Download SetNo11

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
Document related concepts

Multilevel security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Cyberwarfare wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Unix security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Distributed firewall wikipedia , lookup

Cyberattack wikipedia , lookup

Airport security wikipedia , lookup

Wireless security wikipedia , lookup

Information security wikipedia , lookup

Mobile security wikipedia , lookup

Hacker wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Security-focused operating system wikipedia , lookup

Social engineering (security) wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Security+ Guide to Network
Security Fundamentals
Chapter 1
‫المدرس ‪ :‬اياس القواسمة‬
‫البريد االلكتروني ‪[email protected] :‬‬
‫الهاتف ‪0564569838:‬‬
‫رقم المكتب‪2152 :‬‬
Learning Objectives




Understand network security
Understand security threat trends and their
ramifications
Understand the goals of network security
Determine the factors involved in a secure
network strategy
Understanding Network Security

Network security


Process by which digital information assets are
protected
Goals



Maintain integrity
Protect confidentiality
Assure availability
Understanding Network Security

Security ensures that users:



Perform only tasks they are authorized to do
Obtain only information they are authorized to have
Cannot cause damage to data, applications, or
operating environment
Security Threats



Identity theft
Privacy concerns
Wireless access
To Offset Security Threats

Integrity


Confidentiality


Assurance that data is not altered or destroyed
in an unauthorized manner
Protection of data from unauthorized
disclosure to a third party
Availability

Continuous operation of computing systems
Quiz: Give real example for each
information Security principles ?
•
Examples of Information Security Fundamental
Principles:
–
–
–
Confidentiality: Exam questions prior to exam must
hidden from students.
Integrity: Students grades must not be modified by
students.
Availability: Student schedules system must be online
and available during the beginning of the semester.
Information Security Layers
Security Vulnerabilities for Sale

Anyone can buy
attack tools to
take over
computers
Examples of
Security Breaches
Difficulties in Defending against Attacks
Information Security Terminology

Asset


Threat


Something that has a value
An event or object that may defeat the security
measures in place and result in a loss
Threat agent

A person or thing that has the power to carry out a
threat
Information Security Terminology

Vulnerability


Exploit


Weakness that allows a threat agent to bypass security
Takes advantage of a vulnerability
Risk


The likelihood that a threat agent will exploit a
vulnerability
Realistically, risk cannot ever be entirely eliminated
Information Security Terminology
(continued)
Information Security Terminology
(continued)
Security Ramifications:
Costs of Intrusion

Causes of network security threats
1.
2.
3.
4.
Technology weaknesses
Configuration weaknesses
Policy weaknesses
Human error

Ramifications: ‫تشعبات‬
1-Technology Weaknesses



TCP/IP
Operating systems
Network equipment
2-Configuration Weaknesses








Unsecured accounts
System accounts with easily guessed passwords
Mis-configured Internet services
Unsecured default settings
Mis-configured network equipment
Trojan horse programs
Vandals ( ‫)المخربين‬
Viruses
3- Policy Weaknesses







Lack of a written security policy
Politics
High turnover
Concise access controls not applied
Software and hardware installation and changes
do not follow policy
Proper security
Nonexistent disaster recovery plan
4- Human Error








Accident
Ignorance
Workload
Dishonesty
Impersonation ( ‫)التمثيل‬
Disgruntled employees ( ‫)الموظفين الساخطين‬
Snoops ( ‫)يتطفل‬
Denial-of-service attacks
Goals of Network Security

Achieve the state where any action that is
not expressly permitted is prohibited




Eliminate theft
Determine authentication
Identify assumptions
Control secrets
Creating a Secure Network Strategy



Address both internal and external threats
Define policies and procedures
Reduce risk across across perimeter
security, the Internet, intranets, and LANs
Creating a Secure Network Strategy




Human factors
Know your weaknesses
Limit access
Achieve security through persistence



Develop change management process
Remember physical security
Perimeter ( ‫)محيط‬security

Control access to critical network applications, data,
and services
Creating a Secure Network Strategy

Firewalls





Prevent unauthorized access to or from private
network
Create protective layer between network and
outside world
Replicate network at point of entry in order to
receive and transmit authorized data
Have built-in filters
Log attempted intrusions and create reports
Creating a Secure Network Strategy


Web and file servers
Access control

Ensures that only legitimate traffic is allowed
into or out of the network



Passwords
PINs
Smartcards
Creating a Secure Network Strategy

Change management


Document changes to all areas of IT infrastructure
Encryption

Ensures messages cannot be intercepted or read by
anyone other than the intended person(s)
Creating a Secure Network Strategy

Intrusion detection system (IDS)



Provides 24/7 network surveillance
Analyzes packet data streams within the
network
Searches for unauthorized activity
Simplicity




Information security is by its very nature complex
Complex security systems can be hard to understand,
troubleshoot, and feel secure about
As much as possible, a secure system should be simple
for those on the inside to understand and use
Complex security schemes are often compromised to
make them easier for trusted users to work with

Keeping a system simple from the inside but complex on
the outside can sometimes be difficult but reaps a major
benefit
Who Are the Attackers?

The types of people behind computer attacks
are generally divided into several categories






Hackers
Script kiddies
Spies
Employees
Cybercriminals
Cyberterrorists
The NSA Hacker


Gary McKinnon
hacked into NASA
and the US Military
He was looking for
evidence about UFOs
Hackers

Hacker


Although breaking into another person’s
computer system is illegal


Anyone who illegally breaks into or attempts to break
into a computer system
Some hackers believe it is ethical as long as they do
not commit theft, vandalism, or breach any
confidentiality
Ethical Hacker

Has permission from the owner to test security of
computers by attacking them
Script Kiddies


Unskilled users
Download automated hacking software
(scripts) from Web sites and use it to break
into computers

Image from ning.com
Spies

Computer spy


A person who has been hired to break into a
computer and steal information
Excellent computer skills
Employees


The largest information security threat
Motives




An employee might want to show the company a
weakness in their security
Disgruntled employees may be intent on retaliating
against the company
Industrial espionage
Blackmailing
Cybercriminals




A loose-knit network of attackers, identity
thieves, and financial fraudsters
More highly motivated, less risk-averse, better
funded, and more tenacious than hackers
Many security experts believe that cybercriminals
belong to organized gangs of young and mostly
Eastern European attackers
Cybercriminals have a more focused goal that
can be summed up in a single word: money
Cybercriminals

Cybercrime


Targeted attacks against financial networks,
unauthorized access to information, and the theft
of personal information
Financial cybercrime is often divided into two
categories


Trafficking in stolen credit card numbers and
financial information
Using spam to commit fraud
Cyberterrorists


Their motivation may be defined as ideology, or
attacking for the sake of their principles or beliefs
Goals of a cyberattack:



To deface electronic information and spread
misinformation and propaganda
To deny service to legitimate computer users
To commit unauthorized intrusions into systems and
networks that result in critical infrastructure outages
and corruption of vital data
Security Tradeoffs
Security
COST
Ease of
use
Functionality
Steps of an Attack

The five steps that make up an attack





Probe for information
Penetrate any defenses
Modify security settings
Circulate to other systems
Paralyze networks and devices
Defenses against Attacks


Although multiple defenses may be necessary
to withstand an attack
These defenses should be based on five
fundamental security principles:





Layering
Limiting
Diversity
Obscurity
Simplicity
Layering


Information security must be created in layers
One defense mechanism may be relatively easy
for an attacker to circumvent



Instead, a security system must have layers, making it
unlikely that an attacker has the tools and skills to
break through all the layers of defenses
A layered approach can also be useful in resisting
a variety of attacks
Layered security provides the most
comprehensive protection
Limiting


Limiting access to information reduces the
threat against it
Only those who must use data should have
access to it


In addition, the amount of access granted to
someone should be limited to what that person
needs to know
Some ways to limit access are technologybased, while others are procedural
Diversity

Layers must be different (diverse)


If attackers penetrate one layer, they cannot use the
same techniques to break through all other layers
Using diverse layers of defense means that
breaching one security layer does not
compromise the whole system
Obscurity ‫الغموض‬
INFORMATION SECURITY CAREERS
AND THE SECURITY+ CERTIFICATION
Surveying Information Security Careers
and the Security+ Certification

Today, businesses and organizations require
employees and even prospective applicants


To demonstrate that they are familiar with
computer security practices
Many organizations use the CompTIA
Security+ certification to verify security
competency
CompTIA Security+ Certification


The CompTIA Security+ (2008 Edition)
Certification is the premiere vendor-neutral
credential
The Security+ exam is an internationally
recognized validation of foundation-level
security skills and knowledge


Used by organizations and security professionals
around the world
The skills and knowledge measured by the
Security+ exam are derived from an industrywide Job Task Analysis (JTA)
CompTIA Security+ Certification
(continued)

The six domains covered by the Security+
exam:

Systems Security, Network Infrastructure, Access
Control, Assessments and Audits, Cryptography,
and Organizational Security
Quiz: What Information security protect ?
•
Information Security protects
–
–
–
the integrity, confidentiality, and availability of
information
on the devices which store, manipulate, and
transmit the information
through products, people and procedures
Related documents
Computer Security: Principles and Practice, 1/e
Computer Security: Principles and Practice, 1/e
Possible Teacher Demonstration of Relative age
Possible Teacher Demonstration of Relative age
A. Explain the nature of marketing plans. B. Explain the role
A. Explain the nature of marketing plans. B. Explain the role
crust mantle core lithosphere asthenosphere mesosphere outer core
crust mantle core lithosphere asthenosphere mesosphere outer core
E-Commerce and Bank Security
E-Commerce and Bank Security
A Global Disease Needs a Global Response
A Global Disease Needs a Global Response
A. Explain the nature of marketing plans. B. Explain the role of
A. Explain the nature of marketing plans. B. Explain the role of
Testimony - American Security Project
Testimony - American Security Project
6.3.4 Summary to: 6.3 Physical Processes for Layer Deposition
6.3.4 Summary to: 6.3 Physical Processes for Layer Deposition
Structure of the Ear..
Structure of the Ear..
Inside the Earth Study Guide The format on tests and quizzes is a
Inside the Earth Study Guide The format on tests and quizzes is a
Chap10_R
Chap10_R