Framework - PowerPoint PPT Presentation

Loading...

PPT – Framework PowerPoint presentation | free to view - id: 12857c-ZjA2Y



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Framework

Description:

Malware. Viruses. Worms. 28. Figure 1-6: Social Engineering Attacks and Defenses ... Tools for comprehensive security (firewalls, etc.) Central management ... – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 60
Provided by: rp999
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Framework


1
Framework
  • Chapter 1
  • Dr. Cheng-Sheng Chen
  • Revised from Panko, Corporate Computer and
    Network Security (http//pankosecurity.com/Edition
    1Classic/default.htm)

2
Chapter 1 A Framework - Learning Objectives
(1/2)
  • Corporations at Risk
  • Trends in security incidents
  • Types of attacks and defenses
  • Why Security is primary a management issue, not a
    technology issue ?
  • The importance of top-to-bottom commitment and
    comprehensive security

3
Chapter 1 A Framework - Learning Objectives
(2/2)
  • The core security goals confidentiality,
    integrity, and availability
  • The Plan-Protect-Respond (PPR) cycle.
  • How corporate IT security is distinguished from
    military security

4
Figure 1-1 CSI/FBI Computer Crime and Security
Survey
  • Survey conducted by the Computer Security
    Institute (http//www.gocsi.com).
  • Based on replies from 503 U.S. Computer Security
    Professionals.
  • If fewer than 20 firms reported quantified dollar
    losses, data for the threat are not shown.

5
Figure 1-1 CSI/FBI Computer Crime and Security
Survey
6
Figure 1-1 CSI/FBI Computer Crime and Security
Survey
7
Figure 1-1 CSI/FBI Computer Crime and Security
Survey
8
Figure 1-1 CSI/FBI Computer Crime and Security
Survey
9
Figure 1-2 Other Empirical Attack Data
  • Riptech
  • Analyzed 5.5 billion firewall log entries in 300
    firms in five-month period
  • Detected 128,678 attacksan annual rate of 1,000
    per firm
  • Only 39 of attacks after viruses were removed
    were directed at individual firms

10
Figure 1-2 Other Empirical Attack Data
  • SecurityFocus
  • Data from 10,000 firms in 2001
  • Attack Frequency
  • 129 million network scanning probes (13,000 per
    firm)
  • 29 million website attacks (3,000 per firm)
  • 6 million denial-of-service attacks (600 per firm)

11
Figure 1-2 Other Empirical Attack Data
  • SecurityFocus
  • Attack Targets
  • 31 million Windows-specific attacks
  • 22 million UNIX/LINUX attacks
  • 7 million Cisco IOS attacks
  • All operating systems are attacked!

12
Figure 1-2 Other Empirical Attack Data
  • Honeynet project
  • Networks set up for adversaries to attack
  • Windows 98 PC with open shares and no password
    compromised 5 times in 4 days
  • LINUX PCs took 3 days on average to compromise

13
Figure 1-3 Attack Trends
  • Growing Incident Frequency
  • Incidents reported to the Computer Emergency
    Response Team/Coordination Center
  • 1997 2,134
  • 1998 3,474 (75 growth from previous year)
  • 1999 9,859 (164 growth)
  • 2000 21,756 (121 growth)
  • 2001 52,658 (142 growth)
  • Tomorrow?

14
Figure 1-3 Attack Trends
  • Growing Randomness in Victim Selection
  • In the past, large firms were targeted
  • Now, targeting is increasingly random
  • No more security through obscurity for small
    firms and individuals

15
Figure 1-3 Attack Trends
  • Growing Malevolence (??,??)
  • Most early attacks were not malicious
  • Malicious attacks are becoming the norm

16
Figure 1-3 Attack Trends
  • Growing Attack Automation
  • Attacks are automated, rather than
    humanly-directed
  • Essentially, viruses and worms are attack robots
    that travel among computers
  • Attack many computers in minutes or hours

17
Figure 1-4 Framework for Attackers
  • Elite Hackers
  • Hacking intentional access without authorization
    or in excess of authorization (??)
  • Some call this cracking, not hacking, which they
    equate to any skilled computer use
  • Characterized by technical expertise and dogged
    persistence, not just a bag of tools
  • Use attack scripts to automate actions, but this
    is not the essence of what they do
  • Deviants and often part of hacker groups that
    reinforce deviant behavior

18
Figure 1-4 Framework for Attackers
  • You may hear the terms white hat (good guys)
    and black hat bad guys
  • Black hat hackers break in for their own purposes
  • White hat can mean multiple things
  • Strictest Hack only by invitation as part of
    vulnerability testing
  • Some who hack without permission but report
    vulnerabilities (not for pay) also call
    themselves white hat hackers

19
Figure 1-4 Framework for Attackers
  • You will also hear the term ethical hacker
  • Some hack only by invitation as part of
    vulnerability testing
  • Others hack without invitation but have a code
    of ethics
  • Do no damage or limited damage
  • Some hacker codes allow considerable
    victimization (??, ??)

20
Figure 1-4 Framework for Attackers
  • Hats, Ethical Codes of Conduct, and Criminality
  • If hack without explicit authorization, it is
    criminal
  • Motive for hacking is not part of the lawonly
    intentionally accessing without authorization or
    in excess of authorization

21
Figure 1-4 Framework for Attackers
  • Elite Hackers
  • Ethical hackers or white hat hackers
  • Hack only by invitation is the best definition
  • Some hackers with marginal codes of ethics use
    these terms
  • Justify if they tell victims about break-ins
  • Codes of conduct are often amoral
  • Do no harm, but delete log files, destroy
    security settings, etc.
  • Distrust of evil businesses and government
  • Deviants and hacker groups

22
Figure 1-4 Framework for Attackers
  • Virus Writers and Releasers
  • Virus writers versus virus releasers
  • Only releasing viruses is punishable

23
Figure 1-4 Framework for Attackers
  • Script Kiddies
  • Use pre-written attack scripts (kiddie scripts)
  • Viewed as lamers and script kiddies
  • Large numbers make dangerous
  • Noise of kiddie script attacks masks more
    sophisticated attacks

24
Figure 1-4 Framework for Attackers
  • Criminals
  • Many attackers are ordinary garden-variety
    criminals
  • Credit card and identity theft
  • Stealing trade secrets (intellectual property)
  • Extortion

25
Figure 1-4 Framework for Attackers
  • Employees, Consultants, and Contractors
  • Have access and knowledge
  • Financial theft
  • Theft of trade secrets (intellectual property)
  • Sabotage
  • IT and security staff
  • Consultants

26
Figure 1-4 Framework for Attackers
  • Cyberterrorism and Cyberwar
  • New level of danger
  • Infrastructure destruction
  • IT Infrastructure
  • Use IT to damage physical infrastructure
  • Cyberterrorists versus cyberwar by national
    governments
  • Amateur information warfare is also a danger

27
Figure 1-5 Framework for Attacks
Attacks
Social Engineering -- Opening Attachments Password
Theft Information Theft
Physical Access Attacks -- Wiretapping Server
Hacking Vandalism
Dialog Attacks -- Eavesdropping Impersonation Mess
age Alteration
Penetration Attacks
Malware -- Viruses Worms
Denial of Service
Scanning (Probing)
Break-in
28
Figure 1-6 Social Engineering Attacks and
Defenses
  • Social Engineering
  • Tricking an employee into giving out information
    or taking an action that reduces security or
    harms a system
  • Opening an e-mail attachment that may contain a
    virus
  • Asking for a password claiming to be someone with
    rights to know it
  • Asking for a file to be sent to you

29
Figure 1-6 Social Engineering Attacks and
Defenses
  • Social Engineering Defenses
  • Training
  • Enforcement through sanctions (punishment)

30
Figure 1-7 Eavesdropping on a Dialog
Dialog
Hello
Client PC Bob
Server Alice
Hello
Attacker (Eve) intercepts and reads messages
31
Figure 1-8 Encryption for Confidentiality
Encrypted Message 100100110001
Client PC Bob
Server Alice
100100110001
Attacker (Eve) intercepts but cannot read
Original Message Hello
Decrypted Message Hello
32
Figure 1-9 Impersonation and Authentication
Im Bob
Prove it! (Authenticate Yourself)
Attacker (Eve)
Server Alice
33
Figure 1-10 Message Alteration
Dialog
Balance 1,000,000
Balance 1
Server Alice
Balance 1
Balance 1,000,000
Attacker (Eve) intercepts and alters messages
34
Figure 1-11 Secure Dialog System
Secure Dialog
Client PC Bob
Server Alice
Automatically Handles Negation of Security
Options Authentication Encryption Integrity
Attacker cannot read messages, alter messages,
or impersonate
35
Figure 1-12 Network Penetration Attacks and
Firewalls
Attack Packet
Internet Firewall
Hardened Client PC
Internet
Attacker
Internal Corporate Network
Log File
36
Figure 1-13 Scanning (Probing) Attacks
Reply from172.16.99.1
Probe Packets to 172.16.99.1, 172.16.99.2, etc.
Host 172.16.99.1
Internet
Attacker
No Host 172.16.99.2
Results 172.16.99.1 is reachable 172.16.99.2 is
not reachable
No Reply
Corporate Network
37
Figure 1-14 Single-Message Break-In Attack
1. Single Break-In Packet
2. Server Taken Over By Single Message
Attacker
38
Figure 1-15 Denial-of-Service (DoS) Flooding
Attack
Message Flood
Server Overloaded By Message Flood
Attacker
39
Figure 1-16 Intrusion Detection System
1. Suspicious Packet
Intrusion Detection System
4. Alarm
Network Administrator
Internet
Attacker
3. Log Packet
Corporate Network
Log File
40
Figure 1-17 Security Management
  • Security is a Primarily a Management Issue, not a
    Technology Issue
  • Top-to-Bottom Commitment (??/??)
  • Top-management commitment
  • Operational execution
  • Enforcement

41
Figure 1-17 Security Management
  • General Security Goals (CIA)
  • Confidentiality
  • Attackers cannot read messages if they intercept
    them
  • Integrity
  • If attackers change messages, this will be
    detected
  • Availability
  • System is able to server users

42
Figure 1-17 Security Management
  • Comprehensive (?????) Security
  • Closing all avenues (??) of attack
  • Asymmetrical warfare (??)
  • Attacker only has to find one opening
  • Defense in depth
  • Attacker must get past several defenses to
    succeed
  • Security audits
  • Run attacks against your own network

43
Figure 1-18 The PlanProtectRespond Cycle
  • Planning
  • Security policies drive subsequent specific
    actions
  • ???????? p2p ?? (i.e., ??????), ????(or ??),
  • Access control
  • Technical security architectures
  • Tools for comprehensive security (firewalls,
    etc.)
  • Central management
  • Awareness and procedure training
  • Punishment

44
Figure 1-18 The PlanProtectRespond Cycle
  • Protecting
  • Installing protections firewalls, IDSs/IDPs,
    host hardening, etc.
  • Updating protections as the threat environment
    changes
  • Testing protections security audits

45
Figure 1-18 The PlanProtectRespond Cycle
  • Responding
  • Planning for response (Computer Emergency
    Response Team)
  • Incident detection and determination
  • Procedures for reporting suspicious situations
  • Determination that an attack really is occurring
  • Description of the attack

46
Figure 1-18 The PlanProtectRespond Cycle
  • Responding
  • Recovery
  • The first priority
  • Stop the attack
  • Repair the damage
  • Punishment
  • Forensics (??)
  • Prosecution (????)
  • Employee Punishment (????)
  • Fixing the vulnerability that allowed the attack

47
Figure 1-19 Threat Severity Analysis
  • Planning
  • Need for comprehensive security (no gaps)
  • Risk analysis
  • Enumerating threats
  • Threat severity estimated cost of attack X
    probability of attack
  • Value of protection threat severity cost of
    countermeasure
  • Prioritize countermeasures by value of protection

48
Figure 1-19 Threat Severity Analysis
49
Examples of Security Problems
  • Herbert Pierre-Louis Sabotage (??/??) by a
    Disgruntled (?????) Employee
  • Washington Leung Cyberframing (??????) a Female
    Employee who Spurned (?? ?? ??) Him
  • Two-programmers A Denial-of-Service Attacks by
    IT Employee
  • Two Accounts Financial Theft Through Procedure
    Exploitation
  • Cisco Systems Employee Theft of Trade Secrets by
    Employee for Personal Benefit

50
Examples of Security Problems (cont.)
  • Paralegal Employee Theft of Trade Secrets to
    Sell Them (??? -gt ??)
  • Patrick McKenna Computer Sabotage and Damage of
    Reputation
  • Eric Burns Website Hacking and Defacement
    (e.g., Web Bandit)
  • Raymond Torricelli Hacking to Make Money from
    Stolen Computer Resources
  • Vasilly Gorshkov Credit Card Theft by Hacker

51
Topics Covered
  • Attacks
  • CSI/FBI Survey, etc. many types of attacks
    against many types of systems
  • Growing attack frequency
  • Growing randomness in victim selection (nobody is
    safe)
  • Growing malevolence
  • Growing attack automation

52
Topics Covered
  • Attackers
  • Elite hackers
  • Characterized by technical expertise and dogged
    persistence, not just a bag of tools
  • Virus writers and releasers
  • Script kiddies limited but numerous
  • Criminals are growing rapidly
  • Employees, Consultants, and Contractors
  • Cyberterrorism (??????) and Cyberwar

53
Topics Covered
Attacks
Social Engineering -- Opening Attachments Password
Theft Information Theft
Physical Access Attacks -- Wiretapping Server
Hacking Vandalism
Dialog Attacks -- Eavesdropping Impersonation Mess
age Alteration
Penetration Attacks
Malware -- Viruses Worms
Denial of Service
Scanning (Probing)
Break-in
54
Topics Covered
  • Dialog Security
  • Eavesdropping (??) is thwarted by encryption for
    confidentiality
  • Impersonation (????) is thwarted by cryptographic
    authentication (????)
  • Authentication techniques also bring message
    integrity
  • Secure dialog systems provide all of these
    protections automatically

55
Topics Covered
  • Penetration Attacks and Defenses
  • Penetration Attacks
  • Scanning
  • Break-in (hacking) attacks
  • Denial-of-Service attacks
  • Defenses
  • Firewalls (actually drop attack packets)
  • Intrusion detection systems (only give warnings)
  • Intrusion Prevention System (e.g., IPS/IDP)

56
Topics Covered
  • Security Management
  • Security is a Primarily a Management Issue, not a
    Technology Issue
  • Top-to-Bottom Commitment
  • Comprehensive security
  • CIA Confidentiality, integrity, and availability
  • Risk analysis

57
Topics Covered
  • The Plan-Protect-Respond Cycle
  • Planning
  • Security policies drive subsequent specific
    actions
  • Access control
  • Technical security architectures
  • Awareness and procedure training
  • Punishment

58
Topics Covered
  • Protecting
  • Installing protections firewalls, IDP/IPSs, host
    hardening, etc.
  • Updating protections as the threat environment
    changes
  • Testing protections security audits

59
Topics Covered
  • Responding
  • Planning for response (Computer Emergency
    Response Team)
  • GSNcert, TWcert, etc.
  • Incident detection and determination
  • Recovery
  • Punishment
  • Fixing the vulnerability that allowed the attack
About PowerShow.com