Security+ Guide to Network Security Fundamentals, Fourth Edition

Slides:



Advertisements
Similar presentations
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Advertisements

Is There a Security Problem in Computing? Network Security / G. Steffen1.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Lecture 1: Overview modified from slides of Lawrie Brown.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Security+ Guide to Network Security Fundamentals, Third Edition
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.
Introducing Computer and Network Security
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 1 Introduction to Security
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
CYBER CRIME AND SECURITY TRENDS
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Computer Crime and Information Technology Security
Defining Security Issues
Cyber Crimes.
PART THREE E-commerce in Action Norton University E-commerce in Action.
BUSINESS B1 Information Security.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Last modified Certificate in Network Security.
Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Unethical use of Computers and Networks
CYBER CRIME.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
Topic 5: Basic Security.
Chap1: Is there a Security Problem in Computing?.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
CONTROLLING INFORMATION SYSTEMS
Introduction to Security Dr. John P. Abraham Professor UTPA.
Computer Security By Duncan Hall.
Chapter 1: Information Security Fundamentals Security+ Guide to Network Security Fundamentals Second Edition.
Introduction to Security Niken D Cahyani Gandeva Bayu Satrya Telkom Institute of Technology Chapter -1.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Web Security Introduction to Ethical Hacking, Ethics, and Legality.
Security Mindset Lesson Introduction Why is cyber security important?
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.
Security+ Guide to Network Security Fundamentals, Fifth Edition
About the Presentations
Issues and Protections
Network Security Fundamentals
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Objectives Overview Define the term, digital security risks, and briefly describe the types of cybercriminals Describe various types of Internet and network.
Five Unethical Uses of Computers
Chapter 1: Information Security Fundamentals
Chapter 1: Information Security Fundamentals
Chapter 1: Information Security Fundamentals
Presentation transcript:

Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 1 Introduction to Security

Objectives Describe the challenges of securing information Define information security and explain why it is important Identify the types of attackers that are common today List the basic steps of an attack Describe the five basic principles of defense Security+ Guide to Network Security Fundamentals, Fourth Edition

Challenges of Securing Information Security figures prominently in 21st century world Personal security Information security Securing information No simple solution Many different types of attacks Defending against attacks often difficult Security+ Guide to Network Security Fundamentals, Fourth Edition

Today’s Security Attacks Advances in computing power Make password-breaking easy Software vulnerabilities often not patched Smartphones a new target Security+ Guide to Network Security Fundamentals, Fourth Edition

Today’s Security Attacks (cont’d.) Examples of recent attacks Bogus antivirus software Marketed by credit card thieves Online banking attacks Hacking contest Nigerian 419 advanced fee fraud Number one type of Internet fraud Identity theft using Firesheep Malware Infected USB flash drive devices Security+ Guide to Network Security Fundamentals, Fourth Edition

Table 1-1 Selected security breaches involving personal information in a one-month period Security+ Guide to Network Security Fundamentals, Fourth Edition

Difficulties in Defending Against Attacks Universally connected devices Increased speed of attacks Greater sophistication of attacks Availability and simplicity of attack tools Faster detection of vulnerabilities Security+ Guide to Network Security Fundamentals, Fourth Edition

Difficulties in Defending Against Attacks (cont’d.) Delays in patching Weak distribution of patches Distributed attacks User confusion Security+ Guide to Network Security Fundamentals, Fourth Edition

Table 1-2 Difficulties in defending against attacks Security+ Guide to Network Security Fundamentals, Fourth Edition

What Is Information Security? Before defense is possible, one must understand: What information security is Why it is important Who the attackers are Security+ Guide to Network Security Fundamentals, Fourth Edition

Defining Information Security Steps to protect person or property from harm Harm may be intentional or nonintentional Sacrifices convenience for safety Information security Guarding digitally-formatted information: That provides value to people and organizations Security+ Guide to Network Security Fundamentals, Fourth Edition

Defining Information Security (cont’d.) Three types of information protection: often called CIA Confidentiality Only approved individuals may access information Integrity Information is correct and unaltered Availability Information is accessible to authorized users Security+ Guide to Network Security Fundamentals, Fourth Edition

Defining Information Security (cont’d.) Protections implemented to secure information Authentication Individual is who they claim to be Authorization Grant ability to access information Accounting Provides tracking of events Security+ Guide to Network Security Fundamentals, Fourth Edition

Figure 1-3 Information security components © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

Defining Information Security (cont’d.) Table 1-3 Information security layers Security+ Guide to Network Security Fundamentals, Fourth Edition

Information Security Terminology Asset Item of value Threat Actions or events that have potential to cause harm Threat agent Person or element with power to carry out a threat Security+ Guide to Network Security Fundamentals, Fourth Edition

Table 1-4 Information technology assets Security+ Guide to Network Security Fundamentals, Fourth Edition

Information Security Terminology (cont’d.) Vulnerability Flaw or weakness Threat agent can bypass security Risk Likelihood that threat agent will exploit vulnerability Cannot be eliminated entirely Cost would be too high Take too long to implement Some degree of risk must be assumed Security+ Guide to Network Security Fundamentals, Fourth Edition

Figure 1-4 Information security components analogy © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

Information Security Terminology (cont’d.) Options to deal with risk Accept Realize there is a chance of loss Diminish Take precautions Most information security risks should be diminished Transfer risk to someone else Example: purchasing insurance Security+ Guide to Network Security Fundamentals, Fourth Edition

Understanding the Importance of Information Security Preventing data theft Security often associated with theft prevention Business data theft Proprietary information Individual data theft Credit card numbers Security+ Guide to Network Security Fundamentals, Fourth Edition

Understanding the Importance of Information Security (cont’d.) Thwarting identity theft Using another’s personal information in unauthorized manner Usually for financial gain Example: Steal person’s SSN Create new credit card account Charge purchases Leave unpaid Security+ Guide to Network Security Fundamentals, Fourth Edition

Understanding the Importance of Information Security (cont’d.) Avoiding legal consequences Laws protecting electronic data privacy The Health Insurance Portability and Accountability Act of 1996 (HIPAA) The Sarbanes-Oxley Act of 2002 (Sarbox) The Gramm-Leach-Bliley Act (GLBA) California’s Database Security Breach Notification Act (2003) Security+ Guide to Network Security Fundamentals, Fourth Edition

Understanding the Importance of Information Security (cont’d.) Maintaining productivity Post-attack clean up diverts resources Time and money Table 1-6 Cost of attacks Security+ Guide to Network Security Fundamentals, Fourth Edition

Understanding the Importance of Information Security (cont’d.) Foiling cyberterrorism Premeditated, politically motivated attacks Target: information, computer systems, data Designed to: Cause panic Provoke violence Result in financial catastrophe Security+ Guide to Network Security Fundamentals, Fourth Edition

Understanding the Importance of Information Security (cont’d.) Potential cyberterrorism targets Banking Military Energy (power plants) Transportation (air traffic control centers) Water systems Security+ Guide to Network Security Fundamentals, Fourth Edition

Who Are the Attackers? Categories of attackers Hackers Script kiddies Spies Insiders Cybercriminals Cyberterrorists Security+ Guide to Network Security Fundamentals, Fourth Edition

Hackers Hacker White hat hackers Black hat hackers Person who uses computer skills to attack computers Term not common in security community White hat hackers Goal to expose security flaws Not to steal or corrupt data Black hat hackers Goal is malicious and destructive Security+ Guide to Network Security Fundamentals, Fourth Edition

Script Kiddies Script kiddies Goal: break into computers to create damage Unskilled users Download automated hacking software (scripts) Use them to perform malicious acts Attack software today has menu systems Attacks are even easier for unskilled users 40 percent of attacks performed by script kiddies Security+ Guide to Network Security Fundamentals, Fourth Edition

Spies Computer spy Hired to attack a specific computer or system: Person hired to break into a computer: To steal information Hired to attack a specific computer or system: Containing sensitive information Goal: steal information without drawing attention to their actions Possess excellent computer skills: To attack and cover their tracks Security+ Guide to Network Security Fundamentals, Fourth Edition

Insiders Employees, contractors, and business partners 48 percent of breaches attributed to insiders Examples of insider attacks Health care worker publicized celebrities’ health records Disgruntled over upcoming job termination Government employee planted malicious coding script Stock trader concealed losses through fake transactions U.S. Army private accessed sensitive documents Security+ Guide to Network Security Fundamentals, Fourth Edition

Cybercriminals Network of attackers, identity thieves, spammers, financial fraudsters Difference from ordinary attackers More highly motivated Willing to take more risk Better funded More tenacious Goal: financial gain Security+ Guide to Network Security Fundamentals, Fourth Edition

Cybercriminals (cont’d.) Organized gangs of young attackers Eastern European, Asian, and third-world regions Table 1-7 Characteristics of cybercriminals Security+ Guide to Network Security Fundamentals, Fourth Edition

Cybercriminals (cont’d.) Cybercrime Targeted attacks against financial networks Unauthorized access to information Theft of personal information Financial cybercrime Trafficking in stolen credit cards and financial information Using spam to commit fraud Security+ Guide to Network Security Fundamentals, Fourth Edition

Cyberterrorists Cyberterrorists Goals of a cyberattack: Ideological motivation Attacking because of their principles and beliefs Goals of a cyberattack: Deface electronic information Spread misinformation and propaganda Deny service to legitimate computer users Commit unauthorized intrusions Results: critical infrastructure outages; corruption of vital data Security+ Guide to Network Security Fundamentals, Fourth Edition

Attacks and Defenses Wide variety of attacks Same basic steps used in attack To protect computers against attacks: Follow five fundamental security principles Security+ Guide to Network Security Fundamentals, Fourth Edition

Steps of an Attack Probe for information Penetrate any defenses Such as type of hardware or software used Penetrate any defenses Launch the attack Modify security settings Allows attacker to reenter compromised system easily Circulate to other systems Same tools directed toward other systems Paralyze networks and devices Security+ Guide to Network Security Fundamentals, Fourth Edition

Figure 1-6 Steps of an attack © Cengage Learning 2012 Security+ Guide to Network Security Fundamentals, Fourth Edition

Defenses Against Attacks Fundamental security principles for defenses Layering Limiting Diversity Obscurity Simplicity Security+ Guide to Network Security Fundamentals, Fourth Edition

Layering Information security must be created in layers Single defense mechanism may be easy to circumvent Unlikely that attacker can break through all defense layers Layered security approach Can be useful in resisting a variety of attacks Provides the most comprehensive protection Security+ Guide to Network Security Fundamentals, Fourth Edition

Limiting Limiting access to information: Reduces the threat against it Only those who must use data granted access Amount of access limited to what that person needs to know Methods of limiting access Technology File permissions Procedural Prohibiting document removal from premises Security+ Guide to Network Security Fundamentals, Fourth Edition

Diversity Closely related to layering Layers must be different (diverse) If attackers penetrate one layer: Same techniques unsuccessful in breaking through other layers Breaching one security layer does not compromise the whole system Example of diversity Using security products from different manufacturers Security+ Guide to Network Security Fundamentals, Fourth Edition

Obscurity Obscuring inside details to outsiders Example: not revealing details Type of computer Operating system version Brand of software used Difficult for attacker to devise attack if system details are unknown Security+ Guide to Network Security Fundamentals, Fourth Edition

Simplicity Nature of information security is complex Complex security systems Difficult to understand and troubleshoot Often compromised for ease of use by trusted users Secure system should be simple: For insiders to understand and use Simple from the inside Complex from the outside Security+ Guide to Network Security Fundamentals, Fourth Edition

Summary Information security attacks growing exponentially in recent years Several reasons for difficulty defending against today’s attacks Information security protects information’s integrity, confidentiality, and availability: On devices that store, manipulate, and transmit information Using products, people, and procedures Security+ Guide to Network Security Fundamentals, Fourth Edition

Summary (cont’d.) Goals of information security Prevent data theft Thwart identity theft Avoid legal consequences of not securing information Maintain productivity Foil cyberterrorism Different types of people with different motivations conduct computer attacks An attack has five general steps Security+ Guide to Network Security Fundamentals, Fourth Edition

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.