Download Chapter 1

About the Presentations
 The presentations cover the objectives found in the
opening of each chapter.
 All chapter objectives are listed in the beginning of each
presentation.
 You may customize the presentations to fit your class
needs.
 Some figures from the chapters are included. A
complete set of images from the book can be found on
the Instructor Resources disc.
FIREWALLS & NETWORK SECURITY
with Intrusion Detection and VPNs,
2nd Edition
Chapter 1
Introduction to
Information Security
Learning Objectives
Upon completion of this chapter, you should be able to:
 Explain the relationship among the component parts of information
security, especially network security
 Define the key terms and critical concepts of information and
network security
 Describe the organizational roles of information and network
security professionals
 Understand the business need for information and network security
 Identify the threats posed to information and network security, as
well as the common attacks associated with those threats
 Differentiate threats to information within systems from attacks
against information within systems
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 3
Introduction
 Firewalls and network security are critical
components in securing day-to-day operations
of nearly every organization in business today
 Before learning to plan, design, and implement
firewalls and network security, it is important to
understand the larger topic of information
security and how these two components fit into
it
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 4
What Is Information Security?
 Information security (InfoSec) is defined by
standards published by CNSS as the protection
of information and its critical elements, including
the systems and hardware that use, store, and
transmit that information
 To protect information and related systems,
organizations must implement policy,
awareness training and education, and
technology
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 5
Figure 1-1
Components of Information Security
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 6
What is Information Security?
(continued)
 C.I.A. triangle consists of Confidentiality,
Integrity, and Availability
 List of characteristics has expanded over time,
but these three remain central
 Successful organization maintains multiple
layers of security:
–
–
–
–
–
Network security
Physical security
Personal security
Operations security
Communications security
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 7
Critical Characteristics of Information
 Availability enables authorized users to access
information without interference or obstruction
and to receive it in required format
 Accuracy means information is free from error
and has the value the end user expects
 Authenticity is quality or state of being genuine
or original, rather than reproduced or fabricated;
information is authentic when it is what was
originally created, placed, stored, or transferred
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 8
Critical Characteristics of Information
(continued)
 Confidentiality is when information is protected
from exposure to unauthorized entities
 Integrity is when information remains whole,
complete, and uncorrupted
 Utility of information is quality or state of having
value for some end purpose; information must
be in a format meaningful to end user
 Possession is ownership or control of some
object or item; information is in one’s
possession if one obtains it, independent of
format or other characteristics
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 9
Figure 1-2
The CIA Triad and the McCumber Cube
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 10
Securing Components
 When computer is subject of an attack, it is
used as active tool to conduct attack
 When computer is object of an attack, it is entity
being attacked
 Direct attack is when hacker uses a computer to
break into a system
 Indirect attack is when a system is
compromised and used to attack other systems,
such as a botnet or other distributed denial-ofservice attack
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 11
Figure 1-3 Computer as the
Subject and Object of an Attack
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 12
Balancing Information Access and
Security
 Information security cannot be an absolute; it is
a process, not a goal
 Information security should balance protection
and availability
 To achieve balance—to operate information
system to satisfaction of users and security
professionals—level of security must allow
reasonable access, yet protect against threats
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 13
Balancing Information Access and
Security (continued)
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 14
Business Needs First
Information security performs four important
organizational functions:
 Protects organization’s ability to function
 Enables safe operation of applications
implemented on organization’s IT systems
 Protects data the organization collects and uses
 Safeguards technology assets in use at the
organization
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 15
Security Professionals and the
Organization
 Chief Information Officer
– Senior technology officer
– Primarily responsible for advising senior
executive(s) for strategic planning
 Chief Information Security Officer
– Individual primarily responsible for assessment,
management, and implementation of securing
information in the organization
– May also be referred to as Manager for Security,
Security Administrator, or a similar title
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 16
Security Professionals and the
Organization (continued)
Information security project team should consist of
individuals experienced in one or more facets of
vast array of technical and nontechnical areas:
Champion
Team leader
Security policy developers
Risk assessment specialists
Security professionals
System, network, and storage administrators
End users
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 17
Data Ownership
 Data owner: responsible for the security and
use of a particular set of information
 Data custodian: responsible for the storage,
maintenance, and protection of the information
 Data users: the end systems users who work
with the information to perform their daily jobs
supporting the mission of the organization
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 18
Threats
Sun Tzu Wu:
 “If you know the enemy and know yourself, you
need not fear the result of a hundred battles.
 If you know yourself but not the enemy, for
every victory gained you will also suffer a
defeat.
 If you know neither the enemy nor yourself, you
will succumb in every battle.”
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 19
Threats (continued)
 To make sound decisions about information
security, management must be informed about
the various threats facing the organization, its
people, applications, data, and information
systems—that is, the enemy
 In the context of information security, a threat is
an object, person, or other entity that represents
a constant danger to an asset
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 20
Threats (continued)
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 21
Human Error or Failure
 Includes acts done without malicious intent
 Caused by: inexperience, improper training,
incorrect assumptions, and other circumstances
 Employees are greatest threats to information
security—closest to organizational data
 Employee mistakes can easily lead to:
–
–
–
–
–
Revelation of classified data
Entry of erroneous data
Accidental deletion or modification of data
Storage of data in unprotected areas
Failure to protect information
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 22
Human Error or Failure (continued)
 Many of these can be prevented with controls
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide
Slide 23
23
Figure 1-5 Human Error or Failure
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 24
Compromises to Intellectual Property
 Intellectual property is “the ownership of ideas
and control over the tangible or virtual
representation of those ideas”
 Many organizations create intellectual property—
trade secrets, copyrights, trademarks, patents
 Most common IP breach is software piracy
 Watchdog organizations that investigate include:
– Software & Information Industry Association (SIIA)
– Business Software Alliance (BSA)
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 25
Compromises to Intellectual Property
(continued)
 Copyright enforcement is attempted with
technical security mechanisms and online
registration
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 26
Espionage or Trespass
 Category of activities that breach confidentiality
 Unauthorized accessing of information
 Competitive intelligence vs. espionage
 Shoulder surfing can occur any place a person
is accessing confidential information
 Controls are implemented to mark the
boundaries of an organization’s virtual territory,
giving notice to trespassers that they are
encroaching on the organization’s cyberspace
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 27
Espionage or Trespass (continued)
 Hackers use skill, guile, or fraud to steal the
property of someone else
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 28
Figure 1-6 Shoulder Surfing
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 29
Figure 1-7 Hacker Profiles
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 30
Espionage or Trespass (continued)
 Generally two skill levels among hackers:
– Expert hacker
• Develops software scripts and codes exploits
• Usually a master of many skills
• Often creates attack software to share with others
– Unskilled hackers (script kiddies)
• Hackers of limited skill
• Use expert-written software to exploit a system
• Do not usually fully understand systems they hack
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 31
Espionage or Trespass (continued)
 Other terms for system rule breakers:
– Cracker: “cracks” or removes protection
designed to prevent unauthorized duplication
– Phreaker: hacks the public telephone network
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide
Slide 32
32
Information Extortion
 Information extortion is an attacker or formerly
trusted insider stealing information from a
computer system and demanding compensation
for its return or non-use
 Extortion found in credit card number theft
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 33
Sabotage or Vandalism
 Individual or group who wants to deliberately
sabotage operations of a computer system or
business or perform acts of vandalism to either
destroy an asset or damage image of the
organization
 Threats can range from petty vandalism to
organized sabotage
 Organizations rely on image so Web defacing can
lead to dropping consumer confidence and sales
 Rising threat of hacktivist or cyber-activist
operations; most extreme version is cyberterrorism
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 34
Theft
 Illegal taking of another’s property—physical,
electronic, or intellectual
 Value of information suffers when it is copied
and taken away without the owner’s knowledge
 Physical theft can be controlled—wide variety of
measures used from locked doors to guards or
alarm systems
 Electronic theft is more complex problem to
manage and control; organizations may not
even know it has occurred
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 35
Software Attacks
 When an individual or group designs software to
attack systems, they create malicious code called
malware
 Designed to damage, destroy, or deny service to
target systems
 Includes:
–
–
–
–
–
–
Virus (macro virus or boot virus )
Worms
Trojan horses
Back door or trap door
Polymorphic
Virus and worm “hoaxes”
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 36
Figure 1-8 Trojan Horse Attack
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 37
Forces of Nature
 Forces of nature, force majeure, or acts of God
are dangerous because they are unexpected
and can occur with very little warning
 Can disrupt not only the lives of individuals, but
also the storage, transmission, and use of
information
 Include fire, flood, earthquake, and lightning as
well as electrostatic discharge
 Since it is not possible to avoid many of these
threats, management must implement controls
to limit damage and also prepare contingency
plans for continued operations
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 38
Deviations in Quality of Service
 Situations of product or services not delivered
as expected
 Information system depends on many interdependent support systems
 Service issues that dramatically affect the
availability of information and systems include:
– Internet service
– Communications service
– Power irregularities
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 39
Internet Service Issues
 Loss of Internet service can lead to
considerable loss in availability of information
since organizations have customer sales staff
and telecommuters working at remote locations
 When an organization outsources its Web
servers, outsourcer assumes responsibility for
all Internet services as well as for hardware and
operating system software used to operate the
Web site
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 40
Communications and Other Service
Provider Issues
 Other utility services have potential impact
 Among these are:
–
–
–
–
–
–
Telephone
Water & wastewater
Trash pickup
Cable television
Natural or propane gas
Custodial services
 The threat of loss of services can lead to
inability to function properly
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 41
Power Irregularities
 Power irregularities are common and lead to
fluctuations such as:
–
–
–
–
–
–
Spike: momentary increase
Surge: prolonged increase
Sag: momentary low voltage
Brownout: prolonged drop
Fault: momentary loss of power
Blackout: prolonged loss
 Electronic equipment is susceptible to
fluctuations; controls can be applied to manage
power quality
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 42
Hardware Failures or Errors
 Technical hardware failures or errors occur
when manufacturer distributes to users
equipment containing flaws
 These defects can cause system to perform
outside of expected parameters, resulting in
unreliable service or lack of availability
 Some errors are terminal, in that they result in
unrecoverable loss of equipment; some errors
are intermittent, in that they only periodically
manifest, resulting in faults that are not easily
repeated
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 43
Software Failures or Errors
 This category of threats comes from purchasing
software with unrevealed faults
 Large quantities of computer code are written,
debugged, published, and sold only to
determine that not all bugs were resolved
 Sometimes, unique combinations of certain
software and hardware reveal new bugs
 Sometimes, these items aren’t errors, but are
purposeful shortcuts left by programmers for
honest or dishonest reasons
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 44
Obsolescence
 When infrastructure becomes antiquated or
outdated, it leads to unreliable and
untrustworthy systems
 Management must recognize that when
technology becomes outdated, there is a risk of
loss of data integrity to threats and attacks
 Ideally, proper planning by management should
prevent risks from technology obsolesce, but
when obsolescence is identified, management
must take action
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 45
Attacks
 An attack is a deliberate act that exploits
vulnerability
 Accomplished by threat agent to damage or
steal organization’s information or physical
asset
– Exploit is a technique to compromise a system
– Vulnerability is an identified weakness of a
controlled system whose controls are not present
or are no longer effective
– Attack is the use of an exploit to achieve the
compromise of a controlled system
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 46
Malicious Code
 This kind of attack includes the execution of
viruses, worms, Trojan horses, and active Web
scripts with the intent to destroy or steal
information
 The state of the art in attacking systems is the
multi-vector worm using up to six attack vectors
to exploit a variety of vulnerabilities in commonly
found information system devices
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 47
Table 1-2 Attack Replication Vectors
New Table
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 48
Attack Descriptions
 “Hoaxes”: a more devious approach to attacking
computer systems is transmission of a virus
hoax, with a real virus attached
 Back doors: using a known or previously
unknown and newly discovered access
mechanism, an attacker can gain access to a
system or network resource
 Password crack: attempting to reverse calculate
a password
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 49
Attack Descriptions (continued)
 Brute force: the application of computing and
network resources to try every possible
combination of options of a password
 Dictionary: the dictionary password attack
narrows the field by selecting specific accounts
to attack and uses a list of commonly used
passwords (the dictionary) to guide guesses
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 50
Attack Descriptions (continued)
 Denial-of-service (DoS): attacker sends a large
number of connection or information requests to
a target; so many requests are made that the
target system cannot handle them successfully
along with other, legitimate requests for service
– May result in a system crash or merely an
inability to perform ordinary functions
 Distributed denial-of-service (DDoS): attack in
which a coordinated stream of requests is
launched against a target from many locations
at the same time
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 51
Figure 1-9 Denial-of-Service Attacks
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 52
Attack Descriptions (continued)
 Spoofing: technique used to gain unauthorized
access whereby the intruder sends messages to
a computer with an IP address indicating that
the message is coming from a trusted host
 Man-in-the-Middle: in this attack, an attacker
sniffs packets from the network, modifies them,
and inserts them back into the network; also
called TCP hijacking
 Spam: unsolicited commercial e-mail; while
many consider spam a nuisance rather than an
attack, it is emerging as a vector for some
attacks
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 53
Figure 1-10 IP Spoofing
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 54
Figure 1-11 Man-in-the-Middle
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 55
Attack Descriptions (continued)
 Mail-bombing: another form of e-mail attack that
is also a DoS, in which an attacker routes large
quantities of e-mail to the target
 Sniffer: program and/or device that can monitor
data traveling over a network; can be used for
both legitimate network management and for
stealing information from a network
 Social engineering: within the context of
information security, the process of using social
skills to convince people to reveal access
credentials or other valuable information
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 56
Figure 1-12 The Nigerian National
Petroleum Company
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 57
Attack Descriptions (continued)
 “People are the weakest link. You can have the
best technology; firewalls, intrusion-detection
systems, biometric devices ... and somebody
can call an unsuspecting employee. That's all
she wrote, baby. They got everything.”
 “Brick attack”: the best configured firewall in the
world can’t stand up to a well-placed brick
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 58
Attack Descriptions (continued)
 Buffer overflow: application error occurs when
more data is sent to buffer than it can handle;
when buffer overflows, attacker can make target
system execute instructions or attacker can take
advantage of some other unintended
consequence of the failure
 Timing attack: relatively new, works by exploring
contents of Web browser’s cache; can allow
collection of information on access to passwordprotected sites
– Another attack by the same name involves
attempting to intercept cryptographic elements to
determine keys and encryption algorithms
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 59
Chapter Summary
 Firewalls and network security are essential
components for securing systems that
businesses use to run day-to-day operations
 Information security is protection of information
and its critical elements, including systems and
hardware that use, store, and transmit that data
 C.I.A. triangle based on confidentiality, integrity,
availability of info and systems that process it
 CNSS Security model (McCumber Cube)
provides graphical description of approach used
in computer and information security
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 60
Chapter Summary (continued)
 Computer can be subject of attack or object of
attack; two types of attacks: direct and indirect
 Information security not an absolute: a process,
not a goal; should balance reasonable access
and availability while protecting against threats
 Information security performs four functions:
– Protects organization’s ability to function
– Enables safe operation of applications
implemented on organization’s IT systems
– Protects data that organization collects and uses
– Safeguards technology assets of organization
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 61
Chapter Summary (continued)
 Requires wide range of professionals and skill
sets to support information security program
 Information security project team includes: team
leader, security policy developers, risk
assessment specialists, security professionals,
systems, network and storage administrators,
and end users
 Three types of data ownership: data owner,
data custodian, and data user
 Threat is object, person, or other entity that
represents a constant danger to assets
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 62
Chapter Summary (continued)
 Attack is deliberate act or action that takes
advantage of vulnerability to compromise
controlled system
 Vulnerability is identified weakness in controlled
system
 Major types of attacks include: malicious code,
“hoaxes” of malicious code, back doors,
password cracking, DoS, DDoS, spoofing, manin-the-middle, spam, mail bombing, sniffers,
social engineering, buffer overflow, and timing
attacks
Firewalls & Network Security, 2nd ed. - Chapter 1
Slide 63