Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security."— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security

2 Security+ Guide to Network Security Fundamentals, Third Edition Objectives Describe the challenges of securing information Define information security and explain why it is important Identify the types of attackers that are common today List the basic steps of an attack Describe the five steps in a defense Explain the different types of information security careers and how the Security+ certification can enhance a security career 2

3 Security+ Guide to Network Security Fundamentals, Third Edition Challenges of Securing Information There is ________________ to securing information This can be seen through the different types of attacks that users face everyday  Difficult and costly to defend against attacks ___________________________________ on computer security and the cost is rising  Attacks include: ________________________ attacks due to ___________________ Phishing scams Attacks due to __________________ etc 3

4 4

5 Security+ Guide to Network Security Fundamentals, Third Edition Difficulties in Defending against Attacks Difficulties include the following:  _______________________  Greater sophistication of attacks  ________________________________  Attackers can ____________________________ and more ______________________________ _______________ attack- an attack that occurs when an attacker _______________________________________ _______________________________________  Zero days of warning  Delays in patching hardware and software products  Most attacks are now _________________, instead of coming from only one source  User confusion 5

6 Security+ Guide to Network Security Fundamentals, Third Edition6 Difficulties in Defending against Attacks (summary)

7 Security+ Guide to Network Security Fundamentals, Third Edition Defining Information Security Information security involves the tasks of __________________________________  On PC’s, DVD’s, USB’s etc  ______________________________________ Also ensures that ______________________ __________________________________ Cannot completely prevent attacks or guarantee that a system is totally secure 7

8 Security+ Guide to Network Security Fundamentals, Third Edition Defining Information Security (continued) Information security is intended to protect valuable information with the following characteristics:  ____________________ ensures that ________ ____________________ can view the information  __________ ensures that the information is correct and _____________________________________  ______________________ ensures that ________ ____________________________________ 8

9 Security+ Guide to Network Security Fundamentals, Third Edition Comprehensive Definition of Information Security That which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures 9

10 Security+ Guide to Network Security Fundamentals, Third Edition Information Security Terminology _____________  Something that has a ____________ ______________  An event or object that may ___________________ in place and result in ____________________________ _______________________  A _______________ that has the __________________________ Includes __________________ such as flood, earthquake etc Includes man-made agents such a a _______________ ____________________________  _____________ that allows a threat agent to _______________  _______________________ a weakness is known as __________ a security weakness _______________________  The ______________ that a threat agent will _________________  Realistically, risk cannot ever be entirely eliminated 10

11 Security+ Guide to Network Security Fundamentals, Third Edition Five Main Goals of Information Security 1. __________________________________  The theft of data is one of the ____________________ _________________ due to an attack Example- data containing company research, list of customers, list of salaries etc  Individuals can also be victims of data thievery 2. _________________________________  Identity theft involves __________________________ ____________ to establish bank or credit card accounts Cards are then left unpaid, leaving the victim with the debts and ruining their credit rating  Best defense is to protect data from being stolen in the first place 11

12 Security+ Guide to Network Security Fundamentals, Third Edition Five Main Goals of Information Security (continued) 3. ______________________________  A number of federal and state laws have been enacted to protect the privacy of electronic data  _________________________________ ______________________________________  Examples of laws: HIPAA- deals with the protection of health information Sarbanes-Oxley- fights corporate corruption 12

13 Security+ Guide to Network Security Fundamentals, Third Edition Five Main Goals of Information Security (continued) 4. ____________________________  _______________________________ such as time and money away from normal activities 5. ________________________________  Cyberterrorism _____________________________________________ _____________________________________________ ___________________________________________ Prime targets-  Utility, telecommunications, and financial services companies 13

14 Security+ Guide to Network Security Fundamentals, Third Edition Who Are the Attackers? _________ Generic sense: _______________________ or attempts to break into ________________ Narrow sense: a ____________________ _________________________ only to expose security flaws Possess ___________________________  Some hackers believe it is ethical- although illegal- to break into another person’s computer system as long as they do not commit theft, vandalism, or breach any confidentiality 14

15 Security+ Guide to Network Security Fundamentals, Third Edition Who Are the Attackers? ___________ Want to _____________________________ _____________________________ _______________________ Download _________________________ (scripts) from Web sites and use it to break into computers  Script kiddies tend to be computer users who have almost unlimited amounts of leisure time, and therefore are often considered more dangerous than hackers 15

16 Security+ Guide to Network Security Fundamentals, Third Edition Who Are the Attackers? __________ Computer spy  A _____________________________________ ________________________________ Spies are hired to attack a _____________ ______________ that contains sensitive information and _____________________ without drawing any attention to their actions Possess _____________________________ 16

17 Security+ Guide to Network Security Fundamentals, Third Edition Who Are the Attackers? __________ One of the ____________________________ to a business actually comes from its employees Reasons:  An employee might want to ________________________ in their security  ______________________ may be intent on retaliating against the company  ________________________________  __________________________________ into stealing from employer 17

18 Security+ Guide to Network Security Fundamentals, Third Edition Who Are the Attackers? _____________ A ______________________________ _______________ who are highly motivated and ____________________, ___________, and tenacious  Launch ______________________ against financial networks, utility companies etc Cybercriminals have a more focused goal: ____________________! 18

19 Security+ Guide to Network Security Fundamentals, Third Edition Cybercrime ___________________________________, unauthorized access to information, and the __________________________ Financial cybercrime is often divided into two categories  Trafficking in stolen credit card numbers and financial information  Using spam to commit fraud 19

20 Security+ Guide to Network Security Fundamentals, Third Edition Cyberterrorists Motivation may be defined as ideology, or ________ _________________________________  May lie dormant for a period of time then strike without warning Goals of a cyberattack by cyberterrorists:  To ___________________________ and spread misinformation and propaganda  To _______________________________________  To __________________________ into systems and networks that result in critical infrastructure outages and corruption of vital data 20

21 Security+ Guide to Network Security Fundamentals, Third Edition Steps of an Attack There are a wide variety of attacks that can be launched against a computer or network The ________________ are used in most attacks 1. ______________________ this ___________________ is essential in ____________________________________ version of software etc. 2. _______________________ ex: breaking passwords 3. ________________________ AKA _________________ ~ Allows attacker to _____________________________ more easily 4. ______________________________ use of compromised system to attack other networks or computers 5. ___________________________ ex: delete or modify files, steal data, launch a DoS attack 21

22 Security+ Guide to Network Security Fundamentals, Third Edition22

23 Security+ Guide to Network Security Fundamentals, Third Edition Defenses against Attacks Protecting computers against the previous steps in an attack calls for __________ fundamental security principles:  _________________________________ to withstand an attack 23

24 Security+ Guide to Network Security Fundamentals, Third Edition Fundamental Security Principles: Layering Security system must have layers, making it ____________________________________ _______________________ of defenses  One defense mechanism may be relatively easy for an attacker to circumvent A _________________________ can also be _________________________________ Layered security provides the ___________ ______________________________ 24

25 Security+ Guide to Network Security Fundamentals, Third Edition Fundamental Security Principles: Limiting Limiting access to information reduces the threat against it ____________________________________ __________________________  In addition, the amount of access granted to someone should be limited to ______________ ______________________________ Some ways to limit access are technology- based, while others are procedural 25

26 Security+ Guide to Network Security Fundamentals, Third Edition Fundamental Security Principles: Diversity ________________________________  If attackers penetrate one layer, they cannot use the same techniques to break through all other layers Using diverse layers of defense means that ____________________________________ ________________________________  Example- use of security products from different vendors 26

27 Security+ Guide to Network Security Fundamentals, Third Edition Fundamental Security Principles: Obscurity AKA “Security by Obscurity” _________________________________________ _________________________________________ can be an important way to protect information An example of obscurity would be _____________ _______________________, software, and network connection a computer uses  An attacker who knows that information can more easily determine the weaknesses of the system to attack it 27

28 Security+ Guide to Network Security Fundamentals, Third Edition Fundamental Security Principles: Simplicity Information security is by its very nature complex Complex security systems can be hard to understand, troubleshoot, and feel secure about As much as possible, a ________________ ____________________________________ __________________ for a potential attacker  Complex security schemes are often compromised by employees themselves to make them easier for (trusted) users to work with 28

29 Security+ Guide to Network Security Fundamentals, Third Edition Summary Attacks against information security have grown exponentially in recent years There are several reasons why it is difficult to defend against today’s attacks Information security may be defined as that which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures The main goals of information security are to prevent data theft, thwart identity theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorism 29

30 Security+ Guide to Network Security Fundamentals, Third Edition Summary (continued) The types of people behind computer attacks are generally divided into several categories There are five general steps that make up an attack: probe for information, penetrate any defenses, modify security settings, circulate to other systems, and paralyze networks and devices The demand for IT professionals who know how to secure networks and computers from attacks is at an all-time high 30

Download ppt "Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security."

Similar presentations

Computer Security Ethics

Computer Security Ethics
 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.

 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.
Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Breaking Trust On The Internet

Breaking Trust On The Internet
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
General Awareness Training

General Awareness Training
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

Similar presentations

Ads by Google