* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Security+ Guide to Network Security Fundamentals, Third
Survey
Document related concepts
Unix security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Cyberwarfare wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Cyberattack wikipedia , lookup
Security printing wikipedia , lookup
Airport security wikipedia , lookup
Information security wikipedia , lookup
Mobile security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Security-focused operating system wikipedia , lookup
Social engineering (security) wikipedia , lookup
Transcript
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security Objectives Describe the challenges of securing information Define information security and explain why it is important Identify the types of attackers that are common today List the basic steps of an attack Describe the five steps in a defense Explain the different types of information security careers and how the Security+ certification can enhance a security career Security+ Guide to Network Security Fundamentals, Third Edition 2 Challenges of Securing Information There is ________________ to securing information This can be seen through the different types of attacks that users face everyday Difficult and costly to defend against attacks ___________________________________ on computer security and the cost is rising Attacks include: ________________________ attacks due to ___________________ Phishing scams Attacks due to __________________ etc Security+ Guide to Network Security Fundamentals, Third Edition 3 4 Difficulties in Defending against Attacks Difficulties include the following: _______________________ Greater sophistication of attacks ________________________________ Attackers can ____________________________ and more ______________________________ _______________ attack- an attack that occurs when an attacker _______________________________________ _______________________________________ Zero days of warning Delays in patching hardware and software products Most attacks are now _________________, instead of coming from only one source User confusion Security+ Guide to Network Security Fundamentals, Third Edition 5 Difficulties in Defending against Attacks (summary) Security+ Guide to Network Security Fundamentals, Third Edition 6 Defining Information Security Information security involves the tasks of __________________________________ On PC’s, DVD’s, USB’s etc ______________________________________ Also ensures that ______________________ __________________________________ Cannot completely prevent attacks or guarantee that a system is totally secure Security+ Guide to Network Security Fundamentals, Third Edition 7 Defining Information Security (continued) Information security is intended to protect valuable information with the following characteristics: ____________________ ensures that ________ ____________________ can view the information __________ ensures that the information is correct and _____________________________________ ______________________ ensures that ________ ____________________________________ Security+ Guide to Network Security Fundamentals, Third Edition 8 Comprehensive Definition of Information Security That which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures Security+ Guide to Network Security Fundamentals, Third Edition 9 Information Security Terminology _____________ Something that has a ____________ ______________ An event or object that may ___________________ in place and result in ____________________________ _______________________ A _______________ that has the __________________________ Includes __________________ such as flood, earthquake etc Includes man-made agents such a a _______________ ____________________________ _____________ that allows a threat agent to _______________ _______________________ a weakness is known as __________ a security weakness _______________________ The ______________ that a threat agent will _________________ Realistically, risk cannot ever be entirely eliminated Security+ Guide to Network Security Fundamentals, Third Edition 10 Five Main Goals of Information Security 1. __________________________________ The theft of data is one of the ____________________ _________________ due to an attack Example- data containing company research, list of customers, list of salaries etc Individuals can also be victims of data thievery 2. _________________________________ Identity theft involves __________________________ ____________ to establish bank or credit card accounts Cards are then left unpaid, leaving the victim with the debts and ruining their credit rating Best defense is to protect data from being stolen in the first place Security+ Guide to Network Security Fundamentals, Third Edition 11 Five Main Goals of Information Security (continued) 3. ______________________________ A number of federal and state laws have been enacted to protect the privacy of electronic data _________________________________ ______________________________________ Examples of laws: HIPAA- deals with the protection of health information Sarbanes-Oxley- fights corporate corruption Security+ Guide to Network Security Fundamentals, Third Edition 12 Five Main Goals of Information Security (continued) 4. ____________________________ _______________________________ such as time and money away from normal activities 5. ________________________________ Cyberterrorism _____________________________________________ _____________________________________________ ___________________________________________ Prime targets Utility, telecommunications, and financial services companies Security+ Guide to Network Security Fundamentals, Third Edition 13 Who Are the Attackers? _________ Generic sense: _______________________ or attempts to break into ________________ Narrow sense: a ____________________ _________________________ only to expose security flaws Possess ___________________________ Some hackers believe it is ethical- although illegal- to break into another person’s computer system as long as they do not commit theft, vandalism, or breach any confidentiality Security+ Guide to Network Security Fundamentals, Third Edition 14 Who Are the Attackers? ___________ Want to _____________________________ _____________________________ _______________________ Download _________________________ (scripts) from Web sites and use it to break into computers Script kiddies tend to be computer users who have almost unlimited amounts of leisure time, and therefore are often considered more dangerous than hackers Security+ Guide to Network Security Fundamentals, Third Edition 15 Who Are the Attackers? __________ Computer spy A _____________________________________ ________________________________ Spies are hired to attack a _____________ ______________ that contains sensitive information and _____________________ without drawing any attention to their actions Possess _____________________________ Security+ Guide to Network Security Fundamentals, Third Edition 16 Who Are the Attackers? __________ One of the ____________________________ to a business actually comes from its employees Reasons: An employee might want to ________________________ in their security ______________________ may be intent on retaliating against the company ________________________________ __________________________________ into stealing from employer Security+ Guide to Network Security Fundamentals, Third Edition 17 Who Are the Attackers? _____________ A ______________________________ _______________ who are highly motivated and ____________________, ___________, and tenacious Launch ______________________ against financial networks, utility companies etc Cybercriminals have a more focused goal: ____________________! Security+ Guide to Network Security Fundamentals, Third Edition 18 Cybercrime ___________________________________, unauthorized access to information, and the __________________________ Financial cybercrime is often divided into two categories Trafficking in stolen credit card numbers and financial information Using spam to commit fraud Security+ Guide to Network Security Fundamentals, Third Edition 19 Cyberterrorists Motivation may be defined as ideology, or ________ _________________________________ May lie dormant for a period of time then strike without warning Goals of a cyberattack by cyberterrorists: To ___________________________ and spread misinformation and propaganda To _______________________________________ To __________________________ into systems and networks that result in critical infrastructure outages and corruption of vital data Security+ Guide to Network Security Fundamentals, Third Edition 20 Steps of an Attack There are a wide variety of attacks that can be launched against a computer or network The ________________ are used in most attacks 1. ______________________ this ___________________ is essential in ____________________________________ version of software etc. 2. _______________________ ex: breaking passwords 3. ________________________ AKA _________________ ~ Allows attacker to _____________________________ more easily 4. ______________________________ use of compromised system to attack other networks or computers 5. ___________________________ ex: delete or modify files, steal data, launch a DoS attack Security+ Guide to Network Security Fundamentals, Third Edition 21 Security+ Guide to Network Security Fundamentals, Third Edition 22 Defenses against Attacks Protecting computers against the previous steps in an attack calls for __________ fundamental security principles: _________________________________ to withstand an attack Security+ Guide to Network Security Fundamentals, Third Edition 23 Fundamental Security Principles: Layering Security system must have layers, making it ____________________________________ _______________________ of defenses One defense mechanism may be relatively easy for an attacker to circumvent A _________________________ can also be _________________________________ Layered security provides the ___________ ______________________________ Security+ Guide to Network Security Fundamentals, Third Edition 24 Fundamental Security Principles: Limiting Limiting access to information reduces the threat against it ____________________________________ __________________________ In addition, the amount of access granted to someone should be limited to ______________ ______________________________ Some ways to limit access are technologybased, while others are procedural Security+ Guide to Network Security Fundamentals, Third Edition 25 Fundamental Security Principles: Diversity ________________________________ If attackers penetrate one layer, they cannot use the same techniques to break through all other layers Using diverse layers of defense means that ____________________________________ ________________________________ Example- use of security products from different vendors Security+ Guide to Network Security Fundamentals, Third Edition 26 Fundamental Security Principles: Obscurity AKA “Security by Obscurity” _________________________________________ _________________________________________ can be an important way to protect information An example of obscurity would be _____________ _______________________, software, and network connection a computer uses An attacker who knows that information can more easily determine the weaknesses of the system to attack it Security+ Guide to Network Security Fundamentals, Third Edition 27 Fundamental Security Principles: Simplicity Information security is by its very nature complex Complex security systems can be hard to understand, troubleshoot, and feel secure about As much as possible, a ________________ ____________________________________ __________________ for a potential attacker Complex security schemes are often compromised by employees themselves to make them easier for (trusted) users to work with Security+ Guide to Network Security Fundamentals, Third Edition 28 Summary Attacks against information security have grown exponentially in recent years There are several reasons why it is difficult to defend against today’s attacks Information security may be defined as that which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures The main goals of information security are to prevent data theft, thwart identity theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorism Security+ Guide to Network Security Fundamentals, Third Edition 29 Summary (continued) The types of people behind computer attacks are generally divided into several categories There are five general steps that make up an attack: probe for information, penetrate any defenses, modify security settings, circulate to other systems, and paralyze networks and devices The demand for IT professionals who know how to secure networks and computers from attacks is at an all-time high Security+ Guide to Network Security Fundamentals, Third Edition 30