate a system’s security When an attacker breaks a law or regulation, a computer crime occurs

Types of Attacks Military and Intelligence Attacks Business Attack Attacks are attempts to acquire secret information from military or law enforcement agencies For example, defense strategies, sealed legal proceedings Business Attack Similar to a military attack, but the target is a commercial organization Purpose is to access sensitive data For example, trade secret information

Types of Attacks (continued) Financial Attack Target is a commercial organization Purpose is to acquire goods, services, or money improperly For example, phone phreaking Terrorist Attacks Coordinates with a physical attack by disrupting communication and infrastructure control systems Purpose is to affect the ability of agencies to react to the physical attack

Types of Attacks (continued) Grudge Attacks Purpose is to inflict damage or seek revenge against an organization Former employees comprise a large number of these attackers Fun Attacks No real purpose except bragging rights for the hacker Can be very difficult to track down

Understanding Security Incidents A security incident is defined as any violation of a security policy Every attack is an incident Not every incident is an attack Incident recognition starts with user education Users should know what the policies are so they will know when an incident has occurred Users should also be educated about what to do if they notice that an incident has occurred

Handling Security Incidents Many incidents go unresolved because they are unnoticed Some incidents are discovered after the fact through log analysis or system audit For example, unauthorized access to secure files discovered by scanning an access log Some incidents are identified and examined as they occur Denial of Service attacks are usually apparent as they occur

Types of Incidents Each of the four general types of incidents presents its own challenges in detection and avoidance Scanning The systematic probing of ports to find open ports and query them for information Is not an attack, but may be a precursor to an attack Compromise Any unauthorized access to a system Generally involves defeating or bypassing security controls Detecting compromise is usually by noticing something unusual in system activity

Types of Incidents (continued) Malicious code Any program, procedure, or executable file that makes unauthorized modifications or triggers unauthorized activity Viruses, worms, Trojan horses fall into this category Denial of Service (DoS) Violates the availability property of security Denies authorized users access to a system Highly disruptive to online retailers

Incident Management Methods and Tools A security policy should have incident handling plans for all likely incidents Often a standing incident response team is created with members from different departments within an organization The incident response team collects information from an attack for analysis and possible legal action Investigation of an incident entails collecting evidence that can be used to verify the identity or activity of an attacker

Incident Management Methods and Tools (continued) The analysis of a system to find evidence of attack activity is called system forensics Tools used to collect evidence include Log file analyzers, disk search and scanning tools, network activity tracing tools When an incident occurs, a rule of thumb is to call law enforcement officials in immediately if you think there is any chance a violation of the law has occurred

Maintaining Incident Preparedness An incident response team should be prepared for all viable incidents When forming an incident response team, take advantage of resources that provide additional information and guidance on how teams operate The incident response team should be trained to follow security policy procedures Each team member should know his/her own role and possibly other roles as well Establish a relationship with law enforcement officials who may be called in when incidents occur

Maintaining Incident Preparedness (continued)

Using Standard Incident Handling Procedures When an incident response team is mobilized, they should follow written procedures from the security policy Each team member should fill out a standard incident report It is important to maintain a document trail Make sure that your procedures will meet any requirements for law enforcement

Postmortem: Learn from Experience After an incident, complete any research or documentation needed The response team should meet as quickly as possible to debrief Review the incident and consider why and how it happened, can it happen again, what changes might be good Review team performance and consider what went well, what did not, what changes might be useful to make the team more effective

About Malicious Code Best defense against malicious code is a good offense Use shields such as virus scanners Be careful about executable files that are introduced into your system Any data entry point into a system can be used to introduce malicious code including floppy disks, data ports, and removable storage devices Viruses can be detected using several techniques including signature scans, and changed size or time-date stamps

About Malicious Code (continued) Viruses A program that embeds a copy of itself inside of an executable file and attempts to perform unauthorized data access or modification A virus needs a host in order to run Worms A standalone program that tries to perform some type of unauthorized data access or modification Logic Bombs Executes a sequence of instructions when a specific system event occurs

About Malicious Code (continued) Trojan horses Similar to a worm Appears to have some useful or neutral purpose Performs some malicious act when run Active Content Issues The Internet is one of the most common entry points for malicious code Downloadable plug-ins perform many useful functions but make it easy to send malicious code

Common Types of Attacks Back Doors Programmers often leave an “opening” in software they write to allow them to gain entrance without going through normal security Once discovered, these openings can be exploited by anyone Brute Force Attempts to guess a password by trying all possible character combinations To defend, you should require strong passwords, limit failed login attempts, and audit login attempts

Common Types of Attacks (continued) Buffer Overflows Allows strings that are longer than the max buffer size to be written to the buffer Overflow can cause a program crash that leaves an unauthorized security level A popular attack because there are so many programs with this vulnerability Denial of Service Disrupts service to authorized users Usually either involves flooding a target with too many requests or sending a particular type of packet

Common Types of Attacks (continued) Man-in-the-Middle An attacker listens between a user and a resource and intercepts data Social Engineering An attacker convinces an authorized user to disclose information or allow unauthorized access System Bugs Not an attack but offers vulnerabilities that can be exploited Be careful with program development and apply patches for externally developed software

Unauthorized Access to Sensitive Information Final goal of many attacks is to gain access to sensitive information The attacker may wish to view, disclose, or modify information To avoid serious damage, protect data Use appropriate controls Be prepared to handle attacks that do occur

Summary An attack is an attempt to gain unauthorized access or to deny authorized access to a system An attacker is any individual or group who attempts to overcome a system’s security A computer crime occurs when an attacker violates a law or regulation There are several broad categories of attacks Military and intelligence, business, financial, terrorist, grudge, and fun

Summary A security incident is any violation of a security policy To deal with security incidents, you must Understand the security policy and what activity would constitute an incident Recognize the occurrence of an incident Follow procedures to document and analyze the incident Possibly follow through with legal action if necessary There are several categories of incidents Scanning, compromise, malicious code, denial of service

Summary A good practice is to have a standing incident response team There are several types of malicious code Viruses, worms, logic bombs, Trojan horses, issues of active content Common types of attacks include Back doors, brute force, buffer overflows, denial of service, man-in-the-middle, social engineering, system bug exploitation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.