Intro to Information Assurance & Security

Intro to Information Assurance & Security
CMGT/400 Intro to Information Assurance & Security Philip Robbins – October 15, 2013 (Week 2) University of Phoenix Mililani Campus

Agenda: Week 2 Review Week 1 Review Assignment #1 Week 2 Readings
Components of Data Security Data Security Methodologies Apply security methods in situational cases Quiz #2 Assignment #2 2

Week 1 Review Why is information important?
What are the Information Security Services? What is Information Assurance? What is Information Systems Risk Management? 3

Chapter 15: Types of Attacks & Malware
First Defense - Eliminate Vulnerabilities - Vulnerabilities are exploited by Threats - Can all Vulnerabilities be eliminated? - Can Risk ever be zero?

Anatomy of an Attack - Perform Reconnaissance (Profile Target) - Scan Target Network - Research Vulnerabilities - Perform Attack - Create Backdoor - Cover Tracks

Perform Reconnaissance (Profile Target)

Scan Target External Network

Scan Target (Internal) Network

Researching Vulnerabilities

Performing an Attack

Creating a backdoor - Vulnerability may not be there next time. - Create new account; user//password. - Allow remote connection.

Covering their Tracks a.k.a “Hack and Cover” Erase log files

Covering their Tracks a.k.a “Hack and Cover” Change time stamps

Denial-of-Service Attacks - Crash, take offline, overwhelm with requests - Affects availability

Denial-of-Service Attacks - SYN Flood

Denial-of-Service Attacks - SYN Flood (# requests >> timeout period; req limit reached; legit user req are blocked.)

Denial-of-Service Attacks - Ping of Death

Man-in-the-Middle Attack - Session Hijacking (cookies) - Router Compromised

Replay Attack - Capture communication & retransmit later - Bypass authentication methods

Drive-by Download Attacks - Automated download of Malware Phishing - Fraudulent to gain user / login information Spear Phishing - Targeted Phishing (contains info specific to target)

Pharming - Use of fake websites to obtain credentials DNS poisoning (Domain Name -> IP) - Change of cached DNS tables. ARP poisoning (OSI L3 -> L2) - Change of cached ARP tables.

Password Guessing - Weak passwords - Dictionary Attacks - Brute force Attacks - Hybrid Attack (i.e. s3cr3t)

Software Exploitation - Buffer Overflow Attacks - Injection Attacks - Malware - Virus - Trojan Horse - Spyware - Logic Bombs - Rootkits - Worms ……………………………etc. etc. etc.

Minimize Possibility of Attack - Baseline systems - Update patches for OS & Applications! - Run limited services - Limit disclosure of information to public

Minimize Possibility of Attack

Types of Hats - White Hats (Penetration Tester improving sec.) - Black Hats (Hacker / Attacker) - Grey Hats (Between White and Black) - Red Hat (Enterprise Linux)

Chapter 15 Review Questions
33

Question #1 What is the difference between port scanning and ping sweeps? 34

Question #2 A SYN flood is an example of what type of attack?
A. Malicious Code B. Denial of Service C. Man-in-the-Middle D. Spoofing 35

Question #2 A SYN flood is an example of what type of attack?
A. Malicious Code B. Denial of Service C. Man-in-the-Middle D. Spoofing 36

Question #3 An attack in which the attacker simply listens for
all traffic being transmitted across a network, in the hope of viewing something such as a user ID and password combination, is known as: A man-in-the-middle attack B. A denial-of-service attack C. A sniffing attack D. A backdoor attack 37

Question #3 An attack in which the attacker simply listens for
all traffic being transmitted across a network, in the hope of viewing something such as a user ID and password combination, is known as: A man-in-the-middle attack B. A denial-of-service attack C. A sniffing attack D. A backdoor attack 38

Question #4 Which attack takes advantage of a trusted
relationship that exists between two systems? Spoofing B. Password guessing C. Sniffing D. Brute-force 39

Question #4 Which attack takes advantage of a trusted
relationship that exists between two systems? Spoofing B. Password guessing C. Sniffing D. Brute-force 40

Question #5 A piece of malicious code that must attach itself
to another file to replicate itself is known as: Worm B. Virus C. Trojan D. Logic Bomb 41

Question #5 A piece of malicious code that must attach itself
to another file to replicate itself is known as: Worm B. Virus C. Trojan D. Logic Bomb 42

Question #6 A piece of malicious code that appears to be
designed to do one thing (and may in fact do that thing) but that hides some other payload (often malicious) is known as: Worm B. Virus C. Trojan D. Logic Bomb 43

Question #6 A piece of malicious code that appears to be
designed to do one thing (and may in fact do that thing) but that hides some other payload (often malicious) is known as: Worm B. Virus C. Trojan D. Logic Bomb 44

Question #7 (last one) Malicious code that is set to execute its payload on a specific date or at a specific time is known as: Worm B. Virus C. Trojan D. Logic Bomb 45

Question #7 (last one) Malicious code that is set to execute its payload on a specific date or at a specific time is known as: Worm B. Virus C. Trojan D. Logic Bomb 46

Break Let’s take a break…

Chapter 16: Email & Instant Messaging
Internet Protocols - SMTP (TCP Port 25) Simple Mail Transfer Protocol - POP3 (TCP Port 110) Post Office Protocol version 3 - IMAP (TCP Port 143) Internet Message Access Protocol Why are all these protocols TCP (not UDP) based?

Security - Viruses typically spread through attachments. - Remember a Virus requires a file to infect. - SPAM (unsolicited commercial ) - Open relay SMTP servers (Port 25) for mail relaying. - Instant messaging is similar to .

Encryption S/MIME - Secure/Multipurpose Internet Mail Extensions (used to support content: images, audio, apps) - X.509 Certificate Standard (40-bit RC2, 3 DES) PGP - Pretty Good Privacy - PKI & X.509 (use of public & private keys) - IDEA, 3DES, CAST

51

Question #1 Why is an open e-mail relay bad?
It allows anyone to remotely control the server. B. It makes the server reboot once a day. C. No will go through. D. It will allow anyone to send spam through the server. 52

Question #1 Why is an open e-mail relay bad?
It allows anyone to remotely control the server. B. It makes the server reboot once a day. C. No will go through. D. It will allow anyone to send spam through the server. 53

Question #2 What is greylisting?
A. messages are temporarily rejected so that the sender is forced to resend. B. messages are run through a strong set of filters before delivery. C. messages are sent through special secure servers. D. is sent directly from the local host to the remote host, bypassing servers entirely. 54

Question #2 (last one) What is greylisting?
A. messages are temporarily rejected so that the sender is forced to resend. B. messages are run through a strong set of filters before delivery. C. messages are sent through special secure servers. D. is sent directly from the local host to the remote host, bypassing servers entirely. 55

Classroom Exercise Draft the body of an email message to the
users of your organization describing the risk of malware and the what they can do to avoid infection. Think first about what malware is and how one gets it on their (the company’s) computer. Post your draft message in OLS within the “Chat Room” Forum. (Include your name/s in the title of the post). 10 to 15 minutes (individual *or* groups of two). 56

Chapter 17: Web Components
Secure Socket Layer (SSL) Transport Layer Security (TLS) - Cryptographic protocols that provide encrypted communication security over the internet. - Adds integrity and mutual authentication functionality to TCP (SSL v3/TLS).

HTTPS (HTTP over SSL) - TCP Port 443 (Encrypted) HTTP - TCP Port 80 (Plaintext) FTPS (SSH & FTP) - TCP Port 989 & 990 (Encrypted) FTP - TCP Port 20 & 21 (Plaintext) TFTP - UDP Port 69

What is a Port? - Used by TCP and UDP - A special number present in the header of a data packet - Used to map data to a particular process running on a computer. Well Known Ports: 0 through 1023. Registered Ports: 1024 through Dynamic/Private : through

Code based Vulnerabilities - Java - JavaScript (code executed by the browser) - ActiveX (MSFT programs executed automatically) - Active Server Pages (ASP) (executed server side) - PHP (Dynamic Web Page Content)

64

Question #1 SSL uses which port to carry HTTPS traffic? TCP Port 80
D. UDP Port 69 65

Question #1 SSL uses which port to carry HTTPS traffic? TCP Port 80
D. UDP Port 69 66

Question #2 To establish an SSL connection for e-mail and
HTTP across a firewall, you must: Open TCP ports 80, 25, 443, and 223. Open TCP ports 443, 465, and 995. C. Open a TCP port of choice and assign it to all SSL traffic. D. Do nothing; SSL tunnels past firewalls. 67

Question #2 To establish an SSL connection for e-mail and
HTTP across a firewall, you must: Open TCP ports 80, 25, 443, and 223. Open TCP ports 443, 465, and 995. C. Open a TCP port of choice and assign it to all SSL traffic. D. Do nothing; SSL tunnels past firewalls. 68

Question #3 (last one) ActiveX can be used for which of the following
purposes? Add functionality to a browser Update the operating system C. Both A and B D. Neither A nor B 69

Question #3 (last one) ActiveX can be used for which of the following
purposes? Add functionality to a browser Update the operating system C. Both A and B D. Neither A nor B 70

Chapter 24: Secure Software Development

Chapter 25: Disaster Recovery & Business Continuity
What is a Backup Plan (BP) vs Disaster Recovery Plan (DRP) vs Emergency Response Plan (ERP) vs Business Recovery Plan (BRP) vs Business Impact Analysis (BIA) vs Incident Response Plan (IRP) vs Continuity of Operations Plan (COOP) vs Contingency Plan? Policy & Planning Test, Audit, Update Configuration Control Protection, Detection, Reaction (Assessment, CND, Incident Response)

77

Question #1 Which of the following computer recovery sites is only partially equipped with processing equipment? A. Cold Site B. Warm Site C. Hot Site Emergency Site 78

Question #1 Which of the following computer recovery sites is only partially equipped with processing equipment? A. Cold Site B. Warm Site C. Hot Site D. Emergency Site 79

Question #2 Which of the following specifically addresses cyber attacks against an organization's IT systems? Continuity of support plan Business continuity plan Incident response plan Continuity of operations plan 80

Question #2 Which of the following specifically addresses cyber attacks against an organization's IT systems? Continuity of support plan Business continuity plan Incident response plan Continuity of operations plan 81

Question #3 (last one) Which primary element of BCP includes carrying out vulnerability analysis? Scope and Plan Initiation Business Impact Assessment Business Continuity Plan Development Plan Approval and Implementation 82

Question #3 (last one) Which primary element of BCP includes carrying out vulnerability analysis? Scope and Plan Initiation Business Impact Assessment Business Continuity Plan Development Plan Approval and Implementation 83

Quiz: Week 1 10-15 minutes

IDV Assignment due Week #3
Paper No. 2 Review potential information system risks. Pick a company / organization. Identify several threats & vulnerabilities; what risks are created by these? - How is the company managing its information security? 86

Intro to Information Assurance & Security

Similar presentations

Presentation on theme: "Intro to Information Assurance & Security"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Intro to Information Assurance & Security

Similar presentations

Presentation on theme: "Intro to Information Assurance & Security"— Presentation transcript:

Similar presentations

About project

Feedback